From ec7845a501755d4863e3dbc93ef22c6d443fab03 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 17:56:42 +0530 Subject: [PATCH 001/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...domain-controller-allow-server-operators-to-schedule-tasks.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md index 67c1a1fd26..b131e13acf 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Domain controller: Allow server operators to schedule tasks **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Domain controller: Allow server operators to schedule tasks** security policy setting. From ec16374860a72dc12985935b20aefa9748af2a5f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 17:59:02 +0530 Subject: [PATCH 002/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../domain-controller-ldap-server-signing-requirements.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md index cc42ccd096..3be38e20f4 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Domain controller: LDAP server signing requirements **Applies to** +- Windows 11 - Windows 10 This article describes the best practices, location, values, and security considerations for the **Domain controller: LDAP server signing requirements** security policy setting. From f4c11b93b9cc6076ee8786f192a8a10b7674bef3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:00:48 +0530 Subject: [PATCH 003/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../domain-controller-refuse-machine-account-password-changes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index df6db377b5..44906563cb 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -20,6 +20,7 @@ ms.date: 12/31/2017 # Domain controller: Refuse machine account password changes **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Domain controller: Refuse machine account password changes** security policy setting. From d3e65fd96a260acd14923e113e789942194ef3d9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:36:25 +0530 Subject: [PATCH 004/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...lient-send-unencrypted-password-to-third-party-smb-servers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index 1162197765..131ca7ef0e 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Microsoft network client: Send unencrypted password to third-party SMB servers **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Send unencrypted password to third-party SMB servers** security policy setting. From 3f24157ddc2381a3da16434bbec3d6157d372060 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:37:47 +0530 Subject: [PATCH 005/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ver-amount-of-idle-time-required-before-suspending-session.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md index b5f65848a6..9b4f9c1021 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Microsoft network server: Amount of idle time required before suspending session **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Microsoft network server: Amount of idle time required before suspending session** security policy setting. From dde38a5f36e0ded9e03de7316c8f7492c63f4a26 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:39:20 +0530 Subject: [PATCH 006/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...work-server-attempt-s4u2self-to-obtain-claim-information.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md index 12c009ce89..18eb849aa7 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md @@ -20,7 +20,8 @@ ms.technology: itpro-security # Microsoft network server: Attempt S4U2Self to obtain claim information **Applies to** -- Windows 10 +- Windows 11 +- Windows 10 Describes the best practices, location, values, management, and security considerations for the **Microsoft network server: Attempt S4U2Self to obtain claim information** security policy setting. From f7caa1a3d7daee5590a36e2b30d853c4e61a489e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:41:29 +0530 Subject: [PATCH 007/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...rosoft-network-server-digitally-sign-communications-always.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md index 3ef631a76e..b822c05f72 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Microsoft network server: Digitally sign communications (always) **Applies to** +- Windows 11 - Windows 10 - Windows Server From 36668b3cfb5eac7c1418ba6030939a0e76f4e677 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:48:03 +0530 Subject: [PATCH 008/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-network-server-disconnect-clients-when-logon-hours-expire.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md index 9af04189fa..02f163e1c5 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Microsoft network server: Disconnect clients when sign-in hours expire **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Microsoft network server: Disconnect clients when logon hours expire** security policy setting. From b5cfd6aba8e2d203c51aa6de70e9fde70de7511c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:49:41 +0530 Subject: [PATCH 009/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...oft-network-server-server-spn-target-name-validation-level.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md index e157b27f1e..21c41369f9 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Microsoft network server: Server SPN target name validation level **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, and values, policy management and security considerations for the **Microsoft network server: Server SPN target name validation level** security policy setting. From 76bb1713f43c20390e922a3e022afeb679536850 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:52:12 +0530 Subject: [PATCH 010/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-access-allow-anonymous-sidname-translation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md index c3103f7be5..af493fdd5f 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Allow anonymous SID/Name translation **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Allow anonymous SID/Name translation** security policy setting. From 562b7c4e9e0707efa391aeeaf2159a905239e627 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:54:18 +0530 Subject: [PATCH 011/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md index 36749adf40..5b7e0c66e6 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Do not allow anonymous enumeration of SAM accounts **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Network access: Do not allow anonymous enumeration of SAM accounts** security policy setting. From 68e87644d8d4729da8ba9e4eaac1c86e4c5d89b4 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:56:51 +0530 Subject: [PATCH 012/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ge-of-passwords-and-credentials-for-network-authentication.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md index cd953a6928..a8ded6ea27 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Do not allow storage of passwords and credentials for network authentication **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Do not allow storage of passwords and credentials for network authentication** security policy setting. From b4a43ca867e1dabdc9d7965d7c775d28ec9204cd Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 18:58:58 +0530 Subject: [PATCH 013/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...k-access-let-everyone-permissions-apply-to-anonymous-users.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md index d4297e81d7..3ae0bff29a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Let Everyone permissions apply to anonymous users **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Let Everyone permissions apply to anonymous users** security policy setting. From 46df97daa50c4374f361dd4378dc5c9522bf7155 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:13:05 +0530 Subject: [PATCH 014/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...etwork-access-named-pipes-that-can-be-accessed-anonymously.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index beb39359bb..e570e96543 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Named Pipes that can be accessed anonymously **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Named Pipes that can be accessed anonymously** security policy setting. From b23816bc22c4a304c6134abbd294c0ef512b0742 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:14:18 +0530 Subject: [PATCH 015/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-access-remotely-accessible-registry-paths.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md index cf59a0d22f..1ca60361c7 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Remotely accessible registry paths **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Remotely accessible registry paths** security policy setting. From b76a96f9c836886ddde495f5b6af5731a5d41cd2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:15:28 +0530 Subject: [PATCH 016/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ork-access-remotely-accessible-registry-paths-and-subpaths.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md index cf9c3cea63..6bebdb7c99 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Remotely accessible registry paths and subpaths **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Network access: Remotely accessible registry paths and subpaths** security policy setting. From 76a5f460258d3a10129bfd8f7306f43da724f911 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:18:55 +0530 Subject: [PATCH 017/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-access-shares-that-can-be-accessed-anonymously.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md index 6f1e91f1b2..b9d02af2c4 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Shares that can be accessed anonymously **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Shares that can be accessed anonymously** security policy setting. From 880f6d025fea2d096131a03de9a1fc24abb7a0c2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:20:47 +0530 Subject: [PATCH 018/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...twork-access-sharing-and-security-model-for-local-accounts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md index 3feed8fa4d..01d1e937b2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network access: Sharing and security model for local accounts **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network access: Sharing and security model for local accounts** security policy setting. From 6f5f49bdc853b059115a9dea7d89af95a41a014b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:22:02 +0530 Subject: [PATCH 019/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...urity-allow-local-system-to-use-computer-identity-for-ntlm.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md index 531f18f014..bdd1418a71 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Allow Local System to use computer identity for NTLM **Applies to** +- Windows 11 - Windows 10 Describes the location, values, policy management, and security considerations for the **Network security: Allow Local System to use computer identity for NTLM** security policy setting. From eddbb3a0c662d04b0671ce2385fd475438111de0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:24:17 +0530 Subject: [PATCH 020/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-security-allow-localsystem-null-session-fallback.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md index 4d47667005..2bd7b413bb 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Allow LocalSystem NULL session fallback **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Network security: Allow LocalSystem NULL session fallback** security policy setting. From 123ce669cd848f615f4d5eab4ec5ec3b4f8d0c8f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:25:21 +0530 Subject: [PATCH 021/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ication-requests-to-this-computer-to-use-online-identities.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md index 08db95e10e..c317d27ae4 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Allow PKU2U authentication requests to this computer to use online identities **Applies to** +- Windows 11 - Windows 10 This article describes the best practices, location, and values for the **Network Security: Allow PKU2U authentication requests to this computer to use online identities** security policy setting. From 7f7017065a8e63fe772a089f64396750f2ea7c99 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:37:41 +0530 Subject: [PATCH 022/142] added windows 11, adjusted format after reading this article, i confirmed windows 11 is supported --- ...e-encryption-types-allowed-for-kerberos.md | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index b0da8cc808..121c5cb651 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -22,7 +22,19 @@ ms.technology: itpro-security # Network security: Configure encryption types allowed for Kerberos **Applies to** -- Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 +- Windows 11 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Vista- +- Windows XP +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2008 R2 +- Windows Server 2008 +- Windows Server 2003 +- Windows 2000 Server Describes the best practices, location, values, and security considerations for the **Network security: Configure encryption types allowed for Kerberos** security policy setting. @@ -37,11 +49,11 @@ The following table lists and explains the allowed encryption types. | Encryption type | Description and version support | | - | - | -| DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows Server 2008 R2, and later operating systems don't support DES by default. | -| DES_CBC_MD5| Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows Server 2008 R2, and later operating systems don't support DES by default. | -| RC4_HMAC_MD5| Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.| -| AES128_HMAC_SHA1| Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.
Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. | -| AES256_HMAC_SHA1| Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.
Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. | +| DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows 11, Windows Server 2008 R2, and later operating systems don't support DES by default. | +| DES_CBC_MD5| Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows 11, Windows Server 2008 R2, and later operating systems don't support DES by default. | +| RC4_HMAC_MD5| Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows 11, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.| +| AES128_HMAC_SHA1| Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.
Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows 11, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. | +| AES256_HMAC_SHA1| Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.
Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows 11, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. | | Future encryption types| Reserved by Microsoft for other encryption types that might be implemented.| ### Possible values From fc140e49f44895502a63bfac615a3a21cba5b3b0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:41:10 +0530 Subject: [PATCH 023/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...o-not-store-lan-manager-hash-value-on-next-password-change.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md index 463b054ea4..2f5d913958 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Do not store LAN Manager hash value on next password change **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network security: Do not store LAN Manager hash value on next password change** security policy setting. From 3ca388663f7554a1c95eeeeaf3a77823bdf01c49 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:42:11 +0530 Subject: [PATCH 024/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-security-force-logoff-when-logon-hours-expire.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md index 3e5f9a03b9..1999afcfbb 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Force logoff when logon hours expire **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Network security: Force logoff when logon hours expire** security policy setting. From 60e162a582742dcbfa1fa9ff9fd0d121f7cfe825 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:43:28 +0530 Subject: [PATCH 025/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-security-lan-manager-authentication-level.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md index aba0587774..e1585d602e 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md @@ -22,6 +22,7 @@ ms.technology: itpro-security # Network security: LAN Manager authentication level **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network security: LAN Manager authentication level** security policy setting. From c48deca58956e4718946616b0b67945e89d54217 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:44:27 +0530 Subject: [PATCH 026/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-security-ldap-client-signing-requirements.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md index 3c0032faf1..3fb085d04d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: LDAP client signing requirements **Applies to** +- Windows 11 - Windows 10 This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting. This information applies to computers running at least the Windows Server 2008 operating system. From 0275d3ba0f740cb882a5b24c00ea3b1b81c9ae86 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 19:47:18 +0530 Subject: [PATCH 027/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...n-security-for-ntlm-ssp-based-including-secure-rpc-clients.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md index d0a7524fb4..aa708a1c42 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Minimum session security for NTLM SSP based (including secure RPC) clients **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network security: Minimum session security for NTLM SSP based (including secure RPC) clients** security policy setting. From 2cc0b44dba8a735f78af45beaf4ea722713f3a9a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:20:18 +0530 Subject: [PATCH 028/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...n-security-for-ntlm-ssp-based-including-secure-rpc-servers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md index 022d167542..c53712c5e9 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Minimum session security for NTLM SSP based (including secure RPC) servers **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Network security: Minimum session security for NTLM SSP based (including secure RPC) servers** security policy setting. From 06f129b8d22fe7af4bd3480ed501cb2275f14455 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:21:57 +0530 Subject: [PATCH 029/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md index 09f6ccc2c7..c42e1f65c5 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication** security policy setting. From cb78d75ca024975b95f056ccf8bf4948647fba5d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:25:29 +0530 Subject: [PATCH 030/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ecurity-restrict-ntlm-add-server-exceptions-in-this-domain.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md index 99e8c7a39f..86b0883198 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Add server exceptions in this domain **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network security: Restrict NTLM: Add server exceptions in this domain** security policy setting. From a1e4c6a9824b5732ef0c6b266fe8d4369f2973c5 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:26:31 +0530 Subject: [PATCH 031/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md index 4c15706058..8d99ff27a8 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Audit incoming NTLM traffic **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Audit incoming NTLM traffic** security policy setting. From 74f8d46e25c11c6c5590fb10a7496726a57fd4af Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:27:50 +0530 Subject: [PATCH 032/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ity-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index 7bf8d5f15b..5cbbab6399 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Audit NTLM authentication in this domain **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Audit NTLM authentication in this domain** security policy setting. From 4ebb7912b229b72f6dbd711eb97964bf3805a4b9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:28:53 +0530 Subject: [PATCH 033/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../network-security-restrict-ntlm-incoming-ntlm-traffic.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md index 2f02467243..968acbe1da 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Incoming NTLM traffic **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Incoming NTLM traffic** security policy setting. From 9009fa6d4fa0e8fc214fea5d5812707c114a9183 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:30:04 +0530 Subject: [PATCH 034/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-security-restrict-ntlm-ntlm-authentication-in-this-domain.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 33ff80fb70..30d45290d1 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -20,6 +20,7 @@ ms.date: 12/31/2017 # Network security: Restrict NTLM: NTLM authentication in this domain **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: NTLM authentication in this domain** security policy setting. From d01bdd004f350f581c2f400b4bb37a6e3875a442 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:31:09 +0530 Subject: [PATCH 035/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...rity-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 9037b9728c..375f27c55c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers** security policy setting. From 2472bf0699fcc4ac57779de04a27d89806965da1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:32:32 +0530 Subject: [PATCH 036/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../recovery-console-allow-automatic-administrative-logon.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md index 0980bf4469..c6dba7f1f4 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Recovery console: Allow automatic administrative logon **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Recovery console: Allow automatic administrative logon** security policy setting. From 2752dab1fa9cf5cfb8ff3e0b9a066e05401ad187 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:34:09 +0530 Subject: [PATCH 037/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ole-allow-floppy-copy-and-access-to-all-drives-and-folders.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md index d7906353f2..e530ce19b8 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Recovery console: Allow floppy copy and access to all drives and folders **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Recovery console: Allow floppy copy and access to all drives and folders** security policy setting. From 8d17f04b51bdb478d1d6e2e44511095ee6312566 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:35:17 +0530 Subject: [PATCH 038/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...down-allow-system-to-be-shut-down-without-having-to-log-on.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index 6fe3056930..e0fa746d50 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Shutdown: Allow system to be shut down without having to log on **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Allow system to be shut down without having to log on** security policy setting. From 095be8fd3cad6b8fd2ec6276ebdca741bd0b3155 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:36:30 +0530 Subject: [PATCH 039/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../shutdown-clear-virtual-memory-pagefile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index 4b773d0043..24a66f59c2 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Shutdown: Clear virtual memory pagefile **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Shutdown: Clear virtual memory pagefile** security policy setting. From 91a1fc4a58ecd97e191864ba343990349a51d49f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:37:41 +0530 Subject: [PATCH 040/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...strong-key-protection-for-user-keys-stored-on-the-computer.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md index 8e1ac04319..8c12b88790 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # System cryptography: Force strong key protection for user keys stored on the computer **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **System cryptography: Force strong key protection for user keys stored on the computer** security policy setting. From 94d3cf16e343a3d2544fb808cb04c3e57e537fdb Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:39:25 +0530 Subject: [PATCH 041/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-compliant-algorithms-for-encryption-hashing-and-signing.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 86ed35f4ec..f8f1af1c61 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing **Applies to** +- Windows 11 - Windows 10 This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting. @@ -121,4 +122,4 @@ uses the RDP protocol to communicate with servers that run Terminal Services and ## Related topics -- [Security Options](security-options.md) \ No newline at end of file +- [Security Options](security-options.md) From f5455d83964e5d9ed59d704501d737a8a74203b2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:40:37 +0530 Subject: [PATCH 042/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ects-require-case-insensitivity-for-non-windows-subsystems.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index fb283fcb9b..e40e3772a0 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # System objects: Require case insensitivity for non-Windows subsystems **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **System objects: Require case insensitivity for non-Windows subsystems** security policy setting. From 547908ada89dde43f9b566ee591ad52baa8495a0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:41:49 +0530 Subject: [PATCH 043/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-strengthen-default-permissions-of-internal-system-objects.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md index c4cc3fd368..3f5107710b 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links) **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)** security policy setting. From e298d6106b9f3c86600ff5b70635e62515fc23d1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:43:16 +0530 Subject: [PATCH 044/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../system-settings-optional-subsystems.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md index d287cf1d46..1634b509b2 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # System settings: Optional subsystems **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **System settings: Optional subsystems** security policy setting. From 51b913ed235c5522cb4c9fb5e1df97199221b5d8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:44:47 +0530 Subject: [PATCH 045/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...s-on-windows-executables-for-software-restriction-policies.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md index 4d194b9586..cce46ae1bc 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # System settings: Use certificate rules on Windows executables for Software Restriction Policies **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **System settings: Use certificate rules on Windows executables for Software Restriction Policies** security policy setting. From e05f9319dde5a28b085f675199474f32a25c140a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:46:18 +0530 Subject: [PATCH 046/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...in-approval-mode-for-the-built-in-administrator-account.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index 73b7ad213e..ab504a6ce9 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -19,8 +19,8 @@ ms.technology: itpro-security # User Account Control: Admin Approval Mode for the Built-in Administrator account **Applies to** +- Windows 11 - Windows 10 - Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Admin Approval Mode for the Built-in Administrator account** security policy setting. ## Reference @@ -92,4 +92,4 @@ Enable the **User Account Control: Admin Approval Mode for the Built-in Administ Users who sign in by using the local administrator account are prompted for consent whenever a program requests an elevation in privilege. ## Related topics -- [Security Options](/windows/device-security/security-policy-settings/security-options) \ No newline at end of file +- [Security Options](/windows/device-security/security-policy-settings/security-options) From 0e99dccaccbb20679aa6c2a41685772a081969e6 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:47:37 +0530 Subject: [PATCH 047/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...s-to-prompt-for-elevation-without-using-the-secure-desktop.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md index 541ed662b6..f5fc92749b 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop** security policy setting. From d5d4603fef5f19d0c91396985748467baa29d642 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:49:31 +0530 Subject: [PATCH 048/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...evation-prompt-for-administrators-in-admin-approval-mode.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md index b573193466..ce19aa2735 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** security policy setting. @@ -113,4 +114,4 @@ Administrators should be made aware that they'll be prompted for consent when al ## Related topics -- [Security Options](/windows/device-security/security-policy-settings/security-options) \ No newline at end of file +- [Security Options](/windows/device-security/security-policy-settings/security-options) From a6ed8239e0bc6de42f80522dc9cb9ab3d2c8f0f8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:50:38 +0530 Subject: [PATCH 049/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ontrol-behavior-of-the-elevation-prompt-for-standard-users.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index cc56752bf0..aa32f66540 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Behavior of the elevation prompt for standard users **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Behavior of the elevation prompt for standard users** security policy setting. From 66fafc5ca09c20519ca2aedaa3c0fd04ffd34905 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:51:46 +0530 Subject: [PATCH 050/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-detect-application-installations-and-prompt-for-elevation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md index 9a76eb60a7..57b797bc2c 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Detect application installations and prompt for elevation **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Detect application installations and prompt for elevation** security policy setting. From f355c144d2ab1ad3f8c337fc488376063a480abe Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:52:58 +0530 Subject: [PATCH 051/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...rol-only-elevate-executables-that-are-signed-and-validated.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md index 5b94f9db23..674025df05 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Only elevate executables that are signed and validated **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Only elevate executables that are signed and validated** security policy setting. From a8d984686f64af24041d172817cc54d6e3fa9923 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:54:09 +0530 Subject: [PATCH 052/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...access-applications-that-are-installed-in-secure-locations.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index c181b31d00..8814018506 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Only elevate UIAccess applications that are installed in secure locations **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Only elevate UIAccess applications that are installed in secure locations** security policy setting. From 7090f461e7b8c779bbeedc82a2e83e952421c08c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:55:24 +0530 Subject: [PATCH 053/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ount-control-run-all-administrators-in-admin-approval-mode.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md index 28bcf3d293..a206b627a3 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Run all administrators in Admin Approval Mode **Applies to** +- Windows 11 - Windows 10 This article describes the best practices, location, values, policy management and security considerations for the **User Account Control: Run all administrators in Admin Approval Mode** security policy setting. From 3a1550d07ce6a1254d58a26e0485bebfb3689e06 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:57:04 +0530 Subject: [PATCH 054/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-switch-to-the-secure-desktop-when-prompting-for-elevation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md index 3e92e84352..c0fb6ba1cc 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Switch to the secure desktop when prompting for elevation **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Switch to the secure desktop when prompting for elevation** security policy setting. From cd2830353f1899b5cbb8da10c0e364df4014559f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 23 Dec 2022 20:58:21 +0530 Subject: [PATCH 055/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...ize-file-and-registry-write-failures-to-per-user-locations.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md index fe36fcdd30..678f1180d6 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # User Account Control: Virtualize file and registry write failures to per-user locations **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Virtualize file and registry write failures to per-user locations** security policy setting. From bec466912b57ad98ec41d5dac242ebcf3dccce78 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 19:57:47 +0530 Subject: [PATCH 056/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../access-credential-manager-as-a-trusted-caller.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index 1c67b647de..5ac230e0ed 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Access Credential Manager as a trusted caller **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Access Credential Manager as a trusted caller** security policy setting. From ed1c5e91bbaac397dc269da96bd75b451f35fee2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:01:20 +0530 Subject: [PATCH 057/142] added windows 11 and arranaged in order after reading this article, i confirmed windows 11 is supported --- .../access-this-computer-from-the-network.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md index ea4406b6f7..37afcd2d02 100644 --- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md @@ -20,7 +20,12 @@ ms.technology: itpro-security # Access this computer from the network - security policy setting **Applies to** -- Windows 10, Azure Stack HCI, Windows Server 2022, Windows Server 2019, Windows Server 2016 +- Windows 11 +- Windows 10- +- Windows Server 2022 +- Windows Server 2019 +- Windows Server 2016 +- Azure Stack HCI Describes the best practices, location, values, policy management, and security considerations for the **Access this computer from the network** security policy setting. From 498b2690bc901187134997900303ea5f85263ae9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:03:19 +0530 Subject: [PATCH 058/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../act-as-part-of-the-operating-system.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md index c36f75e923..5c6402aa17 100644 --- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md +++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md @@ -20,7 +20,8 @@ ms.technology: itpro-security # Act as part of the operating system **Applies to** -- Windows 10 +- Windows 11 +- Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Act as part of the operating system** security policy setting. From 9fc949d6d7d550f8ce2a5d30cdc2121fa32f4cdf Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:04:37 +0530 Subject: [PATCH 059/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/add-workstations-to-domain.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md index 6c558c83f7..a2f8e17404 100644 --- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md +++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md @@ -20,7 +20,8 @@ ms.technology: itpro-security # Add workstations to domain **Applies to** -- Windows 10 +- Windows 11 +- Windows 10 Describes the best practices, location, values, policy management and security considerations for the **Add workstations to domain** security policy setting. From 095fa5c18435c26334441ba7ec6bba057566da41 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:05:45 +0530 Subject: [PATCH 060/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../adjust-memory-quotas-for-a-process.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md index 622ad26f5c..af89003808 100644 --- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md +++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Adjust memory quotas for a process **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Adjust memory quotas for a process** security policy setting. From 75d2e713f7ea8eff8c88b4e438810cbf0085b1c4 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:08:32 +0530 Subject: [PATCH 061/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/allow-log-on-locally.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md index 6e252f1e14..475bd01f46 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Allow log on locally - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Allow log on locally** security policy setting. From acfe03330f6fcbee8d717ea394848545bbbabee6 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:09:47 +0530 Subject: [PATCH 062/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../allow-log-on-through-remote-desktop-services.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md index 6b074f6cb3..fd5a84fe03 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Allow log on through Remote Desktop Services **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Allow log on through Remote Desktop Services** security policy setting. From bab8273fd7fb1024250492903808eb946a785df3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:11:52 +0530 Subject: [PATCH 063/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/back-up-files-and-directories.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md index 40d62fb154..99590d638b 100644 --- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Back up files and directories - security policy setting **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Back up files and directories** security policy setting. From 92293df87537040b11a3927f3c70e54cc88c2979 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:15:27 +0530 Subject: [PATCH 064/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/bypass-traverse-checking.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md index bd274babde..ccdce7a3f5 100644 --- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md +++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Bypass traverse checking **Applies to** +- Windows 11 - Windows 10 >Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). From 3df82f258785a14a8ca401ad01de3669bfe55e86 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:16:34 +0530 Subject: [PATCH 065/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/change-the-system-time.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md index 3958ae9bed..02cbb94d06 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Change the system time - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Change the system time** security policy setting. From 2c5bdd0ee8602f5112298f3df9379e6784343579 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:19:25 +0530 Subject: [PATCH 066/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/change-the-time-zone.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md index 0f18fbe6a0..d8dfd97662 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Change the time zone - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Change the time zone** security policy setting. From 9d4144ceda2b2b00ee09e4bf45e36b1db5625a4c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:23:38 +0530 Subject: [PATCH 067/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/create-a-pagefile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md index 68753e633a..a5438297fd 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Create a pagefile - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Create a pagefile** security policy setting. From 8f87e3a0f5200d38b6174a9f74db25a00e7a7c17 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:25:40 +0530 Subject: [PATCH 068/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/create-a-token-object.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md index 397456fc85..727912a7ca 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Create a token object **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Create a token object** security policy setting. From ba8c50ffe93b17daa607168efbd0a3985612fcbc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:26:36 +0530 Subject: [PATCH 069/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/create-global-objects.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md index bd8b943798..f6be4d3ed7 100644 --- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Create global objects **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Create global objects** security policy setting. From 6d4033ddea65294a507910c14bf6225e16fb6c97 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:27:41 +0530 Subject: [PATCH 070/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/create-permanent-shared-objects.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md index dd58539e88..38fb6346f9 100644 --- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Create permanent shared objects **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Create permanent shared objects** security policy setting. From 56c57d93a3049fd9fa8b092c6a812242f75ddf05 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:31:02 +0530 Subject: [PATCH 071/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/create-symbolic-links.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index 5ea5c36a0c..82c3f5ffc9 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Create symbolic links **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Create symbolic links** security policy setting. From eee390827073bc0ddb1ef7043228ee98d9c48ed3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:32:58 +0530 Subject: [PATCH 072/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../threat-protection/security-policy-settings/debug-programs.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md index c97a34004a..7b72217ab7 100644 --- a/windows/security/threat-protection/security-policy-settings/debug-programs.md +++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Debug programs **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Debug programs** security policy setting. From e9c2ba99b59f712b1d4b0337e9286aa7cc3e056e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:34:20 +0530 Subject: [PATCH 073/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../deny-access-to-this-computer-from-the-network.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md index 9d51332226..9dc9bb9d38 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md @@ -20,7 +20,8 @@ ms.technology: itpro-security # Deny access to this computer from the network **Applies to** -- Windows 10 +- Windows 11 +- Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Deny access to this computer from the network** security policy setting. From 2697a830ecc6d30b961557ceaeb832cf511a102b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:35:57 +0530 Subject: [PATCH 074/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/deny-log-on-as-a-batch-job.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md index 26257d7869..d832f6a8ba 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Deny log on as a batch job **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Deny log on as a batch job** security policy setting. From 976ef5639b22e7c8d72f43961d6e71c7d06e34f5 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:37:06 +0530 Subject: [PATCH 075/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/deny-log-on-as-a-service.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md index 943ab1c47e..22b448bed6 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Deny log on as a service **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Deny log on as a service** security policy setting. From 04411eec7c6cde9394547a796beee0912b0f9534 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:38:37 +0530 Subject: [PATCH 076/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/deny-log-on-locally.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md index 66c2308100..1ef7bc4a08 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Deny log on locally **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Deny log on locally** security policy setting. From 11a656bc7ab3aa267464090523fe12f9bdf26e78 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 20:39:34 +0530 Subject: [PATCH 077/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../deny-log-on-through-remote-desktop-services.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md index ad977d3239..2bc5898d13 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Deny log on through Remote Desktop Services **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Deny log on through Remote Desktop Services** security policy setting. From 71df1500d99f6300abafdb35b871a602d3ca037d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:02:48 +0530 Subject: [PATCH 078/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- ...-computer-and-user-accounts-to-be-trusted-for-delegation.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index e1bc8ef4b9..6c8e9a5f36 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Enable computer and user accounts to be trusted for delegation **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Enable computer and user accounts to be trusted for delegation** security policy setting. @@ -108,4 +109,4 @@ None. Not defined is the default configuration. ## Related topics -- [User Rights Assignment](user-rights-assignment.md) \ No newline at end of file +- [User Rights Assignment](user-rights-assignment.md) From 63d3b78887d0facf7a7ecaa225b17ed490b3dc1a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:03:47 +0530 Subject: [PATCH 079/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../force-shutdown-from-a-remote-system.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md index 47d87b0cef..8b13dfac68 100644 --- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md +++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Force shutdown from a remote system **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Force shutdown from a remote system** security policy setting. From 39756cda6f7e778aa5f57d73036e361fd835dabf Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:04:37 +0530 Subject: [PATCH 080/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/generate-security-audits.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md index be5d5caebf..ed57ea1a97 100644 --- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Generate security audits **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Generate security audits** security policy setting. From df9e869f2b93403a71fc66966de5da0d7d142353 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:05:49 +0530 Subject: [PATCH 081/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../impersonate-a-client-after-authentication.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md index c4a613a542..e2a1861c80 100644 --- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Impersonate a client after authentication **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Impersonate a client after authentication** security policy setting. @@ -109,4 +110,4 @@ In IIS 7.0 and later, a built-in account (IUSR) replaces the IUSR_MachineName ac ## Related topics -- [User Rights Assignment](user-rights-assignment.md) \ No newline at end of file +- [User Rights Assignment](user-rights-assignment.md) From 8d1b1a85b922aa297da51bbdcebef56817f92d16 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:07:20 +0530 Subject: [PATCH 082/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/increase-a-process-working-set.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md index 3c54eb33ec..0f79c38991 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md +++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Increase a process working set **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Increase a process working set** security policy setting. From 508544f9943cf3b01e6699c92ffc65b8d5996d7f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:08:21 +0530 Subject: [PATCH 083/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/increase-scheduling-priority.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md index 2c2e0bb890..5446601279 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md +++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Increase scheduling priority **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Increase scheduling priority** security policy setting. @@ -89,4 +90,4 @@ None. Restricting the **Increase scheduling priority** user right to members of ## Related topics - [User Rights Assignment](user-rights-assignment.md) -- [Increase scheduling priority for Windows Server 2012 and earlier](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn221960(v%3dws.11)) \ No newline at end of file +- [Increase scheduling priority for Windows Server 2012 and earlier](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn221960(v%3dws.11)) From 6be41e63f39904428507735c42bba9f2a09263f3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:09:15 +0530 Subject: [PATCH 084/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/load-and-unload-device-drivers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md index 10425d576a..f0f4e5f932 100644 --- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Load and unload device drivers **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Load and unload device drivers** security policy setting. From 7ed4534f694525cd3c8d7f5f24c80c4101d78c6b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:10:16 +0530 Subject: [PATCH 085/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/lock-pages-in-memory.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md index ab91674f23..d7510658e7 100644 --- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md +++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Lock pages in memory **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Lock pages in memory** security policy setting. From 7390b8cdc91e58894db9aed4cd4be97b23f197c2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:17:40 +0530 Subject: [PATCH 086/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/log-on-as-a-batch-job.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md index c982a7ca78..bcdeda1852 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md @@ -22,6 +22,7 @@ ms.technology: itpro-security # Log on as a batch job **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Log on as a batch job** security policy setting. From 4c8fecdc7b46d020d947a65fef94240b8f531544 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:20:05 +0530 Subject: [PATCH 087/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/log-on-as-a-service.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md index 833a0d2eea..667a0885f7 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Log on as a service **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Log on as a service** security policy setting. From b6375afe6546197be75e1fa0d50a6ca4dd0841ee Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:21:30 +0530 Subject: [PATCH 088/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/manage-auditing-and-security-log.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md index f19e322da5..0b62095cd7 100644 --- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md +++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Manage auditing and security log **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Manage auditing and security log** security policy setting. From b78c4dffe491cfd10cbeb09d8e1ef92ffe70ff74 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:22:31 +0530 Subject: [PATCH 089/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/modify-an-object-label.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md index 784db5fe09..f3d460e68c 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md +++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Modify an object label **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Modify an object label** security policy setting. From fbdf3745fdd554ad2c4a97cf1945345122656dd1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:23:58 +0530 Subject: [PATCH 090/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../modify-firmware-environment-values.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md index 3f104ff095..ae4fa3457e 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md +++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Modify firmware environment values **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Modify firmware environment values** security policy setting. From a481e5e9911143187d15ab532f873e0dd5285a50 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:25:55 +0530 Subject: [PATCH 091/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/perform-volume-maintenance-tasks.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md index 7b30d8f59c..60aa01ecc1 100644 --- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Perform volume maintenance tasks **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Perform volume maintenance tasks** security policy setting. From 7593421beae173857fcab689294916ab65b20049 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:28:10 +0530 Subject: [PATCH 092/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/profile-single-process.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md index cde1362185..d0654f81aa 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md +++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Profile single process **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Profile single process** security policy setting. From a2769b1412fb1b13ff118e3357aaac03ef83dba9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:29:18 +0530 Subject: [PATCH 093/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/profile-system-performance.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index ecb01bb455..53ea9e3b07 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Profile system performance **Applies to** +- Windows 11 - Windows 10 This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for the **Profile system performance** security policy setting. From 1f435db112fa48cd98bf67141a918e5c86a36e56 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:30:55 +0530 Subject: [PATCH 094/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../remove-computer-from-docking-station.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md index 57181925d6..0f15781757 100644 --- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md +++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Remove computer from docking station - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Remove computer from docking station** security policy setting. From b27d1b73b4696877a86a804e5e067d851ed276c2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:31:55 +0530 Subject: [PATCH 095/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/replace-a-process-level-token.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md index 5e9ee1c0f3..af5c5cc7df 100644 --- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md +++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Replace a process level token **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Replace a process level token** security policy setting. From f54f3539becffcba6b5e76b2aca9ba3056c5dff2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:33:01 +0530 Subject: [PATCH 096/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/restore-files-and-directories.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md index d534fcedaa..a80d0249a1 100644 --- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Restore files and directories - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Restore files and directories** security policy setting. From 96b3f23849d6fdb4033954d5fbf9ea5494a0e469 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:34:18 +0530 Subject: [PATCH 097/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../security-policy-settings/shut-down-the-system.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md index b2bd961eea..e238e91c99 100644 --- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md +++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Shut down the system - security policy setting **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Shut down the system** security policy setting. From 682706f15b47811f9bbf8283d480220c24b63ac2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:35:26 +0530 Subject: [PATCH 098/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../synchronize-directory-service-data.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md index f165400681..bfd1681088 100644 --- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md +++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Synchronize directory service data **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Synchronize directory service data** security policy setting. From 4a7eca5d36443fff67ab3ce527a4a94642e760cc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 27 Dec 2022 21:36:43 +0530 Subject: [PATCH 099/142] added windows 11 after reading this article, i confirmed windows 11 is supported --- .../take-ownership-of-files-or-other-objects.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md index 279eeced74..4010dae1ca 100644 --- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md +++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md @@ -20,6 +20,7 @@ ms.technology: itpro-security # Take ownership of files or other objects **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Take ownership of files or other objects** security policy setting. From b05f9993c5a21338090fbef133bca5ba78905c0e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:38:00 +0530 Subject: [PATCH 100/142] Update windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...min-approval-mode-for-the-built-in-administrator-account.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index ab504a6ce9..21d8236c79 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -21,7 +21,8 @@ ms.technology: itpro-security **Applies to** - Windows 11 - Windows 10 -Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Admin Approval Mode for the Built-in Administrator account** security policy setting. + +Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Admin Approval Mode for the Built-in Administrator account** security policy setting. ## Reference From 8f7b8c1db654c6307f5f446a9431de775d265b72 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:38:33 +0530 Subject: [PATCH 101/142] Update windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...-security-configure-encryption-types-allowed-for-kerberos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index 121c5cb651..8887f22d97 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -27,7 +27,7 @@ ms.technology: itpro-security - Windows 8.1 - Windows 8 - Windows 7 -- Windows Vista- +- Windows Vista - Windows XP - Windows Server 2012 R2 - Windows Server 2012 From edc0d2dbf9ba40049c418f48153faca9e28ca3fe Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:49:19 +0530 Subject: [PATCH 102/142] Update windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../access-this-computer-from-the-network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md index 37afcd2d02..7f643514fc 100644 --- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md @@ -21,7 +21,7 @@ ms.technology: itpro-security **Applies to** - Windows 11 -- Windows 10- +- Windows 10 - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 From 3cc912862ae0c5c61c80d62b87ec52fbb743e5de Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:28:04 -0800 Subject: [PATCH 103/142] Updates to Win diag data article --- .../changes-to-windows-diagnostic-data-collection.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 34066bed6d..3c972e9333 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -67,12 +67,7 @@ For more info, see [Configure Windows diagnostic data in your organization](conf ## Services that rely on Enhanced diagnostic data -Customers who use services that depend on Windows diagnostic data, such as Microsoft Managed Desktop or Desktop Analytics, may be impacted by the behavioral changes when they're released. These services will be updated to address these changes and guidance will be published on how to configure them properly. - -The following articles provide information on the current configurations: - -- [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data) -- [Desktop Analytics](/mem/configmgr/desktop-analytics/overview) +Customers who use services that depend on Windows diagnostic data, such as [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data), may be impacted by the behavioral changes when they're released. These services will be updated to address these changes and guidance will be published on how to configure them properly. ## Significant changes coming to the Windows diagnostic data processor configuration @@ -95,6 +90,7 @@ From a compliance standpoint, this change means that Microsoft will be the proce For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: - [Update Compliance](/windows/deployment/update/update-compliance-monitor) +- [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) - [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) - [Microsoft Managed Desktop](/managed-desktop/intro/) - [Endpoint analytics (in Microsoft Intune)](/mem/analytics/overview) @@ -129,4 +125,5 @@ As part of this change, the following policies will no longer be supported to co - Allow Desktop Analytics Processing - Allow Update Compliance Processing - Allow WUfB Cloud Processing + - Allow Microsoft Managed Desktop Processing - Configure the Commercial ID From 2a0934146ac7a96daf16226258be5257c1aaa9f7 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Jan 2023 14:58:08 -0800 Subject: [PATCH 104/142] Remove DA/add WUfB reports --- .../privacy/windows-10-and-privacy-compliance.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 2e65697d6a..ac30795651 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -164,7 +164,7 @@ We recommend that IT administrators who have enabled the Windows diagnostic data >[!Note] >Tenant account closure will lead to the deletion of all data associated with that tenant. -Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Desktop Analytics, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations). +Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Windows Updates for Business reports, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations). For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation Summary](/compliance/regulatory/gdpr). @@ -229,18 +229,19 @@ An administrator can configure privacy-related settings, such as choosing to onl >[!Note] >The Windows diagnostic data processor configuration is not available for Surface Hub. -### 5.3 Desktop Analytics - -[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a set of solutions for Azure portal that provide you with extensive data about the state of devices in your deployment. Desktop Analytics is a separate offering from Windows and is dependent on enabling a minimum set of data collection on the device to function. - -### 5.4 Microsoft Managed Desktop +### 5.3 Microsoft Managed Desktop [Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services. -### 5.5 Update Compliance +### 5.4 Update Compliance [Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows diagnostic data for all its reporting. +### 5.5 Windows Update for Business reports + +[Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all its reporting. + + ## Additional Resources * [Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trust-center/privacy/gdpr-overview) From 87343463a86a99e9c63ad73849d105a3acdc20d5 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:20:53 -0800 Subject: [PATCH 105/142] Fix typo --- windows/privacy/windows-10-and-privacy-compliance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index ac30795651..0dc8c28071 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -164,7 +164,7 @@ We recommend that IT administrators who have enabled the Windows diagnostic data >[!Note] >Tenant account closure will lead to the deletion of all data associated with that tenant. -Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Windows Updates for Business reports, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations). +Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Windows Update for Business reports, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations). For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation Summary](/compliance/regulatory/gdpr). From f9fc1dcd19007234a816cf8050f5ca9bd4ab2148 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:30:12 -0800 Subject: [PATCH 106/142] Remove Desktop Analytics/add WUfB reports --- ...ndows-diagnostic-data-in-your-organization.md | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index ac1febdc26..f03f515683 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -348,21 +348,19 @@ If you wish to disable, at any time, switch the same setting to **0**. The defau > - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled. > - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions. -You can also enable the Windows diagnostic data processor configuration by enrolling in services that use Windows diagnostic data. These services currently include Desktop Analytics, Update Compliance, Microsoft Managed Desktop, and Windows Update for Business. +You can also enable the Windows diagnostic data processor configuration by enrolling in services that use Windows diagnostic data. These services currently include Update Compliance, Windows Update for Business reports, Microsoft Managed Desktop, and Windows Update for Business. For information on these services and how to configure the group policies, refer to the following documentation: -Desktop Analytics: - -- [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing) -- [Desktop Analytics data privacy](/mem/configmgr/desktop-analytics/privacy) -- [Group policy settings for Desktop Analytics](/mem/configmgr/desktop-analytics/group-policy-settings) - Update Compliance: - [Privacy in Update Compliance](/windows/deployment/update/update-compliance-privacy) - [Manually configuring devices for Update Compliance](/windows/deployment/update/update-compliance-configuration-manual#required-policies) +Windows Update for Business reports + +- [Windows Update for Business reports prerequisites](/windows/deployment/update/wufb-reports-prerequisites) + Microsoft Managed Desktop: - [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data) @@ -371,10 +369,6 @@ Windows Update for Business: - [How to enable deployment protections](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections) -## Limit optional diagnostic data for Desktop Analytics - -For more information about how to limit the diagnostic data to the minimum required by Desktop Analytics, see [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing). - ## Change privacy settings on a single server You can also change the privacy settings on a server running either the Azure Stack HCI operating system or Windows Server. For more information, see [Change privacy settings on individual servers](/azure-stack/hci/manage/change-privacy-settings). From 355a9bbc6120307cb88982a0349dbfef0ab47e1f Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:44:24 -0800 Subject: [PATCH 107/142] Update Important callout --- ...ced-diagnostic-data-windows-analytics-events-and-fields.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index e4880b26b9..01d4412ac3 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -18,8 +18,8 @@ ms.topic: reference - Windows 10, version 1709 and newer > [!IMPORTANT] -> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported. -> For more information, see [Windows Analytics retirement on January 31, 2020](/lifecycle/announcements/windows-analytics-retirement). +> - The Upgrade Readiness and Device Health solutions of Windows Analytics were retired on January 31, 2020. +> - Desktop Analytics is deprecated and was retired on November 30, 2022. Desktop Analytics reports are powered by diagnostic data not included in the Basic level. From 24a267e33f106b1a4a8d3342d3a834a965c757d8 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Jan 2023 21:51:39 -0800 Subject: [PATCH 108/142] Add new info to processor config section --- ...ws-diagnostic-data-in-your-organization.md | 47 +++++++++++++++---- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index f03f515683..3816da6feb 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -25,7 +25,7 @@ ms.topic: conceptual - Surface Hub - Hololens -This topic describes the types of Windows diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers. +This article describes the types of Windows diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers. ## Overview @@ -301,15 +301,12 @@ Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm ## Enable Windows diagnostic data processor configuration -> [!IMPORTANT] -> There are some significant changes planned for diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). - The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements. ### Prerequisites - Use a supported version of Windows 10 or Windows 11 -- The following editions are supported: +- The following editions are supported: - Enterprise - Professional - Education @@ -319,14 +316,48 @@ For the best experience, use the most current build of any operating system spec The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable: -- v10c.events.data.microsoft.com -- umwatsonc.events.data.microsoft.com -- kmwatsonc.events.data.microsoft.com +- us-v10c.events.data.microsoft.com (eu-v10c.events.data.microsoft.com for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations)) +- umwatsonc.events.data.microsoft.com (eu-watsonc.events.data.microsoft.com for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations)) - settings-win.data.microsoft.com - *.blob.core.windows.net ### Enabling Windows diagnostic data processor configuration +> [!NOTE] +> The information in this section applies to the following versions of Windows: +> - Windows 10, versions 20H2, 21H2 and 22H2 +> - Windows 11, versions 21H2 and 22H2 + +Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined. + +### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA) + +For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe. + +From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows). + +### Devices in Azure AD tenants with a billing address outside of the EU and EFTA + +For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: + +- [Update Compliance](/windows/deployment/update/update-compliance-monitor) +- [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) +- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) +- [Microsoft Managed Desktop](/managed-desktop/intro/) +- [Endpoint analytics (in Microsoft Intune)](/mem/analytics/overview) + +*(Additional licensing requirements may apply to use these services.)* + +If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data. + +> [!NOTE] +> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + +### Enabling Windows diagnostic data processor configuration (older versions of Windows 10) + +> [!NOTE] +> The information in this section applies to Windows 10, versions 1809, 1903, 1909, and 2004. + Use the instructions below to enable Windows diagnostic data processor configuration using a single setting, through Group Policy, or an MDM solution. In Group Policy, to enable Windows diagnostic data processor configuration, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**. From e5545660609e103c3256f117e01a4bec1dbcbb71 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 08:41:57 -0800 Subject: [PATCH 109/142] Replaced troubleshoot as per style guide; supposed to avoid using that word. --- .../deploy/windows-autopatch-admin-contacts.md | 2 +- .../windows-autopatch-post-reg-readiness-checks.md | 13 +++++++++---- .../deploy/windows-autopatch-register-devices.md | 2 +- .../operate/windows-autopatch-support-request.md | 2 +- .../references/windows-autopatch-privacy.md | 2 +- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index d3cf70f023..e2b8f8816e 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -19,7 +19,7 @@ There are several ways that Windows Autopatch service communicates with customer > [!IMPORTANT] > You might have already added these contacts in the Microsoft Endpoint Manager admin center during the enrollment process. If so, take a moment now to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. -You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with troubleshooting your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus). +You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus). > [!IMPORTANT] > Whoever you choose as admin contacts, they must have the knowledge and authority to make decisions for your Windows Autopatch environment. The Windows Autopatch Service Engineering Team will contact these admin contacts for questions involving support requests. diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md index 985c852e6f..05be24ffb9 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md @@ -30,7 +30,7 @@ Device readiness in Windows Autopatch is divided into two different scenarios: | Scenario | Description | | ----- | ----- | | Prerequisite checks | Ensures devices follow software-based requirements before being registered with the service. | -| Post-device registration readiness checks | Provides continuous monitoring of device health for registered devices.

IT admins can easily detect and remediate configuration mismatches in their environments or issues that prevent devices from having one or more software update workloads (Windows quality, feature updates, Microsoft Office, Microsoft Teams, or Microsoft Edge) fully managed by the Windows Autopatch service. Configuration mismatches can leave devices in a vulnerable state, out of compliance and exposed to security threats.

| +| Post-device registration readiness checks | Provides continuous monitoring of device health for registered devices.

IT admins can easily detect and remediate configuration mismatches in their environments or issues that prevent devices from having one or more software update workloads fully managed by the Windows Autopatch service. Software workloads include:

Configuration mismatches can leave devices in a vulnerable state, out of compliance and exposed to security threats.

| ### Device readiness checks available for each scenario @@ -42,14 +42,19 @@ The status of each post-device registration readiness check is shown in the Wind ## About the three tabs in the Devices blade -You deploy software updates to secure your environment, but these deployments only reach healthy and active devices. Unhealthy or not ready devices affect the overall software update compliance. Figuring out device health can be challenging and disruptive to the end user when IT can’t obtain proactive data sent by the device to the service for IT admins to proactively detect, troubleshoot, and fix issues. +You deploy software updates to secure your environment, but these deployments only reach healthy and active devices. Unhealthy or not ready devices affect the overall software update compliance. -Windows Autopatch has three tabs within its Devices blade. Each tab is designed to provide a different set of device readiness statuses so IT admins know where to go to monitor, and troubleshoot potential device health issues: +Figuring out device health can be challenging and disruptive to the end user when IT admins can't: + +- Obtain proactive data sent by the device to the service, or +- Proactively detect and remediate issues + +Windows Autopatch has three tabs within its Devices blade. Each tab is designed to provide a different set of device readiness statuses so IT admins know where to go to monitor, and remediate potential device health issues: | Tab | Description | | ----- | ----- | | Ready | This tab only lists devices with the **Active** status. Devices with the **Active** status successfully:This tab also lists devices that have passed all postdevice registration readiness checks. | -| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status. | +| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status. | | Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn’t pass one or more prerequisite checks during the device registration process. | ## Details about the post-device registration readiness checks diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index eff03275a8..47e7d10902 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -86,7 +86,7 @@ For more information, see [Windows Autopatch Prerequisites](../prepare/windows-a ## About the Ready, Not ready and Not registered tabs -Windows Autopatch has three tabs within its device blade. Each tab is designed to provide a different set of device readiness status so IT admin knows where to go to monitor, and troubleshoot potential device health issues. +Windows Autopatch has three tabs within its device blade. Each tab is designed to provide a different set of device readiness statuses so IT admin knows where to go to monitor, and fix potential device health issues. | Device blade tab | Purpose | Expected device readiness status | | ----- | ----- | ----- | diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md index 904805f6b1..800f387276 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md @@ -15,7 +15,7 @@ msreviewer: hathind # Submit a support request > [!IMPORTANT] -> Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with troubleshooting issues. +> Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with remediating issues. You can submit support tickets to Microsoft using the Windows Autopatch admin center. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team. diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index 06470b36ca..60f5f47988 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -51,7 +51,7 @@ Windows Autopatch Service Engineering Team is in the United States, India and Ro ## Microsoft Windows 10/11 diagnostic data -Windows Autopatch uses [Windows 10/11 Enhanced diagnostic data](/windows/privacy/windows-diagnostic-data) to keep Windows secure, up to date, troubleshoot problems, and make product improvements. +Windows Autopatch uses [Windows 10/11 Enhanced diagnostic data](/windows/privacy/windows-diagnostic-data) to keep Windows secure, up to date, fix problems, and make product improvements. The enhanced diagnostic data setting includes more detailed information about the devices enrolled in Windows Autopatch and their settings, capabilities, and device health. When enhanced diagnostic data is selected, data, including required diagnostic data, are collected. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection) about the Windows 10 diagnostic data setting and data collection. From a57f86024fbeed743a033888364ace4e444a665a Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 09:00:09 -0800 Subject: [PATCH 110/142] Tweak --- .../deploy/windows-autopatch-post-reg-readiness-checks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md index 05be24ffb9..9c2fb78f92 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md @@ -30,7 +30,7 @@ Device readiness in Windows Autopatch is divided into two different scenarios: | Scenario | Description | | ----- | ----- | | Prerequisite checks | Ensures devices follow software-based requirements before being registered with the service. | -| Post-device registration readiness checks | Provides continuous monitoring of device health for registered devices.

IT admins can easily detect and remediate configuration mismatches in their environments or issues that prevent devices from having one or more software update workloads fully managed by the Windows Autopatch service. Software workloads include:

Configuration mismatches can leave devices in a vulnerable state, out of compliance and exposed to security threats.

| +| Post-device registration readiness checks | Provides continuous monitoring of device health for registered devices.

IT admins can easily detect and remediate configuration mismatches in their environments or issues that prevent devices from having one or more software update workloads fully managed by the Windows Autopatch service. Software workloads include:

Configuration mismatches can leave devices in a vulnerable state, out of compliance and exposed to security threats.

| ### Device readiness checks available for each scenario From 07d26534f8db3770592f837c2b61f65adb39b9cb Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 09:02:27 -0800 Subject: [PATCH 111/142] Tweak --- .../deploy/windows-autopatch-post-reg-readiness-checks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md index 9c2fb78f92..340afa6233 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md @@ -65,7 +65,7 @@ A healthy or active device in Windows Autopatch is: - Actively sending data - Passes all post-device registration readiness checks -The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** is a subcomponent of the overall Windows Autopatch service. +The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** is a sub-component of the overall Windows Autopatch service. The following list of post-device registration readiness checks is performed in Windows Autopatch: From dbb06e2020448984b3e1bc89ce2f47bdaf7ff7d9 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 13 Jan 2023 12:54:28 -0500 Subject: [PATCH 112/142] Update system-guard-secure-launch-and-smm-protection.md Changes for Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/11093 --- .../system-guard-secure-launch-and-smm-protection.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 929c7d815b..3302d06866 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -25,6 +25,9 @@ ms.topic: conceptual This topic explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) to improve the startup security of Windows 10 and Windows 11 devices. The information below is presented from a client perspective. +> [!NOTE] +> System Guard Secure Launch feature requires a supported processor. For more information, see [System requirements for System Guard](how-hardware-based-root-of-trust-helps-protect-windows#system-requirements-for-system-guard). + ## How to enable System Guard Secure Launch You can enable System Guard Secure Launch by using any of these options: From 025ec7fd29b061cdfff978498fa3fa2538ce16ca Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 13 Jan 2023 13:09:28 -0500 Subject: [PATCH 113/142] Update how-hardware-based-root-of-trust-helps-protect-windows.md --- ...sed-root-of-trust-helps-protect-windows.md | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 1404209dea..10b4f41000 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -1,15 +1,11 @@ --- title: How a Windows Defender System Guard helps protect Windows 10 description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works. -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: manager: aaroncz ms.author: vinpa search.appverid: met150 ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 03/01/2019 @@ -87,7 +83,15 @@ After the system boots, Windows Defender System Guard signs and seals these meas ## System requirements for System Guard -|For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| +This feature is available for the following processors: + +- Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon +- AMD® processors starting with Zen2 or later silicon +- Qualcomm® processors with SD850 or later chipsets + +### Requirements for Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon + +|Name|Description| |--------|-----------| |64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more information about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more information about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).| |Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs aren't supported, except Intel chips that support Platform Trust Technology (PTT), which is a type of integrated hardware TPM that meets the TPM 2.0 spec.| @@ -101,7 +105,9 @@ After the system boots, Windows Defender System Guard signs and seals these meas |Platform firmware|Platform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch:
  • Intel® SINIT ACM must be carried in the OEM BIOS
  • Platforms must ship with a production ACM signed by the correct production Intel® ACM signer for the platform
| |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | -|For AMD® processors starting with Zen2 or later silicon|Description| +### Requirements for AMD® processors starting with Zen2 or later silicon + +|Name|Description| |--------|-----------| |64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more information about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more information about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).| |Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0 OR Microsoft Pluton TPM.| @@ -113,7 +119,9 @@ After the system boots, Windows Defender System Guard signs and seals these meas |Platform firmware|Platform firmware must carry all code required to execute Secure Launch:
  • AMD® Secure Launch platforms must ship with AMD® DRTM driver devnode exposed and the AMD® DRTM driver installed

Platform must have AMD® Secure Processor Firmware Anti-Rollback protection enabled
Platform must have AMD® Memory Guard enabled.| |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | -|For Qualcomm® processors with SD850 or later chipsets|Description| +### Requirements for Qualcomm® processors with SD850 or later chipsets + +|Name|Description| |--------|-----------| |Monitor Mode Communication|All Monitor Mode communication buffers must be implemented in either EfiRuntimeServicesData (recommended), data sections of EfiRuntimeServicesCode as described by the Memory Attributes Table, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types| |Monitor Mode Page Tables|All Monitor Mode page tables must:
  • NOT contain any mappings to EfiConventionalMemory (for example no OS/VMM owned memory)
  • They must NOT have execute and write permissions for the same page
  • Platforms must only allow Monitor Mode pages marked as executable
  • The memory map must report Monitor Mode as EfiReservedMemoryType
  • Platforms must provide mechanism to protect the Monitor Mode page tables from modification
| From 271ae41835af609753c92977a5b645408332301e Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 13 Jan 2023 13:10:43 -0500 Subject: [PATCH 114/142] Update system-guard-secure-launch-and-smm-protection.md --- .../system-guard-secure-launch-and-smm-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 3302d06866..f605793303 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -26,7 +26,7 @@ ms.topic: conceptual This topic explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) to improve the startup security of Windows 10 and Windows 11 devices. The information below is presented from a client perspective. > [!NOTE] -> System Guard Secure Launch feature requires a supported processor. For more information, see [System requirements for System Guard](how-hardware-based-root-of-trust-helps-protect-windows#system-requirements-for-system-guard). +> System Guard Secure Launch feature requires a supported processor. For more information, see [System requirements for System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md#system-requirements-for-system-guard). ## How to enable System Guard Secure Launch From fbdc071c6256b4eb03363f49d9c5dfe1333daea0 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 13 Jan 2023 13:58:18 -0500 Subject: [PATCH 115/142] Update mdm-enrollment-of-windows-devices.md --- .../mdm-enrollment-of-windows-devices.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md index eba080fea2..f5d5c1dc39 100644 --- a/windows/client-management/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm-enrollment-of-windows-devices.md @@ -285,13 +285,13 @@ The deep link used for connecting your device to work will always use the follow > [!NOTE] > AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later. - ### Connect to MDM using a deep link > [!NOTE] -> Deep links only work with Internet Explorer or Microsoft Edge browsers. When connecting to MDM using a deep link, the URI you should use is: -> **ms-device-enrollment:?mode=mdm** -> **ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=<`https://example.server.com`>** +> Deep links only work with Internet Explorer or Microsoft Edge browsers. Examples of URI's that may be used to connect to MDM using a deep link: +> +> - **ms-device-enrollment:?mode=mdm** +> - **ms-device-enrollment:?mode=mdm&username=`someone@example.com`&servername=`https://example.server.com`** To connect your devices to MDM using deep links: @@ -303,6 +303,9 @@ To connect your devices to MDM using deep links: ![using enrollment deeplink in email.](images/deeplinkenrollment1.png) + > [!NOTE] + > Ensure that your email filters do not block deep links. + - IT admins can also add this link to an internal web page that users refer to enrollment instructions. 2. After you select the link or run it, Windows 10 launches the enrollment app in a special mode that only allows MDM enrollments (similar to the Enroll into device management option in Windows 10, version 1511). From 70f876db876b10872e0e9c624b0a3cb1bed53443 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 11:54:23 -0800 Subject: [PATCH 116/142] replace screenshot --- ...zation-based-protection-of-code-integrity.md | 4 ++-- .../images/dg-fig11-dgproperties.png | Bin 75377 -> 0 bytes ...nformation-virtualization-based-security.png | Bin 0 -> 84515 bytes .../images/dg-fig11-dgproperties.png | Bin 75377 -> 0 bytes 4 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 windows/security/threat-protection/device-guard/images/dg-fig11-dgproperties.png create mode 100644 windows/security/threat-protection/device-guard/images/system-information-virtualization-based-security.png delete mode 100644 windows/security/threat-protection/images/dg-fig11-dgproperties.png diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index bf8fa457c5..003104ce73 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -285,9 +285,9 @@ Value | Description This field lists the computer name. All valid values for computer name. -Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section. +Another method to determine the available and enabled virtualization-based security features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the virtualization-based security features are displayed at the bottom of the **System Summary** section. -:::image type="content" alt-text="Windows Defender Device Guard properties in the System Summary." source="../images/dg-fig11-dgproperties.png" lightbox="../images/dg-fig11-dgproperties.png"::: +:::image type="content" alt-text="Virtualization-based security features in the System Summary of System Information." source="images/system-information-virtualization-based-security.png" lightbox="images/system-information-virtualization-based-security.png"::: ## Troubleshooting diff --git a/windows/security/threat-protection/device-guard/images/dg-fig11-dgproperties.png b/windows/security/threat-protection/device-guard/images/dg-fig11-dgproperties.png deleted file mode 100644 index 3c93b2b948311bd965a3ce5d1eb82a4d325d4f97..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 75377 zcmc$`cT`jD5A~y_cZQ-K$X!f`_>G=YbN(c z#$F)M$@YUkhd6FLehC86b5;Mjr{`<2Ms@ihJRXGhqg~WFBdFFitym>E5U;w;P_}qR zM6@ws;@qbT+|mE|2WNFWF#X5*>qL>yYewyGAF^)G^+8WkoL=`(Wtcv34F@ z)|blDpVjYQ7q^1wN-D%NS1UJ&i;C&RFh767J?=aZGd3J}>YCc++geMi7ukQPUtPgw z6}9j`toq3I<4)3WdDO4;t$DZuF8>n=0;DV^!>s}DEmmiyr2B7a}MB>vCw(ElEv zIl^K|pBR1df@n+?M^N8F$q>uo1jK&h-ije23%uXqwj5300k5Q>_jLoV{=Hru(=GOJ zYSSzWorcEJcVJLe`VzXu7=|l_6N94B18I}!Ld0GNI!mS*Yf3an%l(7|Qs65J=$&KD zn+h$;ZacMZqYxN5g|v>Qt#6*Z^f`3#PBxrm?ncuhx}b%ENIU}>P?8MkyIaaK1wp5* zpZ|L~BiOpnB=oUCq25|P$!dTKr;VTo$bl&Gn5Z>^9DvA=h7z+e@veh5mn14S+?1$p zMA&Y>@ZRv;s6LItv$u|>pH!rcxarb1@%@Mkf%<5QeM=6ahU7|3GDT;L!`8KkOW?gP zwEfAMB1qFb@Aiq)N^~_x1o5qTeJNQFs*eBSv^q!F%iYEheUo48lDEbhNx>Pu34Apv z{BK8brw-GJ3NQBYv_}YfBO)IjIBJ*%Jk$(&Df%a3HxfMJ7KDS7a_JZCCo@*G zXgfUqgcP(hg11c%in!X`>9?^oXQ;H1sHx;e&b1Sw!R}@FAU~bjC+~#_2>!p+18_{)GxL{PTym&d}=iZfnuc70vDr+-(?<`Beok_ zc2@9Ml;V~~(A+zA>Q5P(p4+b0Ob&XNT&~bbt!&xnr)9V7=EF)<_%#Z~m3FII_Q!1e zzm_F;Z$L^7A)y?Kd7XJONB(?d>tYIC|?vf0m&~l%PjaZm~C=(CD z3Qz3xpmXQZUCaE`At+BX~8F;3pJ^fMMm>{n^> z1*m7xf2jFCK=*S+rMd`2V^s;)2HAgMl*%kUqWpFj*%h}J=KY6Ue$v(asg>Y?IhCd$ zfoR1-71$~l(TktXK@QAd%k6+@5gbdJiQ04B;5q-nDdGy^=xf!%h=am-nh&`sDc0A1F1~9E_XtcQJoAyi9nZ zaL`tlz`Ds7sm?nh=-o6Rq<6UJSv=Z1k?4IS3yaVldIa4q&}uH4J`WpW;iqMgX3
k4wQo#7eYIG14w3Z|8%0t)E z@}A7(%qNiY$a=(Je#pS)4t%+-lZ~X}`Tzk*AFW!N;Hf6$sZVA{D`32EbX6~;R!hk! zKU!~2Who;>4pZzu$dD}Nv_~YZU3$+%{ZdNK((twI++o+!RQKX zPa2*Ml^JuNnc3eH-c-I6wC-d%2%}}Y4S{KhW@S1BK@IY!n4+_^=w!=&#I7OTqyt6; zV`J&mQIeD9o{|hL3rdhd6o3iqmOpuBHrBT%Rr!V+q3ylp8?MdUPfQWdmW+Hc^9|H) z%z_4d!!HO|16gH~{Ab`wG`7;vVnF<=M#08JgvDS22^;-o8fJ`q)@@1KikRL_oT1wI z(2jVq+Ecd`oJsYKv}DcrzTw%_4vqI$unMm7uB#rf=lMXa3%J3I2Xl^=ubW(Q$zu$! zmw_kTXBHfYSxNunf!VWDaz45uvf#G4=vN(=&0mkTwnGrR$i1KRH5K9lTk`{YBU@lJ zO^ZH@D)PgNuh41LJbU0f)CAHzc*}f`#cemwfPZL1YLmb7mvVts1R4_Y;Ec zoS`OK?56S<_p{@n8se}e>E`XE1k%Jh#Fqnyd;OJzn%MN#Tjuy_?6&j$=hgd(mf29& z*Vmh9FH=T-z z@l{jWf*}dfO>OX@zbjw8vJTFs(DC>|1q7aTuMEE@Mp-|XL4R+T#%3|-*1Tn_XlD653A{Vu6K6$Qiacjc^_T2@A@53+T0er`a#B z*ewv-rk;G`o?LMNy!pLaO(IeXb}xspR0fA$loT7x2U8t_R^ia%8Cn!%nGw1XPIPhG zccp6435el*CDQrk?L|XkIC`gHhL|UVK$Nn?DaxER;4Cfh9v}5VgJRS0*h|RtcQk1RFtR%=`SEny3y!bWq!Z;8`w^z4OcmyyiWf~@sxyo+x*&g+?l0RkPfSp%Jy{dTvlciZ^B3 zrI}Rf<{iBo@21L8eSCLcyoOZYDcqoW<@}*P?r}HY-$&5{8~9l8zMTqF)=|AD2JGJC z$TZEd?&0t>SI8t8iYKq6;REwM>r?px)+8XN*JCTuX2IvnIy1if2L+Vm>M3%*2k*v$ zf8yyh{3>bG5)vSiIKzDX<;FG~G0l2oC*N4HU?W+Hz{3ACAF&SvOK?UaYsk?*hJZ%i zVk?oc#c4GG}n?SnD{#4*s@w59Y9x;SvH3}$Zlaz0E7BuG|cAo6?Kx+dcJa` z?_^dV<7|grag(^mAxuJllS82c%BO~!7Mq0>cNx-lQGW|rU3{NMRHy)n9KtbWzam)i zu-E;O|7T0;TDd%({`!~Aq0?kMjI5S1Y;WP+LJ6^>>IY%fdiuQ64XBNYptscHf9|6- zmB1v@v=~4#XbwEt!7plEMhMkfww(AG+CqFP{`5u;!7fZWMrl(EY~66qw{#ElZ3aP} zW~7(o8&2bsNrt2(*skM#eV^_MqK7L_S*q)(VoU4M;lEybjv2CHf&gi^c_hp|ekIR2B@f zzPPvMK3SryK%d)|FAWxel}ZJ;Q1mIqG!n7^ek{>P=x6=<4?1N<1T{Is=uRe~`kTy1ek!ly5(`a-<=d zCY1L(tCy9u6eVd$clsP85+@{^Q0ncv4`rS0YzRvj)q^s=xihG>s@Mm%ECOedk2Uf) z>5X2&2U*}a34RkcpUV=a_>S`Tv+R9>E=5?ey+UDk$$Om)0g_`gtl~(2zB)^$RGCWl z`|8R0m^4IG!ZJr${nNess4H`K`Un9^*!shDm(=H)R`wC}q*wAFP@ON;@u9x>kuxLZ zLhSViU5g(`)Q6z{J8()j6I~`S~78f%0=wJ(^vhc^x|Q6 z_uj0Fx_b`v2k^m6#M1-+(ZYt4s`CWybr=vvGx|}^fnODHZ4^>v2D1f5cP}Ym04zaK z+WKU%(|W~!fff%bX|#ZpoxOAk*;DF?{L%^4M4^HH!>U$X0rgI66+4DG;8s9f`E}+x zjg9B-E<+}ZoVnJyfuEHXS)I!K`Fu>Pn33xV(a6_K3*no^h^Hr}SBS3U$C2>k1G?f< z83yUm(dh%YK`4p*@w=K6$r7+1Y6K1#Wx3^hC^#Bxse!<(Q3SLCI98TS?54pZ=FyE0 z?nmNc7SGOJ*OQm#Ik-EG!LPsaOA;J8Oj0uvfH+w{kl+*_i3p zf?0FLHVVX5)>*i|1H`3V)zWg>=Ygx)r4RXUP=>wa+EmNvo=(8}*{Yp;p;qqJ z9N4h?o_A=(cdkwW(CO2~5 z_DNH;k#6MSPP+5${1!*o?m574voE_=?GCS43Xia~bY{>5_Qv^Z<7Q4uUKn8M>&DQA zJHJ$Nl+bRsF-Q_oDmiRNF;a=-j+y>PxJo-e9n7>WObMBQ%WX*C8Kc-MU#eHWf9)Nt z3}j`($~iPv({cJ4eBo@DH_YTRWSe*BlQh3Zv2rzzf3=LwTOG>_0)4&Nafwx)>|#qd zLQ*rkO|RR3)GxIqocmt5#nH1R0oYgf$m8B?{ScO(BP`;>9qdf29Mq+Js1XcXYcAcf zePMdki+@u41(obV&E=>hyF_fx0Vcy@LEEu$6-$VuHlEv2*-R(5}p(E7E zSkJsxKpcZ3ab+@#k z-0jr#1*fpk3}MhYyS4e?6>_2=;0?3)B|OG;`2oN#Zy141O#%Jfhrx%|v&XK#-|+a? zA0crVBcqLaj5j_s|6CcSY18bGI!Ddq2bpJghlO8rnJVf}w1@b-9 z_5GO=nP7!~o|wy}(8oNY-ry=f=)06>-BaZ9yKt}*Ulxl41?iR_ZkLPLX7A_|ivhqf zJmXih9_$}}-!}D@3+P{b#irY4Zqp66;6rsnNkGeC=$u!PwIQT}wZ?3=uCPv(c?LVw@kUY#mfVdei{ zsx&2p?|(|tzrSc@ZBIl2t`(W7sbea0hz|XqqVfAesqf+rvxo<6B}`e}pL)72@UD0R z(H9KzayxH(pXDCgpATyt{_@0XZZsOI0j3Uuc^ea{Z=Pt|Nd0{FG{M4xWTqd~$o1#U zm&L!-l`m1_$TVdNHkDMI$w?b_U~O6-?{{+?T$^<6cH2Rh_eG(d`6f$ewnOn0OKt_s zCZsG7S(%(d+Z5iud&9LjD>Et|ttxAH!+g%_pN;eo)YCa7w+3WGR1>a?+_=-t;?CBQ7iw3pqKYGpS(o z%>_d-r>t*QV()zJ3o7>s1opVgLT`Rt`FQz~9*W#FuVU-%^NNGg^&J^hBOFka#4h&> zHEdXOm9+mt!$hcIk_%s-P%bRYU8@afQ# z4FP1=n6{qEw$$_R#*m27Ylz8HJ$Wov01#WcaEcaN={Z2s6dgnY!i+iIEe$#h90Rc>p;Ls0Vu5{O7WHOkpy>k;XJu(|0C!I9UftV( zQTQOcQy8!!)w!0^`%hmRER3U_z*?u~#(CU5afI;mUbw8^bkcB4xQ1{?X9K#+snJKp z4}N$?FB#PW-;)k$dzHF!q)~2QEnOw@)v+{+SDd*AMyN=7eDLEm7w*F;ZlH{h>Ue7mNnJ@M9E$0{_CHjus_A%R{Vt}@R%ioRo36)fx15cWyVP2xHzj#T zV*-?##3ZyJFT@BC-Yyp`gWDnZLg%2p_~1e!f01@YF<1L;DgW6f9UNeZATsWdzaPBv zbYuju4QCYw7m(t7`$s6)Uv-4jW2m3%pRGRcH5-e;Em_I3Hwhvq$Ykj+(i-1f1Z>QT zgc0j(DrbF?oyyvIYJZgbss)s#-e$gj_o>n({^*joJARz))0j=Zmug8M*oH(|YW(dt z-5Wi;rO56PM;vV4E{imNboJyQODq3&C;zb@=0z)w&3wIXSp;+y)>^9c^qZ8#>Dm#p zfG>oTEF4S_E7tpg;n;1IaK#nqiV5?t&2c<-+nAETx+BRqHb#-)D>&(G?)3hzq+!Re zgtv_rvtBDqwD~ATkX0my>CBxMls2-#R3lDmX(qZaW~W7I@*8m5?k5eHMfMjX`TJGC zdq2m%t%0k5m2npd+e=0&2muvF+c|RRTzuYnByQU*I^BmK6{_IVHm@GY|_POG) zw1&Ht4{}&2{OyFxBU0)pNrq;2J;ViW>$&ntWh>wAM(x^bqz^)2bL+)SSczi*2kVL) z1igZ~nP0|xcL9ht_mflBQ>patSD>cq6)#S`Ss*pKaCDpY!D{+o353`pdnfr90oLR3 z;oIP$1*T=jYNna#uC+9JU*lx$w_p1U+wX4skPo-%X2>L{`StXjz;owk$b!FlrwL?_ zv^QV3w6XrRw?6#?6DRVaPmg_HoR1CEIw48uXSE}gUPG*EUZFK3Hd;>F2>{O6a8FH5 zRi~|HxXA9_1GPSoKvXZ0M=S?uxG3(>2!gJnPNswh^Pqv-6P<6nFdHd{v->E!0PBH7 z-secS3`-fz#%KaB4}{gG7Nr6CrWPk*szs(Qtd>=|StQ%U_PL2Dbne&YU|2w{4G{r` z*P7|SX1rDLiq+y`Y_Z!H00WG!8}WN5e@iSM-K)=_)ORI?-3O9R8TBZr?zo)=Cx&dA z?Wt0aJsNJ8SXJ9#XB%kA3!$BJ3)oW~W}MLm*N*CJ9VHg`jJ#^*Y?@(?oc;#P7_?Fm z4GT`Gwyw!nxhR2$K)$lC@W`IPQS%|n0cg(m&TDNyC{*A>Ah9R4KA#`99b>;>C!14S zeX9kXlp=n8J!eIgy*h(YVPR5HAkr>9p?l`nE+s!n7WP1`{G-$^-PnvsU;xc}`r*A0 z5+NQ*_=b1>mOyf!{jyvM0<9KUrllmh=Vae=cTIHB4>O-$UEok;3mV8-aS*Tr^OTR? zSFH#5D?+@M6yDVP)n3v@r3d>cN@4Z&4v_3z^2nAuK~UhLb>y0~4Y`$JR-odts6;b> zj8wjv$0^JlU89{+T469fEFZcSXu6KQ`RL(P&I;}IW}lCO(!luj&ssfZ@QV*f1~)Y& zJX-8SnN||auK54j+r@Y%Gi{2`?;ZxZ>l_QVj=EJ#wyaZWw{2O?LIY(RSy+f z>~0TVnAHD!c3C0-5fD(K(;ha1h6RG%vQMuJGb9)-m6Yhwo@V01^eQr%#%?Tw=@*f%Le}o0|Gc|)Xv*BOj@8AA&N$F{IVm)46b$LeO=%Ys4rYEMuWuv-p-r!4&Ep9?u0`}yVanp^NFwMwl=`Z}*B=2%D>64CI%52{ZwBmeZPKn&; z-R6Qfzuhx8<;4R{$eq$TwhOC2Mz;0Nzj%S3h9x`gVs0ObY4xr)73u+(pC&ioP^J96 zTO)qU-EKnzHjzM*aQSKneLY}m(JO;aBvy~(B-!N{>2h(+*-g}Q;^hiZ4f>FuehcP{ zP6fZYeSJLdzz^Q`8~J;!t`@2~rCsS!Ykuv@qK817<8w>#G|ha)lR&VXB)DqoF3s@* z#}zo*S_ZYcn30n<%hn=co;4Di^p;xN5RueX@RnKtYIS)3Lh5+>s>rC2uQInrxP-i3 z`*AHMb@#SFgh1SnyGM?@W9&AMB=&i(EYI6=^fxnye0|YC=-x181hwu}<4M@66-s~- zeJ(Cw>a;Z~5XTX^rRPPMxVFxc8@ms{l)L>&*WI9-v;1RP4z~J}grx_^hZW?K>hl^c zhJ0*4`&+dfmK^tLtP1L`XH4~)PBFg`SXOP;1C?>dRZHGW2#$K_bI@in*VjjN2ZNTL z&-<2DG)6HCogmvV&)7(l!-Zb^M*+l6&AdTvV{DrS;S#RNv!1YKtLRi9?RY~^Ou;fp zKg3T6u9yHT%?Z+Mv6b97;qN!>MF<91!O(pub z!`)IwjwQBN!OSWc(s#{0M<~@J0W+xKwWc1Svs-=`h}h)~c~_h)!pn9M6BZ>&p3hKN zflJlFs{Nedd%ti%icK{@r@ePAbB-y+Rv798fVBm|3HFJ#JJG$cvH2@A!*lf;OAipM zok*m1OPhIgcMh@9(Qwb zlBt4rN0)HD%lYpb>qCT<+y+ep$d-rVw`-@+i?F^j?SCE6g#8SEWbOf*5ZbIhNUu zP;I73wxboz)rXrozay#c@9rjWIVW25%#n@}@Gc&R$*iAH3n)JbWMw;VgVD&4!kgXX zKlMXWHYR}Ys~3UEOHo=;74I)l{-VF%9Z{GUYyE?4qIvS_eOKjBtB`Q0{xwA0{q~m4 zP3_RgRQS`y+sxczsOLaxn>udKEOLiD<+aTYn!UW!oZ18mLF=~m5}r2xN^#xW9iNgo z$RWKSjwIPCbB<>+O<6N|7NJEcgv4HPaQ0juLW}`9Z1#KC zjK@riYUJ^l8Km8eEXAX6T;YzrKhHlzG4j=>)oSVW#nqx>E^tnX!t2;1{*S1Vs9IW$lmv< zxVp|(xzwj5D|10d+gjc_3!X~GFP4nnf8oYpsrT(cMf+1@{F`?zKwIm|&3@rr0sHWJ zYp<&In0wS4$$_6%#@Qgt4PL&%$=0}yGJcsFa7n=}k!vyqHwpW@XmC?@w$H^#RZ3WA z@Fh+SaUGuD%{x$Gtwc%1b4lBX@_feB-3u2FY-HIqvzl4Mi0IT7^TF@HzrgoUtYXiE@|L32pu)vmU$?j>h1Sv z%pT*ukrAB2@s6hqz%{c=T?hC%J%Gj#w2_oNeH0|?#_wNSc);q9<`8zK*9|ouP_9DN ztq%~K4Y$;qlg-zguYt|5y7rr?(Zm1*J`2f2yk+My@HA#0-?Cwb3rqY58gYdK!-d(m z5{ewRfTEC{6LIq2D*p1_Jpc~YJ?(8e8XGDB6a|o&u8!!|72wJ;Bf~3|{pJ4b_S0{= zw>^ElMLC9!Pw^h+j>67+3pEuy;^&xn*N1s zTuu)39Uc2YC65%K>cXmrN?K2uI8kOu!IACK_?Jw2QeK832KhC+#8}YSNj{E2r|97+ zVl>!=Wxw8wvCL_p`TU(i)r^4kS;eopND7Szy|4VwH%mz$%h~bXDCuA6_j>)NEClBe zf2pC_6-o!7wi`aef=*S>QycQnT8r;466PubWt^9h(dWJ`<=JOzvQOUXt8~r%a-Opw z|1J8;?1pxD8_7WD+xpuHbJJi&rQ2zYL-lxbAdIh+7k3yTao>sivFU`gC;HWn_}~@F zK=3%`B>dURgjW$JU}iJBN?zfogQb`|uGL$kfl=iO{*(%0(jc>G(L%vl!etZH!xf}~ z+HZM(YkK_$CT9P{<+6{ZqWeLA-8b4%2vBnLd}y0F9}Lr&pAmwaY3A9(s2kLDL_A!K z^2`gRn6Xd-ybC>M^^4G@6xWr$ z4Uy$;gW+6 zJe`OKmnS+kERh*-k}uY(>_5B!T9w}mK!X75QEcgF&QEhg&x>VH_Ve>IkUkknKjd~$ ze&Z9FlY7%FH;)RV2@R6Pa_}bxdRoFw|D|bSruE*V`kYL5Q9?ANyJFAL5C*wnMjx-7 z_NfajrTsUxe!iV3`?Ba$y9^mFbI#w1!k<7nT`RuxcYn5e*Z!Av3E~)^2tDzrc$TLQ%p>ccnS-Z;n~+Bfc@=G1=^&Y9v<-L1C8WCd=}IddkS#<2#m{_DIo;_K<{EL zWjZ3lMt~;j2*2d^h7UYyGGzdrMg1W=sy&X8_gE$Uz9`b8y43>M;pF0!0F zzaWaeHDs|!ZC!WxIOB*~B^m@AYk7lUdr4H+zBH;M*Khj#i$~LU1_QT~yyB&KGDe^C zW7FILuw~|Py`Taiv3iJaGs<$tceN;S(e`1U8T<48MFzeD0_8S-UL>29S9c9aX);~F zT0qdo!(zD(gUrqn6r7-LR9h?_S0EvHmYY3)w&kN_FZCes;E@^ z2AoJ-I)wvsIQC&1+9I)6b2LS-*WYbh@qks*)H>ah-jOb;)ckJLbI_TM@HLkmFzmHX z_RSu{omE^9x+xZe9`tgi<<2!xVhJpQTcFH4$f?~Wf`SjBDlnugb_Xpi#htnT*hp4f z64CMj4%ljB)3#SIDDpk9c_bXXKX<@m04AS;+}~^PJgxY;x56zX`=fd6-gGVVqNuIL zs@&k|UN<@W>mN`fFV3yqvkH(V70V416eruuN;C^NX6}-Lu&rxekNei2JWRsX0yDxE z6GQqAkvrH)uBSjkPtYCJg#`pI7-SkFsw<@KN@i5bL?LEaayNW4$a{-N{^SWdJ1+5# zfmeR^);$f#TKqFrKM=-j`Y!5?Htot~#JsCkpUnG|6bm*tO7jtK&GG82a@WQz#p`K6 z2+3Rk2H!?%GyV6oJv(`DBIm5!F}B!=c9KzNht=F|$0uaJyt`)FHlv&!(-$AAkn_=A z+q`3$ti3h84X~2N^d;^?5m;8Uo{y#Lg|{{at3=X(nAw-}`w$WqM$wSQ569uh-%@^l zJht8twY|?wP1j3CDq0DV6c$6UH{p_VyUccNZ*uOuj14oeO3V%2SJAV$Dv0h+@DhGE zTAh*L5e^ahv=~*VpyX2qG=A>Y-txS_NV}r1szw>UfnzwgAMbBx5fAW1-&_=zQK%<+ zPF49=6h_syh}YZXtUZg^)|OaKC(PWCb2+=FGHRO#Y=F9|f3aMC|5?}2uzmjkJXJ}% zb7+cOEF{;-_ptVt%q~0loCH&b_|;U#n~Ep)tzIXkxQ#Sk6hy>+a{IBWskikM*%v3- ze0zWQY850^64(?|&WoN&z+~Qx0atO9!Bh@^vxB83EpC$S0vEgP-i=QN7UcZ92m178~Jk)xc_s(w2*F2fjC}>TNkL}2j`GG+u zV8mm;^teD6G5VzEWW>VKqqTjl!Oa1V@Bb) z2B56i&a_Wypb&L^G~}bv)6n6wZ)3j;S%|;GN^=~cOq`QwI(<+j06x|C|3-}+NO@l! za9!6l!ucy!S8+wTe`ZgWz}Ev>Ic!X589_V2Jzm2D|4zeRJ_9^7`&O{F_v;%&`<>4_ zM9$%c`($8i9W1v0s#892|IcwZpe%g&KN1hc|2h6Ym3|zYUs3j5!^Q4a_l{bP8>FPD z+|f=KS!v$QB_MA){F-60Vl@5>y zh|atEL2$-2RP}WO2X|r8UF0MCvtUZ6k9hXD z!3fuH^}`|!NSSZ9^X8dYy)T#+<5!C(#R@8&inpg<-u;s|hf>eV{z;sCkjU3kjmH3d z;Hmjg``^br%Y3B*P|1jxDiD{1+=W-E>4y*W2`kBQ2Z?^NHmjvz7TkS>83Ha|8;kXB=9)h8J;;YI-YgD*=8N4?5H3-PvKpJhpf{z z+}los48=Zft7l&t&-^%LgY=}u-azG#&*!)e^;byo@BDDczNu~XS^%|Uq`c^jNge!` zt9?0mU?ISIvugF1e2hBwZ+3}!{yV#5*0t-YKWOeD`kpI*;!_)0MbxTMy_DHwT(5$o zOKQ7ALw9-h$Sd4>`+R@86yLFyWs(18hBfU6b`p|&i~$^HYyKZy;8j38kmbX(6{b`* zee`WpMt&r1p$8#-mO9zOQ^KnBdnzH{Q)R*D-Ve!XF zv9YmTUMR%p|5aOgld<`0$uIa2jess_dOd;_z%9R*bvc68Kz$((cbzsV7~K=6r?3s$ z90HZ)c<55rANSsT^zUh{-*$NLdlmtf%{D`36rQ(<7ODl6O4{7#+M+>_Z2`T z!UvHa-_&bp*YM#Zpe9RbTew%$M;G_1eVY!j)92yw4oWEYJ~FYm&%bD*0HEF5ymIQp z2MGh{)J8k2ac6nKDsucM8gy80rV+hJHqmpsrBl3ITJLb&!mG=RnV%o3)P-TDMJ~~o zR4G|sscB1e#pCHcYwzSCQ`>U$dAF4@eb2r8?l&XC>AYn8dC}dvMU()M+Ar7Vi)M-$ z2&|=SZVP}d1EN0B&CNu_Mb&779(UfO6Ly5_VA+ciQ59=YB<-CqZVp{Wu%!njizRI0 zSwZ{e{eovx54vcO{Hq5Xn>MM=rZl$tX~~QcHjq}heXU^-~?s!m9Dvq)Ec5c zVt@|u_;@hkU&r{et&*?N5SYPzgL7CMStx7j#GQlKnPvXV&m%7-^{(e72Tkq?Y2SG4 zYJGMF?4ZkmjxJVP6gA!C%lzFg`XDm&UBt`xns-c^0H|PXlha```+hvxG1$L;m>{r8 zu9Bj9ZTUUO1LQC|`DO-CD;bey!xV#*_@6(C?*z{dGwbQu!MlY{MCYR}ZJW(gRthrB z>BZm7rI}s4r(tYowjVqqK(;~&E%^%zhF+v5|JeAqgH5Y>w`F9!n^yIc@n5NGjx^5T z*Bo%+?ZKwk^YM2weqiQq)TRJuS{0pjbn36Mm!nopan&ULrS+zKW;CP>p_zIn$_yB(AfxatOe$* zY3<=YkmR&kopTdHR{F>!uY%{Mp(> zvU!~0z18a|y*FAJ-kLlN6td}d$&u3h#!066j?N1SJAqS})BEHbWefp32v#?V=Fp`i z=4I=>K%ar;v?ZvfZ75wVo_4a-ho1Kop{w+!t}nG_Cn#bUX+8(POrm}_sVTu;MG-Gl zWOOV=lX`NEhfRVppLSXzAlsgjFTe2lZS)+}$si>28CMxxuIPR?bA4N{k=Z3#Bde}L zrF9?Y>*EuEnngzV({~q{_*?)`m|1%Gy#?v&7>;Sz`B$Af$KUw5?Y^+5?)g;hdOPrU z1r6HOC5y|0h*ZbWm?NW8#DC+s0e4D#LlWA6=z z13;9j3PE!BON|zx?4pgR0;)$=v^Okc%KmA50mvj(AEuy5kU4S_|FQExe>P%Naq+a} zPD(`g2?j|GkEGn)!#&m)b#Ywk0Z#lAj|_(J^U!i1NF zX7Bh%(O${>s=du3s<0;G)wLai@$U})|D5YV*bA*s&0JIyo?hzX;C8*%&))iIf-7bT ze>QltI(w2)>vLybN=JE2uiz0C8|>mO%q`c z^3VI_Teo-WQAY=ZleA9}43 zHZkm50!3etLnvyh2aA0PG6txtR#MI5^vm^!yLsZDLf1&Lc4u@YImu>DGakAc5bEzx zF;1t+TCA?cc;-9D@s1cuyLVXRI=3q(MVLl!KQ$2*NbOPYFK)<-&Vr$gt2^EwgvJ{F z)79cq&$eAx-zIO#E|);7R;WFCw=w0#NtbVqkV&4EuH7|*r{5#pq!Ps3d^r%;>d!lN z8*E(X1p+1&<6-4Er|)T4(_lC^@s`H)(=m_aiPVgJKfLRV7HKQ@tmdjw0q zR(2=;*)Wh))|9yLUDIyha3ud~f?CHEjJ$>+)T~(?rU!LGk6G;_$%{+?Lie`*{@vSj zXSYAX(;jR1;a}p-7f8o6 z&PJsr4oet!+)rEzm$6t)urPgJL8!dn##;K5aWKK7$M}|jfI#dYDaeuw11PnTO>uH) zIzOYz=?tRrU^aFu&dM&8t``?$_r#PuI~@L~{)TWajKj&deDofo=>2*6wSt%npX#4i|sC8+SoCKMU85cMU&@%d#C*LqtBBk;8WS9D9MDcn_b$fg)+R~X9=%8 zM#J8s6L!&WNsVZrKB+3l9jZI2v_JP7tBW1^qbeEIK_q(!grzs&nqR#X4*QS#bmVOk zeD*qt`S9#Pt^c#09P~H;Umg1%2Sh5jiniAQZD8H?UInNwa&!NHRW=hiNamt`9QY*c z8IeyZLHZbaNK6zQXugj{M-&d@4Q+(>DZ^vCHiv>Mhrm=)a~{?S_y^fzdE}ibie&Rog-sH)BUubam}3JM9;Ef6vST zwV2j9$wh*{Z|U120^)*{_Xllr=_~H+2tX{4UDQWM2o5!bj>QaBcP88F83=G4Kb2_X z$s0!{$n`v*m#unfG*wnGZ9X-Kuhkz{8hzBdyK+Fu_o!LVjwgM)gP0`%_r_G#6)@CA zUt<$4I?>4D$5%ekR2=!R&6Vlqy-+G^r=Km)AD_`^k-d>0nrkuDyfvU{!_g1=N&(ZxN2)NoTe zAfj8-ADUr1`<%trh2ilxK$l?9juLb&9!M8|Ngj4FT=>SJen`4#IK^Rosf6s}q=>l5 z>%1xBvThg6`l)uBGnD3$`D$m%FU_{nY&FLLR`A_beKvc{lX<`kb>)*-fF@6lgVU_R z=Ux-p@6(b1WqNlgfM|w}>_L;-0`CX1&?*3$Pj6<})vthBkALPAo~&*%QMD?0UF#C* z2?P79hw|Jze%Hdgv{<83OYgPqKh`O|yCmAEZ(!|vC#Yo;OUS)5y3-=>_&oW65Uxn) zd5@d&8Cco^@Q6SM1dDL1@Hw{!XWcbIVQu3aIz(2^=YagCxXi4mZ2y2Bm^zy`n0iJuUd2KQYKPxT(Bo@=;%Hj2ClR_2rfK4x)zKxAR1g1o#P* zW^#wN`e}T7=uoE6V*30fqb6q^Dm$BEA!v$p{d_G8rpf*xiKw?}>Ns)OdrR>M$oTqq* z@VD|Hhs`cWakSm9x*-NL2h^pS?TES6-_T~eIvyqlIhzy_&Bd#z=GUcwwZPZ*K(@e-U|+t|IIn_*Kq6{`aFqK4{{ZpCJ); zUzfc7cGhj*>KjD}E6K5Zz*eiD>JY&tJ{0tSme@4%h=+3fqIK94W^VzFALWUBv3Zxi zPi?9Wr2m18(Cq`rc-_9QUGpO#)NpTZo`*vZ7~vA}{Fm#|ZcUIJv!NWnafNOHgQ@V4 zlNJyNxb>8WQU>-qo~xD1phpvSUDX}`IW0OhDJfh&c)z=wc;9OIB3uAtwF{Y^I}1@y zU=hdrTwH&>W%6^ELk9c{D%xOZ|AmO@p6POOKg;*Q;f0j8(&7 z<9=#7l;TR32sIyMKvc|KsJvmSa6GcS@woxW@W(KGk zN1T!#y8GJ03+7{nSlK?DbTV||B<$0(;ecbHS%0Qx74rjIC&yat{pC(b6=0lauVkk- zLdCUz@?WvDD7NL;bcGgr+zdE2p1dv8rF>>lgT>r9^f+PAASIUv~w^hiGP2O(oS#NGj6{;5oLLrWLNmX=oN+ z3=#&2A%s0zj_EFw%ae5T?>rgWX!;hPRx!@Es@b1tcL6;X!EyxEXWTTyG>5VNzi4~U zsHVEDZ5RupAY!4YNU?!{NSEF$AYG+*r1v5vbOZ$zDFV_1h|;_CUKNlQdM5!Xp$7>N zAe3+I;C;@y-}8(!zIVLmS-&!rWbeK9T64}d=XG6^bmU;u1@744ewVUjso4_lbziG! z6k10E>~5h#_plQh5E^=Ss4cT9W#1E&sjv5s^>Ws5ky&zt-pz0^ch?-nw+RZ8i&K~e z2nSXvMKCzlnby&CSUsLqAFsG}9D&e%-Z5LSUQsP|r_b|Cd=91PdBu2WE8MKs)mNLF znK51;$8yZSM)WV664krmyNeViymnctn0{Azi0uvpRgOip8UPYzeFe9uL?}$%_J>d6 z4%IsN1p`$IdXa)8H5lNcPgFWvCF?C=#`iH00Jl6#Ef(UBPg?IzyfAQWE$-r}dw>KP zxSY3jTeTt}K(1FcVe${TLQe|*2u`If7Z4WY^w;l-dL|VC6Z_Z5yzsyDS;xUkmFJ2o zp1^_xSEC7p3`4eqa(rwM_W^gVAda=yZ0W+TDq1++GGu}Zv%T=kj=!Te3wtOj)1v*& zf@}$j2o!d^*e^aMB-_l@j}g_!f})-C$Dz|I&9%PdEL zdI-oqxsEO@|VK+7@SyAM;DK zh-a}??_a&Qx&ToSF986I!TyFb#@ucz#O|zWpw(FeKT`s3PhkOY2iL}|O9^at2?K1d_H zH1k&}>&mK5cQU9=-T+*2fX1=AAc%@+)WnP>UhpPsHOOwYAd~g5W_)hwF8in~5iXox z1lMi>x0dJsMawrx!X-PWaZTWhq@P7A1ELBp%hp zDT|`8T7q$j7m^bxPYmEvUt5s1)@Iq7k&dyx>3x}q4n%P4i`y5wn#6UY2E!42~N043xzP&ziTFpEx+mlgI&+uRw$ zW?6P&wS?1lHCuN?*(P~I{HZ9KYS%HL@EkRTeXVCs@_OZ^Z|yw&-{Rl#TEue^NP;U| zNKOU4wMH^yUKbnJdU6dXCm(liGgN~o+Y@nehw6ISHIE-^c6mdOCaakY3OC?jdY+nY zKfKf*8rRx-^4h2~-OA3f!$g(9m}oGkL_=Ll2QzrcJ_!K; z0QLU$USEn=4OI z3wwr(>c0dc#*?w18$-^8GaH4(7O^16KoM?o6u-tCKnTD$vq#Sk#DzNX-Z8)V#T2zv z^7Q$=(z3>Dmu|fy_!NULloj@NL_9BES_sgJnfn*-bbJq89Pbn5&zsaAwi>z2cWm>e z-uao6kOl~FB{Stwv+weFtlA#@ zL0(PWR_h5uDn77^7538Q9b-|I#uP z@}ES2zX<7*UqoHk>bsNz0U+1kJ@*jpvk8Oj@SoAU!>};~*36&r%E^0Ox)!R= z{TWaG^>gsQ{QLjwXB{hGVS(*jS&U^DMrr23kQO!a4aNE;c+Q2+jM1{}qZ^Qe0_u_( z)h*Kp?W(y>;z~w*{I3xyiz1mtS||yLx~s}lsC-sO+pt$(v?AVXJ+2}pD*xTw**Ofe zaZM^ZiIkSX``z2!13y;o3aua;0_iw*yFJ-bvua6-``9Z0lI~fKg-Qv*OO&7xSyJ_Z ze;7J1Fj#S%`iAnqpQ5CIDy<&*RNg%KxiuMJQq9a)9?^Tzn zFlLBg4~_mAP@b_> z7V#pbAG+Q8enK|hFmYr!C%S)7ViR68;qh_G=mh$`xKDVw*?FIYBWpX3%09BT1-~jz z9ENlph!(V*x>vjIc#=rx=Hrs%R9hptg``c>3snYAyah?rw^!mT=CNQ`O>z@XCKjJ} zYn=?VmNr=}qq*Ch%4!BZR^2&W&jaSdc$9B)+d4$V#!WoaOh_0Jza67u33Auq9X$&8!w zy|qthyu88W!mE_d>N5k|vSc+`@&!hQz!J~}IB=&IFpO<<4! zXPKX`twN~`lhnpfJl8Dp!Yyj;Mf?sm|ef0AY; zR$9jWRP&xQb?nqfKs3B>0Q{Iw#(LCFvqe{e6QbEoTpI9YOx?F)KRbPXEBS4fB!h;Q z?bgZ%ryewjTIzqet{oCetl6CWEf1W?umiIMl0*ZMl;URhofB>oGFh8?m4|oH=UR~t zA$m-Uo@mVluTdoy97-f6rUfV35?yNbQK0Kes~>AzmMZzc%)cqX8j ziYwGXqJKy2wBB83!u5CyM_J_(@J7KHSjxKEXPU+=G$6t|>L{`Lqg7)npet&?(t3TQ zNw}Ieh&$0Ne!pU z3v023xQkz{2E;m~&c)=Yt?9J5)k;x)gAm^}ufzchMAF9DUY<+ZS&mA$@p3=?*Ds?S z<0U#Jq;FOUIrktg5EX2}VM|>-iRW(K9Pm;-!STz%QG6{#qYxo~V5fJF<|VWwbkg(> z*7BhT-{gylH@a@I9e0bE?|x;UWBDa)Kr{D!qxoplp)h;BNj5#sr2P zv40787yjk*e>D&mIr+ylgDe;{^3D=`p8O9FDUkijdBcwfwP%vsbaudDo~2hNPkPau z$mUY_RX?~E)X&O)ojw2t$3PJJQYoor5L28yJT+R~D?PK7yOx&oj*O^Bj;54}^UEs= zMknTCbfirVJ-Yx9C6P?=B$dkL)fN?2fFdCTyhqnBe+C6LsvpOm>WF$D>gier^|OwW zO92rHy~iv25}aS24yp}$yBJ&X5!Z2ZBt^*vmw0PNrcSKI4SXZ@B~l^z}8UjaytaA57Jew{(&hM z)?9aYLu>h7eZ8|!vY26myRvVoxany(ICdis2IkAvJRCXn6SMm*ZX$T0_Pxd4(>U^_ z%Ll7ZJQVMLE!XXtZ0-C}4q+3++^&Ng(kZ1lY{ML_e-LDrjJG?t31vK{Ol@ho%9=0y zEp<6LWa6UFKLE#k23bT8pH&6h=leT2>aVmVHp=|=BM*K(T3nz{V0PR1H~c!Vwo#(O zk1X>ygf-`_h)~V=z|ve}{Vfe=i(HKXTjQ_1 zwuEu(IuD6ay<=%Z4Jn$EX(oHAl;v5uz9m>$6FXIn;1yGRU*|FK z@b{z`DSqAco_>>pbN*F@{P~ubx1D)8LnNBwv^RhHs?+^|FQr(U5&}uoAh-Hp_x-q-C3*!jS4 z_x|Mj(H1##in^~C3f`p?c&RTg-vSTMhtg^`R*r^~$D8_8wbTW|x zV3}?2JOTeH!i#A~-8d=(2+;DNdW|n?bP2eG!D@@KlHfrn3;)+FrSV@utk9x*94j<;VL(^$*tPK8@XiKXE?@>E2h(?%JF~T!7Woqy5p;INS$e zdZJg3&#f(bvomTKJX=ya)Kj=|_Z*|X!2!bH)K!iw`N$FHip*alEb1gfi4>mASxf9S}IeY@` z(P-uR`|RU9S7wDw==%2-f8|)_O3Z#^nYYTAwy+S}9vM9SQ;Wcc>pUphQ%6B$?&D~~Q%6wANl6Z&{F^Qd}@3OI68tU6HoYCjC` z__DBzmCe+l_I?A0kYa*K1e?5nxP81XZc{+igGDXr&vFzPl;5$Vo$@%Q&asF$`xhND&u zYTVmYSC3_qg+5}4R$kKVwY0H=wQD2M1By~+$28@Qz62gnE$H$-{tXN_eW2vLR# zcPM^5bI)~5l{Ccd+G+ao_9-1JAFJfsK5In?>b2;!+p_&Ty)m0w?^bgs1ytSDiZ`yN z*VLIjKLGPuPK2z2jk(d{?_q14o?##Z3~z2ZY`Fjx&oA!kmKbR*RSVO3quk&2Axx5aPvv?kG{{pz40tK<|Nc{_i%_P%LsqH0UX z)W-u4Y)cmkrLpg=qR^T(q&W!6@E1p7i3+Mimba74rra(r2(JA zx)kNetOQTwWnu66!+NV6%idt+tf3}-u3|?#O}X&fSamGh{3(L{5E*Xu2E&n_Cw!xL z#pXrgH({{>(xIa8L$HbA=@PZ|n$?N!Q}k!R{0DlMfs^{=iydUy0kMgqq9PL{UMIFK z-)Vb_2wwL0qA++8qH^!05w z)Nox}{|E#O$VG4MQV1sy5i!QPshg>+;FA#3`(1c&+Gd1A|1{+E8U%QB?-fdT0Q(oI z5U>95e6GH35idxMM~=WSrph1k2US@|`WVLY@3{@7tNkPYN@V}ypJwzI)0|kq5lW#_a-6;I=AJyv_D)S z(W{)Rj&F!A_-VI|){nxybB8g{CIp3b=9kNH9`c5If@Sea5;Cbo`Q0_CIb~_4u!lGM zs_Iu>JOyYpnpX+OosTT)&evl{RY*I0MvkI<{+qQD_~u+1$ct{c*LdnySXhX#us0u3 zUW9Wh&~R~-uaKn&Nz3T)gmS7V$|^bE!#Sc~*kvLDj+`A*!hbyx0#V`n|=YgcsciXcieEn`Bee5kR!BHzVCsV}86 zDit=e87;~T$QU0D*^NkHUFTsa$0?WafMSrn6e%G0#Bkzj4h;}7q;e*8J3LP5?z z>BG*FFWeViZl`uRR7nn=fn`Tiucy~gTbl&v7f{G3V%C?K3AYmkuwCRoI?D={6XNfV z%W;FEq2J*wl<9U>2uJ~G)k4t~{|a}c(Ew(q_=2#{r5%txBzpbF9y=54@n`~y&XTe9 zBu(`SD{;#K`ALfLS^K<_x{~fdjx4`=wOe-;BCkCG-Mfr2r5EVweuO%edpyB%q@AG`r#R zcJVfK-&7*PTd(=A#BSlny{ZFJ1faarHg%MJR2QZB-6bC@tzocE>p!x07RmkmtAPj0 zWdc8MVP>|4YK|S@aaU_k@ez`7U99zQFUMOQ-}^K;Ea6>6`O-O=k43q77nO6xl}p){ zW$~*!3F}V|Jl`YBTW(h&G#^agZqaFfW+)iWxg6&r&#-ycJOw!sPQ@`ZEYGoH%j9FW9$xt2~BNFhT z;L$JWas$a#qLYL_RV66C{klsq#*s_tS?+vi($|$P8Nl~WhKqD~HpHR9VI3$3053$q zl9-YJy_Z2xs6JP9VN`vp1K^x2p*@m%qVePI4|+Hxb%9VvuzwCYai&LS$Ur1bMK$ zoLCv3{^ON!eODN1*X>L+Ccaq3sVv^l5gg!#da|3Y=~w0PKqWzR_r5s-m)Z~P=TmJypL1FzUww5)TQ0meq1MIglC^XJujZ{zMCKPx-1+fDubPrwLBJmz!S!)HPf zo>@-cWp*G}b2M+cgn8qqg+fG9LWnpJ9FON>Uw=7z=d2S*(|mw1mvuCjVwc&S*zq;> z8m;@5GAnJRMP|=DwLCv8*dxru(~ah|TeA~C93t19zH3ei9wV~9q+?2Nj2tDbKihi* zX9RD|6StPI$Y^d=^wSu3etV*AB=10&l|*Z1Q#Ik-v5!z)zdfq7#^IeDhymZsvA(N_ z`Z`<~adQ+?5phjXDehC0`H#UT!BcnXCRUU;?%gTvC-YvQTzD6;_mAhn1kOS$-ZtYu zu-ksYp!^gV|Ble}nz_l4{J(4#X3Ko=W#A?L8Lym>2U}&A{#lNPvXiga(*N*UbRXAc z$uoWJFjY?9*==$Tz=Ja%#TASLh*Fl`9G#E1yIduSV1f#gp0z~c{~~x$wYlDb>a)Or zJg5%5-CO^XJ-FoG&cm_h{T~;F%~nh}dwV{A4uA zsxAP_+kkLijM`($Cfz;z8LfWe)nU5h4-Nq~Qy!4m#sgo;mtoVhrUXpnT+{hv1axwYK<2 z{ERU*7(|S?OgVU1qI=B%J_+sXfjP=WpjoS+O)2Dm5UyO_1rj<7nZL>etV{Yyb7^Yq z2xbKW-pzIn%VoL@O~d)|)Tg zy%wztQ&B^Ahzb!AN!;zb%-G#}{XldaQkYz>^5nMo+3ws?j`0}5B=Y(Ex(ktD*aUqj zftMb5Ob8Uqj@LdN9Bll48iKO#T)g2<^nGawWLvLw)aqLc`s0Dz)Mb0pUElr0`ujNd zuHC#`ZVh*@u^T<5oZ~$W#TT#Zx_f##kNGZ{g6h3|=sA!N>WZp)dujbR;O^6{5F-z< zYKWv;Tg$)()cZrBft8ionWSv=z=v4-k>W)x+hWbsNwu({1pkOMa(TGa3n5c%#+VTPO%W|4ftJ2Kg>co&i+Vws@A^cAzIiulZIAhEjLd5r^QzTap+X^97>Xw z@MXUVy((2dkk2~Af&f~^Z!c*)R=F;k#p!bZi8m&btH~&>?ZnL53#9;;B%qI6^B?ow zd(!JMe3GUEl635(XC;Rp9A1`Czs_ht?(;}tqi+&Ha&(nZe5-?H&zeUQFzOQJWs3h zB!c0zKE4nO*6I;rQv1)@^7=}~wfS#P`)wa0If=P0G16$eJa~lnf_?d(+H?udEFP>k z+sL}`+wbCSoB-@auM{}6{AA?pc-FiXau#W(TUu|DursehC`?qtv?kqi4AlJM`ec?RUV`{TZ+R)_m)~@b3lT|CFMg41j>b zOP1sPrc7Uh>QwM9EtOovOAQZM z$2+Ro(zY3QeqP;-eVczG0h_z-x3uMmD&0eEygvSO=w0O4(+2Mi;yxbXL-`r+GUf*a z_N?I8w7c~q(e!f6R(8>nz=tZqEur*k9|(6)QT_T*anm1Jrb@e}f1TsvZsIrVI%cuD z3!D1`sQszEfo~JwylT$_**51-p!VrJdxLc<_{b`h^fE*aoY^>k`HyUh_F5g5YR3VA%v!9+hLz6T|X+T$e@-|$6zbc*g-+cnpQl5)0Jlf)0f5pv86Odda!)X|UwaM6SZjul_w7FYO(7W2kjNE@q4V^-DjU`{B} z&xD|6l9;5!E%1kg%yhsE-I}U?Qd*kc#<;zzFq*_9e&OKY zi|V@i*6tR74A(0VAXyrvF7u^4g8x5_uGGnr-NfoH$!7R?eXhBS#bb6Bl5U}36ym)-A~hfBWH@a#7hlZ_YR8C z%=egmz}~VKg)9{tBM6$lcB{d(1SnKys@jv&5>6@($a2c|@?A`^EV+Ca&M}sR{N+eG zuRejK>;pO+=j5{h4~&aP`(^`g_V>+$KigYdy! znIVlYDCe#fnwb^1<3^M?NMUNMiyq(sZeL7NE}Sv54}d0Cw%syY=X6Kxf_eF z2-Vr=ciTU_K~;U&@lDw`>rg5WNA3f`0qhv!A8($ZnJG9%1;nJNziVa-+Ko^4TKgE- z`a)-|ZdA1L5FNQd_NdYr?=P1Bf=7&T@|W{xla2*%>(xqtA53~EPB%u_^oo}-)kVp{;dW= zlypW4C`nQBFHaUiN#b|d$%Yen3+FOB6fl)#)Qcs0p1&Xei@f&#)QOP(3qZ4^yaJv}x`6gMwZFh7@|z_8LAUy#57Qa(~74wZ9t{gTK`tqTnut4)z4e9}T5{ z0(KloBfbWxpw3W-EBM|A8e=o7u;`wEko1!MB21+mN4|U4sS|;@BQ7`(a`b%QmZc^x z{zH`RQZYdCQx=C6WrMg+;pF-SCW;GfuXT=r!{xoaG?Z*xIxzP-J`k+oADrAM4g5fO zKycW(*A1_%6-vqnt$*04^7cDCdSB*~pXZsMTArU)p;mX*yoAQ`wz>A+X8dR|-b{B# z&eH0$d)LUSZE?$~-pe8w)1oWG;y%{)UaN85?sM*z<W77IGZ6777x)S|IhX*@Y`iyDH^*&OaK04E%EE+KWG<00r zO@QtRTzCQlo=ArRFy=C=XRGDDey=;B?h%?ap9uDs7_GX+5xryc~!{K5;FS7$Ll4MbJ&%$7=X@`jp8Jw zkOG_VSe#7@OMo<0kb<56cH8lmUaL(L#U269NL->}J4;Ymm9Jm5GA9nlya7M0Es{TW zwcA_op1p#)T8Wy${@DeABrwYc37zW~pse9H^0U8?zS*@ch$WF@Khz$idc@&8+><@E zvK(7xsd{IwH@d+ykQeFu1ilLn+KGk(|M{#1+#mcLUqw2%tCV#rNF`OHS}n@}n9xQ5dcrUiIDzh5SyCBE)nFNjBT)Go=TQXs9~+kt_U( zc8_XfgKD3jGAy36BmHROtV}IX1Y*}Ik8AsRqme5ywp+ElLxHSslB7)<1=WzaY}*fV zK2QAK3xAi?qH%`a+p+Z3V3;1}cM+U9do(%L?gg`#+lHP6w!{Q*p#z-=fYGArOeBg$jDrejs=pxhZl^lFIMM_ff>1p*s0 zzom-O&jv*piOu?$8q-4b?6D6f%Wjy?dy9!f-do4%PdHoqc*9N~$0-Xfgw|z1J0Osg z{DRuK3=WUbbZ2@r7nXfS6+v7F3&Y@4yH;k+fEb7~t8LYV-y$~kA+H#qF2YB309Cia2TQ^ZBR1Wc0C*sz~5-5D~ImPz>D1U;ryon%b;IO z7ek`==#?-!UDGor?vDDh-gV4q@+cWGn7(S[ZCXRHK{iRA;IF+?8?=lFd!sv}XC z$u!&yY|OsazoCHsCO-&JKuRw_R0=>IWKEEQH0|p>@Qn4c|5hgdz)|}I6ldyH0W2*& z@7O~Se%rqe19ljI5}?|+Ri^&t+Y_8}AQ7b$5tDZS47B?Vu=T{a-X@Y zasz}J(;o@ngUsrm@n7w!HmNnA9rqK0ZnANqCZMF?P@Co|IJQHBh5!vo_U8NASrK;t zEK+P|+5>I8s>!$(?g+VQhaH$CCg)Bz5vzB&fGg?p1xM4t9~zyVlfspY)sn9}@J`-i z7VDf1*x~Aiy>EGw_%V7KtzXC$Y)e3>wrEWV0OvP2_8tdEzi|o3bC3h=fvZldB&5Yg z6PPE&bQZ>Cm-lV8fi|gb6;PCca7oL(?b(T6--54DL}vyeGL`8&kv%}->@5-siAEQ@ zYKjoIDR?rhn1y7|f4o64b&5##Ifwl?sFX~WNA_8D#V%!BE8jAo9(FSX56Mpk84PLQ zFitfbUuk7QMyYm@kgb73F>z#B;VRmmO$_bmGZ<%E`vqCth1DLhxgWYR7(01j@Ikc5 z%O!7;k1p-=3Whg#cMl_7Y#O9`R4~Wr^GwyIEs&OGoK0yVovvu9)QV?R5+ zD!5pwfF6FjB;{C#Wv2zv;FsMa2WG_-`ohF2t3vd&8D{R6?Zc)8;V~^i3LeDCv+iv} zj@f*?8m$in)GO4Z9SiLd(rB@BuUitBYWxfRWPsXFvds^)C%0#Y9+GZyA9LuL0>o;e(D-FepfC$f0a z3jh9P9_G{jKm{h%%sLKN!A^nCsti7{ALW@lKssi7tnQ}AsGu)iDCg(6`w?_M&qV9` zY6mN2BaWL;mxl^TY9Xa**B25+rmULlEiE9((Rid=UMV;K&^t4y*n;& zX^$?QH-3zhZ^u@0Pz9vxVTP5N@0X~S z6P9QKTKblk3Dn5_rG&D2uZn8f*Ufq4x^Gwo<}kOj4IQ>RV{hY@5XfGU4&%gH$4>PymbHgY4*lDol@E*dvsm%l=NH%212M9$!@v2f;X z0Gi{@%7D8GxXZl4uBr)d`6k|{twR`Mzu)NSw?6^I>S^2#wcoPvL``T4Y-brrj&GP+ zy|v|#=BO_)M1Z&Q%IXz#o@T3)7^6_rF>_`X@9t@(O`BA4@c;gx^g;=W!xKNmu+XXy zk!b)6!7x~9oKee*pY*$;mcblJjTU{v4OkU)LPOl({)B^ij7I}|HC*xmD?en8g3LsV zYfcIG7KC@?o#f=jD&KE)p`+e%)tub@s6!6wUfUy$s4PK*^`8JjA07i~=yfu!wGhb=MwJP|Mun9&puA`c)>(G?gQhAD#HZDV%o@INp zK+@py*PxdPg;L4%B<*h4>m94i0)r0QdX9^gN;w(2Wr+AC*UMSE4%owpV!6A6k))Z;ArB^&k@!mIf(+|Hy48+wwUht_LP z7+>~WJ)_tYN()J-UYeJf*U-{O~yYe7{R}Qkw*r?od5O9~~n;Nacwd zn|>gtqi1k1yylRdK6D{gnhe?U_%!lxhZ|ww&f$n#5&N)Eqc^h;W-mM7DEVd3`A;U= zHYw#CspZLD5x_V{^gM+A>W7LU)TzM~vjI+F4>3UU1r(&w$lpMC7l7z}+ZMj9!sO3Q zJ-J!+1GL0rwVqiXg-hxR%UN|R&j^kaNysb`htPto)U~pg?nYSi9)!_;uyb`!JW>uS zo$a2-SHg<Cw2-y1ZUb1YDeWq(@6XHPa( zq({-9_O4;ju9Q#5XYe9oUv{#ZEt2^Id-`YnXC5fKeQIkPeps#rSw(rVn_uqY{p^7l zJQ)Lxtyh`rglR7iXdDu-pe}dyzLZdoKlcsbJkOb7){mSg5(0vqR%;7&N-1pHF-Y|Q z4I(6G4W!K4jvT64hvQ$~R7vJ9Z_4FX+=_nDfkuogEQKevXU*-u&}Hi8R#stKTPxHy zp$cgE0NyB(?JYu5rcfL3*z$B9&6bW8u9~auIcs-Emcb2^mESqh&hD_!Yq7>PVj;v@ z7J~ZRk(iNCXYu&h8NC*k;#JTwFNwu98h+dyHYPl%tN)F*TH63K?`_P&YoFT`=ScC> zf@k74B#LB;GES)heQ3a=^P_gVPV1LZT{>=>@@_NIlqfdvP1Iu zYVrE@uD+@{cxUv+*OyxaEabr!Wd*&s z@8;XbZAhVeI<|Ju7ox?rzwQC%bK8coebh>xV_tx$L zr{w!>Gk_sg;O6J;etsc>8Xvj7Z{Y6+8WWtL3$9L%>aDR5kEu|mIkD9 zzu)o54@i>lT`X8=6kA@@V`fn9-X!hwP4+k;?+XLoxS#J-x+&>bL7ux|s7>$8l;Tbd zZ8j>D)naV=`1IL$nLE*^_@l(2>Ggy7Coy};gX<9gWY>D#G)Z4lY+AJqwj~^AqPOe- zq@GW)ZAPK>X1N7*Fy<2v8O&4&g$-XBwWa3CuqmL5Q;z8<8#qTkVnn)I zw7QnC-Wn37-JhqO=TbTrUc!%-uy8r(3(>ExXPH#2nlbyd^odXF+osO*Q3xCO&<8ky zGFisO10a>Zb#3)gmt4!q5cf3bTw`hufA;Vp&s6@Q7!vZi9~Em;fhOMR`)5y)DkWO8 z_SOXZ%I;IbH#S(euquHfZ(}!H55&gbhtXh}GW)7{L+4J5hL-Qeemk{Ou}nutoEVC~ zwvRkxS~xekGjThU1h~U;ng5XDToCbw;RoKF*|KL90duX`!odA@a3!%A@wysVvHt;G z_y?e(BQu@0r5vghq~Z#m13qef-1u^4B8eLX*jN693|4cobvtO47OHi2#8Hv(M`2f7 z-ktF_ixQz&2UVlVEGP@A9uzBXQ248w_(?Oc)kM+n371{`FVu~|>-_gx)IAyf0ePu` zTF?%dh<{wQi#Dd%E=#a9o6Ha2H;yjECNw{WUjqK=Arwf4s}ps~M`Q0&-eWWF(#Kcl z>Hh=aMriig=RRLu?!@sn&in!EwURre|&y8a{$rV!$+@{M;^=6 zuB6hA+kpG6c&`aTcyOx@Euy%k0IiHzYUkBW8g0^3eFAvJ4L6Xt{lT_+pZ9DH#wbS; z$>^;0HHLS1DaIt~cA>>$yhub5$Hx}Z^p#=Tg!d?MSW>c;^k(H6Vs@Dg$h)j|(e(i! zbQpvBX+3^crTJK&!G_HW4;N~j+sWQ5UEIy+0iY7Cz{GAd0=&Mx7hz!-5SoR4+8m0H zXC(&&cD2_KEK%Y;hl|fq8`-*nDORs_g$9@I9xrXzWkQlsFZ;(cO}eqKjm0^%*Mh5G zUrT$ed;Oz}zCbWgK>1zTk^tg=9lzx$co}BHD{1}(8kB*pTA{)gZ_>=EC$bHs2S?oj zU>c5nf=OjU_IYDl=Umvw#QO;KbceKy-eUZ7iE?w^onrZB&E5rDwWxuDZ%f{G2bEa2 z#*O2+WwB7uCcuUx*b(uz`s!bxp28YZ?msB;Uod?@tDmlCo4@))jiWoxX5;{Cpw&hN z`piC_GH4L%FYK~rSTWhWL4HC|M1gl7MCt7Z0GXEpB~v7l;69W67rj1fb3>)pbv z64RYq{9acVUEQyu-F-d#4M*WT{abL%cGOA|P4yrguR0sD^&nV$yj~t%n_CT_s^Thc z?H>2h(P*;qBD~0Pgvf?xYc>c=duQj2@@=h+EYehr#RRprSx2$I6_%QogdFOdG4h@hP*E{+?BvTJU9 zL_`EC!l}MWJFO?Y#Phz3zQ3*U1J6Gj)PW1jXV=0PEHN+-T)qQG8YSkOTS0z;qPNgD zgW)|KpztVIM#G`CMJj&&yjjBfsrKH=AX>(6NnhF18alN{5bd}Y08ju*y}M`3l%eWB zCyh>PWthK5CAyhvPs`I|Ld8uCqjga5tQ{lRwO$8V)hp0pZ}cUpjW<6QAQ*eBU)CA6 zD|VSxtyM*A5x4wO7(c3d88PF4h0v^4^O_noM_#T?UEqrCoc!*km+bg4l){u!`zBw& z0nTx8v=sIe4O!2|vvoY<6vb)!)71?Rw4&|bQpe3kxTxrj8eNB%0(p-qy>snbhz-?} zmKcxaPttJ=JFSAT5I(nyt1l-`IGWG}cbrG5>r&Sr@Oni{Y6V(gW&jw|u)h)1&-@!f z{gtzs`)%kzr)~g`&;FzazS6$&A8KXPZcUi+x{J9z`Ome$BF%${_>j?l3?Rl7R=)53 zhK5yT*?=+TgWlhtks|fK@Od3ycZi3QsQ;u%)@R0gK875H=%w{L;Mz;`R{D5I_gh1W zG6n3~rt{GxGV%N@S$we>s=P@Y0^&S>&UOo?EUySJ7b#hx&{7*C3Q2DL)7+lQUE^K zZRzm?uC=2mcMo4gf1=3qvAzBg#-K%>;z^g;8!Tswi&YS43#N%53CkT&aq{4Lq{Gk3 zKnb&ce)SWUozf$#K_?%?{|WBM7jtV0J1{RnC|C^PX2;c zDP4Xh21++@1Nf|{ltiCI895|BxD8us@TTo&H~#d#qn!s;e&6zm691i@eS%$7D;ZoC zX0;XepHB{z(C+J!BKmUASN z^wG**2K*qm0M~pjc2kHV;+D3slLv+Cv4HL5_r2)XLFK%0?=x{u#yDc3AdqPszazdA zAua>nZC+wV)XN4x*Y5}3suhZE_fNhWTM-YTJ7?g&oNUQPy$%+OY9we+{TZ~R*bEL$ zxYoQ#b@&0?b~=XqV=i6BGxKa((XMII9mbn1!A#|o2@h}2eF0bCrva<2{P`bkN$K(Y zsQx_bF)r_w0}t;^_Z)AZZ{LM&S6hnv;}6AvP0<8Ya2o14`FT*R=j^nDt34Mpa!87A z`Ibbp0cmV39%*ctsbBgIo~GC>Ifm#g*jwZfrvNY#GZI{y5b|UQf_jlHj9IWag8V9k zYJBn28!%U{JSzts$YUqFz0IU&hojt)aPk9O!fl5RL*UjYVy67vBTHqy_3AZc7ZsTK z74tJD0;>0d==krjBwgrgGVY&HoY$P3u>r)!Wsxg9*@dVggVoCSJD*j1ht&sAb2Hxn z&qmGr7FZlZkN&1p#PomY6cJ1W=$E$j9}Elll~?~$5gz(?6|v1sB@l-EH5T@I81|vE z<)87fOB=ZktJnAou>`1ZPWBvv}gzWkJOMO&%qp^j2a*t!ty7*H?N^OX*Rn= z$gzpJLWclP*|*2jy4-H=ICXp322n28D=f6)AT?g%i9DE0s_*33L8GjNVCOk)E&EVt zr2eNLjsZVXQP!azrXciAgB-91hoYn_)bnCE^)oma-ex1n4b}SMCrVkztS+1>r<|Tk zboY?fkE7AMO!b<^fEGX(!u$C7x z!n9v0$6&+)$pKnjr;gYXkX|nFRP;7YS62IKIHapN zU|A#)dggQ|=ySPtsCN#_Pj^jF`@{{zm4XMmV9$3#aHG7t=>{m!Z@g3`9x|zZR4b5b z(TO5V!5pQy!j+ex4XM#?!in_O`7#xw5*V_dc(C`7jrK2E)bmm}$mMy5bXqj5@vXXH%+3a8E?K z8{QV5X&^;^4EW%LYiTjjDY(K{Dao>dCJnuGrJohl^oxky&_ z$&+GMIVkUrO69L4iMJKfjS>{&btUtuwO^K8mTN-Bu6B6a38EixCj7+DBFbXnbVXQV+#e*TEEI{IoBEqE;mfRDt#-w zdiKeqksNW0QRCQ!tpk2P%H0d%KR(7q$)slA$<3bM*y+eKdG7to^Bg%UnM}JF%;fttX4WI^QtI z{inxrn-0o+Pqn7Un3ccX-SKgyi@$^F_2QXo_F7zEE)QN6PZ=T4&z7fMzr>9{SjFRBVrHEe!Y?8f~ujRUG z>|~8Bdce1hnECuQpFx;}n@33UR-W>h3baJ0A(*gBl};PqdLbpc=%Jdzbw;IWpv~*KR>rDF^ITb823EF!SiX#sJ`A!`p{*OEhz^f zWy!>h>-4MZWMP-=u4WZGThhva+PEu(IjyfPWD7`r;l)R#$Ow)Gnc;Z>08A&5dBn@rw|-4a<~!UBEzpnnKDx?#_xXjRHopY&gRntucp#~ z)_q0%rPS3Spq*kdfyAb%EEpAN`DmosiU40<^xaLLzHxbpsB9WqX*w^n<>71 z?YUH~4ZR8@Y49rO-@D~UaJx$olQQ*+>GSnzEBGKh2QG`QI2mVI1rJOY7F(@IG;OpA zjRmF79p>iDsk<-~)dwHH*^7zi8U8B8ox%9tJ2t|n&JWK?)1DW@+=t?tO9)X~GJO-` zAIEAa6z<5kYh2ND4SEGB6*wWGvi1vhLXT$e%|6i?sUG2W98*X4dC3%^8 z>fOAFW#uD}X+h~bwt~Qg7+|Pu?d)h6yf?IJ@d;7hAhBbC!hdGQ)VgQtzhA5RfH&ZK z%@6dOprP~=K&m&3_7cT??jaII$x5th+^_)`KzJb{i%oPoMQ(Hz3VJ|b(n%<3-TW%W zN-6s=6R~U6sdUslA-!`=K{+zt~@FqL8tfe4d+*w7g75%?R~Y`^9Ww{eIdVrphLY; zcjbKj-rkHT{*^;;>x^eWcqLIRqpi5d=K`2E_j{lBJOA)E z!f?hu_g=?Z$2!*9&y%UagqAZmaWy*lC95k@`)I5B%4W+=2GtnHi*GOV=pz%d)EN%b z*w@>PlOM8k4+)?;o|G8qrK6)#IW++`1m6q+UYn;lczB~EKB2>!DMxef>AZ02X3V!@ zL%r;GR;+$2gBh8)d)n=*suka?wq8x=OyHEwGII#88(Qll!Lsv0QOSv=+ZHPx=&yD> zp9mIh@#s=v@hj>1PC~jp_31j=;jz*VIXAk7dDr{X4(bp;Z6p-+1Ib}ffB8zEw$N%j zXRv|PoI?~J*|TePWnG%XVm=G+M$nJ+`pVc1p*_GYA?jsB&vCwQsb&#Vf%emyE{mmu zN421+-002cooQABTfKE12Sd$pz6WRTXwX#?^H4VEBU3KLxQr9H4UGgAcjj#b2GWYe z#T$UJ3tp%VyiR7(ocTUp-RL=cxLnF>5niFN=6k$|ueXTAGO25Seg?SSXnsDJM`fR&*Ib%8q?Px$SEag5l(e70SP-j9Hl!uCzskwE^W~U32E3Yr$4x^K{vEF# zPbNEzQ+|3)ar2FKfbPd6tG3#QxIt6}I<%y~WGab&s&xN!Q_*BVA$~TmdMFr4S^D)A zG*KW~&WH@+syiL0QeKtI%!8umR@gM^63(|=#2PW95#u&GV`=*;*A%_=MS3jAm%!YQ zQ(Xn@D zbfQ^2ews|8llRw~?76{}osFOsB*iCmnfy`~vrj8Y>O&KgKohyx4l_E^A&Xzkw&Yld zj&-7;M3WKa)$yg?o`~fvj;5zF*0bWvFN3s4WTBPx;djUty8Q2A8&r4;_Clv-R{6)N zAs-QwL?NkhV!)1aq1)9bGe^eL?d)c+(^7a1vj+OZ)ra}}2h|mNhhY-%gseFBsCcuO ze4ktSDZlaoz+yQ{%0|E9pR#y=-wHDCA0v7)EX{;M4xGlple&>i6Et0J5ro#dqQ={ZC+YlaMs@ zC;YE|GvK#a?Ej+A{=fR!wI$R%`JRGYJwS&MowsOW)Z;5h4l@Px+X+?aDsaB=sR`Fa zF4)2zH#}+!WCiX)&5%|;PbI@gRTXFzuWmZ$0!O&m2!<=7tUeN@I##If;;_{EUZ2lN_1&`+h@oA3A==QwV z;}LC5&zbPEq@B_Y1tKWL=$4$98DH+3Ai#hNUO>GhIJ)(8j6OTr^|raKP*$s` zOuc@b&8t)@$b26SRoCxt{PV24fulzXBIQWiOxH@j2!u)F+xpN~yMY~J)jg-(GJ5T^ zb1K{mLqEl8kdq~-6c&_DsH4jYOWdGY zbTZDb8mC`xS}1a!tW(Oq8jFbO@36W*YpW+)NA~K8f)lip;>Z=drGOie^Bx8Mdxq4V zb1U8kKb6&v?h0+wN{T-85Rt%)T=i_sC`L{Mw_)VnT8#s+RkNt+0tv4g?CG~EV4PG&O{Op+n^R15u{Q8#3 z`*$w4JD*`hLCi5v&ryNiQ@FOI-V-&j=}q>4&6`PVPKlRKGQUF$bv-{ zvMtsx*RDs-EGMTQvPrO|&Jeqgdu?{S+mf9ueaK5~|s>3+R*9Tr7m8Xs-`JOfi2Y}60yUwR}61_I2 z=5ewvK+8zRFC84J$VJ&_WZHIY`)Gc4r{LS<9=gs3y8SYU@)IP@_L&kNTSQ&+`=!&D zqu}=aRBH$6e}K$2f29$l6b{WlqbRj>2TcFQp6x z1xilJwu1tuB^&RJQa`)Nl%#d4yizdKCy>*o^wE{|{TKq_`Tcj?K_!uSwQ3cGWIpvF zcGqBCopG`IbY-$}bKEU+1!(TD4XQ1*XCI4%RCzpj>hW+gORG7`^iHqPeVN_$qkNT# z-fNQi$Km#4)WNe`PqAatMRC(n_flqmN(b<2@U8mBX}aM%P*)5Aw`wo>wX19O{zl61 z*5rE0jvkh$!qF6tkjvhn+==XasC$>Ej|rECr_p`VBZ>VkS6l6>NDjMLKxTVVVs=;c zPJo`RC#j>@qUYJFuJu%naU(b>Sc}(U_EI@sm_}niZr4ZBzlt%9y$IDiZvJH-oo@|D zdq0Ce!szVwVs|^$z`b!Hf2K(LWhQvOhFOSD1jojM%p-B;&LcL{pYAQrgzDf&N)yw^ zUDN-mnxtH#1qZz6KT6*TwP7G5>f0T~EN(wp!f%JBHc&lQtrh5N@t6l;CY_I75Q8gbapppT1(vS{%28ngpt! z1_Z*@eQP`HIc-lLI?_$K_Z$_h+v#NBsp4Ona{5+#sVmXjrelgsMz-uQ`UoK{_aG<*PWs2xwMlBrLa0Oa2ULX2x!=0CZAzZvDh z)-oWi^+ci0AifSev7u_ktTy!xUP1Rb4Tkpd^6>pZ6L_n-l|O3_tIw{J;(Up4L|`Q) zvnv%*nuBKGF%#C$8@y(JbqBdOO0@A@E|1s* z?ksc^pZFUx>81;A-Q|JKn#B)Rw?6lv>>XM4%EvOzfDU$#-r|k zcSo`%1dh9ashEfiW!*B$L1)wDj=aHx7@y}E0^B)9*44CL%`rJ+$OXWzt*qY(TBi9f zXOg7vvegQwh@E;r1Y)j7bbL>|u!dS$a00*2udL`koF|bSRShRGJK==ue56Yewbi*Z zhh1^|-7hfPNBDuGQ$PYlBrht7ek&8$dRTA0kbq+_dl4TEej8g!)T14En5bl6H7eLv zw43Y-+!lAfu8fuV#q)+ z(5FPXRcyj!+C}IpdYUcV;JAwpr6Sy05^O_h4;JENFtW@Yc+)gOeG)-|ydij$@qO_I znTI3ZyKP}yL6%J|3;P%^KG9GKFFCpP?ZqsY=~Q?3G?X9cONPM$>3%_$_M& zfIObBAXn2>iL0oZ=yle?I%|O`SHhHA$CAgh2n??z-IR+ysZjSeH+CG_H->}nT`bsm zr6?YIb<6gf1>JXdsWh9_nkTu)xt85Vrw8+fR4OhB6eFK{c*NRYynT*lc(NLbODJ#J z$HIJxgKn`@z#+nLNYIyz3z|rZSe34Yhg~dXbDemaI0xxPb{WHZH`Jwd7iJY}?>O`% zYFA2;14uCHha8iXWQK*?*X#-X=Qwwk7dO@O_hdQ)9KLr91dt5Zw>-Nz===nN$eOB< zRHX@boPJ)C4&3smrX7Ay%B9>DWDA8h!?sunYN=*VuPYizbveC~?c$+xEAbRq4W)AV zyfB)VvxfO8Y+lGSC*MPh)sSbimNbiZw_5F}QuKmc?9`6<@`uj8NHaEzgz@|xbr+eA zXCN9=4*9M6t5uF#gKD0N4-^=BDnKCRs-Ur>qcej1BWx4xw$V<|s%Svl-m$H`h{gnR!swx$#rPnXeu{_8exJ*h{GSda4UZ?p($aS> zU3sat)Lj(h4#IBsXu#`v=mu~fA$x={w1427c zZ?pTqL3*Q>F4sO%&Rgl*qNzCtnwD)6ZZ9UJW=^%cLQ6WXr2u9e91V)lc#h~~x40#9 zhV%DR&V}+!4=BWv5Ims}SJ>Pk9RGvYPLN!xpg8`+;+6inIf=S+55V))|6dW6QY2m1 zx8$9LLo;)? zA%9Jx-^@+og*xV82OqabQ4(W|GpwDi^z1pqX@b4hybH}QZgRl*6NV5;37mJAaMK@e z-Q~N8E{ei{-QW2_PRG0O= z{Q>wO(7X_$QiM4E#80C|JcfF**&5X&p^SF#y*TQB0CLM~-hu?gaEQ@#T50YON2$4I z`E~$ShjjkHDn10Oz&*%r-id7;k!zu;N^YpP=HPRksd3G4>h2t zbFn1*3kvj>5L_o10A~|RSaB3`yCa#Q@i9G^!Bm96107+s@^apL&PAtMDiYajbf^D^ zLAd60w6F~3Zg|$j+zPJ9x`U~5R!4TXp-$RYebBQ-zC+(CePQ4ld>nrbHZ?dJeNx{K;!(#hD*}%b<#~=eGtx5+3`$ebMiQCVUgaI{SO_!uwMT%PgQ#r!hv&CmB3gg zNsmV#8BT6I$@*n&OE!qv&Q*yxS(5JdnIBXjcT>OgP267(_XTn~QjNH)spuOsHhRrV z0FnGKZKN0X>uUbXE|c(BYv5;4JJcshWpc>R@oVv^PQ}MC0vaA6y$Rc?A zo<`l0O(n`TxJm-)iBmqmelG~>f+C(7&BKd#a~nVpFI( zmvH|eOZxvSvIy=@!%#ZGy_+=b&YsS5VBvscB=vtstdVoC%UJv{;!mn+CZ1F^^6Loqs2%={_W@Ie~abW34Q1P(&vUSW0_**;PiPR z5x}c~9Sm3PbcVxP9uC9Tw)x8nJ^ozg2x@`1!V4bx+adGphwL2^yd^D62hKeAK1pQI zE3PSPyCjV814^)4Vv`#H3W4~S1o{5LD>9aB+)y0IWIaZg(#C`?j_|Hq&2F(B-*cD* zXZ`~eEX9l~32-s8ewEKfr+5G4Jqm+$v{Kzdf4nX%hH@Rx$#@p}(DG@jy{s3oM)2$^ z`R)qL7b77iSpvJ486NpTb=d6SIg_d$_Qe(Uje>{lyO9wfNW`X+xBB_n?unk&@Z@f3 z=MH@*8ruQ{e9*=J1bmd-^%TAXO6M_EFESUoLm8Vpnr%^|72||#%SU2z$1bX;38niO zt~izGs0N9LA*45iqiT7K3mqN?v?;T6^^lM6>~bBsyTY%p7mt$LR_2wQC@G((M+~F) z6iv1B|AY88e&gu+fZ~8LPb(@M>%+rlcofr*XX;QY@rS`AFD{HP$#i zDurvUqvg8|c-QknEEsVzEc)(VmSWbnoziUS9&J#yJ>B1PQD&4jwx@`Bc;+sSdB`>7 zFc_+72|S))`3Ta0StdJN;&}-d8buq9>PVRbZF{7Lq}y%Y~fSQ#;bx&!&PoGNKGsbWet|zvK$jt5wQaPAVNKN>q`c z=0j5OD6GCe9Y!bKmA8B6l27a9JEi4QsK6mqcaqrAH85^X_ex~4`E;=EPMWSp&rlnO znug+_x?*$Y6$_6}gZRLb<7;chn>vQE?~aUF*Mb7xsQ5cP{sau`Q%|<%R`wKj`7~UJ zhU+=w(^>cv8Giz?HN0F%TcAF}UtcI!QBRpAIXlch zlZD8Yh&JuyL$gbDRy!eP4F;bw=H$J^L~Fgn?EK<7d!}i zfDj3Nci#rO{r8AzN;V6TKq_2?ZFn`n5!{Xs^*l%p4VcN8d{uShETxU;nXEKFx<#d$T ztb(kNV_pPcq?vSdf4sLzu@W8+fDR{s;DS$&RAxW0X)rdig!!?tI z`psmHS_LV^4`!cU(mRq>VzzU>O~>q~AE@wXb4p3)WEyOq_E>q3tpoHk+0)}v{>_)@ z_HHT8&&*rz0T|jQ%2MSp)s+|C3iCk*K{g&A_D!BkcLAGj31$4hv_B?c#Bp58*6!O; zP%8N~<#{l`>=#eYS8k>=r?a@rXxA>LrlL#2z;7sf*XHi$yfD>^%U~==&RZ;ceX-6% zL4i?iH_YnNc4PdIq}H4qGW`1|*e9h`x1_@aUwZ<{j*#2k3SPAIdSzPkoftzscW&F| z_X5Rx)q=rqt@)`3eXP=-ZhLSy=Q|5@J4s`w)6?##N@CEPC8`*%|9o`j*yF8s#EOP@j_LIvlOV>R1I zZ7Ot=Vq;&A)jnw-XhV#pjj2}^ucScqS%Hi9`1p8}4|Q$ix_d_2^hGSou|476ZPob( z%UU$YYf}M(@)a=;o`(Q~2M$4I>*>0|o-NnY<4Qr-U8aFN%*nb(63F>OPVs*M%lqIh zV!4X_1(t_i{{TywKfi#$vck94=fao2&TbU;{{bQ8-A}iZ{-t%}=yA{4fylq~cC@V9 zih#D<`TH3C7bRm1>dZ7ErE>0`2{q)aZ2-ui?lOaw8>OM*5vE! z5Hczr=5g6A_@w^dx~>krxEC-x^5Wa2Olh;RPjLNcxqOZYSqUh$MylP%grBwsbM==% zsEEEr7#gB}gQQkeJ3imbB}O75_1_e&oqCDR__NqI_;EO<`CH~+#w;mivU|7)ak9uA zJrGg`@7;6toIGqDPU%6d2-M=eWDovSBDZ^Fpmh2)=$m{$iAGQw+ubY3N4o4}oQ(mD z(X_XA>^fE^@5=iexX^7N6F3p`Mbbxt$KEdM;vXd-9!{PafvW%J=pFfA= z$AVa{7)J}+(uqve*xnF{GC$!Vl+_eug4i&Ng<7#Jh3XC}Pbh7bJ@|Lzr4#}yq$aJs z0)}tkc{=AtR=bVKJxW89{noslBuT9e4Z>tv+nHDN;eij(>Aeo;6z1!JcXW%dLJoWJ zPR7i*^CGoV#CT#QqMmy#9n)lsu-kwaa!{lJ4ruQhV%&m$5vnAGiB$ ziTgiivV?*!mPDk)>9OjE`Ad~->5l&EoS*qw)K}OAT(fxVDYBm>+JX)tKQBP@ul5&r zv=ghQ5Ekmhrt$YhB_KUWDgR9N>7H6;+Yb!`5IK+0?%f?~*k zon?Bv@UOkWMIoRAO5q59-MiKSdbR|e%#Dr+_CliV7{Uk>>!nT;tto2 z!fRInGX&?{%@5Q$*lpx#L``7~tVNxCzxa1%5vccwWyuA0zpuWmYcJ zpRMvm`H{>xkAf=ILEzhjnC`2Di)BQLtlhKGP!kxzCtMd*C%-o^vI^kzy;7h1oEqg* zp+@)N;sTM$WiPcGil%qDl2kXnVcD_1hX!hhos_Jis+MnnPXtOsh);Bd@-MrJ>X#hV z#mc(?OdUq{U-xEMlJT`wC&{>Jgi^aP@i-uHFw^^YFD_Mz$~PDNrZ+4KfhM0_cp5cb zbf&V%jV@sk8cjtXEPLw{+-m1tOuYWq)1_00uswwFahoXJlauGM6DgoC$zK?hUmRikTH2^925JG=s6=0xrPesfpub}){&gCwo%o*E zmZx0r6 z;}PA2&;6%YI8-klf_eW3WGu4X+=`8a9D?m`&&=b8I`p`4xxLL!5a=h(6?T2DwQU!G z{hACLoBdHs0M^Ib(mn`I-j}VZFx-sUJh;B!{W2 zteY8=cq#Hc=^Qxlb$p^s$=`|srpN@0Uct-qb`XR(10795`V&PThs?vc~mi#_wB z#TLnqx$7QhNB+QU|1@}@cnQ1#a1@9@fKXtDNPV`VHDW9USy{D1y25*I~Nd#OfXbUFOfx8VEiMl16gkfrQ)CHc*cxT)EaK9OWS7 z5(A%1f0YI%H#q*J5e2#t#Hj@##Jm59wo-Q=+eYQ2PYsupOr4{~gN0gI*0*5eosNhh8M9mT031SNq;XIN5&f_ zwLLF$FrrTlSjvLk=?FDju|8;*;>=tQO3_$&qmf?6zA05 zSnLzn5svy1SAYcFTApY>Z+r2BkSEV5T|=b2lXJlI-fei)%A(?PuOnjTgffq7?Pejn zF8g@@6s84MoDi&g#jR+7xN8eDw!_tY4kmO71fZdY$y8XFF{}#zgg=$R&E$pgW+qF- zQUHr95OHj_+s85N(VGW1^dN>z#}e8!P?^&<8b@xfj5lR*p6P>k^>YUJF6Zi#yh>gh z@02fUI#Dz8MakNj{UrVT?8WR1k2LoO5=Xadd*61}Ou0jJ9=x9*)y?8O*JiM`Bkd0_ z`J;7PLz+8~Ht#;n0f_SxFLFfSe*YTW{?fC1_DKED2^7h2Rqs+trOPNVtHe1*!KtFgRktLl{2gGWsYI?|VHMn{21O;Z zCtv7JLs`C_r^KpOfTc3K*YWj}BdN#>ik9%rY?FURV8FrnD*}r(^o6C7WF*1_i<0o? z`(CE)V)mU}50m(6kA3@=%QcB!VfbR&73|S#v5}T^l&LgP@r;E0|_+%{RCG(M!9|kHhYV zzWM}2UkxDovg)XN_>tlyLyBSSPy7`R#b3&h$0T*&I!n|(jG< zJA>h(OIvPIm}dh@V*iM^L@xj-0uq1SoX`w!sO@&xZF!wQ-5>a82FeZeEvNMCp;Q+C_tp@xc@c{)1bIf=5XY7(Nn4E#}Q1 z7%iH)WLSCPV~x<)c0V;$)-&)Jh>v>fdhmiF^EC}gcgY*`oAcplm`S4;&|Di}2{tBh zxA6!;AV%;H5c?~TI$AS%2(znuZgChF7=OJ36-SHB8}RecMRR6d{!Kqt7CDn-PgoAJ z>qsQ7xz?$%G9K+JlcU5XD<4VAAG+(BAgD5-g2(l^DNwVu{;U_sOpZ7j7b`^*2>L@3 zqBa-7dxB5&UPQH2+y@%1ovYY?GFuDX!xka56P~dTOw?JnK|QjEX-Zyl$!-NPdA(D(Iea{|&xeLLj~4ilh~Mb5x+1DE=1? zYMY#yfP}?|E~Jo*OWpG%0<(xHd9TY@6*$Z0UFI>1g7!a>ff5#EE)MFdE{J`5B#b%m z-o9c21Qx@n?9dAbrOr<7UE zANrJ+o2x8vcw)#X!Js*Ix%#L+@}K*x*SjtrBe$N)JYUGt(E>2--aWX^9iG=e_@bHf z@dixv>mp-L->=7->brkN(|~(-hVGl{QCW8?8)Bwx*4beRCr#yzcEB=Dtr1tlXWJYlQ8QV|ivIk5q*= zePNY4bSR0@S0b}r2{6i`8XsmbfbJyvoB_mh0E*+I!?Amx?eEFl2SD~mBQ_%NN1=iF zP0j<>I9CnI;6o|gsq*;Q2lgKwcm7ED+?@cyhwXZ7X5a)I|Gr37%k`#DB?2@gNNV%R zta=jDg_9(p(bzkAwFZa{B_){~43|hTTn#f_%tep^;?11{EeFo2x$YM@Clja|Cnbl$Dfmww z$!G87Q(?N8Q>8lmXNeBuN3TnRb=)4&m98m!el<{fO&v+gy|v;2Wr-7jHznr1U4 zwTVg@(%VDno(pP!(mlRW^G!uYLFC32RSzHIqiqYbmPjG11(hfk6#L`a1I`SkVNxZq zSE#j=2g(~h=G#&=T_+At73#H?Vqf4Wqh8{%>@K$IRbvLltf}Mz*@;1iS+8nOdZM_o zu!0*Z`L;ii8T>Y&*9SQrGnc-i&ww18qRl4U9cZ84C z(Em$bYM@p-BCRPho@=5=5WH}KSE}?qT|sYBh`=Ll5JIyp(Jo!4uV*#3jDiO$f*G6` z#J?F9X{{LOprW@v_%D9(e;t_O;n06P^W+s@PHgby@ezh*ItYU%>W>Nj9`9feonskH~<>dg{q@P(oB*xuZD7{wYTCPYi+83hm@4 z$gbHRFZmhBnzV_hIRBVQtOiPG1fnHeE`0Q_~M4Udq zf0BLl7)+JBU1?4)3~)GC883xZDPFDH3triA{9E@-Gt3CCu6JJCrYTXyQEh9f8 z+5NQa<}|GdR}MmHs?-C^Ld8nN2@#5V2A7!3acpP(XrP+I;NEU=;=h&7&`deMA0cJS z1Q`=haKT#i6CX27;1qr4JE+eru!6Y=_S>WSi1vRk9jo{=4-M#jg06F~`as~$9lbtV z~>>K$7Yz0aZU1I{ty*wiPi@x9QJJ_VIVnsW-dei_Ehpf`sDl;9_bj-D$%+9%WVHz0q1$H-OvvdYi79wtm{<MFr>_Av=-h#gdn@27*%WZo7b)*K(d`J~xH3u)uhJ zcfibWITZjw9Alqar46F-U(KODGd2E->|R#hax?c;XZs$J$s?ALlpn0?RiI*^8)&+; zh-B1hPa`U9e7;Z&N_KIO4&{;4vMbllw0a~-#~AVshqiL)u6R9VTb?se4olZxc%JA0 zOl*SM8)HKm(+slHj#azKA5<9+aEML@96g5FY>INkt|)`56A!Dw%5N3rjSx#^BE)`w zZ5zy`AgERGh>m$m9b5bqLKd!VsBr)1^%I^nOyo8&d>sZpaRpt_1y%_(zOsaKgK zee_17T8qa>Ubl|#&wHeXiX)DwE+Z#I<{e5`#}xJvTH_5C<&5>MRsJSf9T0xQUc zQAQo&k>#4o{r455Y=xQpSn~?*>M%fJ9yPaNs*L8#|)&ugAjTDETy*mkNYk;4>` z&~K}&tG~Vn8FV<+_xD*}!s1?arQVsF)MCXjhPa+gChW}>*fU!!*h830p1KwX+;`i- zSefDJ3g>;*7jJyYUVCq~s6XGj?q&z3!KgM7KvDi;I6p{q_FN>B_j2S)x5|YR(lS>dX z5b4>1tX}mE)e#K(F1=e?@_>c^WpG6$D8hF(%|7vFB5wBj44knF9^k|cC1Jyd^Gzmp zUcHE=2TMe#sVfdV^ZD`Ae0iY@4E;a;`#=2rQ>HLg=aF=OA1n2hQYD|hICNCygqC|W zd}4>Yyp+JHZCGK{n^SyLGx1V`TGKiMcpTw_{4-4bEif*VbD9NsbuACcv{8MAOsR&0 ztURp^sRPK zf9UCE>+B5elIy4?QB~~Cv;rFVLBi#+rl~hpm&6y1%4AU|ccb#n(nU6v|IqcM<^kA! zyy+N_1$dz{d{3de5d`6X8VMSLU0j;#?t2CD-7;dS{r=ke*`V6lj}_fa8M$_+JiHXcdx6sF{r9S)=elkdQvy3~211c7_Yg3 zQAA`ajHcuY@-wzLR?gb~b9p{eoZD2HgZv|X-`Yq0OfxNJ`jb;m);Zu1zZRhYa-V>=_HXcO zX=5Cf9DdNYjwEh_dVF+g48MrjSlxRfJuRfb+G1K?1Rnj<+r@c63$5CBr!&c>l9|rX z&%ZDz3%;}1k|Pi?Rum!#_h5z(i8oIbd6SsR3YTwDjw@K2ICRtFCHVxZ?mL^Fj9>C} zV+Ts8AG~2tso&j|nU^18e{^bh&<^k%%ksPR*{(H6M|qyib1wt`*bV`_bI19yYyA7j zwQzbhEf@n!zbDBI`Ej(eThRx0dstfu`SLC+;{)y>j`vUxg@f4beq!xgKbgQ3Hf zsk4fR_Gvv{*@?gnurkl3k5o1pG*8GGw1_th~HWb!6w7Z}S7`0aAl*Gk3l_qeCT}FIWA#P7`DMz9w9h(Q|?YW*(2K z({{?|(Ia75aCQ8%wIfvyseI_Jg1}wT*3VBTy46Kg%J6y$Wu&j-DWUd)%g)a4$n5b@{fwkT7GN=}g{7`zMv!k=a=pIl~!`a{cn8 ztM615{_@2YmXH77)^sh9x93}EWaT%wTJ1?ca+@Tf^;>1UfQ@%`NrAPkVffEG(!E8w za=iy86KV}@Nh3EI;WS(P=CDn;{dQ;V>eIf;(y2m++-m&w_#StC4iyjA{t&mirjykR z4emA>gXrH_Yacu~>?-ASfaUg7IQWY}D5zfX-L~bAdbdWoM$PwAbLVA8&z(q~A&rUl zy$8k&kq~}n?VW`B+iyE=AusLVd#9y~pana#+ z-BV5yQ~UU2o_da+)2G<;IXsCw>hlAi;zq`8Y3So7Ny^z8J>nBqALKDcKdeU>P8aBS z3|E5fEL{q{&SQ@L1wF0jWX$m8y+IeQoF3DI()V_Z(}k0b+%GZpE+{8YQs2097W zfUo&kxZ#c-PzYb&igR"=_o(d>Uu$6TS}L1mFu6L%QlU>V7Qge?=SWAuyC6JW;f z{Rc7gcP%>>IoIF3%t+OF0HWjCE&{HW14SR8I5aZ^*Bg)$9LVmA4cxr-#YnOTTxl=} zald~DUt2q;Q9SWg_A0b5uX$g@8ll*88v0W;kZyjT|&AF!@W0eF8nkQny@aaiu}m* zEhn92ywBZZnAsg7g)e($SOVvudXfuX7VehN#wPRCCywZO&g7_pRwMN~;>E^h7 z-ho=s*Ys_gp3|0Vd0uEftO~|+K7gSwf!Wm9aDzVxsuqT=Xv}I-@Z%I~=&rU@ykX`z z`Q$?s5u_k681z2dGU|gW&#sN*>tdgya(>0)Jn17-l8b6s8|tKH84Nt@OFWh5nG^kY zIw@~C1K}rfJ1@XaQ@d96R14PhOmaeB&Na@3?tf{V`%I{Vx=Zc{EIs%CMmymucE8rWd_dx13n5j=rlgfHH(z?-Z8wccimiFDDs2+ym?IGoEyd(Wsxcb zuct}$*`@7qRNF07jiRMJ^2?3vcBSia9QbzqXnvezyEgW^=`VGC4JGc?_Of9KIxTKsfc`Y$T1@X`V66%O&)eXue&z|Dv_>hII>Zl2Tsle8{4TVhHAHh^Aivif+*Bf-B9Y3X)AB3iteJwJAQrZtzz$uWu#CI>M9q*+7g9r+ zwmRRJeSB+YYcvIhqMPU<#$>LLO=ekAR^vn8^m%#D_hqWRUW=YzPJ4ssYAq$(TA?4$+RzS+MxKVL;iq}Iljkb zPh_}IM7XxTUINSc8RW)I*^*(J<9i@nQ z?EbG#jNPMiCx(}jOu;C_Bu1Dn+FWC}fKmL=g|qtBXXL}BDG7R8WA%rjyABDjny#(4 zER?-moQZ(7&$c7wdD?>G{q)rynP81LMM3>CG(%fLZF%RvH zTDM&(!^>D@)CtWHmadZy^GrRrhU4sof}4|qPTAFDbQA04yBCx5?Y0u?H$4R42jO(o z<;kG-E0)G&;90@#?!M!`DLXf}$XEjRxXLn)SBE1Oqjez*`t>A0hWdxO;GT;MSfGQm z`Y=`toyNmKOJo=yZ{X6BMPA39@+r?>c&_*l%eNMH#XBT1H*CvOs1P4*V=FjY3K=hC zTl77{6rk<~5GAI%byepIa#zFhNz(K-xm}fo22LM0yJRw?%vWqH>!cMAuyl-2;NN`A zuqs1T6H2kaK-=mZXmP8Y#X+rsqjIR@O~MqGQATciHz>c#*Z;&?9_GGnd%U2jl!oRa zjKz=93qB)joL9W$GV{_I<^((FC^p?3zT|Sbqx196t*$k(aG%=lHoGpuv+}S+rSYDY z%vZc`zszS|nQU0&8X-TXed7D;hOV^i1jBTh-K+8?6A$VG0<0it2bmFCD*~Ego1x4a z-XN42-Ej4VU&rRLufKn<@SESq9A^2N8MVIy4q1O(2f1xL^S#2;D|Ol7AAGpzSJB*z zx5r1V3LWmlj-qqc+zynF7IhPS9L-ANoo5v|5_Hn9`^vhi(%C*7zHR3+WGCpC>X7w; z8#ASy8fkWi0BhxLv4s_)l5#IDYLUlj(1b~I>yaDv~ z`=1dp*5egr<2!}ZR;QO5OrY}G-S^Aaw6-w!RBOM|hw$jzWwv*IrltR0R5xR+ym4e# z$mGD4P-KwwrG!OYAvOF5x!x7(haFT3ir!5w#E~VPM2d0CT+y{!pKGx#w2Oxs8R3Tg zWf5-m-`0vIu~19(qD5+>`JfGfP!F^urp@YUGPhszhi;E-zoz70ZPu?+q&i^exam@% zpBT>SVg`$f%Wr0;$1)Ph3<+Wjc)4lz{va;ujAuBZ{$zqhVB%n6xV-HpAsz1()shu6 zi^wgelt%R1k~h)}91*GWSQC#$J{4~Cr-^T02Wl-;zVsx!}{=*j!e zMBz?nVS#e5W1LpPEP2i@{46}zEqByaFuQzropjN)cuS>fMeFkFfb^`UcS3{`IonS%u0E1Q=M=8Y*wbJ%ScNUByvlg(7OhVJi&uLoV_=WG477G-uyr_MWSk-vp@?gn4CIV0wYo*D3!?9hra2KI3WsY z?Zw@#6d{wQ<3vgauw?Vns`1<(K1Dg%QXjb<>RtAvPyKHz-6!4B$Q1Z(pU7oL-)}`^ z|7`t5MLx) z0@VzJguvezk(^5<^^*VeW+Ly0{K@ESH_5vT5{ZBXfm*jKpsl@gIcv|K#V+s-WH-x36TULrQeDAF7C(ABu5_b{K~zRj<2^ z+~HtN^gVZD8Q0J}BTP|{8++68(jpPo&(pt1_8YhmA(Z%E2_YDQ-l?xVWNc`6>oxOs zB1POtCl81PYFeT?Od^nXd{aAKoW-!TY;DUvg)on-i_Hu8S(FH&|2gmfKTHWCc|it;8W ze|MRpAI97t25i}7Xjt4-R>z4RSAUyiV`O)fSb8$yDvPP(=X|M|9Tmy(?%sr0I|aPp zP;m#DqTLlMU(Hd8Ai@abA?jJJZa;k;_jXv3ph$yEGeZ1?Pj0V{L-Of<|C^NQ0G@wV zV-#|19;7CrUx}x8?2oB}@{5?!umX7gW5wO$D8Q=w=dhOP@=r(1VcrM1^%a7MZow7m zf|B(cmFV%wCGPVGe^|5Wqo~4h`xy9MKF}KU#hXuuc^>tVNjmQI_k-LP#rig} zJt;N$2@PE>Rdq;?s-p_^LAxsxLd&_*zkOG);e#&VyE2wjqSiZIed>BpEk!wgx>4XM znH82%sP(i6crSe5dH%J~t@}0jXN7WlYwcPrINJ|0T3oTs-jd5Bud&Oh%JZ_YawH0^td348qdchd zC|${(Pn}L$@YZkrk*7@;CU(P3?0& z>S(d)3uDhS^oRCE+bRSz0r8JsV!3{|Q~dMGd7u7G0Hwz3oP68EEjp>t13t{awkV$W zvTU~hNFX2djE4I6>_(1fP74i2T+4Wt#i(6J_ zt?KPt&npqt&lA$5eyKu2+PAuC;|8-`Tdt1$|Esn44r^*#zlF0cSg|1%il~Sb1r()8 zvmqT+P?W9+NR5CHA&^+MT|_!cQ|TZCq)7<@Q9wdbT7W=83rGzl5C~~^uApb{eSY_x z@4L^v^YIUY$zrXQx#m0O`;IZ*=rQyAu9xSJm2b;T(tBgylS$B8ywBPe$G>B6dp5Su zSe<6?NpHyQCp^CR>}SXhT;eCkq=R=fw=L5A6;#_Ye2;jLChDsQLrNU648~ML5$3V` zMZ0tg{AIAQt!0n;N?5tuAmh(sd~|DGu4qeC;YWpWgrZq#+U4$7-#&&BDsz7t3!OMJ z3?`yg`iF&#y$$VMjIxP_t7%fXs$*~VhUiGt5M&JS^cXzR9Ox)b!hnvlH1}q_!Ov|6 z#+HtJb@NALlUx-t)qsHbQA(QJnyp7Ftd~MS{ z%?oU|?{Ys<8f8@?ZKaZ>7ga7kf4-)y?Mtfq8(g~6gvdYUJI^ zb+G=-MO>~6f9v-No7*U0l{`q*%#Dt+p$a^q$GLtM+&m<=Yj$GZTo_*!xjNvANxF23 zszZ5==m4ZFT@9tAP6NwnDlp#IW_h9U4G;CT^Wp8Op@HKg z8sVJo*Gkm1| zqrx;ov4uLF6-FR0mS1zXeb6;Y&6IV%oUGS+G zt}Yyq!J+bepUL(XVF-8 zKNVjZLp0BhI56e9$jZr;G{?pWL zsi3(ge*asUoPyeqmR(QVEwPL7W1D)WZK|rBjVK+LS~|=LKDcC7|Ew*7Bphbu zo^ptz0b#@FF@LX&oxU}n8<}u;fws+ju{l#=s6#!xF!85j(yb2{$M)PGkGDPdda^=( z^Nm+(f)`Q1^l05X66TiO!BM|lx`q$#@*u&n*j;ndPe4}f2KPDOYooUGxKZ8 zmu6hNLqo>1u4PNEDM%3jS<-&PL#otwHkXp+y-X?3?gQph&VM3Yz&rrFO*rNFplvT8 zan{v}m{8Ry!Vq-|N?TUdW-ezwNpp~+!d8G8cdvlug@POc>~4s;FH2$Ds17MQYfj=u zIiRa07y3l_fDfOA;Lxw}|I~lZ3{?0}Lv9I7nT+5Qkt7>juPiH^96DS9Dt~zk$+x;9 zn5I*03Q5U;j#E5a9y^af6VMS7=C8x%V>S1Zi)zl4QHLt2quqPrtzk2(_`X8Jc84{D z6DW>CJ9*2Lw(%Iz8_Fxkf@jvh0TS7FuXB+(_hOmBkJtBhE?h&7>K2yHZ3^MY9-rzh zJ%mh1xOcpE!&RH2lsi<`Dp+Wf3MyMw_DZf71A%tIxJM7>9-6*|&G#<1+pz{C?%$`t zHp!wN!uyv5@A3L6A_}`D4J~^vmr^te4xM1=7W}G2CaRBLuLNBEZn+%BGO_K;gA0N* zP|FPoiWl#_k+E^=RbAd@?eQSlZ+TwviUli6OX-`Mh668#JqSmwgME77$+=8@AYPeU z{b;JKsK%Tdw+c2X_baD)^@XU?&seRI#zdp+#1mODeeb$G^#tj5rkjVTKO7nL*8fOp zvN;u5oXSt)?e~crD;SU7PSnZWdavU$Mp`;&b_)FlK39HJ&QDzl=tzrhmqiY9HjbLK zR-R2I1Yw|ZW%WMg!M)sFx>wvKK97xg(ko`f>lPC|!bXkqrR0-UlS@6(iK`gjP@hJh z2a=O;_?Fsf^Oh@n*dLfD@|v6iY4IAeqcX6`*kSUxCtJb!Fn;neU5NT(*ofH|imlWy zrW2IaGv*IQv(8mM!cWWF*dMSt6dT|$V$#ldA-~%v@k}$T+PA*Q)QVmA9f|NItVfii ze5Bxt>N!8I(^P0w^KTInTM4d}L8|2P8f6t&zbTX<)6N7?6VPRXojmxuAwNtia1QT% zJ~Hlo24FpuAK>FhEnT?zWMNr$>ulPR{yH9eiyUeVj|FmB-Erq^go6KS$K@u5nb(aM$K`&LWm?tfKj*~yrC&Uj ztE_?!-ipq7l|4yd?ucZGJuCIUA}!CQ-Y8FOM)XoqoXBGAFxzNbSjkaz5&|C@>)WqD z=z`tV;2Ra-bJ(CrTh!=!xAW8*;k&zD+}2geRl5Eyz&ZsvU>m;^lJair6g`d$%Zvo> z4;=wW4dK)dRk<~CeGCzJG`XNH-#BTTaRK&G=W9-a8e<7F+29i_lj^it+Khi+-Z%sb zEx!B#oGHA8YyB2ZtxIvq9(@?ldtGhRD12r%2jI3rrKV^3X7A`yrX>17nL9T0c#VLP z)v(Qn=S!@*hpE?JemqR4qQJ$!NWkT;d-Dlfm@pTxxdUlUk78B33!<&!rxY|W!)gbg z!8OLqy$Q!J)a`ZYmT)y6{eHrA9ZDMSXWl%78l6ZloJytGhff9|OW12ikoUjP_rUTX zwW9+yR@koK^i_zsBM*V;8!5RNIbj<`>W*sFH~GCD>=Zp8bPZEIta4v5KJiR<#va44 zsDUe>rfTV7tBy_Tt!18UsqW%5;u3;hI3CAEUQ?gmRoY2>{MIvJXBL6{+GfJ3@?~(^ zcjh)JH{x!Q2Nyk;?r0B}u7p`fj+LBfutn{pM>=&6<0|u}zWFs7ew|9qK?am>K9&=Z zt8D0V{)d@(TxF$x+2yXY-MCEOn+b(q#A^g?4|xnP$$BE=c%mDL=TRvQh!8>870A`F zOOkFUeg5i(%QBcR6R(mV{jquS&^WWnLZr?+rp;S86-xXW{yceN%y#kpRTIGN#9wRa zmIE7grJca*wy15w;<%UrtCZ{i(P~dJ{#~SFXqbIv@LD1%;GM|EcBEsNl?}#pA?RwV zmSKCb>V@v!x!IsD-!-seX*}F7vYf3jatMDh$1nKZB*D*QM>j^fJ>*3b&0mzT)0?n9 zPKKrGw<#wg`jg|QO!tQ-Hae-E@EY`kFqJ5YvCh(30oX7dZQBAp$(84|`VHM;^Hl%r z8VflF6ez~>HM<3Rp|b6JO!@;p(mJ#hIlr_$)$fO}Ys?@rQzPo#(~a|Y+@#e8H8&Vp zjjT^M>1$MAX!x%tBj_sWtu|nd4NNRd@(zdywpY4PcN5CqIo_~FN?iBgRNSK1$M$qO zBq_T1>tc5N%v7Tqv;^doTx%?y5F>Ym315BKHmw7v?IEO8=o5FqCd&%R<1z@Qt?|;d z^9@A|f?eh;o=*_jO0=r)i_=EK7bYB8))tyn90hRGj#Ku}I0aO1$;A>w=TvwD+Ob}^UC%3yLA<}m{ z%>P2eueqRzkIeA7WIeQW-8ClH9n^IjBX=4M<|^}R$|a(Q;i~)vEbr+@G}c$fBcX5@ z=d~UsT~qW~9FtT`SB*WuUMT&+p1DegVy?@7W3IBNKLg)MitASLme8s5Aeh3a zpyRK9ghOt|u&7-b7dwB9CXV(hd)*IhxIbZ_wB9Qq&9>5(SUa{w&OI7}Lv z1D}y63~U_4V2{u+%U=bnVq8fE)Wqp7T1$}tqgf!gO^pgFt5CMC|Bnnii{+YgBYBN9 z4*PE5A#k>Gy!!p2AS|yYi&GvV({Htsbv=UM8ovO$g@z#646NPe)AK5=V|iL$DACRL z*8_g60@o^8E;#p8-WipEgjx{adL;k|_%-$(`wu@y*t2Pt5CU8tCsphh*`v^(SRQvL z|Mv60d!AH9T<80iq}pq*cS{0xmIOsaL*?*-qo$%}XaE^(_Ie(W{eg3^M#w`@aGsQE z2)38*TVSY!K;+Yp{Iv78oOU(gR)EQ(3V&Z6^*D7vd_`5Ly+qu1oU3o?q zIl;=q(m%tkNBzQCJ*u!fhX)(7H6k5FOD1qre{&Olk3t~2$Fz>)N78}|sc|Q8A3YGn z(Sb*~z;I+);Lx0eQ#vDD_r{`GlYI=kk{Y(jBygx@^D{^FOfB z>)1?BoZLyB%lCw!v|Oj^@3h>7Ong{a;q~m)w$uYu7d3b|LrM<2oNrsVDRb+Z**cle zR;(?iX7ISthg7wZwc9O1Q}+R?Yo{>Kd7sGBVMsD;o?1bCFEkEWi}(YUxTtiPts$x) zRD9k`D)Q6_wTxwJb_ZD-y>WM&yH2l?E|#iD*P2L?LIilw(bCKlva}PqUE$G3MGk29 z zp%Nc+;P4Fo8AWB(!8d-f3Z|`ili-Bljp@$6(a(=4)B5Z)vkU?9S(K{E;CbGK912tH>~ zNoKKJTY*T){PA6)*UsWXq&gO_q-&Boq)3nQYYoR~Hd{w$PJDV4FSY%%>zFCg&W9`Y zw4QiP?iSIp}Xf$)Yn14;f~|Ee3m^{^V6@`H9Fnz}Ox=pa%7jW+l=I@L#$jHRyI)`A2QhdsX%TtNkc_J2c4 zZrZ;nXv2S_p!tYa?=;(cN!DM~Wq2(8?ECrlIP4uY!)z&lFm zUENXk@_Bglbm5ez9538MM&}}>9QwBM`H&Zg@M=GNS#^kOiI;V1zcqEwmj0S-oa!xR zIrTLAdo6}wro3ZgN`&X<-XqzvpsS0zrWVLn!5>r^LZwg*tm(t=VTDN(aOrHy(K0bZ zb;d3xh4?sc3P8PUdRWyRnNGWN1_g{ho1fB5nUe4Y%i717Yvbo?ork7X8gf4IPZ)m2 zw{ou5nt#^=8k81Jc=?%Zm6GpsB@!*TQr#A)6zfswsjK_B6UT-G5g_H{f;JEwWjqSh zz@`CxN@%9wiJBq}AEm=ax3SX847PyOe=*o1zZ=pJJ1&@TVuvwS~pk?U5w*u(mi(j6RIhtKI(PX|JsCiL$LX zYnX9HcX-=cz_T=d9iR7v-0GD6#52DwRS} zY3Phjnr*>RFQ*+`S5wHh$s{cpDYYJJJP75L^vxy>$7uA2p#HJ*M2=UgU#o&T1a?HC z&i@avvy0;J8|?In{}b$dahRN!cc(Ir%7N_B@ks6_))r6E(T7qdR4o?0X31EIta9zO zqFZ2k`7pJQa-sy*|Lysq8a`-28zqR2iah+xUq~{5E2n5D{(*-hq3=>q&7yC{Lz`9ib3w~+v1o%aUWBP`V zUu?{sVO2t>cR#`w-20dS_CR-~ASj^;>mcTw7cmSz2Vb-u5Cct)9-cPnq2wR_`Eo66 zU*xs7E7t-E(7{UvXHQvl?TkB2RHyy{n}MFFs+H$`cPOq{XsoL734J=dHv8^q^j z&B+o0bh*kuzq`=B=v`!)8){hA=ZUZ3>;8?5>F&NKfTPMtM^Oe7XQ z)?U-dM!pyY)~=!CV37Q(djdtW10{pD5RER@_TOl9lcq$LP2gkar8oYY$f|zE1s(*C zyWIkGu`3AcYPxUVoEJ4{6|6VGycm9becn?gNbOY4501;q$S&bqqem5t$_t-k*}dmR z{((WRWzI$2xT4yss_{xR(1`S7oE`6{+aq1RU4I3vw;N>hAj7sW+i<{KgrT4(12EJ- z?oz$+{ix`zro_c;J9O6Lfp^`jzq^fZT{S?uH=_Tb1M!|9`t_e$dT)*Q|Bat+bz|w7 zyz6f4aB#Bx{&Q9b;EG7QoK=h_lp0IR5(9b72%WW>-)2I3q!X+qiB6_{4{E{57bX6r zAN`eJbP$A2Qo7( zky|;y5si{R{m?$<-L$gZKaj&VbQ{jCPJ6ikC(Zj^fNKOq`oHtf0XGa}WlVQ2i;CpS z-PFex(gXJGREoUE8dxhA3^FXMw2Z6gLx7XrZb30uB0kabRBdGd%huyt2k1EgKYlk+ zQpQzujJdV>jGk;o&WBNxH-(xZL%c+!wwIgfxqw4v9UA&7nMsU7NdJ7hV#`YS`2A0{en!Awyl(?0zf`6pD=<2b^p+W7oO)O> zI=h*O#6e{8uAEj+%&aq0>sR2PAkmfroY#BHphYZAMrpb5fXwL+V(D9v`Va9hcZhF<=^@>bffZ=AGnFqhT_8%z#)L`fjZhk z)uR^z z?=|u_o*nK|xvBt&%?_5(&Q@!1ZsWr0b#h!$O~u?V6OB1(uXevUyc~TA+eHaoqBuJo zi0uORN@ILMURb0vrcLU`2K^hZZyBG)d___nb#q!gwi^)bIxEVar+5y33%!k}kAUtA zUG#HD+lKqhY9gZ3z27fLA>V*zBkAYFAqVQQyT$AGW)ntbC0jJ(8FJ)j#8w!r%K)0odIx89_~ z$P*{3xBf2YjE^+VlJnaTY18%&r0qSxm=dH72rj(^RaePMcOr_hngK<*;B=cpH?{{H z6aN-484z($-fU>q!dDFmPlTxuZ0|AU*8GoUdiPne28i7mW^#m*^ZffZ8Zzmb z&{j<`9Vh!Uk;5g;O!v+gQC!wP9tnBS*T6Y&Z9Mj0gz&kPHGD#kSTscF$@o@?eAhOv zGL6)dF#8=O3sX~Yqt-iWl1703-Ta(7SY=}UoZQl=XNUD&3;|6?;X{nNYW#7p{jZC$ zHUUuvmrN6`gkTlK1r2)6O|xg#!Huv8n?3dYo6I+*Qe5Ld(Y=LSSHNxv1xExai(mY@ zTPylXF7acG(FLb1;C3_qKf393y#c<*Mg*T7ZxUrR00;d3j_`duZo&PJnt%_3;zZeh zBF@~=9BI{X#UJqNdAADcX%^D=#^>hFHXxk@QAr5u*L+tiEs%z6Gszfx0L8M-$xiBr z?BkJ39-JSW;)b;h`7h%g~-O((xH3n=NFwFj4ZqNTM zP%-~qq5A(geua`0rl^&p97i@1H~=|D3$v%e>1ytP0)up^F!eq)|EWOlKQ`HW7{lKR z=c!Sk%+ci7QP@( z0;m4Y-Cj4j-tU8<(g)ExH~+n=b7HGus{mnXnGKT)QTzL$9)b*ApxE<1BOva3;BGf7 zsAIxx{)p!Ba+sBg7GSPueE$#3mFcP{{VFRlmwM(H9gf0kKavVS3!muUgzIzP3Ooze z1ov|5(p{xycC!X1Bl2?`Zq=*yNL~khJ&|>emplycyQ+QcU9UdfL<*Zb)wpqEKXEPSaXP_L5CJkELwX+3(xY~ zI&~>Rw>Jswv?1ex+zM;RmE5t9UIA@%2bMeQxK-R$7SUhki*)!SA@5FSQ|kObiwJtv z$}Y+=q@O3@WK>3#L6b*+l76|Q&%0>bqWC#hTg9slyBn%Fw}5Md`+i3_af9NP@M7M; z@rS#UycwB$AO7$j))rWBvGFqccGJOtNDivY+UIf)_G*mVx@~)-q6QlH?pnP70@~gm zbcB?rB&YX@x_|0S@kg%UA5}xgcS`3v#8CO3rAkB8fN1h{>n~IV@KrJRtWayOWYmI% zWi8;MlpLa(em}K(uK=liwYOlyFE!Lk_y3`WDya+PQ#dUDjlv;5-7-o2fbWf#_T)Wq zeRe&lwp-dUxH5Pn7093%;^o7fCgg|kUPr6b_nE?eHjycwH`G;MOr^|n1e++%Z^R=1 zxU1)ca^;nEejQVNHL;+HhaUwe`mYeieyZ_5Vwf&JhT%zzsK0GG`MRg`7T7I7_aurP z+qS;BaINcLYkW-EyLTbf?jYtX8q;^!q(OMd0% zaHx(0-M%5y2g4z)a!|Vk^BdL0-^ka&2`!i4^hU6zd-c!HlKTU^rR>t(l%w!a10ZL) zkfBcpe|$;?r)g(Pj!BoS6{}9+ftN%9uJsCR3xK6`K~eAD0#s81*%`BSS0qhuF2 zm-5kn>d~i6uz|SJ@M>vjy(GAUpeyAst4>Y2=+ucnd$vKNB&BU zt8ukt3e}u&QKyAVjv_^SC&66M(bdU?oTh*e&AlwG#g`ow(psbQ!D&vm21I=$vPe7m z`|Sgx`RFsSnYEc=FM*fow%$79GJOB-i```pmv379-!^%4N~GfIz5+6NWpBbtTrt~t z;Csc@T%bHYU_5XUGM?ts2NLJ@24MeKI#~YR>-=PJ<@pHLh12OBp5GaP+KKwX%5v`l zR{X4lWrem=0Wp<4Xrpy@l}L zDxx~w>~|F88aFxm?e{6{r6P@u4qj6C8@$XYyM6qCt0=QM)Z)2>$x+|v@ZWqL^@1#R}vqM!v0c@9`D+A0@LnUR9$FXFZhAa;IQ z16YgExfG8d_8LbVlrJTBUEh71A7>nrDuP*;b?{UseUvuYU2wjez8Z4J^*w)BJOMT5Fcy0WW98DYttU0)ZTVU*w;z=>s^%C%8Cv#!TGas2>usI)={Kie%)7KG zN;%r~gch2%IBSbDyynUipG-A&l>K%B#S0!tRn1FqrcY0-P4yFBM|^&wHjK4LO*$Ae z)Lis|7@~phyn<;;LSt{8h)D|VT0>_h6pJEy+sl%h*YOqzTx-*}ooET1dzdSqnYobx zS&1Hy%YEBg)*ylvgnu1pztEH}SWC_JUMm(>w~w)~_j3;pacy?g!htNwOZ?0d;gvW) zUy{E?dZ_`AG-30xni=1C|EjO|;Cek>**(BmA*O6ra@i5PqXyag%7E4Ddiw&_U7B!g zK~kk7yZE9`t9kUUUwWK#j&GJbDj-8z#+5XWiuSyq+7+cleG(7l`$NFt`9Gf%HmUw< zkY}f&P?9?AK0|{mmhl2_?@<#x2O2z-b$mS4bTjXnfqB;wGfG`C*mc8(k+z2$o!-XC zh7o0phuw}wKT=(PvPC^S@*vOO*~dR9u+Hz#wz8LtQ(wh~VuJxIlQ39PKEjMBBbkhl zi;J_<^45)d&afsp^3vrPa?#JiOZ*PuNPdU#usV|J=WD2BfuSy)(P>0N|7^k|*)M}nB&%c*c zo;?+NyDSJe*gb~_cW~9dA5zQ1>K_eoz_pF9X&pDxvv~9VL!7-jO({~vTrDa7_|MTX z;!&w|0xkiFhVZ?|hOg=!$#FgC1$VO#9ZH!>6(7=kF*Kl$C(Jh|O^qatX_ts{xq)ar zcZjNOp@?i+Ko)!@E3@b$9PNt5Cv7LO8yU^O+3>`ve*M&yna1$=ma^pUT-I^62~(WYRIJhbqH@@LNlua%L6l_fIMZy(lo zMsN3`TBX-~SbsS(R1(=ywpNPoR*qb$5gY zi;*#Oz3$80)b0`g&!eA1>kf)vA2XPL6%XXORw^$e z;|Zj8ZRQ6IP0xra|3nAAXB-Z#oLxG&MG6MW;t+!hLN@iprcC00pv2K4661 z_fOF~*5^1k?Q(r9f@9;&)!U434<9H@kjW~^bn`H8nJ<2!p2KnN{t$o>YK!YLHjnh9 zyN6V~*lrgZA;8fj`_obo3emzHS&}rS!Rp z*kcpQP}!)(3{_TEYxXo+Gz>7FxGAaV1hNviLI+&%@9nnCQf*zvp-t-E@8cY@*7zv_4jcf6ly1)_E_X1WkHd@0w zP5x>Q>+JZs&7F(KALb<4GwDiJps(Ka?V`jV-fvaCCjEhDqc9?CvldR@C$MQM^2Ts{ z2;!=qTF%6iKD)uAU`EO09P{&qBhJ3!75o@nIM%`xDn@ZB%jq4t>PcMpkZ!@)uB)=k*+ z=I!ST=7D=Bh{&hD?h)b{Sds!EL<$Qj9pg(i1z*gES;mCg`neP}@IGiTEz5n;KdKzEzTQ04Hi_ z4Q~J4_#K#xd*C7ecNgIQzKqr!>|>{_Fp69qFNae&P={Y0PoQrg?exC@UH4!2qEOS zXwF1?)n`H_Lm7H$hN1~U@9_v*fB07DU-g3ji@eI+1jf@s9oAJ>^n3e}_mwOY=1+5u zQb{=qGUx$=FB|My=LH)ms2z$kea_Wr#bTqTHKx-UEB}BV4lw$Ug7nbj3k;qGhf^4x z!4(1XQXI%udCRE%u!Ou3ch-ImZ_|$8#WnIIINLT)KBkd&@=kJ>l0Y+;w&YZb?z%RUiADK-5C`IfmBo?4_(ho{P`@rdD!M#^%hj8j!?~xoF z*BahoG-r){q$27EvO?OuXn_1$^yHP)q35(Urf2&XhB-+*8xl`z!5kdo0yrTgrH)1_ zt+&s-AV@~bVsL#s6j#lR>5(Jh_BciO{FBGH@K8#T-Hy5DFixKlr^#&8E$`1D_JS9l zmyYJ;*T*Djv^*fPW|0!(Q^9f)wy1#894D*FIYUw}%HA$8S&`wsNgAvX;tRWFIi{Dg zE-lRBgn2tT+Kk6;jXYasId4W1a(SNCMp=aOxJSZP6XEzIj(&O#ik*aJTQ5O%n;WZk z+)a3gWX4ItPFE^Wc^!wm4;loH>f1FGHO}9Bw3!^yp+t_vrYF7 zSd+IgyLHr`bH`j5c=AH$wi2x3x9n**Yp&C&aqX?}KVK(+yHH#m->k30iz#KRYGv(H z({07Elhp?Yc%9V2O7;vkhE|}%3d8-uE8$+@syW}T+DtxnZacf${yF^7JBdn{7b-{e zv|=UqcfO9U=O1Xm9xw6Jb9K7DQrqGhG>1G7NY?!N^W;XJ)(#qiq4Vl`XDv&SQyFBW z9gXA7nKN0Tn}>g1y0FR4zCoIS!xOqYlh5gYNIQM8O#=X#&qld%sUtPZ8P@aD{D1rHbQuxRxVfC zw-l9Wm%f-HZ_in@&dz)lKNbpZbe=6Px|;_F#A4v_niSS*`E1ZQd@e32La~d?#DVXT zX?z*)!86LgsaS_)j`9?A+RWNG=atS83r zL5f{F322bJOM z{`>3KR_q9HB^gyq9A0F$@XWeNTCbB^LD@2K#flA8rccVN^O>lbW7P!va7%b2@_0($ zarHd55oXwAaH)yF^~46uH!O53VgrX1e7&}ZMMGO)4>G)AwDRpVF7J)bm_2tkz1MNT zjuXwEMPFW!S^MJ1;wUZ}w`sK~%B+(4n70@0)hltTZ;=V-&BWo6vL7<;e$}aOEQNpM z+UfYt4Q~2O^l8mV0xouSPy-w=H2=Ucsc1bz9CwViM-aEvYx$|}b1)0LKpE9pI>zkA zcLWPoE~1~Xsawsra7d6}@RDz{NqCH}Fy}mpUdj7Pj>54v>sXmO4wIe_P~14^TZA~( zI&cK^0W_naqnH%bMk=-gk!?>2REIyUv*xb!m?Dp+Ncm@Qv)~S!anIsttT8jRToSX< zW$uusGmbltp&YVjK0^sJ9!RiHRx*k(W0rRsQM8DpdezEVK@M=A^62@U+<~qL(Bq&Y z!>{olr4`JtifCwho$RXs580%u7ilB-w^L(zW7C+8>_51IibT)p-uaZE&@c9d`{AYYJ zG}2VHX*r%dEkM_-vodecgQRgyM2I}ocaF6Ius_hiK~h4HT5P+RD5 zToUI)P$#lb=f{RTWXKI*UuhD$M2*J*oB#%+dZ#u|9n9n8w<4mrrTn0YshnO?S!juU z;)Zvt`?n5I#rW@=TnpagI6DvjMnxOwlmw4;9176W*~zrfUP>e2)xS$FMliA#3OHB% z?sj4y>-^A4!7;Jrz_#qp$~Vi|KsSnb6RdOQ@tSI@y(Q zo{XQwR7wX1>q)Cz8K zxBk3i0M%v~)BaHvbGFC@we&-kLL^Wps1;Fd?^y<9m#KO7B6hQ*NV#?xqeQoo>Pasy z_t+I;mTuoVdU{MF(2^g?8wix(j<)g%FL~ApFA8SZF(4;K_i1xPYz3z^J0xBD6PvY$ zQQGgmZ%(4lQjakU0`Hg;qgc@%Pr%Kynr8(Yil)CahXSRYk@c<^Zu3y*tQuEgu!SWS zFm;&qA&5bfp%u)s_V7eSzK|86%XP4Z!p!HG;f^@#09H;YC3`FOqM|+8mV~xc)lv_M zkie5QB=T?sKhbUCRIzVHrO`|pp0U7fxZ;JGs9E@OhiXJ?)*xLRDtI@)N>|>j>ypPeSaS$&EKecwQ&4>vp;^h17nEeugOE~aF=li4YgaMYI?Ox?8tV{Ex6C5W z?D{E{own0Et$Z=7V!@G9Y%+h-)-+(UMK) zoac4%#Gfsrcp^9}w}6W^LmEDFv?80V3f>%*GV~z1YflT4ATHIyc;&3aZH}sABep7{ z?dqNq7gEUI_i|DEwSWlvvE2Eya&8nWyYxE47{)A3~#dy^*%}dZ3!9CyQPVtLR2@Yim3JxyM);zFC-L317@b5pE#XF$G znk7*1Egilc#5n*sA3yE05>G=pGYY zEx6~Ct@IP7t(9?&3i3sanOXi3xgJdndWj@PAD!bz42B$`4trtSW-rJLnDiN zRWJG(cBR$ska70@oOkN zIFX}aSUk0_+K!V@_hBfEZTrPa5;OFLie$rYZuxbto{JzHNI{JEhbY1RdqG2@i<_{*~a9pbaDBk U-bsrn4t>f%*Ys@eX@~p&3xj-Y_5c6? diff --git a/windows/security/threat-protection/device-guard/images/system-information-virtualization-based-security.png b/windows/security/threat-protection/device-guard/images/system-information-virtualization-based-security.png new file mode 100644 index 0000000000000000000000000000000000000000..d865fc1715b52c313ceaca02f74380a3ed2bcad4 GIT binary patch literal 84515 zcmbTd2UL?=*De|>q9S|4MnnV@DGCA#DpF$s>AiOgMQWr32qnRSND~3+%|eF|dP^WE z(wovTkSJ9M5DA2kge3PxzwbZ)ch9)zKjW@3fF!KEYpycqeC9LfiZ(XX;yQZzCpMCzOTDL(JgJ+h3HwWEr8QcPasuGUv-aiDq=X|Vf z;|~G}z1aKN=kT8Q3Gg9LfTneT8N@Xp=)Ru|NXyT~#mD~)JHVk{Vo*M>)2Q;h3ZNzaq=x({M)J4WO60sAXkio8+xNfpD{HC6kJ z@EfW(1Br2i5A&eIVPDUvp`IwJ%hlW*N4M7p&9z;BmaMv8se0ZkTYs)Q=AqK5s`Hnsc0RKa0WSEUy7{%HhQk`~UuHZ}izkdB{4#>aP zysqVRGrso-Da3eEM@NbUHiM|*Gb3fY+Oqz&A9_<@9(g}va5K?*huwFneoPm9?}yrP zDrsd~%ws?&wuzRchU6)ji#oRw6qs4LE6B*nEu0Icd9!dKHaOGwSK*nHwZ)K!qYZP* z@X%)kM^jzLmeW!>%Y9Ez&X$fm5%eBIaQDFzD%b=o^XT`w)n457nw7ikWrA0)RmQ|0 z2|@LzqE-LAJbOrce&3&$7jKGk|9Pdoj|aB*s**1lbO3bLaaIGrq|P`*i`+oN* zWok3Xe9qN2@;T_T438wabrb_VaoMpEg!CQ9whp-O#tvV-3#CN+^ zv(^=vP%;fgH>9NuwU|j@x7Wy>f{?_Gq22d3r}v&(&&BzVeM2Kjkf5pRjoTEOpHQ*| zWG2Bk^vKIY%26AAPH(^)YLIRxR-e=PDe%>l4HO)?JI7`r5>a6rX5>)(wghb)5*E8_ zhb767n-ta0J8dp1W)$qRk30_c28Ix<W$(OS@hF_xLh*k6iCfeU=T)jXjbfV3%LGfF&kmR*gl5pN{5*<zm{$MRge`O3F|#_7ql!wT__hk|FTrWHJ#eL+-X*P9LkN2~jTihO%EgdsAZ!s%7)=)+uNM+vKn&>%(&5b*A6 zfp*z*PdGrJ$GpYqax=b!Lc=#BJ&fJeThS__iquEvkh83mPy)@lm7Id=R>5z`_z}l( z{4WS|$4RVbq|wdt^A%!gOe<;^+uFo2obvUy{E*&k39xy6M_4gphV#r}x$wK{l=)+1 zsFPxf5qq1LR_8%&SzLK%wb z1?|jU)NbZ(51852pWdxPpg{WaP`d&Osp?>A4fZU7EJJYaw5?8JJ3VF+Ty@|e?E^8|J~>2;m}LQ|bhQ`BS4KvD@IbKJf2{OZzJMx;?6KX&I3 ztrQjG6#i~UjU1$caI$4nVS4hKb(J-CizO4_Ur%uc<_4S1KT0dgJ$9E6>-_WFYfN97 zKVs2%hS37E$nX} zzsa`6GdV0w*K+7}r$;f46Zgkl#zURzT+Mr$>D;>(G$RtWn1j;lG4;rd6I>S#QL2+g z3s$I0xPBw7?Y2zSKZZRI0L~dMMq6ekdkB(xK(Eh@R%^!9co9!eh3H(>u%i-2U9odD zh}qP}q{so0f9k{Dw^%43{j4hhTIsK+RvMJVP$T4%OZ3@N| zlb@t($PA4Hzvp%H$i2Xxm1L(F#=wx@N0r&j2}~o`(r#(?5VnBLN+i+lC~qu67c4ki zoOUCfhEZuI(aM@BI>_^vHVTrGwZK~w{ptPna|2~OQGuTfkVUKsb}5|M#eVkQuouP} zrLufyxNN>6xeWT0NvAqC>ZwcYPnbUP*I0x>+R$b%Vp*7X!6=-Rm+tMER!$~y^gX`1 z4|Ma}nyzZiRPy4M&5wTm##{KERg~E2StJ8OTtTGCGEjI&xEc2Bw%W$0^^69c=xT2# zcB*0@Rh1#!1KxC{fmxA|*VwN+E#x59ctan7K17g4tkKkHBZyURGLo?6LK}sI+rod$ zTFtK!e!*y&&t=G7rIc)swZdYJRNYC6`fwV%53$9+6)8~sP1{c; z_Y0zo?5pm1Hdz!i!&#`^cpIWpT^_MnUujr_`C)n#tbgH*0SNTk75$G8eoIU^qO4(^ zRKQ@&GiOUVt~)Nii@%Qz#5cE#(V%g5aEp%|b_Yor4eopDvsnj8A_Y%0^op>kSipXO z>DXj2*~?L$@H%lQd|gp&vj8DZ$YG|RVWtfAfW5F5>U8c_2Rsde)oEo3whmqrG7w)` zb)Ggl&hEJMG2quyuW|`>g}_9e6pnaj`?*9TFVo4y!KB5~xwIf>hL7TIf?OFj^HTG0 zvQU!ibBvl1CE>74yE}IOgmjIxI^mzCv0nK+X(V2!B>34ig0G_Mt=a}Ym+*u7y~)li zuEupouJxF1pF65zKLI~N>wj%YWZjm7FU<|QjVYXjZz{t3;$-NbCE?Iz|5Ldy?(q!y zr}SV_5}@?Vm(wO=9`MXQFhUUX94!+Snspp8>(pzsyUDhI6C2=`_~5x@ z@*;}iLCYb~p6VBU1zStqDq442fJ10$Z_C$+-{*&$W{<#5}>5H+_Y9k7u(8PDi|9 z6Mr~m$rQaxn;ARle(UA2RUQi!p5X(H%fmu5e`UeyYt;SK^K4uMw{0?(K|IzZs*eXt zZx&?^K1*QEAj|=!4tjo~0m4=>g)VZ&NKLKgvH47C6)HjS$LFG#Hj-fM9)zDWekyJc z^=>_r4C?>s2L`h&Xai2{@-XHEqGh@ns>i=ulgBK_Y;+2eJ+a%KR$Bc3+cYqK+wZbE9VkX%j)vZQrldhiiDD6VK z8QTZ)>3Z1VvSyY%WWmIi$OsA#o%O!xenru#y7-zSG}D5ZhFq;G4=>0J5mZh2IYq`2)0+z7`!5)rQnn84`fn5uEQx8iX5|FFT>Ky=BeRxb_+N> zB^3A-uGhMWZZ+5@6V5fjhwKKnhSE#r zeX0gT=HaHGemge5lT4G>a%GZthg_l5=NCt-9kEvSImn$C4lQN)0YSf0BhUIIL7=l5 zNy*g%lP`W6r`+dVm>krez@ZJ+7AzZE6(LOPzdr);&g17Dk0y9U{}Os&KtJZu3jSO($%B`(ovf^=gu>eWdKPUL zn@JgI-K9&_R%+Nt4Sap`R)Y^C-#aL9^_LU&8sZJ;QWsbbu|y89mMq4B$gLl^kZ_Dy0qr6$$SZHAn19sKxc%J0 zl*<(+!>CMZo&9yM@epicT8kS#vj7bQ3&pDh3Us(`+jW&LnovTfI#RuWzPl~ zwM5OUjPvNNE;lW+ZBY5*GApT^os%QESs1q2eo)<-2j5oj=;^9mPCCTkK#$N$;u16GZr0?xfiB+C|aD(d_hNDcx(%# zi;sEKzN*N?1MXbuSwD-$41yOMU3NH*f~-1UMPl~dDicmALi|HJ^Q7pW&GA)c_gyaO z$R)h zp6AL>?a}T$9fOSS&KK{{HyPCn5++d!Wqh#LFDHkU%kT8o3p~r5g5cgt2w0>`PvSk^ zzd|GpEl7b?{*39R`{^X?ko&75`JCo<8#U=9WZ%@5{%Bv>5&@2O#=n}C#<}uX6g(?E zKGfyff9)qUKjiyAi?#`Sqy^A?M4QJYQgF$)izGKYBMvM>OW%`&|NN`X0<9q`S6Gm> z?y&-mMB4PAxN7Rnyd2UM`A}Xf5F2IrH+Kg!Ag@|0oY{T3-37QxtO6M_BIh zrQ6$1(19F?x-+ZqjZ8^FUhKt*HuZ|Fra$9O9_HkQN&M}aq_Uw@^kme}p(NPhK0{P8 z&G7IPj>==~p~BTeomtD)wNj>s+v$8W+*j&2Fkoq*lDixdTe9IT>TI|96H?L3I`pO+M5Vu#EH>k^MC04_g7o$n9U#nD zKtdBRlVOwdx9)agWn(|(lqp^C-kUUP)}k;v>yPpA zmhlP7AGiX_3`CcgOkeNP-l;eco_z^$`PUMgr6?&YXR^8zc3%o~3>4*A z`TYGyg6Q4v+^p{wGw1)s)U-(?b_1qhubD<@2wxI+H(Itl_WONh{FWN|RYJnRh2L*M z5#IiOezOwf^%=Aq{$J`>>Ag#>2dad(!NWotFsGMj@M8TMRSo$c?zf<_1_PQ z$m$zRERJ$`E3!|~f3={gHI)7lwE zVY9r8d>~Nc(a}01Lb9Zh>@^LYaZw}j_}pDZ*MqnRA;h5=Ot4R9-~kzcTbvAEnV%IR z1xE=0GtRo}z}V^#pG#_l634}D=b2xI(yb;X!eswUMN#X$27W6FJA(Oi{fGab1JS7T zC^7B9fA!#yA)Cex{ZX#(i`FfgfMfd*huBep^5}3A*ntZ7Eg)$uZmgay!Rsz+xU(1I z@F)>r4S@F8zkE;3&+DxKcKziRz@x)8#G+>vtQgK1x?l3YU9qJ^srw@QRD0Pl~rh4s~ES z1YkVMLl9FTtZm5xVVJ%9-ns@FEx(n@!9V!q^M$BQdF$K>$mvtaXEz^yYX!k@o1dB> zNTD)LKCGFaGz!0am=ub;WJAG&e+j^TeQ^5nP}E79qt;%sct zb*ax*SYtDEa@vM*rgL~qh^mJmAd1JHC=(Zl2#T8*eTgQcTQBF7+4g6XqsU%`mxPwO z$NU9|F-#3%bz+>`=)Hz<1tj&bhf+|pqlUv;L)Sh~8%0V;yKcna!vl9SB&YPJYOaNq z*2Kg|OZvx+;vGQrduZgi=+F(u*SrZGF-4`tItfPY7M$+w_qI72zKL64Vp#$s;gk_m z);q!*YO!qXU`UvQK7V>ez0{BGc2W|W@Cc8O_$3b(>L7)tO=(>#mhJR?|4Leh99A8) zQ0Gpd*~bo_HgfqEn6UCTHJPpuo?)0n?c`gAe}Bi@96FfKI+w^@=FTh)=rz1dP!VQE?Uy;n8$ub#*}WNyjq6`60jU4|%Vn z@~-MgL;+?jWO2=Ox1ynU2Rd@vz^q4gEM<#V6!EoH(%}pLbVYrL)M zVjYdOa133HhfUbdblh+p^^K?7e>brr#SSaWmkh5mIylD`KGbN>WNiOHCt1jijUleB z50rH|r6ur=9RNLEGpBy5S=Tb~^A_a>Z#A3aQ68)1)81Llb~a_LjwkorgBNPdc0Qci zKo`NBg``r$=J@C59IFkW2bc#S$=vFjn#;^Lu%WIDYVx4`yJ*!h^6G#e)hLv^b@KJ3 zJbD4f4r&^SB~Te@wXbj(4P4xfirQ|yPXTpf4sL#?c@!JK9@~`#h{?z`U8faqmWnDT z6x|h3_gsNqE5>=0Kik{j{1FcsGJHjG{=?7?ISjc<(F4jNA`Qc) zV0}<_?f@ua?M({RN~2jMr+fZ`Lt-yu#xnR>=6rJs zu-M^t@zB43<%tNe-4KSYKRZ7y`)>Wa#KP|3cQYO{=M+OhFIE;;@C}2Z9^Q`~DWjIu z{UsrUyvuPS4Kf!ujhN(B=5zvl*mg(?XYb;OfXy~6FM)xTu``@`xTL?r-8doy0=XxT zWnehSHDYe@UV7V`7kr?_K4YuVnvyBog zd!M+ZGj*S-qu)%?a$|-t{GlZqA6G8WO{t%u6VUw4evT#NLO>d>d0xMTwa@L@oj$n}6?3tG0I!K#~9lc30C8zF?sQ->48!aQv3spUm!zdtL@-2kA1xSMKwD zmFcZ)Zk$tYp}1)}swzH2|Cld`B7fQ(%BXrtIuH1sx;@`ReiejikJ|@|F!)drPR~_^ zJ#dtvbFjaQ{KO)b<(T43#eSq+!%06eDv3a_kHriUtQ<6TX1#5veG4=Jf*fc!n|Bu> ztU}@O#9d*S+**@N+YVX{(WLd~zish}<(}UA5A@x` zWI{dM*TGXnEhL|fZ}Qh-bNQE4)aktb{4bAQG1$oiEB)6jP@@ z^OPhHg11NLSDH+oWxl$s=^hUN>6&c4<1Tzvc}sznl10jY9wEmB>%F3u=wmIQ%>Yd zq58Vq`aYNUS;->ELwGla^`+G!i0bl{ExZHD>(5Ay7(H=vt9;Jji^`3@tnPMvsLN{k zkavq^is6(YPmT`rj;M&`h$C9sW+|tq-K}6Z#IwFXsz6#O$n~PojXrAsaB@Ofr|&Sc zI4eFgtX7(g&km_0U+1XH9?e@uZzf0&Gb3`eV-;aL=a$XE7lOuO&U_`F)<#|$ruJU* z*3-da8;6)~D@j>yB5Brv$GgZMsg3>>X4n5n=hazYH_x2H(i66Rtp|ka*;JPuimR3MltIn~%@matI^2klFD(H+^$9y9@|wG^cCDZ#71<{n<>s5G zx7KQ|qUNT{)A#DWrLH)|Bc~bwH}==Y+S}G|RUN|Q9__H4jYao3xFW`?4OO-J1G(yd zg>r%>In#9K!xu-4=C`z3t+>I|O|ViZ5>GAWaGFFgvu}QCb;=f|Z+_0YQ+MK+5m^&< z7q2j+OB+Zs;-x*J3Me%)gkg6jG3H4gt-r(hNgws?~=HjgW`9PQmuhN)n*Voml(eWnS5`-{HFHKeZPq!~b&12#IE*NiHp`O0?ZT8>GU$6oR3 z{z175*ub08+V=x^5`#^ms}uh@>KZ_dTL`m$tp@E%JvfSVdNI>wIqV~vfL=M0t>T#} zxTS2W-8?LlpPZbLyLycu+}P+IdvtiKD(An_o+m*2*%*XARW@S3uZxMPU zCEZ_YlVfwM|Lr2gr08kE1bFKl%z?md6c0X6@pH&kI)b&YAG~h$Bk&pXwN9A0gOwrP z&YV++^6k>YnKUC(O}f*%cKcS`$9Gv2Wl3>Oh}uMW$0@)= zB@e}3y*>L%hiKfK5;GsQ82@_Qa{CT?`lRENkSUL~#n5}!*3vg1w$sl#UHeMbiYNUq zaE+P0vmWIabep?>E3!Gh?~CEL_yv0@)1IKu=(-wP2+Hhr%n9dJX8cRVORR^!_whNg z-w+hmZTmR`bAIiX=qp{_smQ$O<^*!9KtqRtp6sl3`mxs7yj$k0eAWr-60yW>l4rmC z<^hk?W3qb3kASQPzC~kNsI5loxOtT93$g)@F1O{wL&^0c^}T{G zo8eYdSnp2$l5vLx6aVcm6?0SNmM!II%;6>IYzc-}x}QhQFpQV-wyJxu zH#a}mgs8*XN>kF-I%t3lNC__yF?R{L9|-q5_o3}jPt!fjl?1t`3#xU(`-?uWVcF+= z`BzRC1&E**GKwXhHAC-hT?tXX{VKA#QIIU~xyvz@z()ujyzKKTe>GORJ#|AvMDoE+ zP+RY-SFZ~5=%Yoh?TGDmnIhqRxhE)0yJf}=AH!p&Im%B=Ub03xzZDvOxvt=Ia`b#k zk?A8tWW#~ozGWBJO}PsH!Q7MCaz3gzyj8tVuKEHoK@zN`nD~7KlbV;HHTL17@)++n zd^FV2zG|iUeQK=jQ1&;}(~NgcDJ6JKzPa?BcEp)gN{6?!7h0zo0`y>`JTQ_p)SdM@lv(wwlOLDfUl_p2^bp+tSFrzGA3``cuz`~^S$U@;jXN3s^V zbT4bY_X`#z+6uDFZNJC3K=d5%&N@^&zDdK4i<>kMJIy;&D&`+FBPOdUX70K>O!8>T zs?D(u4eq#@AM2Y`jRk@V$4Mj5Iguvp)*z4S#;RA zu~Dp@4|IwdbtpK;KG zim5xZn1$I_UoANC=OHte5oz%)=6brDekF}_8oy6G04IJJ6&$L_Jo^4cO@*-fv)q8A zp@U~)1N;WpJ9(s~DGE?5<_?0I`%xJXnCH0eP@}H`z$_$vC=5kmbch7b5fjj zm9Vw>RNb~lDCW%?BTdH6N7HfG>z8#ijHKRW)0899OS2Xq)c1q9^u5xYh6m$B`kG{u zo1Ll^*xzs8tqHv%ZPN7!=Wu=7l>3^^f6?u%(D^pcog2e=E275|Y< z$cK5Xo6N?c717(}+ZswjVU*25*Y|ca%e==oL#|0(7Jh;MA_$7e8uU)FO0|DK9t<3Z z&_`CM6i`qjdG>*Jul30G&8cUdNwR5gvaS+ygQ>ax%Z$;S?CuM*pPVrrJD=EpH7+pT z)q_oOiY`(@H>!-A&e6V`KLDP-HBdRrH)Lu@4@_2Z%PH+cQeP*wALQnVuKsm4F-5o+ z2peV1kmRGH(YA9X%Fs&#UuW;2KmFu*QNp2`PPYQ@+~2+#BhGy~)?T)|R?2)v@*zF9 zG=J)GvGDx;6f1C}9#)`+|LbnogN<{K^{DMrts%<4%JrMnF5X}d_{ST~J#o8JCS9s> zi8PGf5hxc9<;!oH$Qlq~XK-|c|DHivPqE;_3_55iE(WvPTjsYr>!6UD?UAS@&z%NP zHg{k@XiNQ*^xw42Jq2^ob&c)LfY3uAG3tB|@21Ds4_XOZ1eKumpV<38GtG6c&o?31 z>U-SGUW>T;UHEs|&>m3>Y~|i(q9u}p!^o4MN}+#qC!l=Le|_N}Yn4Q*5qz}^N|yC7 z9!bvVZg*?xsw#UYp_g|S%R4%P%1wzydLPEtw&Ax{5a9bZp&Hjgi2NgM-Z^M~uIG5FJco}|TOcHGE)M)v5$dLLQ z*n#UK@4W#8du_y1YTu3GfyIfrZ?l;DGHgryc-&0s7ate?s%ee*w1V?)rb9}kQ0bap zxWBE$AMWgI^#8)C!Fwz)`IbsF|7F-t`5Pxl&!kPB2XX>YD68ajcujvrgojp{iAU)c zWhd&B+PtTVy4IZ2ub~v;>`;1By5q=JB(3=mLd`lE354)%hWlS!N^6lu88A#!-q&^x zGQ3lo&g_9yMO>aC?!kh>A4=uagV0Uz9V~k32+C=4pNEK3?p#jhzQM5ZFhQzJ-=EPLiivYcAuTo z)2fwwMec*zdD4cwr$Ux);KF>1=B6pSzh0l;W=8zFBt>C!TUU2D7jCTXIzC5gjxExI zCNAzx#r|1`hQh>3n<<- zUtZIW$V*^@x4sc_9lh(Jo%tAN zKV99@br`TOo)5XvJ72jK`^)mH{ix5@!`H%SsXcdK#a()S#%jsUP^=Q=ahxHgEu;E` zn*;ZvAQ?rJ$I18E5?fVM=2epu;s-8>rkuzo8Ean;-s86-`hn6N_j!rXkm`v`=|QTz z?tB!3$eGw8Cg!T&{hqh^n_TlBX;n>ssigS&i!IpPJFPhIj>keWw1y#VG_vavxl~Mru;~wn3`RsZ z!+=#VdYwDx^2k>Eh4EI5^_%g~(3-V_6VMFrChCav(D)i+*89y~tRCWl3?I8DIn$ed z@}5pH;{<)(rMQvX)ORyj>NWLMS-7~J5X3F)OVazyMTd*^DB+<&Ykt z=99_ml>KtcjZ?~Q+V2XZUf;)PaT$5f>p_BCr_6Pg7Z>Yg`_cDJ1AuU`@fHx^0(BQG zGy1-hK=7LT68^NT$+qal#3FaLvH4S(uuR?~JI$4{fp5+TACsSr zjm?sal@OnNTmKIJR8@zMERqEHn7a5OmvpRm$0NY+Dav{4EFH789(-VA7X4{A*S=r& zWT$;&tliR4i3GH03R4d$d8&OcN8|d<)Glmq4m#Jz>nz1d5kGOhQu@-m`vy8DS8!ekyvHQpF{L88WUMGynjLynzq3c&@64B86a$w#nD#U=lAdt z{zQSTrf?r^SdwFDVf*$OgX$9iKatv!llG&DE%6CJDDwyS{D*0(bi7wo={4p9&)shK zLuJGYg@w1uZ`OA`?yo8**Q_T7g~>L3iMmrRdg(=U!yipseo@Zr>7UL84%Gp zx%T;J1m&^B27gV9?BL&433ZkEGb>N7fI!yIphnkx9UXwUn~0r$%Un_j%;5m7V&vy;%u9KM9-UTygCg4nNBsAUt&J*o<^rd|mE^?BteD z#{2m78IvFmhS~nS7AiY!??BaQva8oc2f+!1f&eAq<=3Qhv0m zEs0q5^lkX1ai75J`poN9 z88pve5oyV_gEQo^PHUsP2h**T(h37lr1VY(@Wwm%Sd7cu?mh1wf-}Z}D|#yvM@CNM zT)5EFvaY*UbyaJ#nsOrhMvuN-CFS?-Ui1$LxY`m#$`#;)(Ne4yb~@0m#~U3b<<#Er z=OPBmJi$Q^IiYhdH{+Vo|BcVhJ< zFdGf=nt(Sq1(^48=4k2XjM8Y;U1P0MW{JKNK=S1L46zjUF}OPfr4B9;q3!!$263p$0R&Lv$+QA|z9;ag}?QUHR{ z;p%N~Wq?X`9T5BT?R%O4n$Kdlid;om8kcu7kn@(?>kd_dIb0r=vGq3mwqwm@mxPp( zLkwHk<*J?u6Nf{ZU~{cEJuj!++>!{H@gJzH>~E_*mF*oW%AH49bZUsSxi>Q&Xwj5c zXI0u;)Zk6JV?H&#;KrCE`kiSR=yo5k$`~rs5PJ5K^3yVnHS{N=1S;EOE~H160pcRz zHvt47hfnT40C{#1i%+VmksW)FWXCC>4ELA#6o!|C$lx7A4IFE_aN-w*%nL>oI6w4s zSJ!pG~;ceZ4w} zU;SSh+Vb^b88U0tiK!J5Ohvc4ZGT%-8wlJesRyFnZ@)t!^J5h^k5&H$Av0nrrXJLS zZ_744MW>pmx*L=PB4zorLxJc69_P6Pr4P*lZ)=#_VN6ry*QFQ$nDD*-iEEWIL(O4= zoOw)?|DNJY7CG*_SbtLiIU+Bh;_HgU;VVMaa9VXOrD2zA!RrsEQbkZNy*)m;J%{h`vT(brtg9qD5eGOUO=B9=m7ClhUfCw)2T4_@;%C=`*t+v9;<4|SnA2t=STG{BYS#7 zbCm#u&_%9tGndyF@6M)h0kl+TPt`30znNZ)Cvu(Dq<>kdfyQASJo8ji1mRH1(K8a9 zrs7!ENPqZPZB&h!9saK4`_a)W$M6bQO8PDx1KqTpq&N&)Kb#8FnE>cypQrI^tFv0* z>B}gd)1$lGfxpzEEyeMJ`93oUZ)0iH=xqb>&yMUbQS;EvN4VjS3Z`-s3mGrxC+B}e zrPg*UxP(0J$T%|7vVDiVZ!GDuuP}++C7t1^eAv_Xz!L0O-@P`*)u-QGT>SKHO>38; z`vVS56ucnfMWBe@5;63^{a?YT>Pw*St_o1cDwmnSjvC$Y+%QLGTV=ex_xn~rKr7Gx zL@jET%i2;i*(q->#BMDi(YoH7ZHE;cz}@HMrKEaH^mdIjWrVsF+<;QJGb^pIL4*XV zsDWV0jk`=_N0_J9cl(o6ta8(oW^W0}qK}oTh{bZxI8SBx=%i13ba{rC2^}!%UaHYi z7AR~5Tk74SoIT+dYE{*wk@QAqAepG!;ql`J9{t!*<^4bT?hP+imkKtnQvU{A+*N?! zgW6a5t;{8xSd@NvPJIAmih?u$gX2J6{8d{_B9s!k;1-3Ei<5CS^s$nEGDkKVm1JHP zYh6U&sY6K^mYJqsXKcE&pm9Y5PaEPC2wtZ5lh}NK#0>>+zXf2Fn4HcTz zi#$I7Y822Nb~NSC7?M0%#I#>PEStWrMpwF7dS89-msgszUjpVcXI| z3s2=8GwVx@E;bu5w+q`VJPH(wR?Wu&Wh_Z)xN}Mh6WX$(AM7L>!PhvYQvS*sAWF<; zYDxT@;B0_Z_cz$5e|G8BW%h?Y@Ryi%yjf;#xnBA3%4-g;s%=T>f+VY7;tYZGT%-si zDdy`_T)+wJdbM|ud-eDl13-6*x+Ox%qq?Sfm#)B8N8j*$oxne(6qX`fiKb95i&w;u zyCn@s`V|wkIaaE!=3O*B3draI79jI;+BpQ6^1SPdwVwgN<-LmkaOKAOVseMbx)VY zgZ&xg?g;~NCFmjeg?J8W=g}~p)E)sj`k=P?7suBv&oi{3F5sf(e_%77JZU(CtIZ8e zPFaP-k7wO2hp@<7$TQkfcdy`T*O!ySY(Q-T`Ri##x#KZG_i_~jB-GN0hiuJj zfX&l5frf36gKyE_XTowuXXSN>qkWw~Rn6Ho?fG-eQ7&Ycfj~-&kHp|xk=5^z_`rOB z&%vt*?6C2=T43)c1sTF_76Z5?odOlep|{Ob+TiulX5Pl3=3(dllyLU$*9Bqifl#^R zJu(9yj@9#C%6FNUNltd09d)~v8LC!e-`O&?v+6p#(S;tpt|-Rsa1s>pS3&*Ofq}_c zV)9P&Bi65@SwN2d3-Xt}&#YH^Lz0If6WL4;!KuFKC7*=prA3#SF=d55033~ZU$NE% z{y!O@!}h4;G~wQ3LtwYg9d#eMlvApSEmvm#a5+ap$n(*#x}N~|Lnq~^1Z@#6H~7rh zb|+3_5qT&7&G(#s{ol)wBCZune&3^gfEGd2_? z24IW+dJA>lBXryom0eQ-+=h&J?ZUsv0lKGK8r3s z^$6>)`c#jh><2{{i;-XZ0mRr*(<+64+~FtYfD5ri)i6vGU(AO+d58h>7bSsDk^2t6 zC%;Hx;#}=Bw96VKACitX>z++ryEnz@Wu#$vrzp~7#)NK~^7N|3vD-QC;s~Aj7H`PK z?u7{pJKwbjPmWi`Ss0Gw1pRhEiZTbJhSh2l2(!CDiHI&aWD@euFngfc8bVvj(FKz} zAFa7GeAA=(BUZ&**?UM9bXShQxP54lXS7QywWPNy=ku|baz#9rl6EAe_C}?oYCaBR z>)=ak4F^?+>I7+TX_NAUfT_?F z=Dyi|a9&y9TT0h`#vxE!r#Ldo+ZQ_fKy4{+V(P(O#l(=VXyn+GPO9CLS1z++Q;ya- zs|YzeaO%pJvaSi6rRreG-WZ&%isgO)Xq`=r3h2Y9hIv&k8IfIxZtE8AIbZDHbygfL zHRB+OzbHI*C!qzfaR-ecxhc$!_h)ehxraXklfUBnb=ubrkAvFy^lZ5qNK?rd|0^*O z@?|38QeYF`vbAf5ftQ?QXe;ArMe87CE{9844gi@qe!Gk}Cjdhyaa|FpY^_}Cuex9d zPH}yAzQrX&wd~qWXX%JPsJ1M6-Ld+K%na~x70BAQk1WF zIjStrtA|^Rp-t;aw0bY#s*1I%jed3XT1nL7$-eT&LA?%@ELBH9rM&iznoUVw=@IY} z*0jQ>(_VN0?S5l!eV{_EC-1^i{oxCGvL@1?k+m+&t0kk`5>B!=AUY>X@01b0Y8-wR z`Dm(YW&0`d5a>G{X~`{#CEh!P)UWh2WenW|(-jXYLM z&#KKY=$e?x#h#$b`P0I+g&Vx+!TUguYZANf&`Yu|C1lC_?f-5Q#2xPMQAV-;jb>3Q zFSnBGffT^LqoO8AP&QO??Ag`+X6}NdUq|Z%8@UC2njWOtRmYo#UK%i&TD3C_Q4V*v zz0#k1w&BzEajNijd`Qmy$f!ub2npz|{D}Cae8nC}GGgwnC^2uom});gI%00XTq-ZJ z%K)DP!<*jT3qSLIG}Zlbs?tAGPM)E;Pp?u#YAA=&Y+yN6Roc7i6;^P-h)Vq5umRRN zy0>$?@#%ICK%if>sxb0rjP2IXujiT6!5kGjB;BsTM`m7oublM1s#N~Ba?;6*EAHrk zvO}PI{Qpt5`hRc#|MdLdZz}(BDR<}wwx<2gVsl(|PckY?pNz_Dx*PQWOfkXv_S$&$ z%obLZ9S019w3!k8#l4wE=iKhev-!C~qy5zY{fcy1y>IEp(SRIpg#IZ-gb zD>N!^TFdJqWlgOpCYF)#W8}=^`j7F6@6=7wothd@gE*_P0Y2u(-59LnXIm7wnA`Lg z+=(1-zZ=%-_l;-|WtcF4%V$U5e3M_ZD)8qS&s5XU@cRB?ML#FaQ_k?%mEbRb6_Hcx z)%@#a-L5S3jwci-uVw;qYDC}pJ(IDnr+GT**m9w*a&hmkFt5&R5N5)6mLA?yDwcj? zx@Gf%Uf+ z+OsANg8hxdDcK(0t{iJpmFrvj@}8pnA4<;<)fIcSWm8?Nr{A`~oNtGPKe(57^TvoF z(U9|uhn>fCmQ{k}5vf~hla`tQrG9h znKkw{brmYQ>7V`eWwULs$u-;|2Uq-3M(o+}cMtX|QDqY}gadEa!wc=Qnr@-_yVK_1 zeoM?fouQiQ!)iOY3eZvs3)2VL8xHr@lAmW^eX+R4)jMufaPbGVFRM1j6~HYHhzTeK zn19K4SJH&xsSnz^J)4_&@N*9QV-7EA>w=_@3rNz^*<-D;0#@;E^66IFW zlUn>og3=zUj;bt>#K zf{_2 z1LfndkMBiDZx<17BmWex$YokO=xeFLz6`|5B`D4vUK~emT`JWi7@y`&a;(4}hhkMJ z8m&JqgXjl4F^&V!b%55&DzYtJ3V=)=bgy!$dZINWVkNnmq#ij~FiWdA4dG#AfLMypV1NJ=ou^Ci@wQBQ7N(^P+*ybTnI&Sf+#6=qo>YiwDc=pk zE1HCq%%ph~sX8I1<7?!~MpIj7<_D(~#}+IJgf4*-1=WGE7|$61QppaqifeS%8gti6 zP=`Job_kb?=ek5Msad&g`(1~6-!&TSnMHphQ0oWCJ0bZ$*g@|_#*Jc^{GiL%dXxd7 z0i7wM{2%$z$~g%crDgN;&0~LZhWQ)-G`%#&Bew??`{N6Lvr{+eiQVmkQgtw8>E92X z6#AcG@b8YG|1UEL&?$Ru??S+1Goa+V$63tGtLHQ35a=fTc>dz3Tip|ZnZt^$uVy|C z9Ry0#Zvlo*(Ot*nP#?ZBaJ2a8;QQJN)!D#jxJkbi-iWeGeHylsLM7Wp@@i#z;}~=% zQP~kliMfo0REw=Gn|~8mb2)a9IGIl=sImVV<0gO2t*7?L`dodu1Q5)g0F+oU<#Qjj zKtAxPi{w4?_F$6ep(l`AM?WOLeCwD4ipw{?{K4wMrKR?#s|)==RAsl|K9QVOWhhj} zb6;uMva=@GRT-ZgyX6c72W{8RB}Q#Yn>!OcOjD5)nhqf0J$pF>8XXHo#l}u7bf9OE zc9fKY^LO0mv#G8~&}!M-c8aV20t|r0#r##{=<@sb)a8bQD{qYCLw_D5^Yw5K2*#i= z+s)^D-yK4|3Y}YlbhqC1X)kzHq=>XGi#&rWUb8{9_zgCn7FTTzU>}MQl!U1Xlq0f( zR+aUPURGGG!uVIR?qTlXEkC81;i^`;9$d+9wZB@N;xc-s&t``Ii}sAi*OLx|mEp%Q zMNu6m;blm(79k$#=bgr`FycK4d};##V*ZK&R6yo8T{6i3SF(Pip^qS4oYnwp9;=00D7#4R ztO_-5u59ecUJ2FeGF>}pCkRv`-pQ{<;Nqlt-6`A7t0_VEXFmFUhD@xj^Gr|dcA z9y9`1Yg3dBQf+Hy&yh;7UUlh?s z-X;8E;y(WakGIm%XU9Y2FVY)G$Yz9!<$iTCZS!t8+hSTL`r5=aN9lupLOpnnPx8@;%eU3~_quaZi zLEnZCfA7F6m9KnPZ}C0g!vL(V|M7WHIfZ@rEJApH#R{02SiFggk_2OhsQZR45c_7* zhd#%?R!Cb+6yCBcQJeG9cLC$yB}Mg!M^{wD0v@9>5s2w#R}?mYcd1s;y((l5bw$E< zU=%8L=X75Qo}9Dm5O#C;;8_$rO-Zo($MmLj^!R&(Of3*?s~D;8Ahm3O5{Tp7D(c~0yT8sf>T1U5r{M8=$&83$+`jVt^~N7hlIQ7=mmHoPW0UMqEXP#j^;iK z*O)hjcu?zFt6w>zK*1Kf4AzHaTAiIMPcHasr7WZgF0=$XnfQ8DGto;^H)7#w3T1Pb zUynWUi5bC@TeWc5S-nTSmf{kcfk}IgW3$nAYtt{+$)g$$(f0^I->6yAXK*a@7P3vv zO7Nnd#Y}5Zr_SlrFzks+nHX4AvKMQ~{Ws(tNjyT{`u~Nzu|UMv-M)?WQXF^cn?4z} z9qDd8YDZ6WzwLaG;?85?vVwC!?R2J9%v66|`L30QmizJHQhZK1~{@r3iR_TF7k%gKE8hgC0`5J6BJUWe!Js3tg@5IHPZud|DvE zTT$+<*=FJE+-GKkuJU24jW0=)_w4ZAz>;dmE1`?%G8uJ1=+q4Eyu=k$cMKR@^Jnen zks~AfBZg%A`WLK>=(-It#@KZDW~;qt?q3=Fy_gt z3MGbHhVp&Df)&da0G*>%Xl_j7asmYci^_}}>WFq-h@ql!0JB>=3)t>IEJQvq6kA-y z&M!-il1LE>b>M2fM7k=^Y`8)5!c)oo7N|&~+#jPJr*4L;vAuMKbqkWnnBzdk;!x_u zirX%{3g+dZ=V>bk2%V8Ix$(CnLm}Eg<jD97*@*$`kiB?9{TrZZA+Y9mLg5p5=7 zmt}e_-=p_{Ea+&FIktG;NWocl*RG;cQZ@l|u`A4g0A)BayUrGII!svAD7YJ`!!CE* z`63P#H{273JiCtKvIA#*;O+(3ZovU1zS(Jd8J!%~_!B$Ic!C$-f3VX#+(o|d?duYM z6P=`}W(?aDZGgnSi+tP8U8^h;&nT3ZWNwl^(8*i|%_i1rD~pY?C5XLT=c=SMYqB6$ z!4fQG{iPq5G3@wAvEsO~SDMTIS?K-9A%1s}FZnw5tw=|zUeAl9H^^HY7o9>WA#O}-YBy!K)gz|s=X1JYFApkz z0YLpY>`U(w&JeafXs9?U`%cfk$yPtSm zt%;-+XH9&pmu}!bz3L!gGn7|39yt_uX=|o$3RkWPw2F1QW0^3v)PNV*%zurq|diz1P-U%K0XQ+P&th+(evWGwWUVqyXNY{u^=qI}g( zb<%xF?J7oA?igK&j-U6o_ig_wd5OWW8vW(simOjrc9b3c3i_UQxwT^S>=nV4%A)wg zEXR_N)6JXkBlVC+zYgrYExXu|T+6gG2D@z26+WYMBPd?Zid41EGM6T-lFk`FST z;xsBI?HLE|^I=dJy4xwj{isX-kWE#CL79j@Fh;O9{PjBy_GZ7&}PV(%NTD3@>5DK#g4!w(39r1NpL+^JJ}zk<8rwbZ@_w~A5uDRF{R{%P9;*y;GK{v3(< z#Hu!=UKAD5sbZ!Dqf(B5>@5+kalZ)Lg}>Nk`QMnD-q|cqL7etT^n&5)g$e$EYI%&X zB#jEUmPds@vI*3!kmKHPxzZXsoj_Lw20FPpef4X*iX-Z{a1B#)4YcODkS0A zzhvSETw>x<-19Gt+8qtOy8}rj-7X})1z>L{$lrb)a#-mD&Z*mgNA?)Bji@o?o`UTJ}iOh*o$<$Kf6mSbK)v0&eUdC>p{axm?}c zMpk9P=D0*Kbuy>4Q&~{cO}DXJdit2BV)s@Q?dQpu$B#7K;y?>k1y-qURgP6)eh)u% z?>}2H4?8hf(A!yEe29p>t>h3=+JOIHhkub8j48@nZ&>Ic>6T|;*mjFoF4~zcPq_GW zGX#L7ZQu)C$E~rLvqE5ou_z7Nl)AeLo5&loK$6+AEd~0#C#JP}^>v=pW3@?W)MJ94 zpB2|nR^{un)nZlQ&ZbM{=-0`3pFl7BJ2h|0#&jXa@5g((K*ID#Kekc;Ul@SWrYcf0 zC?4G$l+=a!X6P^1h4ls}g(O|!+BWfQCt~B77v3@#A0}Yp`)DwSk$EvBT)efJ-g)0azj9M&mS&Y)d)b* zc2MIC9KvAO^)(P0TG^*h;lRiDCKVO;h0W8Fp8e4c4@`FQP0|3>;jhkLu$*}iW=(6$ z;*sTQ6hAzZ`pgA}C_$z5t##_7gTGwZ+5fd;z`>6DIOC9-(+w?|o*?;SnTM66LA|m7 z7eH$zRJR#W|fzGHAsPxt>68u@AFQL4g+evgc}i0a}s7YKa|Mn2_U&_~5mx zd>=0MNNw}XOqNIL^hq*c4j{OuI4j=UF~8JObw+h{&C;nxA{NyeOKGR&F++rjq-qjt zy2fNuZ=79%-EGKRnuYsFb zDYbg`2Il-KyJn_D>1E}EPmv=v@5cf}0yNDIZk>@y2{N7^PnlaIkC^s-l78OU862ky zEl?Z6^R-yuvmwPJY1+elt>X-~sqXhBt-wrJ(J+d9S*9vh7jraxh1wIB#2hqT?i>46 zo2&SZV`oM^M_)}z<3V8&BQ4X(v`=;e-RWO3S_;@a(A7`SRKMcBPLsx{UH?;~0McVP z!n0557n5dBV`vf}(W{D*>hn6=U@yQ0h@J+CZ@N9o)_cO5;K~5ySjxP%IC>^fia|Y;3j>`owpA7RSJuTt%f*(_iI{cBN`HI#3@pvP6K zK|Rv7H4b}yFVBE)Eo1V{ubqnCD=Kcc)A3S&l&?YL^Z0sPv>%KWX*7KJda!dE6z$CW zGjnrKyjR9#gt^z&c+jn@VV><5pVp|Ec;66^{++@!+_vSSp6~S!iN@K_s`Eq zUV@qsEv5ftq@MQtXL&Q9aJIJSBALv-kN3oONhE|c{p8Q(7NAi z5gYynl>%~d=WQj#lNx6}uyoxf(MS{*eDx>n!q2H2$l3 zcze`5TsY?TDAA@#Z9CC3=Jy+R!c%Tc zGtQ>k@lSwEWa((3;~GyW zH9A68<7G%w*jsi|^~I71`z>U}L(nt4?lUj+yhV?2842yR5s#~(^@JwI$S?&LJSuCV z^?N7s$}S|A-ws7;DLiOEOK}oo9}Kek^f7=^644LjipomfLY<7yl#z*Z>yv4u;17h_ z?Y(vqV_@l>$rQZp?0n~0B0bm7D_b1nU-@nVH$fE-Hm#cZcLSYHye`DVDcBk=N=yC4 zSxT|YPFUbx5L{&W?sPFxqF}e5Wg|rh6??yIZuwJizQp^gTJ3iYL7f^Lic4VyZad=h zjq^a~aEH|A#5(NjB_0^P50e_7r#|q&}2ADil^m>{`R`y3I=Oh#7LG*|!aqp^f@A5_m#Go+C6%Lx?>OXjjL zqdq1WF5+}xMOg3Q+hbd{$ApJgWqL`4W8g}eKldL z;^jV!_-}54+asgyVh_!Dbm1)XYF}Qkj`(GaIX%Xwn1%3aEU@!t!}sl?6vv(Xn`C5C zul_dC=vP(P+0=FA>T37Q6ej2)a=9wK)@L&zOvyf(mrM_*1M%78C$L5l*so|uf?fciorHGe8A`A+yblDaEB;6|4S|@xS#*@p zr(PCXC*T7K<)J;RVFpFYxA2CK7Ht>4Gi%uEP4b&q?hPupw< zFRdIaw5#mFrUU%W36PQD!kD1`YOEn3$lA49idCC<58r)&;XgP}0gJ51$e%P8oxN7G z;B_!dIrWyTPHx_Fa9pxE<8BO{;}-A~P&E3=MC^ z{cNTUOcG9;TXbYYX4FKo?-t5p_K=@Mksk(Jl`S{jWj4#CVtqM5N)zmoI+4knl zorLL*>4D)irpQjWYf55ub5oAVUmHyV%E$a`uT>hpv}&0xUi@Y9fqhpLOcR=`JtU^v zVOf*=m*>M`ZJN6V`x{>Wu-Ua!KO3_*-luCc(tJyuuys?CP}c3--kPp@$wfA-4=}50 zEr$d3R*QXH4mUERlziq)Br%XRVEUV!pFdpvlSt=hkkrDC$0N{SXgG32}jl)8A}r z0*wqGv=^leQoMJ7F5tZu7l{5FwY+=*cVt&mF20Th(`$FNWu9o(B(b<<#7+CJF1l8& zTf;Q{k2xT6ZfZKi#m-GOoKaaksuF7q{47c(UGLKPUn_^c**MW6)%nX;@7Jjh>0uvx zsRU+={S?7FOdiP*{6YB&3wkFe#mis_U?Cr%9O zYnvjUT(4sp@B(9*sT8ttiUYO2zRR>^`DaR`?K)5kJ7{V093T}d-#sAB$;OO}nDsNI zsJ29=;qN-U5pG6g{+5*OUn?shIRJjtGZ=nf@aDY+9V zHV^tySa_J<=k(#2&vR^+&{ojdPV;@!LvDTCvhvyv+>A`2ZBQ#D;_i&BJJQZQGv5;V zoXNq}anMd9i@21IyA?1T>RIe6kqAKr~ovhk3p#`gL(9_S$~kE|QS& z0KTtiuB`H{+J$J*BoOkH9_E*l0XctD1tP(}pR&(j(XCraaly}^S1`d(k2}w7(>|h; zJGL)0*Yj2#wZY{_)^E+(u+*t_s8f?epRcM*oCIiv-1#3 ziWXB7gz`}%g3xS{PjCTn|qBEcem=j{hNOjcf`THtXUdMU{hP@%VVzVB4sq-yL7IZzlTv>UrpvmV&^gC#)L&V6~>Zum%lzF!?=Udx2 zF{vw1S+M3$C?BkFk16l6Vxr{L_qT2?``-BO+@6%)o?*4iBr2o)t2#d`&F4|?`MAQ! z;+Ao$k(1ySKe0%5twl!SGxxdOX7T*H6y$6+dRBx}1qX;P-&O>8K)-DOHHJFo(heu+ zUCl=foA(!2=skVmWcuOo*jOoTe{6?PD_|~Z={c-oti>>=YWY3%>~Hslw)*wh#Qj(= z!Y%vrbFEMC7-f)3-owUBJ45u@90jh)xB#>-g@~@+797A}tBMc{=Woc^#TEVD+2Yn! z=mU=I2bUMLd?uMw)x6>!Y4R=W^b-bU+7?fzq>RR`NBZpb712q(12H}>u)$d*`@Sc= zMb^H0VU(;=Ek+;QiZI#OMU3@+C+Cwsxa;r8p8opD6 zWz>3K){@D=CsV6d!-^5W;aD3TWpv_3l8~=I|60x~=il#o@w&~!^XDffVJOZWBV(V0 zjfXZ@t?u8k!^?Zp-W+p*$;NBL&06@DhLRmv?zlDgGw1uqK zXg1qe(umcZz?>~wH{znyTQ<+lMRjt1pt(^ujO;AU4c#@?6R%wr?a$JSx80<(@zlVi zYO9M-+1JdJzm)23ma8(=926(4yHrJydou)MN9qu|TLEQ$z3a~HE84wYTGcpTQ8(PC zn@jqJ`}&Z8INGyzF6TF2Vn3ne0QsP{Nfk)V#Uiosp|#!1&_*pW?y{Fxw_N7NbWtfA zkIELviR%c{bs%M7)ml#zuJbOfs>0@O#m57pg4e?6bMCU@%sCM(s(etaB5D#j%x)4_ zHlT&{1!^e?E?kKtYv`hB##q!?Jo|K1#wKDSh1gtr$tW*qRFbRLY$UU5@mF5*R3|nr z?@N$fi$(S{;36P=dIc7xAaagcA(0Oe{Ft$ce$%XFmiZxOqrk)ccn3re7PT=NCioaH zd3*hilTXWKn}fjDLo_|84?JO8R`x^Iq*zA74BT$KBqRx-_rpm<^s1 zt!@3Hpxra@rFU(6dFN1ezBIRpDSrGW%nGGKRmZxke~0*|AFmS`uBfwxW&uU4i8#^y>jVFYT@z>)eQRAPazsCOMy?hWYl5qWiq1u3x(2ci zCob%(|J)K1RaEOYii zbd|3BE*{UBaBde}TzNm^5kkb`MAxLo7U=T;(GKt|PJ{ zh{FV9$Hx!AoZ=G$9u6q86d|inzQhEK6T>7RWl(1TYnF2P#=>JmY6aVNHfs^&%-%SI zSe>A)(zi4&wlgffY{zxztDSjW`ILMl;T|pFPOm(TUpC*Ryw-d@+Q=Wi4XE+Yz3MKo zJhfOaSeI@uJYMh}Ug^+P+qn>}YHTWrqhFGgxY*!OG9hb1w3+mO82Tbm5~yIOX3rI^ z8vK$pcIk1z&A8?4hJCM{jT1Cup5}OcqG8gb58J-g#Mt@3FMeiyHwyanU{0u+kFidT z>=PEyjHl@`B@T67DVyuv;^7rL$P-D$Z_X6-Roh+E&rB{k&U=`bny*nMP<(-nH+GHx+BVlzzT@IwA0Ok zR*?{Xr%PlLLf}hcer%?E;vAU(S}KW6Qx@QhD=>w3gwT)BaThx`Dhzs$vez6xoNOGg z?)aL6mGTul|v?cRT9y z2?)y#@~DRs+=V7NN}(Q>xwHZ6JY$->pb@uQBiTQKLfi6QQe{E%6#bu!8EENak#TGb zCL$cgCa_odcGS=5UXOyEB7^W;fqjsF5}tB#x=pQ3Tu^y5A4S{$+k43T(Rn`iIRzVvt$Zbz25W z8ds=zT&V5(zQXp;84Th*^VkvpM&U9B$-5&>ATN!pZCMfam*#gi?_)> zS&>>KFtiBO+2nZY*ZqOU;gn7HB%SHgn8UHw?Aco%V@bkVTGQAex8tkVSqvx-=T|%2 znNHiY_BZEFR)It;yQKc52d0beXrug3Pp|B>%J_0A10t#KNLdM(Y3+3&s?uvZ^12n zoik%+lq@F6%PBl~pe=mHf+m^ReyXadcIjofs+i#%CzTD~xckd4mB^bNx4A0T!8SYh z=(c_|nxJ|;j@y_b?%3CGUt=`LseS3gJmSPW`>YhXeGe~zaY#Q#W}u)HnRKA%g+-VX z4KmzJ>ajw=xU8y$e%5enSk37^U*%W2S_nt6`V z;T`868Jlpy%t{~<&|hh4{13GL*r@CPu@t4BI~J~RUSmY=3#NtIG#7iCM<;Rl2vM;c zT(`K}_gRahuzfEC$86BS1#Y#+RwTfeGSOMpIlNl=<1^}$wX=$>=#34o?U7{~le+>l zp{NCu2@V7U%AtccJn@m*rJ@>{Uiv-YhFss}*V=u>aXp5-$^$cQH8ZTK|83MyBXB{I z)&}lJPIfg-O}5==I`LK4UG2>G6=yx=U5IwZqrQnd;&+;F;2g|-^5Jn_dBFVBXMTK` zJWBuW;Lg1CgDSPaq}Z&L6;4M>=UJ;~%PSN4*b}pi)M~GC@yRbPs&jM*1?Pu+yv&*& z%Dgi<_%lHxpw_#{i_pVvMFr`gC7stR;Jos^(|6JRDG8L8G!n52b=3X5q@jjH z4aOyqYJC-`^+TjGnEQ$S_N_MMeVtT_AA9<}eX7a0k6xZsHY2}p{GL`%(-vESFQ4#w zzy56Ob>IH_>kne{CLOAh=OWTq3B_~JpCo?wh+l zB#T}-X*A)r>Y(^&&bObcGwL4XLQ|ZCQ)PuM*>e>jJ!Y9W8EoRI29Le`@b;*_n8g(_ ztJ_r+#Yv{4Uxw^NW=`_Jot$K$orRgYiM5Qz4<)?Z$!*RYg3Ua)S*$w(=8T6Lm&NcIHT z+gJI{N4a6xC%ouNUZD zT}oZgmg`zbo8Kj?kp0(+#R0$XVz+^<{*%YWjR$x>qi7?Mrt6$1pF_d^gacj+4@RYL zlDc6Ce27q*X8d2z0l+qJliTbb2E^HWT=)-4Sw=3N$g>jCx=adk2amVhK)CD=T&2QH zEzcTwwWm2zGgH^dMQljoM(;1F0iw@VcC0v<%*f zG_sVlH<2nPVh8fjz9yNgj|B_UOaB5Df3z-z2sGO;Nk4gWyZHd`IEYOlBDy7tq61V~ zMYSd0+T~!nCei(Qp~=n3iio)~$v?{J+?!5kPp9`^lE>WMnAtL-N%BIrS-Pvd{^Xtd z!tFXpO#iA}Ba7ziYeYR&nguAIWOR7z1UAA@yyq%7YP%U3nKeW~%Cl^3)ZKJWUR3~6 zHjzNLr1P17!i3bfm(y?tHEJ5=B+^34brM%hwCt7c4yijFNZP{Q8y##LouSHdVROyT zPVGxwqsq*_d=|?`m)+y>WbJ7;x3X7nY*C_f5l3K|3H&|p=_&>gH%^Q$SIeQ70$EHH zK=?TgbjHc8z;iTm7a^p6v>3+VL)`P5wM@S@Qf9q#gS?-{(n~;7>J5J#MF_+gU$5*6 zQq(G!=!K3xBH2NAufMllaP+arh-591NM}X!0%a`N5JNj8ZAa zaIhx#u5oS0!5y>R*;NJP#k>})i>s#pTnjZvUx*Mj!bpqZL(dROl?TxUC&(OLXbmI7 zQop~S?X}TlY>4gv@Vf9isO3i@LU+s6$_wjyUf+Enf*7mZ0}V{Nli>1bIoku0&X=s4 zWbSd)h{+I85s6zjli$26Wc!yW@KkQ5@e^~9JgE(*Z`+1cSIAgVL3FBOO zA>HLA?cA_%;MLG|+JkqNlckff!>&yd>9a&>XGQ81z^F}HAttW0fLq=4c`}r}*+$d!_st1>uGX7s5O z3d?J>2G9BZu8MSDI}pNdp?Ny{>4#y8sXv|pUo3{^85X4pq~68}Uc^9wipuk36Slx) z>xS^x-6~)q1WTM^PX(Rh5`Ec+OwJ-*3tP zvjZ$r3HwK@{S#2%Lc5a^zNtXUYjF+9QB*8vavX=OHQ#iO0fFW@rIz2MNg5eddyoO9Dsc z`IV~E-E!!%v^ipPh$Q*9;Y2WlDeF1wYeLFQF%R;0Tdo=qVie=+)kTBb=y4$U%%{(d>X}RCQjz0N*`_6ZiLxup zYKnSf^dKtghk4w$q8S)z;~y3vT1-RHSmKL8MgQtM6!@B#-`<2PvGxFaf|If1N~58% zY2GMxsrA__!n+qwZATdv6N5vf$d#W;g@OGZ%(jY@x>Pe^LeZ_YM&_xo=B1M2`Kdq1 z{>ULQO2k!9KfDxs-adP<`>h)+tr1?=nn zRh$Btsp3Z}Ii}X5af^;N%T}N9m=^XPEFnsYoFX*EK{D{Na2561*IV0zd{!a6SdmlXGQKU~7m zh~u)s+laz_7Zty{vGSS`AlD2ldJo@932eQ@)(z{(Jq-WzL%>J#2_EShQmLB?tp~f4 z?NFl2$>+%`9D`KTw8ZaWLs5V+?j0Jj?jwvr2 zy?8^6ayZqrufqcy)QM0jJkBqSE|-$COk_bNu9uwd-`4*UphF^jKFmas_E@2 zCX6t1=wdQdb8G7xwe_u@m%B_z_J^u2QLwgSCZ78)%~u7FifnT&gC_zBNnK3b79y#& zY4rApQP;_?#(DpGwV#YUjewPk@bx2q1^7&5d;M8IZu}dY=Kp7S-9L*OIV^hr7mwx9 z3;$b5J^Cdnz2uPZyQyq%4){Ls_!I%+BW~unW(aTQ9sDFM@#*6O}+4g`i$L1>c1 zdML2K?9qmJ?V^CK3~zIFu}cF`a%?BXjFd>SahOP=*n4=39lBtiQx-1-$fPLA*mIuB zPHpD`e>f8uXcpr}(rB^4mjUvl?Nb5!p=p5HLI75BbB^D@sE(Q32RS60Z1UUHic|IG z`Oe*-kIiD+{@~RBa&`5NH#TN|l&KlO-dgeI?B@3Fv7HAOGx*l3K&dHZwN}BSH5lJW zSSICybY#BeS<5<+M+FA;CN_VXSOzi{|Hj9_#R~qxbP{w&Zp8t&kaRi4pBp-#U<=v} zQn4(*rGcdQXvBKxv3;HjZ2MA=f!uCb8C*DDZ4I^(TY|#b1u)lr@Zmr1+I;y7-x=Qz zt5o2Su-k!5ljy;`D-ftJomgeRG_sQ>BFn=xKQ(P0TP04CcIA65aa>P+nCIQ-zkLNJflqt8CpwX|AK9IE%OX$UbXpqp+LvW+@ z#yN*0X`M;{j=MI?G2;6e)LGCCsE&pbNj!TVvbah2G^pI5wqR_Ee@ZSAlf>3o1~ z+7}u6R7G!_#gh^$v1aZ4fFM0&46I155BE&WhVntRuE{fdX?26a#UD`PVoi#)(gCqe zauBjm0o$ysoei?GC4iu>=cB-3Ri(f&eK&BgpjTZtn{Rf-L^xL|TRO?p2G$f-n>wuMGBH~4kwKbao^or%5=w-D_-Y6!Vy)2j`AMdk&KSExw??vhzc9Na@eqvx zXNZJbY5NKOwjE+1U%`QF)}}$y$2EuDn!s9El(YzRRNGlrW>5wsx+pTj!ovK^u3MpN z-Ch@OSS=8)+mAbaW~pEV7K8y<;>V94=WBen+H$|*(AC_{0%IZ;pNNuP^B<~z?zvfq zlQw<<55;sY^|S>2uq%JJ?Fs>p3}SBC-`zUgiHh{9OfZ}!{R{54Q~yEo|L^`}p5R-f z>>J1srqKs~iDrx28&8sf-CE_WGevKG9G+T^T+tC?b z{nDxMq!LS`lUpvsvb3O2COOhcS{}8+#gpMZq{dR;i?}O^Da(IJ_kimH*O`S(bM~N@ zOf@th(Tjnk_XZr{a1W}7-y(HKgX6PnH!^(m;yubKnacMHK!o@QST#nYhu!W5g!Pv- zo~sSpt+n0Mb>0nq)<(ZEQO+Eggh>%TS=DntuF<&hN@?argANnZBAD4&L>$;O;tKDB z{TTcQH&=~!dtKEZ*!k24N(UpofG7KC??l5U$kpXvQog(T2#MjdC{mUYA!v$$xUJAm zO*ZhLg;4q!`n`GzA=me6PV%bP=#uj_#@dvjNZok)uxqg440$B)#~Fi;1wEflAejLH zpL4FSmmm`|GQ8zKA&#jFOK-jXGG+|*0?>tg&NblN(}BYi+cJd$5*&9z%27a3s|U$G z!T3c|-oh|*MK!s+F${i~h2iHWQq4B{M$hxWF;Bc480Fl`YYx>#?3eTz8Y%oq&g|Pg zd?FRK+Vhg~u74&V@m(Zed;cNS8D#4D*5#&{ZETg65`=6Tc4{zQj6Stx?mBTw*u5<0}C#+-djj zWNK=E7mGYOv_J^Y?Jpr_?N*Q+*epj5Y!bt&4n5Xk3A|rl=XuX}DAzc0*ejn_dn*wg zHc0Vef9T^&TdwmmLh?^MOu4&3C%c_dKAmQ8TYYwzr!4h-d5`dmx#D8+;nFxth-vw9 zN>@VvH)Yq}4b0<&QZ*pdW%#{ae`eY+Ax>vR^yO|mT&qR@(<_E3$lfet3M*M*O*G!N zykf`d@O!|28klXn@+26GLqcLKeawi-zhzh+o~w~`Nrmx;v1AlfAj_txfDwZHZ|pb% zQPDgbU4o6w<@r?N#Ecydeh3wmi*t*KU5C<@N5e?8u!m=Ff@28DYCR+}^WurSVa6+@ zvjj_Sr_rs1i9ri|4j3jT<)=fX-0?X7Z9iP#A z0>*+=XBAZ^u%*0ac*>`7du`~|vc^n9aDx~G0p$jO1g7WUj8h61g+FTJBiIt7KK zw4;-dhu*dK&AK?tbFO?g6DXOK6rh)KSoJcomty`D@{JIu}TV^0tqsQ45@zWnqrcLoA5&SyW3gUBzjK$(BQ_yEr_pfqwN(z zqgV87%i3dQSWC1grGCq@?2V&@vZLF&bxBHX-nv7Uixq{wT@-+p@gF@4Tj9=qFF#zR z>2o!USgRO`i7>m4@vY<-{<&hR=DpJ)o;@8T*|g(e9kj%>n$8M#%8Bc>J@%cbQZay) z64iSH;lE*k3A#~cCF#_fyXe@-M5VCVKa`epwY_G{!LQy*&&0-|=1N@@0S=m-S1td` z_F{jpa`j~e3%y>>k@}Oa8vU5~{XGN!_FMzwLumemN z#MMXZmVgLaDuT(^CC}NYT~a;)kcu^|Zl|Ox_#Q6OFMTae;8{A+v-8R5&(#9TPg2~2 zNC;wRG*WKyjPJ%~Ao2tQw4Ks)HT(->bPt(TF#f5w)+PJe^DXG;k%8fHy{i>-91`XFgZoy8(sgIlBe2U@#FN39@wm{kFs&;h zHpAMHN{I1nGLrbwK6@{W4xrMe{Q8JN=aT8S1&jS`&+``ZI90Z=S(Sar=DxhY=+fh;g>hc5$a_^qm zdY=txZ^stRp>B%8+uX+Ei~Z^@^BCp?3nz+HmvGp9w>iF)Wko^D_%^r*C$qxM%$Hp~ zls}AtS{ss)&5(BgVUX+|zR&4w>&L7cz!6TFQNVmUmt>}9YM=mt~|2oq?adiqiqU8Um1-dCu1x zr^y&cPyeHp`g!j~MLz9V{FiVOsj~g>UUF+XGP08cFsp8FpFv;sssqqh4}+dltAjE@ zxa2$ciBZA`-tK?nVabdsw8t4B#Rl!D=w4-6bpAszZBs3Mpyxu6Zah%SS9P-0CZv~U zvs^AR{BmxEIq_6>%j-(kG}6A6M_=zd(E*a2ZXQKn3j(i(r4D={mn#{&0Sx3%bpaOv z1TmS9P3-a&lKMhBJc~xfkk+SGK%`#HmIdm^Y0Pw&{zeUq96|#?f9b`Ge+T+0HNhx} z>)CN3Qfd&`1l=y3t(?W%fdL|Vf5rK6O-EtT>lYyU;|^4upi=t|VifQSuRyE&JND1$ z4GTRXuMzq@<`zvWb}l`R96V%0-}?g5QZdzuPn5PYTrjOa@t}hJhFJ>W1`bVDbYd6B z;|ruXNttxI1c}j?C;;W*vD{%BHMTwF&zA7yq)(uKVAF^JC>>Y69 zy%{$d$(~!0Vygr0;}yUp?XbpoKiq_+zJa9La8#LIn3qlKi^?zCB_;0ZlnuRmiQ0W*Yb0WoTgjs3O^MwPy?ctX=Y_HwQWMbYKW7u+F0%dVzKL78a25x=^sm$v)VB@P(EXXC6G0-^hGzAnyWC1_JkZf6jhs zx!hF_Pdq4=lxeebd5&5S_JA%K>g52#7Zl)PP|}~&?BZF{RXP?TGf=%%Q1#yT*nwxg z?YST;k9~S?6f)C-eZ)z!Pea1S;uKAsI@#Pir4^(2RbmT?jW<}7dd|))(bDocrN5kv zjNtPR0DuW3Z}jGkXDr8iR${-7V`X`qK1w^AValp%Pc4BGx=>#bw6g%)$;bV$6nOSK zGEsNI9W>DPq^op5zv8sWsGSo&Lcz1Bs8T&ndqriiwmBSL(9@9Ec4=&o0hJw`DxN?a z4k~+zotA_Dahk==)aKUfcbh}6zOSGO5-1cPSWE){ev9w1s_kpb2y&GtOKRE-Vgk3fvwb8!y*h^nQ| zTD@A#G?d~Dv6djniUb-BdJ@MNpbVYn5*s^hgd5BIepkMpaI0hOKeJo}F057M??8Q??``7K62lz{kpIO|&{>VkbvW57*SG4L))sANTWO zE1$km)~;IK?z%HGTmo-`a~S6>r929snVw@|ub4!yzo6(L-xXYu>OD!Ve_R^(5x%1O+z(Y2l7$PwDu7x=vv0nFcoWb z_$gKYjca;p7f1}iqkFa`hHIuT<6+d5`8v<#k#7MFBUqUIwTG_15B!XN0Ju(i*aGFi z(NBuU{yP*0zyHU=d-THR|1^U7==p!F808w>an;M%~ z_H^gvaP~see@O>EF_8K!jkhz;xV5?dU=>ri6ddoUAa*!fb+z8eOIV4yvg2j@!>%Kb z5)g9ohw91usn`k8qxd7Tk*g#;TTHabqpDgH=l!{b#U;s`&ZU=TCfqz6eB~j2i{x!L z&E}QJJJuG|;gGi9#54$N*{8)plFWN)dC zSYay(TNY)E7Ky_#<3%zyuS-hA6bVG0g3Ju(-UGQU9zaTS`7^~AfTPpOo+6ZU7EiAJ zRTn>%4R>!wRP8$eyIkzU_QAD%-+QjLk47{uk)ZQVffS0EHkRf_(J)L;D*R}iW*630sPj`)bm;!)vWB)V52)gVQ=(89D88cm-PaH!Nn=U6~~c4`EJWq0Y2 zqE6dr69$(TP*xg>gZpa&h_zJsi$zSL zy}y|YK$~Fu|CoF0xTxB$ZFo#9L`Aw3M5K{!RHUW5h6d?wDHRY9 z2?=Rw7`k%+MLGqB8W^MmW(bL41O&cwxUTDdzWBY*{d~Xo{^Q+$@f%>z-se8|TI)F0 zvDT6ubSn{y3rElo8Eg=V=8kLGq)=ICmH=z`>1m?wRv;tRk_-9|I-v2TH z2kS=*yUF(Md2OeH8s}O12@x!ZasKOpam&cajQZj>lT>38jl4BK7&Y5=24em-!I1oH zfFVe8{~M*z-!|d@1JC~>HsP<6|AYAdKII6QAZ7ZHfx@wXu>Y++Pjs^3;8};9wUM#L z#A41JK}H=9%Xn{4GWEWwSOA|^0M)Ocw+vtH*VkPm`g#N8Z-dwM%+~a%!Hb z;6+bv`K|=+t1<&9!ngCX+XnIJKKJ%%qFiW(t@D8mnPP83(I@ zV*<#%uV*sog#G4c+9Zi*BB5<`*Aw_U0`wJt_c(9gx<4nxE%X*-7z5ee` zVu$jlIv*TUu2zJM2;LUb>`O&REq5%`-nKeR6-{7<7h85-lOA)vX6OOB3#05r)ZIrkN_*~^ieNTD>T>?_2AKE_r;fwJ^|qigo{-amQ|lXnD_F;~msf$<+Tr%khp_dc?cHy9T-7<;T+)&D zpqSo)>gnLsP|u9U#oZ^m?Y(9h(QGL#27Ass>LsT$$Et78N>oSNDrR=x`w@%xAVv;0u+4*rT|UI-~E3l2sI9ONliBWmU?&B#^Lj4^UF}x zse60YL9RPa2JxA$JD*V!alNtQFSn68ys4g&noJCf`)s%IO&E1PVOI(Cb%;veWk6#Y z{00|aT=z9MT6ez2hUrIY5Os3x9!7mx@X$gAKp=Nih;%4{_J`j+f>Hw^RRmnMQ@h1~ z-=FLMH04gt7a+QMA)T3|5P`z87%JCk3Z?;rTG5Oroag z)h$Wz+v;1vV^SxFdtaOJtq8Q-R3RJz#FqcjyT3b@P!De#FBq~A%u0(aVfV*vcTy;3)A$RErtv4|Da*(Qd6``? zQ5G63;Cb6L@oEy|OGoNQv>rgJ8+a|O^c?~RA#p(A|Cr^AL(*dp`Tp#aSz z(B)-&>{5+xmV>Tel>@x4SR6#@lQ%(-jFh)e`jEoS;tM(v&8wJ8a5rgy{*tl`EAI2E zvo>I&%P7Nkf?W}q%Cp2jx<^w;I+tryw>Y~1Vwp5C|sdMeMqOm`{Pz&NMExHw`s&5ndz;`0=|63-@pf889W2S-n zsF4CV0I)Kco&UBUdEhK}%(#hUh?_OIK|p$~05y}Eg9?vf)Lt}DQgEs_R-cI|%3VRq zn>l}zWJ%m){KkWA{2xOm<^F@I3WrZ%I0If=xGFzZc{Zd$tD)Z??00YzykM(nP=UVQ zH_XTJJu|}Dx8WiMa?(}}e@P2n=9CBoCl%nG12>E!?8RVEb_U(J4YZiXYI`~Y7^{3EAG&>0_JR8!R2K^`8iJ7$ zGd5)Xq-aYkRwBxU;{G{P)KnCYZ;N}ce!)A#Js<)qMB9PKH4gGY%s`#;8jK3_;fAd% z9DioXzD_Ky%wc}_ir30t7Eya7?Q^53a$cbWJHArurwy*qE!QlM`O6v}-922;)}9c7 zW~Oe4tXv%NTTigc;;6!qLI%U$wa9K6syddDzQwe)vRc-h8~0B`NNpSf;m@gr?dHd3iPo?84EbsWB*x>oVt6XCq(UJFlCe^>} z6eM~?%jJzGc}6~d`N?GQa=BMlSHZgzTIu4oX)@FTeJr*tIRI(mZuBxd92334228Qu>Gq8$L0t8I-l7UKFn{tQN!56jXHH zs%mHS(+^cCpG2k4eGVFZ2B|rDrbf>_^L4{ZTx}a|{e0ZHVmh7Hd4HEIYyT8L?c_qq zzMm`UsKI`>9c$`C@|nTy278{DWlIJJ5oi2ryql|sUD>nOvC@Cp0DA#nQ)o!a7kzvI zA_`@BnL8(~jthq0$ro1LfSj5pE!Ns!C=rg9a^$G7zhJrV6DP$koQ%BOojeC72xwIn zMCDYEivVp7weWfGZg|${>pIE`rO&Gx9kBOL5DPvJ36J`UV=3q4$J}Ng;S$O=UDXpt z$JLpU=h#V9TvybY=vQ1yLQ3@rw_mh-il*$m9BDV-FsWd)9@?9ztzLUj?D}BwM5<4l zn0RN;dc_wPe97EYgwDrV;tbGqE+=Rz#WQ zv&FH$55sNI^?ooc8(lyJGmS6fE=uYH`*v_8YqPXk68$)?s zf`oS8gf}cbA=l8h>ta=EXN$8)!*ev$osq8}LBrDY{qXSj*U<#-H0iVwJLrn6jn~F2 zHZqu%>Gb+}2yI1H^&sMS?HL@A=(mQ<7$6W8I*-e%*{HPtjGv1qYg>C^ykufv+{a-5 zTk_+2TJ#s?8t+w7a*7?>0XnbfI3K~zV$(rTv~!a@NR;{_VmNJ}-*-rNok|XAL`k^3 z2YVB|_mgkyYRRHH_7{PX`)9iS&-qBAATBxuP^)P3@yJ^ZH&Au5OEryt{*4YT3=2)S zA>-l+=^)MFh4s-7XFKq$_F^a#_;HOmOlnQI{0o~#~>fw}0>_C}l3 zKmx1Bh>gj_k|x~Ja-mlAOwJ^7HD(C2*_t1y!RgCd{tqn~+7hxHw3G`7%R-Mo7h#1( z-Th14OQPiceLP-IO@lU@_gb%|DOq9v9Jn5zRToe0LGhimHNe|#g4-@8Nv#L@%J-#G4gzfxRv17_5p_`f>eJ2%nKOAX= zhghrEQS`gH(a@Zf3>1Tk!}DeJ!u)@bKej4YChkn_Kb|n7>&MQqYhFe*z8yz$Tz53Y zHTZ)Yx)3C~lw#AJAgyLpY+mC6jmS=+=G|c#;n`^hMVN+J1i-M|B;jT0DQNkH>FtP_ zxrpw8rSgYx-$bM#Mnn3g%ibFgt3e|*27KACA4hW25aqgPjAT5sv=>5>SIDa-BG1(& zcYpgmo5jJf=$W)jh1?J0hzfON7LXx!G<>*R8`u0SwYLM?(3%c!7<zguQ;k;YISwui-d{8_dU&$s0)S z_r2a=bBV>vdP)p&EL=Ig)-zKiQiCq!wY0otcYi`H(P!$0i=u^SvFxnf6EBTG2l{1? zwFLKunz)Esov=&3llmBEixY>GKb_Tn^nH?7>wMSCXyru;AF*4tPiq*DYR3nudUbqk z)c7fY0h04JhG+MP4zxrok{j)rr7nJ4XPuewubOO$HI%4Gj?h{hX%XCn_Rz{|^1-x; zt?RWX+_Rmh+2opv%kC7hu3G(cDekn>UQ$z3C)`O!aM5H4x7J8lQJ8XY3T*@0{Hkh)Yt>EdvCdtq`T&}mjT zHaq6#N@jMq{n-rfhvI(rO&BdK)S1D`55_45LIXT05KB^j6j3_lmdO^+M=TEsW1~awJ zqWR}gnAOfDy~W97kF|@4b&JBGO~;KP>x7tu3O0Q;RGz6PLFrs zU{fu0PlHBKQmAgj+o4QGcPuNrVdHJ_f#S=fN$cP~$*`9nMRPo2zpFdGqI8WiMzE?} zB4=Pa5BcSFtGoT_quSDS)@G&barjr;8CJ^!dFf^KqifZN{^i1nwtTz~xT+b#X`h)2 za43wVua)5*7Ji{ih^wn!dw$GOxJ|2_2k0l+?LtkFTy48Fg$6$pgSTpr8AXyA6=*(J zig-~3<#k}$S|$=RCmZ9^a~h1&(Y*U zs&1r*PAXN(5Rl_;XgqD^Y1ngMKM!d$lK~r@-~O`WSh2$`v7&dlTf%&9X5tAEszQ0^ z)_E%<^}ms8NP0coh#0fFqpu!07EAdPeN$-a5wqjGwL+3ow%(6J&(34Jv4IYO%ftc+ z0N>WB#*H_)D%U)5EVnQ^+_yS4A>$CZx9s}bID1p}k95$9VI8Y0&%0Vx&CC15)`)i6 zg_4Qoe|b|Ia%+3qMhoeXKMpoWI^%uqBsMtFw;r)|hBO{rV}?ey(^FXQUzto`E4zTL z?1=ad9$9yk%Se>fvZp`Qu11W}~O#g8cc57o<0 zL7K45zuEs-uT>wnv#fA5XEl^Qbt>%*5U}3+rH%-)z3%oP{r%jOLvcabU|>^4pPXD^ z_?*K+gii>&gg&9Ynb7#v;8A2w%a5y8P0x}*6vW2&KAwR7H-8*~yD$WD@cbSTfx_&m zeTH(9-}^_vINiMP&*y(R-T$Rm{p;7!7yiAYCK}X84t~v>e+b0slOIJV8d$cvMvTx= zw*70?8?Y^?VJu&Due%qQfS&NWr{}#p| zKEJ+Mdf8sR$uy(ZXvmu9Awh$T5tt5 zmgNvAzHeR!5nsYc45FV%O*WB2Sg8dpXYyAtNV!aL4_0t!>pN#;e5IwXDXfU zSo}tKjHfnN)ODc%^eehV4hW<{OZ0Y;)-L+{bDZIdWshx}+TkKY*|7=116#`{_768o zyK|F05S6bvHRh#SFr|DeyK zxk3XU`BIs?*W_B5A!t$6R2x?@=;2LnLHmeq`UxbkD-yhMfrwA8TS>0|?73~XVk$-5 z^%H2Twi~SvYx~^>I$z06^BmWBJEpDaghYqAV{&?0VzOeBqs13!D&M6`yIRrP*5zb#d28a>w>ofIP;-jDuIrnp?S3x;WneSz*!(cskFzoJ zM&C*%x3YunLHLNUV|TG(Wk8~3+T!r#^AJ(XV5R&jpOZfgCy#bc24%9+h-;&=g5Ts$9LQKk8=aZ#UtA>mF760!+Tve<%lI?htNZ^0s{ZHZ zzYw4=!GsgF0DwD*qG4s%M^e#IbFqtSGl2I*i{+g*rJP?yETY$&{ey!!6U{krm!^1gm%<-e zwAAHy)o7hRpROtKYrbLtErvvb*9rhQoTq^t0p!Q#D%4KBRVLNQC}k9HysH(!!=ZaH zG54kROXLZ^bS?*z)Gu zS85IlJ&wzvd7Mjs3XewSMXQUF&DFGvY1xI-bIaM zzL>C-L7RJn)ZlSe+ylmtFFvAHcB_(cGk6ExX7h-st1*Ty9U5n&31sIJ5&ik5guAog=ga@bel3*VhJYeOhAQBhqZ~ zBeSTqG2VkYw7wvPv63#*ij{8`0EtUk1w!pK-Vilcj1ETgV;GL>-5zXYP3}inxg6HB z++GFPl4nCgMFT2y@qgT|p_%VG3^fe95F^QScM8(Gi(0FuIkFF*agzZtcX!RR{83%8 zfD?m&yWXd7h?f7jZlRUiX3_rhV%{qob$d+vGH35-g3<{MEt832v&&YQI$# zv}ULzW$@l!xFq%u-6HzGO}G3T%Wy9q40Jq;|A?j~hl+ZQo+hgw--ZN=$QXi+wu7gE zIXGU%=eHsE^9Eku_3$9AEaSeOum6{2IH~7}GE2G8mZ|QpZ;s%%-z*2yq7ADFH3Rrc zPC0V}ick0otuF~di)K={uJ5xJZYtoKKqz-A4S($|n{26$>`3#UsT==V;Vhn3hjr&+ zJ924Oq^#I2oGThqwIGB%5eL-KPOnXl#|oi!e;4oba}a`TpXum%L3(o@TKUDjr_WKF zZ;7u^^{JL+wK^Bx(@-?81ct~*v3G<+>Qe5=i31DS#LA#!@kEwDVlo+*VzQ;`)8@?> zw!J-srb77O+iwR869eYUr^W0RoTv0PHBU@5DAld;6wvb_0>~58?e6wPV<>wq)L&oC zFi9-oM8l|okJ87(QQ-J!@g(wO{J`Jdzg3gDYx7%wp9Y}=4kxEQLDQ$r5aS~wjBRks z_HUN052xu);TvdiG5na>Uo72%O-q~l^s2KokwL{_!17h2bi#mlzkPWE0fqz$WqIta z)kkR1q1}qC7h9;MgBUZx@<+%+IMo30V)u@?tIzAz%?a`hh_5ICK^o6_Z?B8RAwMVU^+c_^%PlY0 zT8`9GW+mDrJG_S#HP?6#rL2tDKyIed5%^wXb9~N1&oC=o{l->?5zDd5{a5_Df{SQ; zKNx%dxkAOF7n4+zvz^7gJ$(j0jD^uvoRWMo@tvdd@WB+sl~U5bf?&O*^v2g4d@bz< zFQ8?{4eU#Qs);|AavF?(bkUa&;(5S8WV`%H`c*ojHr22x{~~NdB2NDJLC3z%oIel( z7Xo`j-Ym;U)7Lyvk!LO@E;HtRn3!icE~TXWnBh@@(YB;4g3Bnr45SRQcFD@?6Lb#> zRdIKht#w=Za*qusr(a!mO}=(FA!@1fI_%*^!H*;FHDeige!V1ERT4-XqO3vjIKz(K zgZ4t+jgqjZWbH@P+t%NEAWu>0Pk?Ig%#L!@9L2l zPtB<{5^b_sVT}z9k^0&J?k-7;2(Hq5`+2eY$KOR=`iNE}w@?G9EpP z@Qjhi{z=9hx~DAe=J}Y_xyOvE_Y+bdma&#aOm46_{#2{rq&$?DAxR45j@$P<2McYv z_Db5oOFt#=wQGB=K}HkiWt52_ooaNPB|V9qez&T2-Nx806t8uG$8TAMCE<*;7#@p?eZdLQqF z*fS?}I~9^O>iUAu4fHU+O6Yn7tM#`viWE<@g%=mMzloh-&73in8u-YklgK7Mq*O+9 zWYaoZ)z&Q>h&_vIwC zdp$~>-9xW~ywP@|uG`hnS?NYwluf-}YX+)&hGwS%!QFnYhxPP?;~Z?I z?SwU%jp-mNQ5^8n= zhpcoD{Jjjd%91pD<$~RsU%2a`O?HWs_Mq%rewC%gjN_nQ)=a9zkb7dmEb4TBpx+rG{Woq_H|4P z7Fl}qBsS;Z&cQ)tUBD0eT%KZK+aci^_Sqv=Fh2DP*kHfbLhR&>Zc9`pr-7;~%`?}I z(%jp&E?CjUYV`6fe*4TjGLdZ2jl`QfjEd@OMupH1hesgqa$W2#zjI66`u$24Z%=>UOKN)`j3|}) zIAn1zE1K@Hfav^5=IB~+xt)rGHX zin>3FocZ}mpX0+C|GLfPzQq03p>(mT(@4NheXJqxi6G-#jUo6E!xMTQ#C#CQufW^g z7k<4gO!o@Pd~)``qQ(G-i0Yx!Wkn-N@t;JK{d+R$>^~v@gRBquL)!FZ-<@nch?t0K zVNwv215uqX2AjR*tt@p{t$NokBgNg>j0!sl@?aOlwsP)w9S18}-P5$4 z?%dN1e9SeQG?Wy_>!>N5L9M{`P$xd<@#(SmBXC|w3J6RbY{wIL=z&0Oy<3Ar+Ff_G z%}`~p8sJpy_h7pEqu%_bUE-K&pSotkk=)b5!xa7HlHWg>mW$}VTY@tn0g2Le-{VTZ z+F{ow&XP!YHrru3ad8srDKF&{5f+EceRp3pWSEQUv@UbGe)Rnu!DwV3Cj>%ZDx6UE z{Bkc_#c24BX_{6<`lyKJ^XgWxKO1 znn?N3%!;z7%Nk1W^d6=0ZE!OOS{2+h|DK}2UbzBQ)w{ru269;E4<09&Df8^y{k@U* z2T(i#s^^48wOdFHw+kUZgxxFHk++a;YemMW-kY_@)!)t75zSh&9Ibb^A>kd`%j(1o zFSTB2i_Z;jkrYMF^PgK^4meTYK?I+Cda(GaFG~8$E093j7e4DN{M{_iDtt_$xhaV#1wmc+c_`tD@*rRHpI(mKi{rPTACXB3N%NVrW+{oz+24q+bRF%;2HAkb0oYUO4snWcw18qi{N>n`7M!dX9kidvh`czVPA zah^%hcB}KwqLR9#!?A@yjb7)gdESv%`=j#y$$;DQDu-R5=nk%4A|6`?L=N8>k<(_F z%%7Hy-IvuqYyxVKy}#%u&mOAAWKp{sVXn~bkdRBD&<-yR`pfM9PqGbv{pJ6_LEN1D zue5~M+h-d=*6P>BSH3zMB{bNu7Bti1B>|}E+O_X3pznh?(9e`&qe?>RZQh3(c`P=w zyg|rc);wPHb5g$il~b<{RGIW#y?cN~+rQDa^fhKa-c+Id7++kfr#4etQoi0-kt8D_ zU%zOK^egXOZ9xJa?j9-Fn|hdDn|Jz=JqR0m!a`ZcObKMM~{`%W666J~95x zGp~*E^)-vChcqD8WTY-)Mct}$0W%@j7UHGVJdxBaQ8EH9f{DMvadY5OAr*LbB}uyj zdsG;3X|~17VXxr2M;1?+bUwV&VZe1fVaNQQCAs6Y+h_%JKi*FJMY<>w(1d~QY9L)| z#viNgAV!WRq}#mcINsFdu?*slu~t5c-WSu1wvD5=xTe9hrvnBJw2SHU>hO{TjSZ;J z{2qJ7!R*-0D=W*=0Y$lr6EA%qqR#%%x_AGe7f@G>{S?!k)UMIy204qnFTaQE zx-|g>h|?tA2Y6#`>NjtUH-U@X6K;HP_=e0_aWSiV zn9og1Il6wi={xbg-bx@X-d?FtTz=-a!ZE4_TDJe0pM3c;bk{8ce?5Wt^e&v%Ny?h= z{d`(xBahA&DUg`?Cq0`!NXyKRIFyx#S?LOXCX0?UVr-$gFIm7k2_>d8~Bai|u7U*ho4N9vPukv#l}BU9S67Qz>eAG-&sdsRt-K zAveQ}2ok0(lE`tE>SBGVjjHf56)klQc#72FK?LC6tdfX_d3@V1F|G*6xj-xPeUX(@ zm!|o_ZUX!6o?1t1Mb&X*_>~ds(d*U<${Y*?s6dfH!LM1CW) zIIo(lZ^1mH739pJ7LOJSWKo@e9?Et1X|17Z?L2~NK^0yd(D>-6$B%Ztm?m?c7*|xc z9{-s+&&rYZ!TB`Ny6Rzjr}YmL^6!=Sz1G!3>rpgUHjxHW%~j7!)dnT(Lug;eoXFLG z`SVcMkzmsP%CWeeYva@ik_dmz>*v8WzjozpN|rEZ{COgv#4u?S=hOatPeEchOL&;5 zes~Tkko2Lx!6U93h=6{4FYw68r{&GWbn+Au_+*{M?z4?m4;J6`*~zI5I4)<3v#iY( zXe*j8?6ZO5JSL^4CpDM&mjvXvI4@CTP{KEBWd$C?MV=uqLjsZiE`e)`r?$ayuzQHL zJ$9JwOXS=L$Pn|jJf&I&wVSq&W63z7!wi7%#vk1m{uer>zkdB6uyJZ2&E~{*Z1LMq z3pwbUVi8hUeGN~#Cv9+pI0+p02=Tl-iHeQh>D;*Fby=ZvwXbp0+9(*ePKmh+g3eRE zOj0e*X?kX{abu`5pm>6{Ic=d1QB9#qI@S9~m=Gdpuc2<*!$vSDy^I;)O>Wh55 zyMyRX&SywFG-&+kQoU!P0TdVRBjnrqKq5E(xNO;zqAZ<%Pb8P+Lbizab`D4U!N8%j zFA&I#eEe`Udd9-NH@le)Xz!o!V1t_1G6!g5WA?|-)?{})#6UPieHknO7mu~46vsx< zG9ktI`?h#L6BNAHfv-P;y+KbgXC7)&r+fo%UwghD8{Uib8nu+0wwU!bR!xj?j)xMS zgAMpXlM}}aJ5-eWIO_eY_Jh*|++%r~_K$A7=#ng)e476bJKp;E(r$h9ZvK9qeta;d zz?CD?q@HX_Bh~8@9HOjtP~tfH`fg`_jQ6!f_j0mO(;Rn1td?CvF#ED4v|@*bs;E!ut?xeG*EvlMt)pkOvsg-W^^pIo#41 z{B&?hjo=MmlfXNahb?AFUSB$4L7jQ1|2`Dr)b>7oVsZ47ZzC)ni#FB#_HB8U5P|RHRQgm;A8n(tnv5MIvjo$2#(82}-U9&8 zb4T`4Aa&8r)bxpQjGG;TFcV2Ti5*Qso6yXTHvg`sUUe>EE45Pl09zjmzH>Yd1Vr(A zwdfkhov5RtU0dc^vz6_o)P4-XBR+&AWpy6QHajRI+wQBp~ER0ZkHTne$3F{ zACps7CzB6}!Er~%HzWdqOq&B>@!1jH+pdNd3#hH0@?J!BMu~KJcPq0Xixi(){?Z6^)^zmkyRiZmXUSgW9 zSp##5Z@W;tm-|p7kOGjLLj3>-=9`Tju($|`>aOJUThy_hkZ>q_iM_au*{umx6MRn~ zR2Zr+tKST>@G_isiVb1?_Z6F&Y%w&rN-k3zxeRjYtte{%yfZUH-qMmLlU{s4kP{ImEUw|Hf=8C|XO4 z^GXtyl}y4<$L%>7j&hvURqjA;KHV-fC?cR*Gi#U?nc48mr!_ShC);O*)in^OrZlY; z_^vTxe~c2f-7#xGC*0XZmV`H3B_eb6cFRh-o@ zoQ+~eh+X$oob{T8{!Wnma7I6Qu3<3~hqH}|oJP~9;=cR+Cjz}-M%TFM15Rl3XBk>2 zt^~ien^afZC2up^H-OZ*E*%B#OOpuR{w=>n`G9>2kVw!IS|^A`ROK`42ks#U=CL(1 zW0LGzxZznRb9hwXU*V0gLnhs>DdpE|A3&1>Yt4I3wz{2 zR>A+vx&HtuEId}ZuJ-78^M|8Y>Z)l?-@B^u<`2%95R1nD1 z(LB{U>G3tCS@-5b(@IQPj@#?=eT4n4+E}2bc)|^$g_?0dXR%_FWhGfg^jC+p*_qLE z>lv*xQp!1gwFl4V=L^r=I`cnn{UXG;EWyQ<_dE7T9xpV0AEAhsOJ6e+LfaR7(zsRT z``~(-k_)o!>X>^JDas|y!l>`rDVWis{n14U;|s_@Phhu)>C09*k6a82dQ>b&ICSTl zm*E}k z3lQpeS=D;}WP509$yV39|H!I7q|54Rdq(^vC;f(Mfi8dJ^%$fy3@_5*{TqW1>mhw>z zCdMk;Q_52}QIJ*oCOq{i+@0e-u>jq8nEcq)=T5VvE+=Cr`&t;MF`>jxt{GNG7Bc&o z!!S5x2rn_v#U<#BS=?QXzh$suQgSbN+uA(cv@WJgwojPCwj+TG@jr#@*4oZ>PVZE~sKWirk$J;5%8qiw*tmT4hC_=Imol zsI0f~tMc5#aU(kP^Q()ynRWM=9Kl-bgNBu+aj7ZT|$3cot4(Egs)?5@mcu_7ni6; z+FL4O_6&J3SRW$VW;V4d);? zrO!MG<67gFP5bnnwJLEwQ7x?9#9ACkoj=%1o*??VkpTX~ zHZ$q}pcAmo8({&N+6h8Pw6fB%Gqt|Z1B17f7?P?JHz-JMuGhX5 z8ge#D721S}gVHBia0j6#Q;D0+_ahG`ZEWb0!}mym96+mbHLQAQ=3}_%Uv6OSzubVR z&p&p*L;Gf*zjnysaWcBCQ~;i+8KjkSf2AbrKSzT9K&Q)xHV=c+xEm z13G_GNWfxL^bDb4_wYrBpY9F+r6bF!D(HKODLU-rF8R|x zP3GahFyYHG-Vpx6jTRxNHg+`}eN{CDx7Wyl7ou&DTKp72rz)6{Z^jFdU}k!!J@(Iw z_AC?smy39f$@I~x&b|9?kHXrpCWk~H7`@PTSk$1jTC1I0`Tjc--1L?l)BgT#pgCss z5TR#ZIZuzDLsAc7%;fISTdTLPi3n=^sak;979EISeXcGhWYUVnWgfo1UdC1;fd%5~? zTt#^Qi!N@vR3EY7)T6C>Lag2&KaU$zKbd<}*XyZH%|EL=k`v)7=Is}Bewk?DVsSCu zlmb(7KFz`tj*w&rdfa?63Epwh%x!yh%ZDQMYuMh=pxSPZJG#A0a$`OZF3~LltMKdI zixjnwJ=3=)y?#nHlXv86+2bR4dF)cUtkaT1N2?6#peF8)Vv<#c#0JPSGRN8P5S zOP}QTt*qV^W`!i(>{8c7_2)Xn+PTNW0vnSz35gADi)Fe+hn|&MeLq*x))RQ#D8H&} ze8PWnB5s26X{D5#GIUJYeXAEAPAib>4>xS|c%D>vcJW9&j*n28y9s+*xm^}zr|O8UqidE9V>m(!@%s?oOyi(KEr zQttQ>iEnZ>68r|_An2YXz(=U7p|=a>Ye<^3h#If6nb^0{t<)A15Fs0}Yw~O(BSBKy!(8)xE`0P4n`b+kZO^`~SWGvYk2WT zs&UrG404v%i$FI(^cH4BjB#s1$$xT~`Xv3fO*H7h%@7SQ-~sZ@WBfU7LB(5*T3Hxx z4m~{htsM&Q<;jJx{RPZ4`0n;mhFlAOdszp@H58@q-6|PNbqt)-q3{W3halo&4gWWzLy7pJ&|T9%I~69Cxe?vD!gyTvT9`|F*_@^e7?S}0Np~%&r zqJQ=gNO8P7m9aN}(61pRP=S8U;Tr0zk1)tM(F;=@a_X>$fk#x`%S z+k!D13(0Pmfe4*)&B?SjRC7zw?ya#+az%Q?ur?g_G|K>GwmoFAWu45ejt79!VHQAo zS+PTzqbWX(wc^ot*AkrRQiN{gE@UOR3P#1AgVp!w?hXEopmq^!(3w;}#{EnZQRKzO z3Wh8{uK}HIV6>Y(JO6Y%?%SI9_KP&Y>@l|T*o!rZ4|v@0W^U1bk37vCEKAdTpkHId zvx0W-k+%t>liHK;B4DRHg>&*+Fu9<`@Fm$|gGJ;^%9&D7e&j;sM{GHKu9BkWukr&r z)_;~C<0|WH&dfVq@A|`m?6=|>U$3?-K6K)v_Z8z=O`g&YxQF<+nPU@&cfum>Byke! z@^RM-k>pu7h-^U{ND3mHAx%Jv8E8#&#J@eOjED=$scfn4ypzJ^-J60BjCs40rCOVO z>prw;Ah_|KOPTQ1)BvC0YCxjVb#DfMmdyYipmrZ<9{QAC7m64v&dc>|(CcSfR0?p? zVjyuo%#%afMJPm#@$grQB(#ef7MSV_U~rrb!rz7|UZ)pcmr1911#TJNkyy`EcJVXL z_LWXrjSo*G7o>73M0`UE3bzjPKxB-_!Kb7Dvy-bWgV~UVc@FJ9c$;rmI`AWFYt_4x z5r!U#C!Tzl6bA@l*Z^#Q9+mWN3Zm}C94Et!P4uQ;o_S&^T?v~s| zZUwzlRt5H(-{|uK3cYcG=sF!OCYytbqXJYM98ksKu<{bv5dT?m@cc|l-;iUdW}f<) zV6}jKNSr9xv;UfneR02LWS;g7@LD)Z4gYwtlB9N}i&?Np?MmN@BTf?CBgn&1P_vwE zI!m(-K$9K3{D1@L;0v<*2 z*PZb00d}!FH7p{g-)l%8=<~r#)(FrAHx5+VXTN9uDK8YP<2m%LhI$B<*Ye!XJavBV z?~lk^QMquM?47?hhQ*IN7_mQ)shy2(_7=)9Z8X@J7VTW5ay9-O+l*%2Y&5LQB~&w@ zm;lfOD9GV_b`$!b6%?15l)wN??^MkMn_Ix>?zm0H5ttC5Gcyt$_Wr<%0MMzij|{=Onr_zNXmR4eN9vyBPg zDJ(^fL{z4qEYX9iH(&Y2RqD>1Fxf8fH7f+)Qb& zeWmtOSH-PY6L1ghipN>VRUIE!&OA&3wJRH?*7-#F8Kw1sbkIgh-~znh;SlLdIa!g# z4>y7MosTycq38YnhbTNeZ93+>?$g__3t0oi*Tr!sU-tm?KE43OnDCmmD&ilOVcu}{ zNlXTKeo%dKVw@iG2V5yYPT*W8dUBTXlTQ-IL&=stKabe!0r> zkm6F!_*6GrDw9v)nGQK&T)00_Wy16IM+?VJZM@D$8u^&B&P$#L-JI4FXWtWyS?}MG zIxjb!G_#q?KW(wFKtuL)SaY*3%m4mIKAj9U=b6S7D{X5z(6aV0@4b%j!0S>t)-<7L zKnO;6I$zYmp|b&2cHwAV07K(k_-tuqJR5QYIWuo2oCa4f9q%mcJ>An;*r^@*X~0or zuT?flBh>Z5fYoa;mKG|bg?eGc!$RMvQU5UN;)>hlPpJrrEt1Plmyfas?%s|-432?o zvt`z=Z<*PQ>iE|GP$jp=Yks&g)swSE{$7wWx-#QePp0a95D$=%Fq)}fmGNWj(&CPh z@-=qIkCU%*P;D4M)kd=Kouk(V6Zxx~N=S9Dr#pvzWWRuRjOymAkX)g@OOFyPFZLIu z%Z5FSqZ-J|(#R7EV~-mqXe1!p9tHm1TzJ~Ix%?@I8Y3ziaO~NCc9w1p$eUhlAM?%t zr9*u)cTe(DE8Q6Fw#xn<0mh;D;JPbTSe|a%vrkcLHh-qrH0ZyCH@I)Kh-|y- zh@S3EK8IuGCv7WW=gx2Tzu|ZG9b%s`&$>PdZnrw}5>UslZw<*^W0{~3--`1y{4!!% zdNoG{MVA@AcTqiaw_xJ)8L%82FzWYYvSmSf>_AN}i&~wf1@)(5zpT=fWY6VzB`@d2 zqQF(1WVc%z=wm}PX0JW!UO4lYz2C$Is;iYOUJ?m66U+58W*L#|^0dxD6*`SBp>G`P zGm91UPmVM^<4+7MYus*5r(PrHa}ifUEEH|{6>_V*>OCyGknU$3z3#UgKsg$-S-}IO zy1V|xhpewISaW=2%b!ZgdhQb?53?AihkTA476$y_XxZq*iZmC(Azw@*eYRre zIesE=K0&V-upV@Y)fYbBtPFl&C`xlwtn{YlZ>P{|Rt_)8$u@QI?lB1Bb-a0a5o_^b z0cEPjnw|M|a=iH5`fRb)4!kCa^douW^bo}Sf&Jz*Xm5Zl7NgdWT;0;n%p-2CUwzTA zl7MZJF(?s$iduf?%_nAp3&=QbC<9D*`dD5Db#>);Z^OW+0k@`x(|ws~&Cx$1gt#>N zrHqbr$A#x1l6=mj6S$^5t?dDPX$}HbI^_ZsU*Mo3yn>hTt#^B=(S5azZM?6)V4Aw_cGD5J4(3Ww0AV|G zZ%Y5SM3HECaf&44PjRhBj#Ah~;om)qKE5xy6yE4VDVH*S0xcPt8&K0x4?t#Z!*cyT zE+7Kfk&R+<(vID%o{JKsG+9slt;X_TKrs@R+C1^aZ@9FgKvGPSl-X}yO8h$788~G- z3-=D(;Fz!AFfOoWQA;o@?G|3HL@R^%pZ-j&cv3npe+C{+3HwPI-R5o(Qt8oa>kGI% zgPScu+hgE)PX=rvMI+nu$@K@owD@g>c@S)#EhcvJ={-7pLmX0sBlYoin={zO5qYn# zQkU|{t>x7*LN~3VhQnS)dv3WGCL?nidX?$dL&9~2Yz|5B#4m}vOPwvs_JMj3d;~N! zzz_eiJKg)5)uK)kdh#W?P4BbXcZizj43&2xMf8XUk!hnH;9~7o)`ASC>0G-{U_E?y z2oz3apUg)1+NauR;79FUU?)c`n{A5~1bm$@TX6+_6Ih5fuMw6R=TI5qmUWwsdp&Td zCK-P8vX~&4(^R%MxN?lFPE8fiJxZ@gotbYm>H*JAXB^f2rs{?+=pDSiGRrY!EhNCV zbWI-S<6V;kQL6(q0Kk)3obD`-3Pf>y$c^@tQ|V`#vRf<`tsft@MnzOw)>+_EkcqE# zUI_+CIUBUB->3Ll3g7q21?+O`_DB*FEdlmAbCA8$v*OhOpCv!m-euksY}0cuKgp$N z_?+;!b|`{$0f3uNXP&IU4n(k~zs?AtJ`s}Vs=_W3t!}#f_^5XG!1SoQSg|DjC9Z=r zZ(l1_yCm-5ePYFGCU*LhCnUZ4=90?xE@aHPUk$`MbXx9qm4AH+qi8xtfy-Dl?z#rCa+pZlqz{rejXr&=@ zo&D=%<&#+@nOdp2RTc5?Ai(#j=Zl1`&8U@PiuadnWaB5p0*~={#=ogsTTXsQYyLKiD4d zycuDUbfGhYv}drb;t47f(Yx5xbJ>*`hvBHpL~t1S6wt1(c4^S=7A}wUn9~mw@#Ye= zx{TR+g6ZNI@E3;HQ+#au@>H{$gfg~8c1FAkS8%M#=D_X~W z`<$i~XvNgluU~whNU>gNO}D-Ygk}*kI|g+6!1K3i^cL=o$o|qL9&IzZ_1PM?K2~mj;7a&jLxvX|GE>KRr2?C1 zE#!@C@pwNFj#@F5E8^TfMMb~L-ECatg~KWFX@x~~T*BjE@PPXox`nlJSMJ_1xQQx4i%C?8U! zhX0Pd*v1k^pKRB>mu52xTn@53+?;T=e2vcCi%#+hLguQ?5YTCJv@>Uws(pNJq5tE{ z7DNCr=IDOZlVZ-DtYIU$4NAWby?jc<^jO5$#DMZW(7YX{Ld)-fvWMjyv;=vd>Q6 z|596DEC&ynP4UpLLe7@>~(T2&5Rcsc08*HL|BY*0-7 z?Ez=>YWu@M90 zs}=gJE!N+|JXHI`@TezEQz->gEBFCaET{P!Pk6J|wk0yAkqYSZ$!Ltfdpscqd6vt3+o*>)=Svm_ zyuY(HfUS#XaP%Gh`j>LB(wX!DJdhZ`TOpWWg30k4mCj#<@*3)ogEfWi67c&JXOgd4 zIrhD|0PZ;oS*Z#X$*hE?#%p{kIBkTSY{>us$%B=W3`+0&{nfvL!QbEfKL`Y@Qv)Q% zLHfiOdL2gkWU*d$a4LYh09k@lCU?n@L*bu&DKi1zcxRlhD{)U%>l}|oO={<<)xpmm z<;bnO;hq)~xBlp250M2A=Mn(b@^lAysTw{$hY5wWf*{O$yCc2_VMAFF-jEUerDvjU zvfyG@hE;;D($tL)FKCn{ z0gjH10X&8*@YD7e>eXNX4JyDo`=vgo;vdz&cg;R*oV1v&zx3iFU(VZ1azj-n!TDpp zRtJL9T`I(&Oqga3-*n909pitH7qJ&_{%M4MJ*!JiT~(IIN3rPXkK>N7w!5F zP*Tvowf6_EAt=^DMTnSrS&d72QUdi^!^S9$GH9w;Ff)Ov{#LW*tO-+tLtb@8`fAK} ztM=|-$vHq2YK8w$f<0QZCRN`J2VL0fB_8VZcnN|K5cei`z3cJs0hWj|zeMSFW$xGq zMkmE&h<8)X0${aV-rypwfEj#djk#le1E|@O>uU;laBm%iKOD+uS{6c0*A~%#aaKQu zW|c|-46uN&WnZz1$kSQDT5T>W!6;_ZW^DJ+%S@M^eEm;Q)eqFBPrTBXRw7E)DhFo8 z7*`*r8Gc_K`aC^;gr;*b)7SsjD@Qr^u(m64dH`DbD1Gm~E@KA{!wKnO&icK5K$X8SqT^1p<^yQ%4OrnYz?&Z5}uvs!gF%Z9l4fa8>-gw;}J}nZ2ZExL?a>D?q%;- zap-MsfUWl#=$n95g%`gk%KdGY>Z=R9%;R*^LbnroC|-VzW6g8Aaigh-{0St06n6j? zYy9d2fsGJxNJ=t93}|ZP=K>eRX|r}ILN-YPoxXrlM~&JC;1w`OTaK}JZS;(TWsdRq4`hv#I5=%@xaSQn$1;Km^n zb{rmkm3WH#KP7QA2}^9sNuH-NQQek?N(gP%>&YT+X^_SCiPS0W6>ypqomHY~gmdeK z?AEAQ_&Rv|E&ad2g^c3efM= z*_*C3wGLmizFGESzy7>w`pYCmO`B{NS zW|2xi?_RTtC&zYd0fg;}p_zdRtojUNzK=Bxvb)>ODHtoF&WP-Zc>qhnjA&)QhLucL21V4>FM6IYR=m6z1cZZ$b8$f%eCa zvNREV-VpYc5#<@-j!UxaK4 zqonSek+L6EssNE+jIRoUuC1Ks3j^8>A^xio#a(^=YQSZpW_+qz@UO~x5meUkTeou^ z_V^K;a#F|Oy8%&# zD$0?o8Ep5B6`J<>jHN*3m~RYD#?w^;vDQW-iJH}t@wb`NPj<69VkLM@+2%n9^H0`% ze@ey9K!km4A1JKP8u;NKoW(~x&Ym=)IfkKl#!fmJsq_~kF}P~mW~q~)8?4CF8AM${ zr=DyVKP5VsGdl)P@Mb5LwqFI25IMJ>Q;}YAQ{;6-Io-5x@u)0PA(Q34nZ{6@Thuir z*mzV#-$W{%Q}t%!u3an|OkjH825yjjs55puZkmSxgFT#dFFVJ=o%PB%^(M0K(P$Ob z8s~s8F9=M78Dq+6&xAQ&vQM)#?mktca)2h6w{+&>+e@UsQ&LL^s@H*({JA`&=2oyX zL;JuhENxG%)Tg1@Ho&FcCadGqsrH=WMbk|_ACb#n6bD!60vlMzo*tyXQqR`*(tdQnu`7#Gf!5xAywty0EHGt$8tT2S&eV%=94 zcmaM4%YV$`pPB#Vp3sWKgZF<5S-u+{j9o%rZEzZ5Hmd?DL;lMz20#)vv!G4X{KZ&H zy-YaGEzjfj#>yKSUEhk&t4)qtFL}zzt~;H@QqEpWKQLFV4v7q_d5wLzdH`22NtHZ89GrW2r`%2C4Kr*-08gT*lul z$hM8*js$9EKwCalKwjG|D($dC9Zcha%%-yPnOyLsTcO*}M;QQk7(hK`)3cEgs*wz# zgB5`?g7qTs!ZBu$&K*k(JxS(%Jx;vN{md5tP2FDq-@?-0%epKzw21?=78rD=<1@@$ z5(lWwk{!GT$zv@5tg!TzP^dvq)mGU z7WoB^3$D$i4nTLzh>u#mabd^J@s(=Qv(PRL43CX*5(A7Y`?oK=d5gQIPe4pLr;#2; z3Z9(3#Ld4gqJ+rUTi}Sy*i#d+_k~5>i(C(;RrB3usdEJnc|TCMF$VSXtU$z&w)H*9 zBft%=S6Ikoy6&3BG)?_Nyy9A5vR(G%kDpik2($KSkchl5%DANW&~T{ZyiRkc z#CB{l%<&|JHv5YyyPAbrdrO!OiHqfG9wah95yblkRc8~w$BQHju%`_i>mia+1Gq9} z3?*ec+>?%2&cCSUiK|{o8B_1f$^;J94m$%;{f*E1ZFdrhJiZInjZK4~C6fGg$ zAt-UX3BeDJ&>3>QWTGzx8O~6kpMS20pFq9~$^1Uemz4c-Fa|*=|+X>9TB`dB03UslD)} z?&FIm1=`DAuGrR;4pMwGzQr=&Cgbt=o|Gc*NH4hT{`VdV5RxVWzHqz{SX`#=)+eUz}B6e{ok{%%tRt zO}6SV@Y_Pjzyx@-l*ePw3VMxb|a! zcJjsyj9?gXH{PTJ+OQ+B`2zh(;`vNRpN*0?i684OSs8~+~vUX%Wtges9IPt_;@q$u7QGUpX12`C}~U@-Mdt9X{n( zsNrb6_mh-Mr?;BBy3=!gb=z_YDX3ze?oyu5p?F`_=hNpUEx47iMeJck6^m#-+#bji zDawfJ4xg0PN%{1uhN))dGlP^=yM7-?it;cQJ3>sg6Ct8;X@<2Sv-g{U&GQw==g%7o zNicSNPq)LC&V#U%ZDNcJ=_)o1^H>!8c46=jP`E``;VcIuWhSi$V4{seFPXE*Kati& zgOM7{Z=Rie^=w=hGQpks2Tm|=s0|E-a6+GmW43%$<%)I0)<=B-HEP&q30oB`7pL+? z?7KkT=~;xt*4Fisc0mD8(!GE-&+aj^rA6)vlfnQMp1DN|_n$lFv-llx2a`dsnsaxm zJ{NjDy-+LN!ttbo>ZJM@QT%Sj7@AKd{tP(rintBaAkFrC@*;SiB8&@@0U zx=_K{D4aKb17=UEy6Qvb2a%vpO+)>XbY%3g}a$|_D z>al)yKZW6o;25)sIg+8@)lKcMNJGo)^`RjhH4?8vS{kh9o)AVKZfh?oQ6~a*j>#># zMbo5BIgh;Qbiyf&)Dn=Gu@wpjQ3wKwZnl=cJLxs{mYBg)eRC0?FcO_VmZS21<|K`m zeOG;LS#z629s=`+v`MNkhdlAI)NH#V=`usR*Qk~A?jK%wIq8Oc3PmR(#As|J zE@M5^cO>3km9s}{RXmCi=3ND695Xi{PJK7AW3(0?AYb+HjqAOKUild;p+Paq-D|A5 za^aqNvxSS8gu1b=RHq?(u}rp4|5Eps@X_t>Id<7NzIoti(6_EW#5ZBJP^w-Coworv z?;8V~Dd*erSx`s${c8`WS2p5mlA+*NcYRVA9GEc9m9JNV}ICrV$F>2p%u*eeV(nIU9}o@&g1;F{h2wJa3sqb{(ffnQ6_oT zccI^?>(u-K>PnM1fph(oj(jLo4p3M7P@NOj=~bnzsa~03BJR4#mmvlGrG0!kQ`cqM z{Qwv5GVQ`nAHNem`jN>_hGlcnr=#?C#%Pw77*T1ICcG~8@1=TFLLTe?%wXi~qlgV6 zwl;TkHuq!`PIJ?)>vWfU{W#R)Jh(9yjbUw1by7}9Nb0by-|d+bc;6GIkz#tre?HKX zND86J)~d1Oas5hywG{8+V>@trL3{LvSgQX%y;9N^5SC7tN9-N?dz7p}M@H$C*^7dB z;L^akbX5DAXW~(A*bpA-p*c+pvi$FVqo*1GVGbi^=6(%A1q`-aWOc`|j@@DYXI=`D zKP3V04w;~qR5fKvNKfDdx4Zj*8W`1;NsiXAycct*Zud7H^o&mSemJa_ktWdXp!SA% zgv=vyc+l*ejY#mu4=Le`IqaaiQx2>= z-B?0CIVFzE33>3MgE-r3|t$Oawdu+@f6EMybcN z3MMhrH^WmX`HEc3;Hi_dc=cb(hChqE=vv}M7RCu*i{?RAKpwo=?xCjD9J!ZMLQnSI zlb7a2nuWDN8Qia58eUQ5p_A(tr$~)iHKZdJki2dz2E^<`IiA8zYLQ7-t{`z56@v(C zZ-(J3+(>%~Ztmb`#M8x~M9pwZ)=pIEkLDMMA8?|{^SkKE#%m=(!5M{={YOOc7n$D9 zufk4r#qgr4#a*F;@_ zl8r~k1=|rJ8;xk->xp@bM_v26#$aR;YaM3XyI4R-G{cF+p0Rqd`7(MMcgLd?o*^RF zwJ~N(x@$5dFpXg0YM73yoX@fHB9vL-Vz59_Y=36n!w@Kwmp4B|)~Hs|L8;~c6>D-| z4b$~-y~j6_brBMoWucf!CB}4(zZB^gs`2B-D$-(nrMWvi{C$fl-C^yKnM&r}S`_Q2 zJhTFT0T*Vc1R#{prTf1{-4AJYh=H^VF?9Cx;>Hp0y&RR)|CN{NrQ@2Ud@Q;jC0NKL z~Fn7v~;`sLYS?INO!spdLQjFx>Q zWJg8078b@97YHdAhUkpTc!YaSw1x)9#->_I@mUV3(R|2N!R#M9y6-9+r9HoPj-<)W zt+8+v%c2nP43vga`Kcctvag3ZJZmh=C^Y7u%_byT;SyaJ7VN)=H|&bEONYd{mRCc< zJ8{gZ2-DQUvc9Z{%J>YvBf9fmu7SIo4!qnEBPGVm29Q8)kU~0-ql~F=#AB_#+d?-X zN}lXO*vH~yP2fuNI9DiT`b*-c9@<^^#1+RWcbNEr?CEny&@|@>=N0?gd_5yt(OW3( z{QCjVcp_t07$YpxKI2gkFqQrFH^9^`QSqKZZJ|?Y-iu=^Rwt4t*M2#44_fRG+*0p$ z6}}vSj4tWmA-u?x4%Pb7+dgc2sR3f`$JvOxy&>0o23qm?O8G4Pg!JUO!Ql46VK-P5azAh%H>jg#)#k_! z97hfCKsEzc*sy3+iM2$AYDv8v-VK{u=JkG>*+XqtB%y3qU#UvnR$0OX-egZc9aS(- zCxj7^N{X+jE{Ft4XlKG$#A%+b^`KL1%6=?^F%&yluF11(#hsMiG(EjcBBy7l+7&H_ zvRkX&7}KAWs;Y4C`2K}sxx@c=IQEU6{G~$3f%NUDbcW!`sy7JRhPeW>F?l5b^0W!D zkL$B0?m6;ZsA2~HSG<(zs<$|9o_%oUgx&0i%P(|Un? z6uz`J z0>BU{hfvtV3~t)kcB}pA^CeUgHwf!>-M8sP#vdx$Y2RCJN6M^|a?5u2+GJ!%d6$UN z1*${e3nRVSTrHL}BAm3u7n~-)o_GociIMFDNJ_qVkd~@SYD>jU4*`G=XgGW((ezA- zZEPfOrr?0?y{vzOx+(t#b<@zc>C7LqymDDQ$z6JvqFb|J-KVH}-{}AaE*Nl4MWd-;bDZYhgx zhIhnqQz);5Vw_lptz0&3b6ubZkv1!UWso;C&h}G>%P8&sv9LCAxh=bJ0FLb`S}vll z2Z|+Cf*L2#wUM3}@I~BATa1%cBqDiE!UU8A@P5RYkJK|vyy|rEn3Il_yh=e$rp{BP z^}5W){VS@mc)h}0pKjL^>ds|ep;8e(L7QWNq%XYP)I){y+9fyN0HM&CR;~P~@)8*3 zgt^C**t1HZP)|+n1u3XaEK0Q@b>@}e^=4R(|EIi-biToj@4ey!2_n^5UVye7r9*nA zs~XRfR9>Vt=JOot{k2y4gfPvS3apzNVA?}n=4^?5MwWu|Q0qOSgi=7`>0e8nIN!;xpeMYO=6SbU1VCafoim4vSA#k(x_6H`jxBgIXUIb0CnYW( zGP1GM$r)A_ecim2*dP;uP=npcpJU>M`U*An3c}KMm z&x%KH)$-F^q|w|kT&N0bXv^j&7TeG(A+qD!9Z;;yuBl-n0-O0KC}>-p4<(`~P#?)M(D1zo-L=D%=p zOwHBj9{L?S?3?y$Wdg2+R6+t)xL0kR%%gMvf{GobE_0*AuHiQ$A7)+lel2Fl+P8`g zhFQ4R^l*x(Iw!nX3E-Xl0Al7=NAKhsJ);YaJahAFt$pTV5plJ7w^l%E$9UEGaSYts zwcO|Mz?-SbPU*c;ZMNW?D6eQ`ZBvS%oTTlWx2GzNGku@s%G_yJsu?bK(k}XinJouO z@dlt&71IaVb{dryHeO(ptz*4p@UW0+80a1rDK~$Q@(?I-y#BVg1#(fuyMde!UXN(? z0@O52N&kQZCBE{wZ`7yM*855_WBdVfbaf^^9H&JY$9n#sBF{J&g6J4OUQm2ho&NI{COibian6#V-JoSlTk2wnCiTXW+MkAD$r%5gb+R0& zUue=uoAIW^>+m67({Aw>t61fVj&fA6sooPt3b8{gtKa-ntg5`UPu*)T{mQj?(~N*a zxskY@?hZVu9$X)D#ZNlox5YhU>y!FwI8dvU8dqW?tKfFf9o+)dDJ@bG>4NAK=3zbZ zQVI3PWX7i!R4yroDFMZrIlPxyW5#K+Y>hVkLF=%=MyZwR^he%jsC4RVT7TKRyXLIq zbD2ELn)*L|5q}aVH^Agu02XICll#AO3Ax^ASGAYghxWF|WiWXlxUfHU_R)aIVX51o z-54w}QQWp@efc0&ahMzkZ&4a|woY8Xxxgu6HzLBz(^v}vL%buVgh>{m$PGqq_bTu> z9m#iQ4i;(S+b_Mz60FT$Rhm6ZMDe$4+skLc!oIaTjHFKIMlm-_fe92KQTKp-#Ervi z3rCOo2`+?IS`&|bjx(#66K#0J*Z8&y;FBXvzjAMJ(RHbo6M5G9cxuTXf^j9=IhUmq zxoey&^yC7vt?Dnz-Ly;(ky1Yx`oznOSl4i|>D4QM>EPN{A!CCyx^8co=&SR@;`+Pi$E4Y^lZ#1f1h%uFyf zcAI_v?&k9g@$>D|;5L;_fb^JG+YV$k*PxLQ=@)~lz#3(xv+0+WjMOn+&A7f@WTwJ4V69Aykwm+sJ4=)#-*fB2aY96&&qg1&xs=$wX}0R~O0> z)^)kj6a=2|+r zEN|Su+Eqzm#~9kE_s^reef7@(r!p&#tYd2()Rf#{I@N}SCNXW!Wx^$zW&^urG2;l|y($j!CtYKK+#aBi%`8<{d z?Qe}Yi`xa;MYFHwIHU4XH1cW=#u?VUjbDguLy!8B?)MSj>(IwW9v!!{75{x6-PKhg zwOs{$yM-)C|y=K}!vf@{v(cK{?jLM>Z1(hC^GkCmJL zjq30LPkXJ4U*IpZl7X<4wXZ{hRqO8#{;~xK(8%6}{PvyHeoz>I<+mHtY-u(4;HLev ze;$KeA>(H_4%)V!^&{KyMOK08qafqA%n(Tu17aZR?~Z6 zMD|Rox9j<)B*KcpvIMH8^fQbkcZ{XKOuo4@OJz+kbthXl5IO1z3s8ubSiOq)^H=3 z9HXCSE>e&VRNKa}E6En?vnSz6rl!q0tabDjF)t3^R3flMTXb1&d_4a5GN0VEyZ>au zXat&b8qnU`1?^OMQSYZxt-8WA;01{4XWOK(ieWHycGb+AIwyF2W%JWHtZ?eY@m#mD zXa?EQ`+wZ?EV3zxK4OzV_m(zBbtG)X-L_`lT>bsFxPvWB#-h>R#7zZt$r`u$C20s_eS^8mt|&2$<%uiS5&qu#7XUT%Iw<-VS86_3*#n4hTFKtvS(8!!<2 zsc8%I(C_Yr7%P=3Gq$iuRH#$QMRjgb1K`8)I50+9QZ$LDwwRaSrw5Aijv2= zWM1UU{Yk&F9x3#oYW2mj{NC}}ThDL(Zf>4hlOMW!RAr{AuuRnk1eu-4mIISB6_21V zGZD)B%(?NDUVuM>Jewd~Kfw~}Z_dZP0ABv&CTfd{|4E4Sx5%KgHqC(RY38i|s9#q$ zwx;utLsWsZ4N0^6miF*s>0ln2q(M6~A>3399V_k z>Q!AyikhfYZHMuT1SNtjVE$bRbX5ae7m1(O)d>TAFx#*@^D;mfGrp;He<8=SC? zuUbuxq4|*i3uutu(*m=fy>0xzrYSFiY_bPjqK{greuXDXVNG!#SJ-EPFzi$sSGt#{ zJka>4(|Q(ENZpKo3QxDZJ1_o%u{|ybG4R^hVz{!ImnY+GLpH6fS8(;cyoX1=u|M~+ zcP4X7{nfMmX0!>3e|f!m(xo(Ww!d$r;=z06<$$B_pUSpkac2R*#z`yaY$l)pbk|SJS z{`5`NZ{J-Q+FQE3z6F3z>oxXlEoffbM_AydqPS~^0){7@mN`ClE9jZ5#o;=ExBS%%zVW!{pFp9Bk z!72(7xopvuzmQA4Lo9!C)6f*NMxuM_mj=NJ`!Wsw2>>Sw{0fpMhf~e(4w+AFfcbGb zD9pTnvC0XlWGuVA2!GTh7l?!e?Iyqa+Qd$cSJTBJqi(wYAAkdhp@D!yTCKWac)(gv z6MXOR+~pZ;^(-7J@kC7ePb~FR-|F;i_-(d=D2~y?zbTIMLS{I-b71yhSYqMO?Ahn( zdRx5;T`O@>=*$;m?U$@rKZ1KquERvc-T{oTFB1>&^Fjst*R=c?d$Z!6KjyTw`}7Bm86faq|?KuJLgA zyfbOh+4GR7foIkt_*9mG`B>88H&(bEB$qRV*mtivln3T7o%`?yGdyv4etyH>f3wZW zDL>rX?J5XM(u2}D?b!uOVDZEf{<0C8&s>j5qj}j#cU!yt)CgZ(8&=7JZQt&YtvwFS z@3RgF1X(@kT|m4-hkV}K4j~M2u)CGbKgc?UTKpSv*$Aw;j{jwLmyG0Akz^1X?$5 zKDHG4k;1pWqR|BZU=EE`!E@oM>gHc2kExTKvh#lVk(;}Iy&*+}gjVY@*iQIUyr)c# z#@Doz5=pm@5=UCR5kC>Sz*Yka?f!X>#~VX}{RL2$?wJfG%DBfq0vD;&=0f{Ql2@0r zbTmZGiw`Dqs2x4}98qdjskGmxC|wRm-+4g#S*U@t&$%ClJ(;_RmTo}UzW<%<*(T}B zTbhhmQ){oz1|WJsetC||(A2eOLov$LX)BYMB29sw%|u3t=aH>kS~#Cs8=SfLy!p)+ z^G6+yUu8TSqtbF>t_+73T0+Kg&-?#k!I?F>BQ zuBv*9I;=?>^K(l->)9hFvBwkw3LnEt)GjDP;}nYNfy_9A_N)-6BQR1}`m)8I-!<;v zK!l2q3|v%K3s$Cc;Z5k#O=4W-k!R|&fnwAhv`Vee#p7r&|L(70rj=-frfsY4-I({G z8>bWid603zMXrmsGRd|idjMrHCLfDc53QCeRh6*z9ISE9+kIC%a7~$e8&tH7`v+A|%)l2Xd< zH9#LV#Q3hSuEqYt^-$XZ5nD$D%g5*6wvolGeC_n3@>bpIp~cX-S$JlkR%c*soswc? zl;cUUVp0Sbnz9GMqs7f7Z<`g3I|Q1xrE7zXP1W+f!6<+MR)`|O%tkt|cxMg`$dh|I zN`<}JMd%?k1?t^3vFoib%AWK#WM5CqNz*D-XX){ODv^kna^UOVzIz$Pl}2`xW=83N zH9#d_#|R<0!;n~%=xy~fh6u{;Z7If28Ei4z$YfP4>^mU^Z6Hec2)Az0Gde+%r@v=| z`EEZ+d~8_Y8sqKmX&dX>^90D;e~wmgUoesG>}#N_BiBALa*5wO5A{{J83c8OCyVph z0hiU&5vW(?>}#RDI#qL3y&a5RO|OfgUO<#)B(V#PAX}>1Ocr;Mm z5LKTv$+^N&vQ8p$8g5hxQYF(#&nZ<3xJQn?7mjExo#W0_Xn;o4F-Y=&Oo{Akjy-{$ zVQLA&s&4nP`-`uoXpS&nNh#Ib9;H(P$DWil8RA-!En0P7=Jy>X-7Ao0Mq{OaXkx|H zXN`=y3mouI^ZQP$3?iVAtFr^?mWLdkTYSp(Tom*3(i$VSRXcGGvOh>WY=6@V_?pkH ze>;Rxh)l2>W^YcgJJQ#)GHbmhuHK6+EVdy=llf8(q}L_xl|RE@)6;5jAHFDkW-Bmi zx-2yu5h?~libt9?VleN3tA+n`OMrp*g=jEBJKUl6AVM{8@R|0mbc`Cm*_dJ;wDa$$ zX#{sdM8YhLkEacZRUcx*rN-yi^qj7OCf4x}jGQBTYJ!^)rFDCI!pGhy(SlzA14_$* z%b?S7d?Rqda;9eXIzD-HOH0^w$zKC1^z%Gw8k*AT*$jbc-KsRfZft7k$)X{a@8E&`;mZG)(FgdX;YN7+uAL`C%-qURNqIV=lE#EVopn(o>Uixg_8Uxlwd zf;)E?ngX&wyn+}NQB9qT%TZa`7!W455U1~lKn_KqucnsGAJxu7+TAYbbiA@~K1`<> znF(3#TvPrgebs;W%oVy{^KIWb?8+BX=gN&Yi=n0nQy-w;L*-ik16M^w-38Ma|68_=^1~ytF|MBg2wD=PkrG{G~s?8&nIAYR*Zv^pL zEA-=cGXFnq@>9R;AM$LL)RKnXo{<-oZS!R{yFLNSh8tiWosdJx5U}wXx&I(zIY7APiYi@g^0 z`-CNh%Y3kH^+?Ci7q|Z;sKpsrx`}y?DU@b-d>U62h36T?Pdw zxd|{8ISFkKCVmBmRK)eVfy-+QcD*NA3CiXc$B5bT)jcV2wzh$jF82|V*^0Y&;}1pG zyjvq3jN#aKc+j!Hn3~24H2|c+(3g`MUW;jT_^smN$XPWPKeE9*s+#P-%#QD+XgcA> zGva-ZuHKYbn%#7Ivz_CF6I6<^`}{5~CE!cnL0}Vs>w)1{@a$3Qci@G6S{sK_SLfdt?FNcGGZ+AfsyKEgb%CEs`AIlrVAP)#c(il!$#mlM(MTS?&nd9qW@ z)H;JBN3&^Pzi+ww6=QUY6Z=?9;_-p_Upb6y3CF$)y@5jGOH*=@8DwkqjbFcn6 zR$0m))-%^c?cs#h$^2lmoSaM98Eq=ioeziNvYv$%s$xGK?Y9A1YodLMjPy!hFAtQj zz|qzdUThEILPZsiCNVoDd^?56LNw+!Yzq&??Fs+b+{G=*O{|xwWj3d&p_w;kmnvVT zS>nbT-aawRTdJ)Y>BagPba{4$7fKqLsszlwlzz$F-XnF^rAP z4)^ZgJ$=8w@9+D1{Z7|E+q_=)<-R}H=ej=c`*V1I$~wa+OJz1Tribk2i+-z|BbgbZ z9G(J3+mNheQ=1=4-WgPE9uk^Ve6Hg?xz_p|A*4;8hBS9l|5CfWCWcnI(6egUnqTw4 z-JRWqXS+j^RzV>S!T>$hmk#BUfsi)FRnZ$fu2W;S@H6#1$ba*oQaV8M%*(=x51s3) zsW{fQJq(k7X>R*Bb;=)5t+fj3n$C0A$o*3S~=BaylC_ediU!{lL`?f1wVTq#p^QWk-V zywh&?&ZfProJA?Y#k$A0h-(%(PgFOPEJE&&-1NhIt^D9^JaNeWO_Ng_ws5tN>Neek zDxbs^mCXIKc2!$sFXBU226f-{R!XI~phNPX2> z5|qZyd&`D0*$QVQlN$jQ$SLp>R9q|mUqHpB;~@~8Vj+zo9~!oc3M;;Uy}3oqOgzyp zuH6uScrw#+psLH89^B!+s`J_NY%_grMXPc}j`>QJ^v^9T|1Nn&ZmQuu8+dtr;=Zikoo~8Vrq`D9z7y$lMW5k- zyZBz5@HERr&Uuw(61AmR{mzF~@Ak9HZC|F(%(L!Yt^j|>#BXbJ{Ov~OF|MntxDsEt zTI-qzFSjn`7JLVZ)nuzo<6loWtRu|(%-@W2+6E#8UabvPL+^9wjQv@u1*A+*q!Z8u z26IP#@xL%eQ@HH3SP=h87&M|{@?)*ri_VG2ud+n)cIlFY!x7&1xZ5A-1%Muv`Ur!; z0bF$W>rFb_ix5@ggC0$wT3OWfPd)24Z^MQ&?#VM=XB&F=?`v<%S-Df&8>Fmn!oY;_ z3-yGDp7L2crG%CkEUnOMk#J9DG}ELnV71p1icbb%SCBh#&&Lafn-RhulX|x=xKGjL zzypT&GAs`Tt9RlaMQGC*PF;1$KffyMabhRkyGGR2fu~viIv^{Un?h8x zfHd0b=gy)xoe++!T~Q19(V&|TQev%7cv*$5^%Cc_Ze>1f>mwm4?rR4Axx4-!T}Av4 zRWM$fT78efoV#zpPgS*Jvz(3gd#yZTjvP%o1(>NQ#vAE>ZFj5lzQSAfv~&XcL+eJc zbJrpaq~p}jGPC2IS&_)b)``eQiqEQNO(gL$AKgfMrYjeoL$W|z3n2Wkwi^09O`B&t zHU2&3pq&yK+mW)|pWpufVT`2|q$_WpU+BMwZJNbbRAcp>q=E1u?OPcVI~lVM(Dp;| zLLp7srbdL9yLsHB;-5dX^=ev3hK&E7nW4+y`2AAfyu*?_5^W!#ebzfrI|I6>PG(Cy zdrMiO(s3*jJ-D9LGF`r7=9s2~s0x-0gPLKbmVL`y0BbU1WbaJqvoAPWEb+dHnH?phzSnh$sIR z@8PoskMyu1CcFv|ksvDtORU1%>RhjUH2pO&?g*>^M)d%5KrYrCjV8y%&+Z-boFe?+ z{wx}MrY(;$|D&zlnY3J;ybjiyV`;l)k~Q_9!d3!-Ff?P#Aim?-njO#ma$8rLS!xQk zA~xr^W0rn(n-l9iQ@T|@O+$eD;c5oim1j&Zhg`3Y0a`+wXBpKLnULsGpV z@xhvIGSdr$~F?G%!hHQlBr0(lMW!Fv9fLUYrkM9a~KWlaOsgrYZXIFSYM1NYL}d zGPsWcUr=D@KpPFWh}lW-sH4(iq&>Aah&{~dh4Mvl^4-FoPUL4M;iTk1%d|M7D7!_U z1tCf(75=mA5q0>_SU&w-pzO!3e2=eUHQ65bgXRB}v`T#mAiH4x80K1$yaxjt9``|Q zt~IfeQpqjG8y1tD8LMRkL3$OuA7Pl}1E(FkoFphf(=SA)JRmMZvDS;>HfFo4=OsVF zTHjBf&(+OpQz$04DmL0qmoHX)Mf8$Bv8g`)iX9TBn89Alo@{XVCAU>TDqD%xxbNe~ zcVac4OeAh>m@A={ID$J^tI>m}{Yhn~>r@FDQj%Z5^?^6O^+@9BhMb5rOQU3}Cuqm$|sHsl4s8*|}i47o9wM z;W(;<*5gdxM<*^UVG302)tb#*4lvT6H?Wc3Whkj+v*&GjzVxkXD9C};H*T*{w!VmC zgu31E6>x<8N=;!j??W?9!&>*(Z-{?N$KcQHc8A$SwVooiq}4B?diXnd7pK$^A*+$v zRJzPr;Uo^OxYCX)vk-qAr>mM8mf-s6L$q0cc|pkc@`2BOw3Bh{keGM(D+4A}m~sr^ zS*np)Sa9DMN5FJB9);w1i5q7NEHKodH|RTuI*zq-2o{WFOl>M_OkdGt4D1o8-`!Dv ziAC3>=D~R7hNCvQdJhRjhxN0xp5M`JkgFmOz)0fU^UE8|Y9@@~+izc$5tJzS5Nk4) zupZto|DkdW3xQ%wr7IW19Szm}ZZe8WsUoZ*(VtopdF4X9(%l!|?a;_tK~O!bcBFJ5 z@_zokYC3!TH6vb@g%4xFK1X*Gmd@5WxiwLSxuGs`5w_!xbDjM>Y98wvBMUqS}-gnKjxG{kSdVkWRpeL6)9=@CvkbJ7*c*50+s z;giHWNQ%6;6`YS9lHVgjd+2?wRetlFUo?*&TYq)-!ox_yjDI;g!fnv{PTX+|@}|?k z2k}8;=*pb6I4qj6J()3%i5Ew*K^d2+>YEmO@e)wCx8@DuGLxN zofq*!(E3}?FOAK*zvD5)uYbHfrc*z+p0-m<6qVV9lN2H}d28ad#WS&aWsNXSAq3&y zNpD4tq;o%3%B#{O_UvFj%JmzzL5cY~ZR~brE($fI~WD_*>Mf$dEvF6_yfGC*b+ zX1Lji<6gYCV#{Jj8Rgc3uRZm1A8dC`g<6>S1!P{CvEPPm@;nkmZ3j24do1~tkK_x) z9pdXQ`z)?x&jK`W)%?^t>QD%!de^BE=wo~4cwIw9AabtJ*N=9_!Ti+p(=wzoLpbGk z@LyAdGSjLaDC6|3*VGxma}=a2r;+=mgJu^VnO!6TL;-Qm2yM3uaB@{hkLL2=AB)+t zO<98S(a1GBwk76wq#bSuPq6Wcm?PpAO0z*-Ir9D|s|WTts1azaqjT>0I10X}oC}Ppfh;t=W7vS!=gD4Gog+9PuR1RY*-G5g{l({SR}Bdwrn@RN6ygjfIDIDUJ$zD>-sM! zsDM~J;2N<`8-g)My$zl+Pw_LO$}YO2%2o_^FDA>s=#q0eJ_{}pY!OP=G7iExsijIs zw8(tUbn^K|3)FgKT@q*ah9V)HsbQ|i8g@kND@;JFG~p#-dK;6i<|0-F0R*<5&d8PV zwE&b4d$4+JS@xPiBJ^CDX1?Xf*c7I)G`0R}EA3=MofBD?aybG}(+T(jAC{@ma1U_a zMe!?CidgJLK6Ch6jH*?h@F1~9TP21?{`HPBB%V}FfU;nBO)c?;*@1~5Ko%s?LXiFz zE4_2YKJESU_Sy%-TtI=5TqR6iH4%HnM!Hp~^63-L=jPF_y>*2 z|8sM{``x@Vgvkb2LExgHM)dqP+=esNMN7`)$270{wswB(t$)F|4Mhuo%DsBl|Iv%q zZs>c0vJO-`Bile}g`gybAyii)){KZ#(3);^3XkUo>Fd}Tm|AGh2)oU8#j*tDcVqTy zM2f&F1~e2jY}mMMFjUAJaMx6UlO_^mibN&S(Ddv-F4;A8NgO;zs13qP?|n3M7ix7> zs9n3WawoDEYh7L(bS-jJ9}4Z4rE6Bn%hh&|KNr}VS|p&)1|wR`iP<5r$c(v}WB6rr z^Nq8;UkXW)=7h0VaWx#ir-)0LZYH>4WJ%ev(9{CkeOHT0`Pv*tm-L5pi22nb9NxV8fHgiE?V$3>Iq6y4QgZ_FMLDGFOC0sf&FMXV9JS zNniqTvS=cm8NIk^@>mZ0wz2oBgMq>F*(D)#yqAa;;DTi)ZwU;sr5}T~7SP=By3!d> z5#|SnOJRqkj#j9*Ze*L?KFfL4(8j>ZjTRx^rM$mDy{5h8xH@If(Lw71zY3vkv)WXJ zJca=}%I<`GjFHq(i>c1CaDCAHt};t#j8~YrxF&(B7m;H@-#~9mTQn{i|3KLRI zEFmzX&C4>zcsV=w8Pv&iNY@2=t}@~o%E9~}WV)-3Lw{-%=rf?M$CRNjM4w34fs(38 zZ@KD|pzXcC8-flriCZM{K3fTituT?KsIRMU4&LU4r=;L-lWOy8jq?(FBN_u2xV=FG z)PBV*SNOK8k7{Sv3+uN_K{~Gkk0rM9UIYT;kJQycK$C#wf3L}}6EG!xT!(tQ>7C8) zs;8lgI7yQMyJHI9WYPBHWsPYG?At{7q|)-Q0E7u!rwNH-T~1y^2kNdn@m&FLQht+d{c~_czZFd`nZB&_tP<%D5N5uMg;4y#^x~ zCsj+HllJz9kaCv=bcBlTQpoRFy#tHL)tui}zBIK?D#q1$vEP#tTaMmXyUCD)M{YS2 zVFd71O?JX9Bip+kyojM#XD{=V&3ov|#i;+*bUdakjj)d$>h?~HJam(3gCg52!J+Eg z^{(f)9g4(Xy+cpk3Y6}tG=fxT1F321UCypH-ZXnbq{v>eCmF)h-B^<~*Z}I&6Rx&S zDZ**0#JGUWuxd_HL_62UgAn2zXxjcVf{<=!EN{pR%ww z7tdFYh&AVao;Sa@YtOTGHmbnoN;K95F5#=|(Y0 znqN)5Mn`Pt5zPc!(<+;FYQd%Dw&^ZHF$}Tu*^Pn-N4)BjtH^&>ef$cAK3gyP0*S$p zWR=Qe3;R??mvkc_sG&9pE4vc$1g1*X5-;(TMUlN=#N)o^Dim4D5Dwa)vIsF+(Vez7N zC&NP?Yc}cw^Icf3JEP6pyY*2xZo{n3!_Ny-b2W>Y-NSUaKE8Ilyh>IkzaT$i_R)_{ zH2tD6Y|a+%EGEo(4fvG*ZBpt~u6XFg3_Ee+uaw@TY>VSd4dLN2n8EHv^meeMrf?|O z&MXx@a8nU!w(ypNSAMH7`DnRc{_0bXPY#m*bn$ViJU_a)5a)X2MGv$Q)8*N?Q^voa z5qCMk0<*gD!JXNm({xVd*PJ-MEUr>mI`gA~y_cZQ-K$X!f`_>G=YbN(c z#$F)M$@YUkhd6FLehC86b5;Mjr{`<2Ms@ihJRXGhqg~WFBdFFitym>E5U;w;P_}qR zM6@ws;@qbT+|mE|2WNFWF#X5*>qL>yYewyGAF^)G^+8WkoL=`(Wtcv34F@ z)|blDpVjYQ7q^1wN-D%NS1UJ&i;C&RFh767J?=aZGd3J}>YCc++geMi7ukQPUtPgw z6}9j`toq3I<4)3WdDO4;t$DZuF8>n=0;DV^!>s}DEmmiyr2B7a}MB>vCw(ElEv zIl^K|pBR1df@n+?M^N8F$q>uo1jK&h-ije23%uXqwj5300k5Q>_jLoV{=Hru(=GOJ zYSSzWorcEJcVJLe`VzXu7=|l_6N94B18I}!Ld0GNI!mS*Yf3an%l(7|Qs65J=$&KD zn+h$;ZacMZqYxN5g|v>Qt#6*Z^f`3#PBxrm?ncuhx}b%ENIU}>P?8MkyIaaK1wp5* zpZ|L~BiOpnB=oUCq25|P$!dTKr;VTo$bl&Gn5Z>^9DvA=h7z+e@veh5mn14S+?1$p zMA&Y>@ZRv;s6LItv$u|>pH!rcxarb1@%@Mkf%<5QeM=6ahU7|3GDT;L!`8KkOW?gP zwEfAMB1qFb@Aiq)N^~_x1o5qTeJNQFs*eBSv^q!F%iYEheUo48lDEbhNx>Pu34Apv z{BK8brw-GJ3NQBYv_}YfBO)IjIBJ*%Jk$(&Df%a3HxfMJ7KDS7a_JZCCo@*G zXgfUqgcP(hg11c%in!X`>9?^oXQ;H1sHx;e&b1Sw!R}@FAU~bjC+~#_2>!p+18_{)GxL{PTym&d}=iZfnuc70vDr+-(?<`Beok_ zc2@9Ml;V~~(A+zA>Q5P(p4+b0Ob&XNT&~bbt!&xnr)9V7=EF)<_%#Z~m3FII_Q!1e zzm_F;Z$L^7A)y?Kd7XJONB(?d>tYIC|?vf0m&~l%PjaZm~C=(CD z3Qz3xpmXQZUCaE`At+BX~8F;3pJ^fMMm>{n^> z1*m7xf2jFCK=*S+rMd`2V^s;)2HAgMl*%kUqWpFj*%h}J=KY6Ue$v(asg>Y?IhCd$ zfoR1-71$~l(TktXK@QAd%k6+@5gbdJiQ04B;5q-nDdGy^=xf!%h=am-nh&`sDc0A1F1~9E_XtcQJoAyi9nZ zaL`tlz`Ds7sm?nh=-o6Rq<6UJSv=Z1k?4IS3yaVldIa4q&}uH4J`WpW;iqMgX3
k4wQo#7eYIG14w3Z|8%0t)E z@}A7(%qNiY$a=(Je#pS)4t%+-lZ~X}`Tzk*AFW!N;Hf6$sZVA{D`32EbX6~;R!hk! zKU!~2Who;>4pZzu$dD}Nv_~YZU3$+%{ZdNK((twI++o+!RQKX zPa2*Ml^JuNnc3eH-c-I6wC-d%2%}}Y4S{KhW@S1BK@IY!n4+_^=w!=&#I7OTqyt6; zV`J&mQIeD9o{|hL3rdhd6o3iqmOpuBHrBT%Rr!V+q3ylp8?MdUPfQWdmW+Hc^9|H) z%z_4d!!HO|16gH~{Ab`wG`7;vVnF<=M#08JgvDS22^;-o8fJ`q)@@1KikRL_oT1wI z(2jVq+Ecd`oJsYKv}DcrzTw%_4vqI$unMm7uB#rf=lMXa3%J3I2Xl^=ubW(Q$zu$! zmw_kTXBHfYSxNunf!VWDaz45uvf#G4=vN(=&0mkTwnGrR$i1KRH5K9lTk`{YBU@lJ zO^ZH@D)PgNuh41LJbU0f)CAHzc*}f`#cemwfPZL1YLmb7mvVts1R4_Y;Ec zoS`OK?56S<_p{@n8se}e>E`XE1k%Jh#Fqnyd;OJzn%MN#Tjuy_?6&j$=hgd(mf29& z*Vmh9FH=T-z z@l{jWf*}dfO>OX@zbjw8vJTFs(DC>|1q7aTuMEE@Mp-|XL4R+T#%3|-*1Tn_XlD653A{Vu6K6$Qiacjc^_T2@A@53+T0er`a#B z*ewv-rk;G`o?LMNy!pLaO(IeXb}xspR0fA$loT7x2U8t_R^ia%8Cn!%nGw1XPIPhG zccp6435el*CDQrk?L|XkIC`gHhL|UVK$Nn?DaxER;4Cfh9v}5VgJRS0*h|RtcQk1RFtR%=`SEny3y!bWq!Z;8`w^z4OcmyyiWf~@sxyo+x*&g+?l0RkPfSp%Jy{dTvlciZ^B3 zrI}Rf<{iBo@21L8eSCLcyoOZYDcqoW<@}*P?r}HY-$&5{8~9l8zMTqF)=|AD2JGJC z$TZEd?&0t>SI8t8iYKq6;REwM>r?px)+8XN*JCTuX2IvnIy1if2L+Vm>M3%*2k*v$ zf8yyh{3>bG5)vSiIKzDX<;FG~G0l2oC*N4HU?W+Hz{3ACAF&SvOK?UaYsk?*hJZ%i zVk?oc#c4GG}n?SnD{#4*s@w59Y9x;SvH3}$Zlaz0E7BuG|cAo6?Kx+dcJa` z?_^dV<7|grag(^mAxuJllS82c%BO~!7Mq0>cNx-lQGW|rU3{NMRHy)n9KtbWzam)i zu-E;O|7T0;TDd%({`!~Aq0?kMjI5S1Y;WP+LJ6^>>IY%fdiuQ64XBNYptscHf9|6- zmB1v@v=~4#XbwEt!7plEMhMkfww(AG+CqFP{`5u;!7fZWMrl(EY~66qw{#ElZ3aP} zW~7(o8&2bsNrt2(*skM#eV^_MqK7L_S*q)(VoU4M;lEybjv2CHf&gi^c_hp|ekIR2B@f zzPPvMK3SryK%d)|FAWxel}ZJ;Q1mIqG!n7^ek{>P=x6=<4?1N<1T{Is=uRe~`kTy1ek!ly5(`a-<=d zCY1L(tCy9u6eVd$clsP85+@{^Q0ncv4`rS0YzRvj)q^s=xihG>s@Mm%ECOedk2Uf) z>5X2&2U*}a34RkcpUV=a_>S`Tv+R9>E=5?ey+UDk$$Om)0g_`gtl~(2zB)^$RGCWl z`|8R0m^4IG!ZJr${nNess4H`K`Un9^*!shDm(=H)R`wC}q*wAFP@ON;@u9x>kuxLZ zLhSViU5g(`)Q6z{J8()j6I~`S~78f%0=wJ(^vhc^x|Q6 z_uj0Fx_b`v2k^m6#M1-+(ZYt4s`CWybr=vvGx|}^fnODHZ4^>v2D1f5cP}Ym04zaK z+WKU%(|W~!fff%bX|#ZpoxOAk*;DF?{L%^4M4^HH!>U$X0rgI66+4DG;8s9f`E}+x zjg9B-E<+}ZoVnJyfuEHXS)I!K`Fu>Pn33xV(a6_K3*no^h^Hr}SBS3U$C2>k1G?f< z83yUm(dh%YK`4p*@w=K6$r7+1Y6K1#Wx3^hC^#Bxse!<(Q3SLCI98TS?54pZ=FyE0 z?nmNc7SGOJ*OQm#Ik-EG!LPsaOA;J8Oj0uvfH+w{kl+*_i3p zf?0FLHVVX5)>*i|1H`3V)zWg>=Ygx)r4RXUP=>wa+EmNvo=(8}*{Yp;p;qqJ z9N4h?o_A=(cdkwW(CO2~5 z_DNH;k#6MSPP+5${1!*o?m574voE_=?GCS43Xia~bY{>5_Qv^Z<7Q4uUKn8M>&DQA zJHJ$Nl+bRsF-Q_oDmiRNF;a=-j+y>PxJo-e9n7>WObMBQ%WX*C8Kc-MU#eHWf9)Nt z3}j`($~iPv({cJ4eBo@DH_YTRWSe*BlQh3Zv2rzzf3=LwTOG>_0)4&Nafwx)>|#qd zLQ*rkO|RR3)GxIqocmt5#nH1R0oYgf$m8B?{ScO(BP`;>9qdf29Mq+Js1XcXYcAcf zePMdki+@u41(obV&E=>hyF_fx0Vcy@LEEu$6-$VuHlEv2*-R(5}p(E7E zSkJsxKpcZ3ab+@#k z-0jr#1*fpk3}MhYyS4e?6>_2=;0?3)B|OG;`2oN#Zy141O#%Jfhrx%|v&XK#-|+a? zA0crVBcqLaj5j_s|6CcSY18bGI!Ddq2bpJghlO8rnJVf}w1@b-9 z_5GO=nP7!~o|wy}(8oNY-ry=f=)06>-BaZ9yKt}*Ulxl41?iR_ZkLPLX7A_|ivhqf zJmXih9_$}}-!}D@3+P{b#irY4Zqp66;6rsnNkGeC=$u!PwIQT}wZ?3=uCPv(c?LVw@kUY#mfVdei{ zsx&2p?|(|tzrSc@ZBIl2t`(W7sbea0hz|XqqVfAesqf+rvxo<6B}`e}pL)72@UD0R z(H9KzayxH(pXDCgpATyt{_@0XZZsOI0j3Uuc^ea{Z=Pt|Nd0{FG{M4xWTqd~$o1#U zm&L!-l`m1_$TVdNHkDMI$w?b_U~O6-?{{+?T$^<6cH2Rh_eG(d`6f$ewnOn0OKt_s zCZsG7S(%(d+Z5iud&9LjD>Et|ttxAH!+g%_pN;eo)YCa7w+3WGR1>a?+_=-t;?CBQ7iw3pqKYGpS(o z%>_d-r>t*QV()zJ3o7>s1opVgLT`Rt`FQz~9*W#FuVU-%^NNGg^&J^hBOFka#4h&> zHEdXOm9+mt!$hcIk_%s-P%bRYU8@afQ# z4FP1=n6{qEw$$_R#*m27Ylz8HJ$Wov01#WcaEcaN={Z2s6dgnY!i+iIEe$#h90Rc>p;Ls0Vu5{O7WHOkpy>k;XJu(|0C!I9UftV( zQTQOcQy8!!)w!0^`%hmRER3U_z*?u~#(CU5afI;mUbw8^bkcB4xQ1{?X9K#+snJKp z4}N$?FB#PW-;)k$dzHF!q)~2QEnOw@)v+{+SDd*AMyN=7eDLEm7w*F;ZlH{h>Ue7mNnJ@M9E$0{_CHjus_A%R{Vt}@R%ioRo36)fx15cWyVP2xHzj#T zV*-?##3ZyJFT@BC-Yyp`gWDnZLg%2p_~1e!f01@YF<1L;DgW6f9UNeZATsWdzaPBv zbYuju4QCYw7m(t7`$s6)Uv-4jW2m3%pRGRcH5-e;Em_I3Hwhvq$Ykj+(i-1f1Z>QT zgc0j(DrbF?oyyvIYJZgbss)s#-e$gj_o>n({^*joJARz))0j=Zmug8M*oH(|YW(dt z-5Wi;rO56PM;vV4E{imNboJyQODq3&C;zb@=0z)w&3wIXSp;+y)>^9c^qZ8#>Dm#p zfG>oTEF4S_E7tpg;n;1IaK#nqiV5?t&2c<-+nAETx+BRqHb#-)D>&(G?)3hzq+!Re zgtv_rvtBDqwD~ATkX0my>CBxMls2-#R3lDmX(qZaW~W7I@*8m5?k5eHMfMjX`TJGC zdq2m%t%0k5m2npd+e=0&2muvF+c|RRTzuYnByQU*I^BmK6{_IVHm@GY|_POG) zw1&Ht4{}&2{OyFxBU0)pNrq;2J;ViW>$&ntWh>wAM(x^bqz^)2bL+)SSczi*2kVL) z1igZ~nP0|xcL9ht_mflBQ>patSD>cq6)#S`Ss*pKaCDpY!D{+o353`pdnfr90oLR3 z;oIP$1*T=jYNna#uC+9JU*lx$w_p1U+wX4skPo-%X2>L{`StXjz;owk$b!FlrwL?_ zv^QV3w6XrRw?6#?6DRVaPmg_HoR1CEIw48uXSE}gUPG*EUZFK3Hd;>F2>{O6a8FH5 zRi~|HxXA9_1GPSoKvXZ0M=S?uxG3(>2!gJnPNswh^Pqv-6P<6nFdHd{v->E!0PBH7 z-secS3`-fz#%KaB4}{gG7Nr6CrWPk*szs(Qtd>=|StQ%U_PL2Dbne&YU|2w{4G{r` z*P7|SX1rDLiq+y`Y_Z!H00WG!8}WN5e@iSM-K)=_)ORI?-3O9R8TBZr?zo)=Cx&dA z?Wt0aJsNJ8SXJ9#XB%kA3!$BJ3)oW~W}MLm*N*CJ9VHg`jJ#^*Y?@(?oc;#P7_?Fm z4GT`Gwyw!nxhR2$K)$lC@W`IPQS%|n0cg(m&TDNyC{*A>Ah9R4KA#`99b>;>C!14S zeX9kXlp=n8J!eIgy*h(YVPR5HAkr>9p?l`nE+s!n7WP1`{G-$^-PnvsU;xc}`r*A0 z5+NQ*_=b1>mOyf!{jyvM0<9KUrllmh=Vae=cTIHB4>O-$UEok;3mV8-aS*Tr^OTR? zSFH#5D?+@M6yDVP)n3v@r3d>cN@4Z&4v_3z^2nAuK~UhLb>y0~4Y`$JR-odts6;b> zj8wjv$0^JlU89{+T469fEFZcSXu6KQ`RL(P&I;}IW}lCO(!luj&ssfZ@QV*f1~)Y& zJX-8SnN||auK54j+r@Y%Gi{2`?;ZxZ>l_QVj=EJ#wyaZWw{2O?LIY(RSy+f z>~0TVnAHD!c3C0-5fD(K(;ha1h6RG%vQMuJGb9)-m6Yhwo@V01^eQr%#%?Tw=@*f%Le}o0|Gc|)Xv*BOj@8AA&N$F{IVm)46b$LeO=%Ys4rYEMuWuv-p-r!4&Ep9?u0`}yVanp^NFwMwl=`Z}*B=2%D>64CI%52{ZwBmeZPKn&; z-R6Qfzuhx8<;4R{$eq$TwhOC2Mz;0Nzj%S3h9x`gVs0ObY4xr)73u+(pC&ioP^J96 zTO)qU-EKnzHjzM*aQSKneLY}m(JO;aBvy~(B-!N{>2h(+*-g}Q;^hiZ4f>FuehcP{ zP6fZYeSJLdzz^Q`8~J;!t`@2~rCsS!Ykuv@qK817<8w>#G|ha)lR&VXB)DqoF3s@* z#}zo*S_ZYcn30n<%hn=co;4Di^p;xN5RueX@RnKtYIS)3Lh5+>s>rC2uQInrxP-i3 z`*AHMb@#SFgh1SnyGM?@W9&AMB=&i(EYI6=^fxnye0|YC=-x181hwu}<4M@66-s~- zeJ(Cw>a;Z~5XTX^rRPPMxVFxc8@ms{l)L>&*WI9-v;1RP4z~J}grx_^hZW?K>hl^c zhJ0*4`&+dfmK^tLtP1L`XH4~)PBFg`SXOP;1C?>dRZHGW2#$K_bI@in*VjjN2ZNTL z&-<2DG)6HCogmvV&)7(l!-Zb^M*+l6&AdTvV{DrS;S#RNv!1YKtLRi9?RY~^Ou;fp zKg3T6u9yHT%?Z+Mv6b97;qN!>MF<91!O(pub z!`)IwjwQBN!OSWc(s#{0M<~@J0W+xKwWc1Svs-=`h}h)~c~_h)!pn9M6BZ>&p3hKN zflJlFs{Nedd%ti%icK{@r@ePAbB-y+Rv798fVBm|3HFJ#JJG$cvH2@A!*lf;OAipM zok*m1OPhIgcMh@9(Qwb zlBt4rN0)HD%lYpb>qCT<+y+ep$d-rVw`-@+i?F^j?SCE6g#8SEWbOf*5ZbIhNUu zP;I73wxboz)rXrozay#c@9rjWIVW25%#n@}@Gc&R$*iAH3n)JbWMw;VgVD&4!kgXX zKlMXWHYR}Ys~3UEOHo=;74I)l{-VF%9Z{GUYyE?4qIvS_eOKjBtB`Q0{xwA0{q~m4 zP3_RgRQS`y+sxczsOLaxn>udKEOLiD<+aTYn!UW!oZ18mLF=~m5}r2xN^#xW9iNgo z$RWKSjwIPCbB<>+O<6N|7NJEcgv4HPaQ0juLW}`9Z1#KC zjK@riYUJ^l8Km8eEXAX6T;YzrKhHlzG4j=>)oSVW#nqx>E^tnX!t2;1{*S1Vs9IW$lmv< zxVp|(xzwj5D|10d+gjc_3!X~GFP4nnf8oYpsrT(cMf+1@{F`?zKwIm|&3@rr0sHWJ zYp<&In0wS4$$_6%#@Qgt4PL&%$=0}yGJcsFa7n=}k!vyqHwpW@XmC?@w$H^#RZ3WA z@Fh+SaUGuD%{x$Gtwc%1b4lBX@_feB-3u2FY-HIqvzl4Mi0IT7^TF@HzrgoUtYXiE@|L32pu)vmU$?j>h1Sv z%pT*ukrAB2@s6hqz%{c=T?hC%J%Gj#w2_oNeH0|?#_wNSc);q9<`8zK*9|ouP_9DN ztq%~K4Y$;qlg-zguYt|5y7rr?(Zm1*J`2f2yk+My@HA#0-?Cwb3rqY58gYdK!-d(m z5{ewRfTEC{6LIq2D*p1_Jpc~YJ?(8e8XGDB6a|o&u8!!|72wJ;Bf~3|{pJ4b_S0{= zw>^ElMLC9!Pw^h+j>67+3pEuy;^&xn*N1s zTuu)39Uc2YC65%K>cXmrN?K2uI8kOu!IACK_?Jw2QeK832KhC+#8}YSNj{E2r|97+ zVl>!=Wxw8wvCL_p`TU(i)r^4kS;eopND7Szy|4VwH%mz$%h~bXDCuA6_j>)NEClBe zf2pC_6-o!7wi`aef=*S>QycQnT8r;466PubWt^9h(dWJ`<=JOzvQOUXt8~r%a-Opw z|1J8;?1pxD8_7WD+xpuHbJJi&rQ2zYL-lxbAdIh+7k3yTao>sivFU`gC;HWn_}~@F zK=3%`B>dURgjW$JU}iJBN?zfogQb`|uGL$kfl=iO{*(%0(jc>G(L%vl!etZH!xf}~ z+HZM(YkK_$CT9P{<+6{ZqWeLA-8b4%2vBnLd}y0F9}Lr&pAmwaY3A9(s2kLDL_A!K z^2`gRn6Xd-ybC>M^^4G@6xWr$ z4Uy$;gW+6 zJe`OKmnS+kERh*-k}uY(>_5B!T9w}mK!X75QEcgF&QEhg&x>VH_Ve>IkUkknKjd~$ ze&Z9FlY7%FH;)RV2@R6Pa_}bxdRoFw|D|bSruE*V`kYL5Q9?ANyJFAL5C*wnMjx-7 z_NfajrTsUxe!iV3`?Ba$y9^mFbI#w1!k<7nT`RuxcYn5e*Z!Av3E~)^2tDzrc$TLQ%p>ccnS-Z;n~+Bfc@=G1=^&Y9v<-L1C8WCd=}IddkS#<2#m{_DIo;_K<{EL zWjZ3lMt~;j2*2d^h7UYyGGzdrMg1W=sy&X8_gE$Uz9`b8y43>M;pF0!0F zzaWaeHDs|!ZC!WxIOB*~B^m@AYk7lUdr4H+zBH;M*Khj#i$~LU1_QT~yyB&KGDe^C zW7FILuw~|Py`Taiv3iJaGs<$tceN;S(e`1U8T<48MFzeD0_8S-UL>29S9c9aX);~F zT0qdo!(zD(gUrqn6r7-LR9h?_S0EvHmYY3)w&kN_FZCes;E@^ z2AoJ-I)wvsIQC&1+9I)6b2LS-*WYbh@qks*)H>ah-jOb;)ckJLbI_TM@HLkmFzmHX z_RSu{omE^9x+xZe9`tgi<<2!xVhJpQTcFH4$f?~Wf`SjBDlnugb_Xpi#htnT*hp4f z64CMj4%ljB)3#SIDDpk9c_bXXKX<@m04AS;+}~^PJgxY;x56zX`=fd6-gGVVqNuIL zs@&k|UN<@W>mN`fFV3yqvkH(V70V416eruuN;C^NX6}-Lu&rxekNei2JWRsX0yDxE z6GQqAkvrH)uBSjkPtYCJg#`pI7-SkFsw<@KN@i5bL?LEaayNW4$a{-N{^SWdJ1+5# zfmeR^);$f#TKqFrKM=-j`Y!5?Htot~#JsCkpUnG|6bm*tO7jtK&GG82a@WQz#p`K6 z2+3Rk2H!?%GyV6oJv(`DBIm5!F}B!=c9KzNht=F|$0uaJyt`)FHlv&!(-$AAkn_=A z+q`3$ti3h84X~2N^d;^?5m;8Uo{y#Lg|{{at3=X(nAw-}`w$WqM$wSQ569uh-%@^l zJht8twY|?wP1j3CDq0DV6c$6UH{p_VyUccNZ*uOuj14oeO3V%2SJAV$Dv0h+@DhGE zTAh*L5e^ahv=~*VpyX2qG=A>Y-txS_NV}r1szw>UfnzwgAMbBx5fAW1-&_=zQK%<+ zPF49=6h_syh}YZXtUZg^)|OaKC(PWCb2+=FGHRO#Y=F9|f3aMC|5?}2uzmjkJXJ}% zb7+cOEF{;-_ptVt%q~0loCH&b_|;U#n~Ep)tzIXkxQ#Sk6hy>+a{IBWskikM*%v3- ze0zWQY850^64(?|&WoN&z+~Qx0atO9!Bh@^vxB83EpC$S0vEgP-i=QN7UcZ92m178~Jk)xc_s(w2*F2fjC}>TNkL}2j`GG+u zV8mm;^teD6G5VzEWW>VKqqTjl!Oa1V@Bb) z2B56i&a_Wypb&L^G~}bv)6n6wZ)3j;S%|;GN^=~cOq`QwI(<+j06x|C|3-}+NO@l! za9!6l!ucy!S8+wTe`ZgWz}Ev>Ic!X589_V2Jzm2D|4zeRJ_9^7`&O{F_v;%&`<>4_ zM9$%c`($8i9W1v0s#892|IcwZpe%g&KN1hc|2h6Ym3|zYUs3j5!^Q4a_l{bP8>FPD z+|f=KS!v$QB_MA){F-60Vl@5>y zh|atEL2$-2RP}WO2X|r8UF0MCvtUZ6k9hXD z!3fuH^}`|!NSSZ9^X8dYy)T#+<5!C(#R@8&inpg<-u;s|hf>eV{z;sCkjU3kjmH3d z;Hmjg``^br%Y3B*P|1jxDiD{1+=W-E>4y*W2`kBQ2Z?^NHmjvz7TkS>83Ha|8;kXB=9)h8J;;YI-YgD*=8N4?5H3-PvKpJhpf{z z+}los48=Zft7l&t&-^%LgY=}u-azG#&*!)e^;byo@BDDczNu~XS^%|Uq`c^jNge!` zt9?0mU?ISIvugF1e2hBwZ+3}!{yV#5*0t-YKWOeD`kpI*;!_)0MbxTMy_DHwT(5$o zOKQ7ALw9-h$Sd4>`+R@86yLFyWs(18hBfU6b`p|&i~$^HYyKZy;8j38kmbX(6{b`* zee`WpMt&r1p$8#-mO9zOQ^KnBdnzH{Q)R*D-Ve!XF zv9YmTUMR%p|5aOgld<`0$uIa2jess_dOd;_z%9R*bvc68Kz$((cbzsV7~K=6r?3s$ z90HZ)c<55rANSsT^zUh{-*$NLdlmtf%{D`36rQ(<7ODl6O4{7#+M+>_Z2`T z!UvHa-_&bp*YM#Zpe9RbTew%$M;G_1eVY!j)92yw4oWEYJ~FYm&%bD*0HEF5ymIQp z2MGh{)J8k2ac6nKDsucM8gy80rV+hJHqmpsrBl3ITJLb&!mG=RnV%o3)P-TDMJ~~o zR4G|sscB1e#pCHcYwzSCQ`>U$dAF4@eb2r8?l&XC>AYn8dC}dvMU()M+Ar7Vi)M-$ z2&|=SZVP}d1EN0B&CNu_Mb&779(UfO6Ly5_VA+ciQ59=YB<-CqZVp{Wu%!njizRI0 zSwZ{e{eovx54vcO{Hq5Xn>MM=rZl$tX~~QcHjq}heXU^-~?s!m9Dvq)Ec5c zVt@|u_;@hkU&r{et&*?N5SYPzgL7CMStx7j#GQlKnPvXV&m%7-^{(e72Tkq?Y2SG4 zYJGMF?4ZkmjxJVP6gA!C%lzFg`XDm&UBt`xns-c^0H|PXlha```+hvxG1$L;m>{r8 zu9Bj9ZTUUO1LQC|`DO-CD;bey!xV#*_@6(C?*z{dGwbQu!MlY{MCYR}ZJW(gRthrB z>BZm7rI}s4r(tYowjVqqK(;~&E%^%zhF+v5|JeAqgH5Y>w`F9!n^yIc@n5NGjx^5T z*Bo%+?ZKwk^YM2weqiQq)TRJuS{0pjbn36Mm!nopan&ULrS+zKW;CP>p_zIn$_yB(AfxatOe$* zY3<=YkmR&kopTdHR{F>!uY%{Mp(> zvU!~0z18a|y*FAJ-kLlN6td}d$&u3h#!066j?N1SJAqS})BEHbWefp32v#?V=Fp`i z=4I=>K%ar;v?ZvfZ75wVo_4a-ho1Kop{w+!t}nG_Cn#bUX+8(POrm}_sVTu;MG-Gl zWOOV=lX`NEhfRVppLSXzAlsgjFTe2lZS)+}$si>28CMxxuIPR?bA4N{k=Z3#Bde}L zrF9?Y>*EuEnngzV({~q{_*?)`m|1%Gy#?v&7>;Sz`B$Af$KUw5?Y^+5?)g;hdOPrU z1r6HOC5y|0h*ZbWm?NW8#DC+s0e4D#LlWA6=z z13;9j3PE!BON|zx?4pgR0;)$=v^Okc%KmA50mvj(AEuy5kU4S_|FQExe>P%Naq+a} zPD(`g2?j|GkEGn)!#&m)b#Ywk0Z#lAj|_(J^U!i1NF zX7Bh%(O${>s=du3s<0;G)wLai@$U})|D5YV*bA*s&0JIyo?hzX;C8*%&))iIf-7bT ze>QltI(w2)>vLybN=JE2uiz0C8|>mO%q`c z^3VI_Teo-WQAY=ZleA9}43 zHZkm50!3etLnvyh2aA0PG6txtR#MI5^vm^!yLsZDLf1&Lc4u@YImu>DGakAc5bEzx zF;1t+TCA?cc;-9D@s1cuyLVXRI=3q(MVLl!KQ$2*NbOPYFK)<-&Vr$gt2^EwgvJ{F z)79cq&$eAx-zIO#E|);7R;WFCw=w0#NtbVqkV&4EuH7|*r{5#pq!Ps3d^r%;>d!lN z8*E(X1p+1&<6-4Er|)T4(_lC^@s`H)(=m_aiPVgJKfLRV7HKQ@tmdjw0q zR(2=;*)Wh))|9yLUDIyha3ud~f?CHEjJ$>+)T~(?rU!LGk6G;_$%{+?Lie`*{@vSj zXSYAX(;jR1;a}p-7f8o6 z&PJsr4oet!+)rEzm$6t)urPgJL8!dn##;K5aWKK7$M}|jfI#dYDaeuw11PnTO>uH) zIzOYz=?tRrU^aFu&dM&8t``?$_r#PuI~@L~{)TWajKj&deDofo=>2*6wSt%npX#4i|sC8+SoCKMU85cMU&@%d#C*LqtBBk;8WS9D9MDcn_b$fg)+R~X9=%8 zM#J8s6L!&WNsVZrKB+3l9jZI2v_JP7tBW1^qbeEIK_q(!grzs&nqR#X4*QS#bmVOk zeD*qt`S9#Pt^c#09P~H;Umg1%2Sh5jiniAQZD8H?UInNwa&!NHRW=hiNamt`9QY*c z8IeyZLHZbaNK6zQXugj{M-&d@4Q+(>DZ^vCHiv>Mhrm=)a~{?S_y^fzdE}ibie&Rog-sH)BUubam}3JM9;Ef6vST zwV2j9$wh*{Z|U120^)*{_Xllr=_~H+2tX{4UDQWM2o5!bj>QaBcP88F83=G4Kb2_X z$s0!{$n`v*m#unfG*wnGZ9X-Kuhkz{8hzBdyK+Fu_o!LVjwgM)gP0`%_r_G#6)@CA zUt<$4I?>4D$5%ekR2=!R&6Vlqy-+G^r=Km)AD_`^k-d>0nrkuDyfvU{!_g1=N&(ZxN2)NoTe zAfj8-ADUr1`<%trh2ilxK$l?9juLb&9!M8|Ngj4FT=>SJen`4#IK^Rosf6s}q=>l5 z>%1xBvThg6`l)uBGnD3$`D$m%FU_{nY&FLLR`A_beKvc{lX<`kb>)*-fF@6lgVU_R z=Ux-p@6(b1WqNlgfM|w}>_L;-0`CX1&?*3$Pj6<})vthBkALPAo~&*%QMD?0UF#C* z2?P79hw|Jze%Hdgv{<83OYgPqKh`O|yCmAEZ(!|vC#Yo;OUS)5y3-=>_&oW65Uxn) zd5@d&8Cco^@Q6SM1dDL1@Hw{!XWcbIVQu3aIz(2^=YagCxXi4mZ2y2Bm^zy`n0iJuUd2KQYKPxT(Bo@=;%Hj2ClR_2rfK4x)zKxAR1g1o#P* zW^#wN`e}T7=uoE6V*30fqb6q^Dm$BEA!v$p{d_G8rpf*xiKw?}>Ns)OdrR>M$oTqq* z@VD|Hhs`cWakSm9x*-NL2h^pS?TES6-_T~eIvyqlIhzy_&Bd#z=GUcwwZPZ*K(@e-U|+t|IIn_*Kq6{`aFqK4{{ZpCJ); zUzfc7cGhj*>KjD}E6K5Zz*eiD>JY&tJ{0tSme@4%h=+3fqIK94W^VzFALWUBv3Zxi zPi?9Wr2m18(Cq`rc-_9QUGpO#)NpTZo`*vZ7~vA}{Fm#|ZcUIJv!NWnafNOHgQ@V4 zlNJyNxb>8WQU>-qo~xD1phpvSUDX}`IW0OhDJfh&c)z=wc;9OIB3uAtwF{Y^I}1@y zU=hdrTwH&>W%6^ELk9c{D%xOZ|AmO@p6POOKg;*Q;f0j8(&7 z<9=#7l;TR32sIyMKvc|KsJvmSa6GcS@woxW@W(KGk zN1T!#y8GJ03+7{nSlK?DbTV||B<$0(;ecbHS%0Qx74rjIC&yat{pC(b6=0lauVkk- zLdCUz@?WvDD7NL;bcGgr+zdE2p1dv8rF>>lgT>r9^f+PAASIUv~w^hiGP2O(oS#NGj6{;5oLLrWLNmX=oN+ z3=#&2A%s0zj_EFw%ae5T?>rgWX!;hPRx!@Es@b1tcL6;X!EyxEXWTTyG>5VNzi4~U zsHVEDZ5RupAY!4YNU?!{NSEF$AYG+*r1v5vbOZ$zDFV_1h|;_CUKNlQdM5!Xp$7>N zAe3+I;C;@y-}8(!zIVLmS-&!rWbeK9T64}d=XG6^bmU;u1@744ewVUjso4_lbziG! z6k10E>~5h#_plQh5E^=Ss4cT9W#1E&sjv5s^>Ws5ky&zt-pz0^ch?-nw+RZ8i&K~e z2nSXvMKCzlnby&CSUsLqAFsG}9D&e%-Z5LSUQsP|r_b|Cd=91PdBu2WE8MKs)mNLF znK51;$8yZSM)WV664krmyNeViymnctn0{Azi0uvpRgOip8UPYzeFe9uL?}$%_J>d6 z4%IsN1p`$IdXa)8H5lNcPgFWvCF?C=#`iH00Jl6#Ef(UBPg?IzyfAQWE$-r}dw>KP zxSY3jTeTt}K(1FcVe${TLQe|*2u`If7Z4WY^w;l-dL|VC6Z_Z5yzsyDS;xUkmFJ2o zp1^_xSEC7p3`4eqa(rwM_W^gVAda=yZ0W+TDq1++GGu}Zv%T=kj=!Te3wtOj)1v*& zf@}$j2o!d^*e^aMB-_l@j}g_!f})-C$Dz|I&9%PdEL zdI-oqxsEO@|VK+7@SyAM;DK zh-a}??_a&Qx&ToSF986I!TyFb#@ucz#O|zWpw(FeKT`s3PhkOY2iL}|O9^at2?K1d_H zH1k&}>&mK5cQU9=-T+*2fX1=AAc%@+)WnP>UhpPsHOOwYAd~g5W_)hwF8in~5iXox z1lMi>x0dJsMawrx!X-PWaZTWhq@P7A1ELBp%hp zDT|`8T7q$j7m^bxPYmEvUt5s1)@Iq7k&dyx>3x}q4n%P4i`y5wn#6UY2E!42~N043xzP&ziTFpEx+mlgI&+uRw$ zW?6P&wS?1lHCuN?*(P~I{HZ9KYS%HL@EkRTeXVCs@_OZ^Z|yw&-{Rl#TEue^NP;U| zNKOU4wMH^yUKbnJdU6dXCm(liGgN~o+Y@nehw6ISHIE-^c6mdOCaakY3OC?jdY+nY zKfKf*8rRx-^4h2~-OA3f!$g(9m}oGkL_=Ll2QzrcJ_!K; z0QLU$USEn=4OI z3wwr(>c0dc#*?w18$-^8GaH4(7O^16KoM?o6u-tCKnTD$vq#Sk#DzNX-Z8)V#T2zv z^7Q$=(z3>Dmu|fy_!NULloj@NL_9BES_sgJnfn*-bbJq89Pbn5&zsaAwi>z2cWm>e z-uao6kOl~FB{Stwv+weFtlA#@ zL0(PWR_h5uDn77^7538Q9b-|I#uP z@}ES2zX<7*UqoHk>bsNz0U+1kJ@*jpvk8Oj@SoAU!>};~*36&r%E^0Ox)!R= z{TWaG^>gsQ{QLjwXB{hGVS(*jS&U^DMrr23kQO!a4aNE;c+Q2+jM1{}qZ^Qe0_u_( z)h*Kp?W(y>;z~w*{I3xyiz1mtS||yLx~s}lsC-sO+pt$(v?AVXJ+2}pD*xTw**Ofe zaZM^ZiIkSX``z2!13y;o3aua;0_iw*yFJ-bvua6-``9Z0lI~fKg-Qv*OO&7xSyJ_Z ze;7J1Fj#S%`iAnqpQ5CIDy<&*RNg%KxiuMJQq9a)9?^Tzn zFlLBg4~_mAP@b_> z7V#pbAG+Q8enK|hFmYr!C%S)7ViR68;qh_G=mh$`xKDVw*?FIYBWpX3%09BT1-~jz z9ENlph!(V*x>vjIc#=rx=Hrs%R9hptg``c>3snYAyah?rw^!mT=CNQ`O>z@XCKjJ} zYn=?VmNr=}qq*Ch%4!BZR^2&W&jaSdc$9B)+d4$V#!WoaOh_0Jza67u33Auq9X$&8!w zy|qthyu88W!mE_d>N5k|vSc+`@&!hQz!J~}IB=&IFpO<<4! zXPKX`twN~`lhnpfJl8Dp!Yyj;Mf?sm|ef0AY; zR$9jWRP&xQb?nqfKs3B>0Q{Iw#(LCFvqe{e6QbEoTpI9YOx?F)KRbPXEBS4fB!h;Q z?bgZ%ryewjTIzqet{oCetl6CWEf1W?umiIMl0*ZMl;URhofB>oGFh8?m4|oH=UR~t zA$m-Uo@mVluTdoy97-f6rUfV35?yNbQK0Kes~>AzmMZzc%)cqX8j ziYwGXqJKy2wBB83!u5CyM_J_(@J7KHSjxKEXPU+=G$6t|>L{`Lqg7)npet&?(t3TQ zNw}Ieh&$0Ne!pU z3v023xQkz{2E;m~&c)=Yt?9J5)k;x)gAm^}ufzchMAF9DUY<+ZS&mA$@p3=?*Ds?S z<0U#Jq;FOUIrktg5EX2}VM|>-iRW(K9Pm;-!STz%QG6{#qYxo~V5fJF<|VWwbkg(> z*7BhT-{gylH@a@I9e0bE?|x;UWBDa)Kr{D!qxoplp)h;BNj5#sr2P zv40787yjk*e>D&mIr+ylgDe;{^3D=`p8O9FDUkijdBcwfwP%vsbaudDo~2hNPkPau z$mUY_RX?~E)X&O)ojw2t$3PJJQYoor5L28yJT+R~D?PK7yOx&oj*O^Bj;54}^UEs= zMknTCbfirVJ-Yx9C6P?=B$dkL)fN?2fFdCTyhqnBe+C6LsvpOm>WF$D>gier^|OwW zO92rHy~iv25}aS24yp}$yBJ&X5!Z2ZBt^*vmw0PNrcSKI4SXZ@B~l^z}8UjaytaA57Jew{(&hM z)?9aYLu>h7eZ8|!vY26myRvVoxany(ICdis2IkAvJRCXn6SMm*ZX$T0_Pxd4(>U^_ z%Ll7ZJQVMLE!XXtZ0-C}4q+3++^&Ng(kZ1lY{ML_e-LDrjJG?t31vK{Ol@ho%9=0y zEp<6LWa6UFKLE#k23bT8pH&6h=leT2>aVmVHp=|=BM*K(T3nz{V0PR1H~c!Vwo#(O zk1X>ygf-`_h)~V=z|ve}{Vfe=i(HKXTjQ_1 zwuEu(IuD6ay<=%Z4Jn$EX(oHAl;v5uz9m>$6FXIn;1yGRU*|FK z@b{z`DSqAco_>>pbN*F@{P~ubx1D)8LnNBwv^RhHs?+^|FQr(U5&}uoAh-Hp_x-q-C3*!jS4 z_x|Mj(H1##in^~C3f`p?c&RTg-vSTMhtg^`R*r^~$D8_8wbTW|x zV3}?2JOTeH!i#A~-8d=(2+;DNdW|n?bP2eG!D@@KlHfrn3;)+FrSV@utk9x*94j<;VL(^$*tPK8@XiKXE?@>E2h(?%JF~T!7Woqy5p;INS$e zdZJg3&#f(bvomTKJX=ya)Kj=|_Z*|X!2!bH)K!iw`N$FHip*alEb1gfi4>mASxf9S}IeY@` z(P-uR`|RU9S7wDw==%2-f8|)_O3Z#^nYYTAwy+S}9vM9SQ;Wcc>pUphQ%6B$?&D~~Q%6wANl6Z&{F^Qd}@3OI68tU6HoYCjC` z__DBzmCe+l_I?A0kYa*K1e?5nxP81XZc{+igGDXr&vFzPl;5$Vo$@%Q&asF$`xhND&u zYTVmYSC3_qg+5}4R$kKVwY0H=wQD2M1By~+$28@Qz62gnE$H$-{tXN_eW2vLR# zcPM^5bI)~5l{Ccd+G+ao_9-1JAFJfsK5In?>b2;!+p_&Ty)m0w?^bgs1ytSDiZ`yN z*VLIjKLGPuPK2z2jk(d{?_q14o?##Z3~z2ZY`Fjx&oA!kmKbR*RSVO3quk&2Axx5aPvv?kG{{pz40tK<|Nc{_i%_P%LsqH0UX z)W-u4Y)cmkrLpg=qR^T(q&W!6@E1p7i3+Mimba74rra(r2(JA zx)kNetOQTwWnu66!+NV6%idt+tf3}-u3|?#O}X&fSamGh{3(L{5E*Xu2E&n_Cw!xL z#pXrgH({{>(xIa8L$HbA=@PZ|n$?N!Q}k!R{0DlMfs^{=iydUy0kMgqq9PL{UMIFK z-)Vb_2wwL0qA++8qH^!05w z)Nox}{|E#O$VG4MQV1sy5i!QPshg>+;FA#3`(1c&+Gd1A|1{+E8U%QB?-fdT0Q(oI z5U>95e6GH35idxMM~=WSrph1k2US@|`WVLY@3{@7tNkPYN@V}ypJwzI)0|kq5lW#_a-6;I=AJyv_D)S z(W{)Rj&F!A_-VI|){nxybB8g{CIp3b=9kNH9`c5If@Sea5;Cbo`Q0_CIb~_4u!lGM zs_Iu>JOyYpnpX+OosTT)&evl{RY*I0MvkI<{+qQD_~u+1$ct{c*LdnySXhX#us0u3 zUW9Wh&~R~-uaKn&Nz3T)gmS7V$|^bE!#Sc~*kvLDj+`A*!hbyx0#V`n|=YgcsciXcieEn`Bee5kR!BHzVCsV}86 zDit=e87;~T$QU0D*^NkHUFTsa$0?WafMSrn6e%G0#Bkzj4h;}7q;e*8J3LP5?z z>BG*FFWeViZl`uRR7nn=fn`Tiucy~gTbl&v7f{G3V%C?K3AYmkuwCRoI?D={6XNfV z%W;FEq2J*wl<9U>2uJ~G)k4t~{|a}c(Ew(q_=2#{r5%txBzpbF9y=54@n`~y&XTe9 zBu(`SD{;#K`ALfLS^K<_x{~fdjx4`=wOe-;BCkCG-Mfr2r5EVweuO%edpyB%q@AG`r#R zcJVfK-&7*PTd(=A#BSlny{ZFJ1faarHg%MJR2QZB-6bC@tzocE>p!x07RmkmtAPj0 zWdc8MVP>|4YK|S@aaU_k@ez`7U99zQFUMOQ-}^K;Ea6>6`O-O=k43q77nO6xl}p){ zW$~*!3F}V|Jl`YBTW(h&G#^agZqaFfW+)iWxg6&r&#-ycJOw!sPQ@`ZEYGoH%j9FW9$xt2~BNFhT z;L$JWas$a#qLYL_RV66C{klsq#*s_tS?+vi($|$P8Nl~WhKqD~HpHR9VI3$3053$q zl9-YJy_Z2xs6JP9VN`vp1K^x2p*@m%qVePI4|+Hxb%9VvuzwCYai&LS$Ur1bMK$ zoLCv3{^ON!eODN1*X>L+Ccaq3sVv^l5gg!#da|3Y=~w0PKqWzR_r5s-m)Z~P=TmJypL1FzUww5)TQ0meq1MIglC^XJujZ{zMCKPx-1+fDubPrwLBJmz!S!)HPf zo>@-cWp*G}b2M+cgn8qqg+fG9LWnpJ9FON>Uw=7z=d2S*(|mw1mvuCjVwc&S*zq;> z8m;@5GAnJRMP|=DwLCv8*dxru(~ah|TeA~C93t19zH3ei9wV~9q+?2Nj2tDbKihi* zX9RD|6StPI$Y^d=^wSu3etV*AB=10&l|*Z1Q#Ik-v5!z)zdfq7#^IeDhymZsvA(N_ z`Z`<~adQ+?5phjXDehC0`H#UT!BcnXCRUU;?%gTvC-YvQTzD6;_mAhn1kOS$-ZtYu zu-ksYp!^gV|Ble}nz_l4{J(4#X3Ko=W#A?L8Lym>2U}&A{#lNPvXiga(*N*UbRXAc z$uoWJFjY?9*==$Tz=Ja%#TASLh*Fl`9G#E1yIduSV1f#gp0z~c{~~x$wYlDb>a)Or zJg5%5-CO^XJ-FoG&cm_h{T~;F%~nh}dwV{A4uA zsxAP_+kkLijM`($Cfz;z8LfWe)nU5h4-Nq~Qy!4m#sgo;mtoVhrUXpnT+{hv1axwYK<2 z{ERU*7(|S?OgVU1qI=B%J_+sXfjP=WpjoS+O)2Dm5UyO_1rj<7nZL>etV{Yyb7^Yq z2xbKW-pzIn%VoL@O~d)|)Tg zy%wztQ&B^Ahzb!AN!;zb%-G#}{XldaQkYz>^5nMo+3ws?j`0}5B=Y(Ex(ktD*aUqj zftMb5Ob8Uqj@LdN9Bll48iKO#T)g2<^nGawWLvLw)aqLc`s0Dz)Mb0pUElr0`ujNd zuHC#`ZVh*@u^T<5oZ~$W#TT#Zx_f##kNGZ{g6h3|=sA!N>WZp)dujbR;O^6{5F-z< zYKWv;Tg$)()cZrBft8ionWSv=z=v4-k>W)x+hWbsNwu({1pkOMa(TGa3n5c%#+VTPO%W|4ftJ2Kg>co&i+Vws@A^cAzIiulZIAhEjLd5r^QzTap+X^97>Xw z@MXUVy((2dkk2~Af&f~^Z!c*)R=F;k#p!bZi8m&btH~&>?ZnL53#9;;B%qI6^B?ow zd(!JMe3GUEl635(XC;Rp9A1`Czs_ht?(;}tqi+&Ha&(nZe5-?H&zeUQFzOQJWs3h zB!c0zKE4nO*6I;rQv1)@^7=}~wfS#P`)wa0If=P0G16$eJa~lnf_?d(+H?udEFP>k z+sL}`+wbCSoB-@auM{}6{AA?pc-FiXau#W(TUu|DursehC`?qtv?kqi4AlJM`ec?RUV`{TZ+R)_m)~@b3lT|CFMg41j>b zOP1sPrc7Uh>QwM9EtOovOAQZM z$2+Ro(zY3QeqP;-eVczG0h_z-x3uMmD&0eEygvSO=w0O4(+2Mi;yxbXL-`r+GUf*a z_N?I8w7c~q(e!f6R(8>nz=tZqEur*k9|(6)QT_T*anm1Jrb@e}f1TsvZsIrVI%cuD z3!D1`sQszEfo~JwylT$_**51-p!VrJdxLc<_{b`h^fE*aoY^>k`HyUh_F5g5YR3VA%v!9+hLz6T|X+T$e@-|$6zbc*g-+cnpQl5)0Jlf)0f5pv86Odda!)X|UwaM6SZjul_w7FYO(7W2kjNE@q4V^-DjU`{B} z&xD|6l9;5!E%1kg%yhsE-I}U?Qd*kc#<;zzFq*_9e&OKY zi|V@i*6tR74A(0VAXyrvF7u^4g8x5_uGGnr-NfoH$!7R?eXhBS#bb6Bl5U}36ym)-A~hfBWH@a#7hlZ_YR8C z%=egmz}~VKg)9{tBM6$lcB{d(1SnKys@jv&5>6@($a2c|@?A`^EV+Ca&M}sR{N+eG zuRejK>;pO+=j5{h4~&aP`(^`g_V>+$KigYdy! znIVlYDCe#fnwb^1<3^M?NMUNMiyq(sZeL7NE}Sv54}d0Cw%syY=X6Kxf_eF z2-Vr=ciTU_K~;U&@lDw`>rg5WNA3f`0qhv!A8($ZnJG9%1;nJNziVa-+Ko^4TKgE- z`a)-|ZdA1L5FNQd_NdYr?=P1Bf=7&T@|W{xla2*%>(xqtA53~EPB%u_^oo}-)kVp{;dW= zlypW4C`nQBFHaUiN#b|d$%Yen3+FOB6fl)#)Qcs0p1&Xei@f&#)QOP(3qZ4^yaJv}x`6gMwZFh7@|z_8LAUy#57Qa(~74wZ9t{gTK`tqTnut4)z4e9}T5{ z0(KloBfbWxpw3W-EBM|A8e=o7u;`wEko1!MB21+mN4|U4sS|;@BQ7`(a`b%QmZc^x z{zH`RQZYdCQx=C6WrMg+;pF-SCW;GfuXT=r!{xoaG?Z*xIxzP-J`k+oADrAM4g5fO zKycW(*A1_%6-vqnt$*04^7cDCdSB*~pXZsMTArU)p;mX*yoAQ`wz>A+X8dR|-b{B# z&eH0$d)LUSZE?$~-pe8w)1oWG;y%{)UaN85?sM*z<W77IGZ6777x)S|IhX*@Y`iyDH^*&OaK04E%EE+KWG<00r zO@QtRTzCQlo=ArRFy=C=XRGDDey=;B?h%?ap9uDs7_GX+5xryc~!{K5;FS7$Ll4MbJ&%$7=X@`jp8Jw zkOG_VSe#7@OMo<0kb<56cH8lmUaL(L#U269NL->}J4;Ymm9Jm5GA9nlya7M0Es{TW zwcA_op1p#)T8Wy${@DeABrwYc37zW~pse9H^0U8?zS*@ch$WF@Khz$idc@&8+><@E zvK(7xsd{IwH@d+ykQeFu1ilLn+KGk(|M{#1+#mcLUqw2%tCV#rNF`OHS}n@}n9xQ5dcrUiIDzh5SyCBE)nFNjBT)Go=TQXs9~+kt_U( zc8_XfgKD3jGAy36BmHROtV}IX1Y*}Ik8AsRqme5ywp+ElLxHSslB7)<1=WzaY}*fV zK2QAK3xAi?qH%`a+p+Z3V3;1}cM+U9do(%L?gg`#+lHP6w!{Q*p#z-=fYGArOeBg$jDrejs=pxhZl^lFIMM_ff>1p*s0 zzom-O&jv*piOu?$8q-4b?6D6f%Wjy?dy9!f-do4%PdHoqc*9N~$0-Xfgw|z1J0Osg z{DRuK3=WUbbZ2@r7nXfS6+v7F3&Y@4yH;k+fEb7~t8LYV-y$~kA+H#qF2YB309Cia2TQ^ZBR1Wc0C*sz~5-5D~ImPz>D1U;ryon%b;IO z7ek`==#?-!UDGor?vDDh-gV4q@+cWGn7(S[ZCXRHK{iRA;IF+?8?=lFd!sv}XC z$u!&yY|OsazoCHsCO-&JKuRw_R0=>IWKEEQH0|p>@Qn4c|5hgdz)|}I6ldyH0W2*& z@7O~Se%rqe19ljI5}?|+Ri^&t+Y_8}AQ7b$5tDZS47B?Vu=T{a-X@Y zasz}J(;o@ngUsrm@n7w!HmNnA9rqK0ZnANqCZMF?P@Co|IJQHBh5!vo_U8NASrK;t zEK+P|+5>I8s>!$(?g+VQhaH$CCg)Bz5vzB&fGg?p1xM4t9~zyVlfspY)sn9}@J`-i z7VDf1*x~Aiy>EGw_%V7KtzXC$Y)e3>wrEWV0OvP2_8tdEzi|o3bC3h=fvZldB&5Yg z6PPE&bQZ>Cm-lV8fi|gb6;PCca7oL(?b(T6--54DL}vyeGL`8&kv%}->@5-siAEQ@ zYKjoIDR?rhn1y7|f4o64b&5##Ifwl?sFX~WNA_8D#V%!BE8jAo9(FSX56Mpk84PLQ zFitfbUuk7QMyYm@kgb73F>z#B;VRmmO$_bmGZ<%E`vqCth1DLhxgWYR7(01j@Ikc5 z%O!7;k1p-=3Whg#cMl_7Y#O9`R4~Wr^GwyIEs&OGoK0yVovvu9)QV?R5+ zD!5pwfF6FjB;{C#Wv2zv;FsMa2WG_-`ohF2t3vd&8D{R6?Zc)8;V~^i3LeDCv+iv} zj@f*?8m$in)GO4Z9SiLd(rB@BuUitBYWxfRWPsXFvds^)C%0#Y9+GZyA9LuL0>o;e(D-FepfC$f0a z3jh9P9_G{jKm{h%%sLKN!A^nCsti7{ALW@lKssi7tnQ}AsGu)iDCg(6`w?_M&qV9` zY6mN2BaWL;mxl^TY9Xa**B25+rmULlEiE9((Rid=UMV;K&^t4y*n;& zX^$?QH-3zhZ^u@0Pz9vxVTP5N@0X~S z6P9QKTKblk3Dn5_rG&D2uZn8f*Ufq4x^Gwo<}kOj4IQ>RV{hY@5XfGU4&%gH$4>PymbHgY4*lDol@E*dvsm%l=NH%212M9$!@v2f;X z0Gi{@%7D8GxXZl4uBr)d`6k|{twR`Mzu)NSw?6^I>S^2#wcoPvL``T4Y-brrj&GP+ zy|v|#=BO_)M1Z&Q%IXz#o@T3)7^6_rF>_`X@9t@(O`BA4@c;gx^g;=W!xKNmu+XXy zk!b)6!7x~9oKee*pY*$;mcblJjTU{v4OkU)LPOl({)B^ij7I}|HC*xmD?en8g3LsV zYfcIG7KC@?o#f=jD&KE)p`+e%)tub@s6!6wUfUy$s4PK*^`8JjA07i~=yfu!wGhb=MwJP|Mun9&puA`c)>(G?gQhAD#HZDV%o@INp zK+@py*PxdPg;L4%B<*h4>m94i0)r0QdX9^gN;w(2Wr+AC*UMSE4%owpV!6A6k))Z;ArB^&k@!mIf(+|Hy48+wwUht_LP z7+>~WJ)_tYN()J-UYeJf*U-{O~yYe7{R}Qkw*r?od5O9~~n;Nacwd zn|>gtqi1k1yylRdK6D{gnhe?U_%!lxhZ|ww&f$n#5&N)Eqc^h;W-mM7DEVd3`A;U= zHYw#CspZLD5x_V{^gM+A>W7LU)TzM~vjI+F4>3UU1r(&w$lpMC7l7z}+ZMj9!sO3Q zJ-J!+1GL0rwVqiXg-hxR%UN|R&j^kaNysb`htPto)U~pg?nYSi9)!_;uyb`!JW>uS zo$a2-SHg<Cw2-y1ZUb1YDeWq(@6XHPa( zq({-9_O4;ju9Q#5XYe9oUv{#ZEt2^Id-`YnXC5fKeQIkPeps#rSw(rVn_uqY{p^7l zJQ)Lxtyh`rglR7iXdDu-pe}dyzLZdoKlcsbJkOb7){mSg5(0vqR%;7&N-1pHF-Y|Q z4I(6G4W!K4jvT64hvQ$~R7vJ9Z_4FX+=_nDfkuogEQKevXU*-u&}Hi8R#stKTPxHy zp$cgE0NyB(?JYu5rcfL3*z$B9&6bW8u9~auIcs-Emcb2^mESqh&hD_!Yq7>PVj;v@ z7J~ZRk(iNCXYu&h8NC*k;#JTwFNwu98h+dyHYPl%tN)F*TH63K?`_P&YoFT`=ScC> zf@k74B#LB;GES)heQ3a=^P_gVPV1LZT{>=>@@_NIlqfdvP1Iu zYVrE@uD+@{cxUv+*OyxaEabr!Wd*&s z@8;XbZAhVeI<|Ju7ox?rzwQC%bK8coebh>xV_tx$L zr{w!>Gk_sg;O6J;etsc>8Xvj7Z{Y6+8WWtL3$9L%>aDR5kEu|mIkD9 zzu)o54@i>lT`X8=6kA@@V`fn9-X!hwP4+k;?+XLoxS#J-x+&>bL7ux|s7>$8l;Tbd zZ8j>D)naV=`1IL$nLE*^_@l(2>Ggy7Coy};gX<9gWY>D#G)Z4lY+AJqwj~^AqPOe- zq@GW)ZAPK>X1N7*Fy<2v8O&4&g$-XBwWa3CuqmL5Q;z8<8#qTkVnn)I zw7QnC-Wn37-JhqO=TbTrUc!%-uy8r(3(>ExXPH#2nlbyd^odXF+osO*Q3xCO&<8ky zGFisO10a>Zb#3)gmt4!q5cf3bTw`hufA;Vp&s6@Q7!vZi9~Em;fhOMR`)5y)DkWO8 z_SOXZ%I;IbH#S(euquHfZ(}!H55&gbhtXh}GW)7{L+4J5hL-Qeemk{Ou}nutoEVC~ zwvRkxS~xekGjThU1h~U;ng5XDToCbw;RoKF*|KL90duX`!odA@a3!%A@wysVvHt;G z_y?e(BQu@0r5vghq~Z#m13qef-1u^4B8eLX*jN693|4cobvtO47OHi2#8Hv(M`2f7 z-ktF_ixQz&2UVlVEGP@A9uzBXQ248w_(?Oc)kM+n371{`FVu~|>-_gx)IAyf0ePu` zTF?%dh<{wQi#Dd%E=#a9o6Ha2H;yjECNw{WUjqK=Arwf4s}ps~M`Q0&-eWWF(#Kcl z>Hh=aMriig=RRLu?!@sn&in!EwURre|&y8a{$rV!$+@{M;^=6 zuB6hA+kpG6c&`aTcyOx@Euy%k0IiHzYUkBW8g0^3eFAvJ4L6Xt{lT_+pZ9DH#wbS; z$>^;0HHLS1DaIt~cA>>$yhub5$Hx}Z^p#=Tg!d?MSW>c;^k(H6Vs@Dg$h)j|(e(i! zbQpvBX+3^crTJK&!G_HW4;N~j+sWQ5UEIy+0iY7Cz{GAd0=&Mx7hz!-5SoR4+8m0H zXC(&&cD2_KEK%Y;hl|fq8`-*nDORs_g$9@I9xrXzWkQlsFZ;(cO}eqKjm0^%*Mh5G zUrT$ed;Oz}zCbWgK>1zTk^tg=9lzx$co}BHD{1}(8kB*pTA{)gZ_>=EC$bHs2S?oj zU>c5nf=OjU_IYDl=Umvw#QO;KbceKy-eUZ7iE?w^onrZB&E5rDwWxuDZ%f{G2bEa2 z#*O2+WwB7uCcuUx*b(uz`s!bxp28YZ?msB;Uod?@tDmlCo4@))jiWoxX5;{Cpw&hN z`piC_GH4L%FYK~rSTWhWL4HC|M1gl7MCt7Z0GXEpB~v7l;69W67rj1fb3>)pbv z64RYq{9acVUEQyu-F-d#4M*WT{abL%cGOA|P4yrguR0sD^&nV$yj~t%n_CT_s^Thc z?H>2h(P*;qBD~0Pgvf?xYc>c=duQj2@@=h+EYehr#RRprSx2$I6_%QogdFOdG4h@hP*E{+?BvTJU9 zL_`EC!l}MWJFO?Y#Phz3zQ3*U1J6Gj)PW1jXV=0PEHN+-T)qQG8YSkOTS0z;qPNgD zgW)|KpztVIM#G`CMJj&&yjjBfsrKH=AX>(6NnhF18alN{5bd}Y08ju*y}M`3l%eWB zCyh>PWthK5CAyhvPs`I|Ld8uCqjga5tQ{lRwO$8V)hp0pZ}cUpjW<6QAQ*eBU)CA6 zD|VSxtyM*A5x4wO7(c3d88PF4h0v^4^O_noM_#T?UEqrCoc!*km+bg4l){u!`zBw& z0nTx8v=sIe4O!2|vvoY<6vb)!)71?Rw4&|bQpe3kxTxrj8eNB%0(p-qy>snbhz-?} zmKcxaPttJ=JFSAT5I(nyt1l-`IGWG}cbrG5>r&Sr@Oni{Y6V(gW&jw|u)h)1&-@!f z{gtzs`)%kzr)~g`&;FzazS6$&A8KXPZcUi+x{J9z`Ome$BF%${_>j?l3?Rl7R=)53 zhK5yT*?=+TgWlhtks|fK@Od3ycZi3QsQ;u%)@R0gK875H=%w{L;Mz;`R{D5I_gh1W zG6n3~rt{GxGV%N@S$we>s=P@Y0^&S>&UOo?EUySJ7b#hx&{7*C3Q2DL)7+lQUE^K zZRzm?uC=2mcMo4gf1=3qvAzBg#-K%>;z^g;8!Tswi&YS43#N%53CkT&aq{4Lq{Gk3 zKnb&ce)SWUozf$#K_?%?{|WBM7jtV0J1{RnC|C^PX2;c zDP4Xh21++@1Nf|{ltiCI895|BxD8us@TTo&H~#d#qn!s;e&6zm691i@eS%$7D;ZoC zX0;XepHB{z(C+J!BKmUASN z^wG**2K*qm0M~pjc2kHV;+D3slLv+Cv4HL5_r2)XLFK%0?=x{u#yDc3AdqPszazdA zAua>nZC+wV)XN4x*Y5}3suhZE_fNhWTM-YTJ7?g&oNUQPy$%+OY9we+{TZ~R*bEL$ zxYoQ#b@&0?b~=XqV=i6BGxKa((XMII9mbn1!A#|o2@h}2eF0bCrva<2{P`bkN$K(Y zsQx_bF)r_w0}t;^_Z)AZZ{LM&S6hnv;}6AvP0<8Ya2o14`FT*R=j^nDt34Mpa!87A z`Ibbp0cmV39%*ctsbBgIo~GC>Ifm#g*jwZfrvNY#GZI{y5b|UQf_jlHj9IWag8V9k zYJBn28!%U{JSzts$YUqFz0IU&hojt)aPk9O!fl5RL*UjYVy67vBTHqy_3AZc7ZsTK z74tJD0;>0d==krjBwgrgGVY&HoY$P3u>r)!Wsxg9*@dVggVoCSJD*j1ht&sAb2Hxn z&qmGr7FZlZkN&1p#PomY6cJ1W=$E$j9}Elll~?~$5gz(?6|v1sB@l-EH5T@I81|vE z<)87fOB=ZktJnAou>`1ZPWBvv}gzWkJOMO&%qp^j2a*t!ty7*H?N^OX*Rn= z$gzpJLWclP*|*2jy4-H=ICXp322n28D=f6)AT?g%i9DE0s_*33L8GjNVCOk)E&EVt zr2eNLjsZVXQP!azrXciAgB-91hoYn_)bnCE^)oma-ex1n4b}SMCrVkztS+1>r<|Tk zboY?fkE7AMO!b<^fEGX(!u$C7x z!n9v0$6&+)$pKnjr;gYXkX|nFRP;7YS62IKIHapN zU|A#)dggQ|=ySPtsCN#_Pj^jF`@{{zm4XMmV9$3#aHG7t=>{m!Z@g3`9x|zZR4b5b z(TO5V!5pQy!j+ex4XM#?!in_O`7#xw5*V_dc(C`7jrK2E)bmm}$mMy5bXqj5@vXXH%+3a8E?K z8{QV5X&^;^4EW%LYiTjjDY(K{Dao>dCJnuGrJohl^oxky&_ z$&+GMIVkUrO69L4iMJKfjS>{&btUtuwO^K8mTN-Bu6B6a38EixCj7+DBFbXnbVXQV+#e*TEEI{IoBEqE;mfRDt#-w zdiKeqksNW0QRCQ!tpk2P%H0d%KR(7q$)slA$<3bM*y+eKdG7to^Bg%UnM}JF%;fttX4WI^QtI z{inxrn-0o+Pqn7Un3ccX-SKgyi@$^F_2QXo_F7zEE)QN6PZ=T4&z7fMzr>9{SjFRBVrHEe!Y?8f~ujRUG z>|~8Bdce1hnECuQpFx;}n@33UR-W>h3baJ0A(*gBl};PqdLbpc=%Jdzbw;IWpv~*KR>rDF^ITb823EF!SiX#sJ`A!`p{*OEhz^f zWy!>h>-4MZWMP-=u4WZGThhva+PEu(IjyfPWD7`r;l)R#$Ow)Gnc;Z>08A&5dBn@rw|-4a<~!UBEzpnnKDx?#_xXjRHopY&gRntucp#~ z)_q0%rPS3Spq*kdfyAb%EEpAN`DmosiU40<^xaLLzHxbpsB9WqX*w^n<>71 z?YUH~4ZR8@Y49rO-@D~UaJx$olQQ*+>GSnzEBGKh2QG`QI2mVI1rJOY7F(@IG;OpA zjRmF79p>iDsk<-~)dwHH*^7zi8U8B8ox%9tJ2t|n&JWK?)1DW@+=t?tO9)X~GJO-` zAIEAa6z<5kYh2ND4SEGB6*wWGvi1vhLXT$e%|6i?sUG2W98*X4dC3%^8 z>fOAFW#uD}X+h~bwt~Qg7+|Pu?d)h6yf?IJ@d;7hAhBbC!hdGQ)VgQtzhA5RfH&ZK z%@6dOprP~=K&m&3_7cT??jaII$x5th+^_)`KzJb{i%oPoMQ(Hz3VJ|b(n%<3-TW%W zN-6s=6R~U6sdUslA-!`=K{+zt~@FqL8tfe4d+*w7g75%?R~Y`^9Ww{eIdVrphLY; zcjbKj-rkHT{*^;;>x^eWcqLIRqpi5d=K`2E_j{lBJOA)E z!f?hu_g=?Z$2!*9&y%UagqAZmaWy*lC95k@`)I5B%4W+=2GtnHi*GOV=pz%d)EN%b z*w@>PlOM8k4+)?;o|G8qrK6)#IW++`1m6q+UYn;lczB~EKB2>!DMxef>AZ02X3V!@ zL%r;GR;+$2gBh8)d)n=*suka?wq8x=OyHEwGII#88(Qll!Lsv0QOSv=+ZHPx=&yD> zp9mIh@#s=v@hj>1PC~jp_31j=;jz*VIXAk7dDr{X4(bp;Z6p-+1Ib}ffB8zEw$N%j zXRv|PoI?~J*|TePWnG%XVm=G+M$nJ+`pVc1p*_GYA?jsB&vCwQsb&#Vf%emyE{mmu zN421+-002cooQABTfKE12Sd$pz6WRTXwX#?^H4VEBU3KLxQr9H4UGgAcjj#b2GWYe z#T$UJ3tp%VyiR7(ocTUp-RL=cxLnF>5niFN=6k$|ueXTAGO25Seg?SSXnsDJM`fR&*Ib%8q?Px$SEag5l(e70SP-j9Hl!uCzskwE^W~U32E3Yr$4x^K{vEF# zPbNEzQ+|3)ar2FKfbPd6tG3#QxIt6}I<%y~WGab&s&xN!Q_*BVA$~TmdMFr4S^D)A zG*KW~&WH@+syiL0QeKtI%!8umR@gM^63(|=#2PW95#u&GV`=*;*A%_=MS3jAm%!YQ zQ(Xn@D zbfQ^2ews|8llRw~?76{}osFOsB*iCmnfy`~vrj8Y>O&KgKohyx4l_E^A&Xzkw&Yld zj&-7;M3WKa)$yg?o`~fvj;5zF*0bWvFN3s4WTBPx;djUty8Q2A8&r4;_Clv-R{6)N zAs-QwL?NkhV!)1aq1)9bGe^eL?d)c+(^7a1vj+OZ)ra}}2h|mNhhY-%gseFBsCcuO ze4ktSDZlaoz+yQ{%0|E9pR#y=-wHDCA0v7)EX{;M4xGlple&>i6Et0J5ro#dqQ={ZC+YlaMs@ zC;YE|GvK#a?Ej+A{=fR!wI$R%`JRGYJwS&MowsOW)Z;5h4l@Px+X+?aDsaB=sR`Fa zF4)2zH#}+!WCiX)&5%|;PbI@gRTXFzuWmZ$0!O&m2!<=7tUeN@I##If;;_{EUZ2lN_1&`+h@oA3A==QwV z;}LC5&zbPEq@B_Y1tKWL=$4$98DH+3Ai#hNUO>GhIJ)(8j6OTr^|raKP*$s` zOuc@b&8t)@$b26SRoCxt{PV24fulzXBIQWiOxH@j2!u)F+xpN~yMY~J)jg-(GJ5T^ zb1K{mLqEl8kdq~-6c&_DsH4jYOWdGY zbTZDb8mC`xS}1a!tW(Oq8jFbO@36W*YpW+)NA~K8f)lip;>Z=drGOie^Bx8Mdxq4V zb1U8kKb6&v?h0+wN{T-85Rt%)T=i_sC`L{Mw_)VnT8#s+RkNt+0tv4g?CG~EV4PG&O{Op+n^R15u{Q8#3 z`*$w4JD*`hLCi5v&ryNiQ@FOI-V-&j=}q>4&6`PVPKlRKGQUF$bv-{ zvMtsx*RDs-EGMTQvPrO|&Jeqgdu?{S+mf9ueaK5~|s>3+R*9Tr7m8Xs-`JOfi2Y}60yUwR}61_I2 z=5ewvK+8zRFC84J$VJ&_WZHIY`)Gc4r{LS<9=gs3y8SYU@)IP@_L&kNTSQ&+`=!&D zqu}=aRBH$6e}K$2f29$l6b{WlqbRj>2TcFQp6x z1xilJwu1tuB^&RJQa`)Nl%#d4yizdKCy>*o^wE{|{TKq_`Tcj?K_!uSwQ3cGWIpvF zcGqBCopG`IbY-$}bKEU+1!(TD4XQ1*XCI4%RCzpj>hW+gORG7`^iHqPeVN_$qkNT# z-fNQi$Km#4)WNe`PqAatMRC(n_flqmN(b<2@U8mBX}aM%P*)5Aw`wo>wX19O{zl61 z*5rE0jvkh$!qF6tkjvhn+==XasC$>Ej|rECr_p`VBZ>VkS6l6>NDjMLKxTVVVs=;c zPJo`RC#j>@qUYJFuJu%naU(b>Sc}(U_EI@sm_}niZr4ZBzlt%9y$IDiZvJH-oo@|D zdq0Ce!szVwVs|^$z`b!Hf2K(LWhQvOhFOSD1jojM%p-B;&LcL{pYAQrgzDf&N)yw^ zUDN-mnxtH#1qZz6KT6*TwP7G5>f0T~EN(wp!f%JBHc&lQtrh5N@t6l;CY_I75Q8gbapppT1(vS{%28ngpt! z1_Z*@eQP`HIc-lLI?_$K_Z$_h+v#NBsp4Ona{5+#sVmXjrelgsMz-uQ`UoK{_aG<*PWs2xwMlBrLa0Oa2ULX2x!=0CZAzZvDh z)-oWi^+ci0AifSev7u_ktTy!xUP1Rb4Tkpd^6>pZ6L_n-l|O3_tIw{J;(Up4L|`Q) zvnv%*nuBKGF%#C$8@y(JbqBdOO0@A@E|1s* z?ksc^pZFUx>81;A-Q|JKn#B)Rw?6lv>>XM4%EvOzfDU$#-r|k zcSo`%1dh9ashEfiW!*B$L1)wDj=aHx7@y}E0^B)9*44CL%`rJ+$OXWzt*qY(TBi9f zXOg7vvegQwh@E;r1Y)j7bbL>|u!dS$a00*2udL`koF|bSRShRGJK==ue56Yewbi*Z zhh1^|-7hfPNBDuGQ$PYlBrht7ek&8$dRTA0kbq+_dl4TEej8g!)T14En5bl6H7eLv zw43Y-+!lAfu8fuV#q)+ z(5FPXRcyj!+C}IpdYUcV;JAwpr6Sy05^O_h4;JENFtW@Yc+)gOeG)-|ydij$@qO_I znTI3ZyKP}yL6%J|3;P%^KG9GKFFCpP?ZqsY=~Q?3G?X9cONPM$>3%_$_M& zfIObBAXn2>iL0oZ=yle?I%|O`SHhHA$CAgh2n??z-IR+ysZjSeH+CG_H->}nT`bsm zr6?YIb<6gf1>JXdsWh9_nkTu)xt85Vrw8+fR4OhB6eFK{c*NRYynT*lc(NLbODJ#J z$HIJxgKn`@z#+nLNYIyz3z|rZSe34Yhg~dXbDemaI0xxPb{WHZH`Jwd7iJY}?>O`% zYFA2;14uCHha8iXWQK*?*X#-X=Qwwk7dO@O_hdQ)9KLr91dt5Zw>-Nz===nN$eOB< zRHX@boPJ)C4&3smrX7Ay%B9>DWDA8h!?sunYN=*VuPYizbveC~?c$+xEAbRq4W)AV zyfB)VvxfO8Y+lGSC*MPh)sSbimNbiZw_5F}QuKmc?9`6<@`uj8NHaEzgz@|xbr+eA zXCN9=4*9M6t5uF#gKD0N4-^=BDnKCRs-Ur>qcej1BWx4xw$V<|s%Svl-m$H`h{gnR!swx$#rPnXeu{_8exJ*h{GSda4UZ?p($aS> zU3sat)Lj(h4#IBsXu#`v=mu~fA$x={w1427c zZ?pTqL3*Q>F4sO%&Rgl*qNzCtnwD)6ZZ9UJW=^%cLQ6WXr2u9e91V)lc#h~~x40#9 zhV%DR&V}+!4=BWv5Ims}SJ>Pk9RGvYPLN!xpg8`+;+6inIf=S+55V))|6dW6QY2m1 zx8$9LLo;)? zA%9Jx-^@+og*xV82OqabQ4(W|GpwDi^z1pqX@b4hybH}QZgRl*6NV5;37mJAaMK@e z-Q~N8E{ei{-QW2_PRG0O= z{Q>wO(7X_$QiM4E#80C|JcfF**&5X&p^SF#y*TQB0CLM~-hu?gaEQ@#T50YON2$4I z`E~$ShjjkHDn10Oz&*%r-id7;k!zu;N^YpP=HPRksd3G4>h2t zbFn1*3kvj>5L_o10A~|RSaB3`yCa#Q@i9G^!Bm96107+s@^apL&PAtMDiYajbf^D^ zLAd60w6F~3Zg|$j+zPJ9x`U~5R!4TXp-$RYebBQ-zC+(CePQ4ld>nrbHZ?dJeNx{K;!(#hD*}%b<#~=eGtx5+3`$ebMiQCVUgaI{SO_!uwMT%PgQ#r!hv&CmB3gg zNsmV#8BT6I$@*n&OE!qv&Q*yxS(5JdnIBXjcT>OgP267(_XTn~QjNH)spuOsHhRrV z0FnGKZKN0X>uUbXE|c(BYv5;4JJcshWpc>R@oVv^PQ}MC0vaA6y$Rc?A zo<`l0O(n`TxJm-)iBmqmelG~>f+C(7&BKd#a~nVpFI( zmvH|eOZxvSvIy=@!%#ZGy_+=b&YsS5VBvscB=vtstdVoC%UJv{;!mn+CZ1F^^6Loqs2%={_W@Ie~abW34Q1P(&vUSW0_**;PiPR z5x}c~9Sm3PbcVxP9uC9Tw)x8nJ^ozg2x@`1!V4bx+adGphwL2^yd^D62hKeAK1pQI zE3PSPyCjV814^)4Vv`#H3W4~S1o{5LD>9aB+)y0IWIaZg(#C`?j_|Hq&2F(B-*cD* zXZ`~eEX9l~32-s8ewEKfr+5G4Jqm+$v{Kzdf4nX%hH@Rx$#@p}(DG@jy{s3oM)2$^ z`R)qL7b77iSpvJ486NpTb=d6SIg_d$_Qe(Uje>{lyO9wfNW`X+xBB_n?unk&@Z@f3 z=MH@*8ruQ{e9*=J1bmd-^%TAXO6M_EFESUoLm8Vpnr%^|72||#%SU2z$1bX;38niO zt~izGs0N9LA*45iqiT7K3mqN?v?;T6^^lM6>~bBsyTY%p7mt$LR_2wQC@G((M+~F) z6iv1B|AY88e&gu+fZ~8LPb(@M>%+rlcofr*XX;QY@rS`AFD{HP$#i zDurvUqvg8|c-QknEEsVzEc)(VmSWbnoziUS9&J#yJ>B1PQD&4jwx@`Bc;+sSdB`>7 zFc_+72|S))`3Ta0StdJN;&}-d8buq9>PVRbZF{7Lq}y%Y~fSQ#;bx&!&PoGNKGsbWet|zvK$jt5wQaPAVNKN>q`c z=0j5OD6GCe9Y!bKmA8B6l27a9JEi4QsK6mqcaqrAH85^X_ex~4`E;=EPMWSp&rlnO znug+_x?*$Y6$_6}gZRLb<7;chn>vQE?~aUF*Mb7xsQ5cP{sau`Q%|<%R`wKj`7~UJ zhU+=w(^>cv8Giz?HN0F%TcAF}UtcI!QBRpAIXlch zlZD8Yh&JuyL$gbDRy!eP4F;bw=H$J^L~Fgn?EK<7d!}i zfDj3Nci#rO{r8AzN;V6TKq_2?ZFn`n5!{Xs^*l%p4VcN8d{uShETxU;nXEKFx<#d$T ztb(kNV_pPcq?vSdf4sLzu@W8+fDR{s;DS$&RAxW0X)rdig!!?tI z`psmHS_LV^4`!cU(mRq>VzzU>O~>q~AE@wXb4p3)WEyOq_E>q3tpoHk+0)}v{>_)@ z_HHT8&&*rz0T|jQ%2MSp)s+|C3iCk*K{g&A_D!BkcLAGj31$4hv_B?c#Bp58*6!O; zP%8N~<#{l`>=#eYS8k>=r?a@rXxA>LrlL#2z;7sf*XHi$yfD>^%U~==&RZ;ceX-6% zL4i?iH_YnNc4PdIq}H4qGW`1|*e9h`x1_@aUwZ<{j*#2k3SPAIdSzPkoftzscW&F| z_X5Rx)q=rqt@)`3eXP=-ZhLSy=Q|5@J4s`w)6?##N@CEPC8`*%|9o`j*yF8s#EOP@j_LIvlOV>R1I zZ7Ot=Vq;&A)jnw-XhV#pjj2}^ucScqS%Hi9`1p8}4|Q$ix_d_2^hGSou|476ZPob( z%UU$YYf}M(@)a=;o`(Q~2M$4I>*>0|o-NnY<4Qr-U8aFN%*nb(63F>OPVs*M%lqIh zV!4X_1(t_i{{TywKfi#$vck94=fao2&TbU;{{bQ8-A}iZ{-t%}=yA{4fylq~cC@V9 zih#D<`TH3C7bRm1>dZ7ErE>0`2{q)aZ2-ui?lOaw8>OM*5vE! z5Hczr=5g6A_@w^dx~>krxEC-x^5Wa2Olh;RPjLNcxqOZYSqUh$MylP%grBwsbM==% zsEEEr7#gB}gQQkeJ3imbB}O75_1_e&oqCDR__NqI_;EO<`CH~+#w;mivU|7)ak9uA zJrGg`@7;6toIGqDPU%6d2-M=eWDovSBDZ^Fpmh2)=$m{$iAGQw+ubY3N4o4}oQ(mD z(X_XA>^fE^@5=iexX^7N6F3p`Mbbxt$KEdM;vXd-9!{PafvW%J=pFfA= z$AVa{7)J}+(uqve*xnF{GC$!Vl+_eug4i&Ng<7#Jh3XC}Pbh7bJ@|Lzr4#}yq$aJs z0)}tkc{=AtR=bVKJxW89{noslBuT9e4Z>tv+nHDN;eij(>Aeo;6z1!JcXW%dLJoWJ zPR7i*^CGoV#CT#QqMmy#9n)lsu-kwaa!{lJ4ruQhV%&m$5vnAGiB$ ziTgiivV?*!mPDk)>9OjE`Ad~->5l&EoS*qw)K}OAT(fxVDYBm>+JX)tKQBP@ul5&r zv=ghQ5Ekmhrt$YhB_KUWDgR9N>7H6;+Yb!`5IK+0?%f?~*k zon?Bv@UOkWMIoRAO5q59-MiKSdbR|e%#Dr+_CliV7{Uk>>!nT;tto2 z!fRInGX&?{%@5Q$*lpx#L``7~tVNxCzxa1%5vccwWyuA0zpuWmYcJ zpRMvm`H{>xkAf=ILEzhjnC`2Di)BQLtlhKGP!kxzCtMd*C%-o^vI^kzy;7h1oEqg* zp+@)N;sTM$WiPcGil%qDl2kXnVcD_1hX!hhos_Jis+MnnPXtOsh);Bd@-MrJ>X#hV z#mc(?OdUq{U-xEMlJT`wC&{>Jgi^aP@i-uHFw^^YFD_Mz$~PDNrZ+4KfhM0_cp5cb zbf&V%jV@sk8cjtXEPLw{+-m1tOuYWq)1_00uswwFahoXJlauGM6DgoC$zK?hUmRikTH2^925JG=s6=0xrPesfpub}){&gCwo%o*E zmZx0r6 z;}PA2&;6%YI8-klf_eW3WGu4X+=`8a9D?m`&&=b8I`p`4xxLL!5a=h(6?T2DwQU!G z{hACLoBdHs0M^Ib(mn`I-j}VZFx-sUJh;B!{W2 zteY8=cq#Hc=^Qxlb$p^s$=`|srpN@0Uct-qb`XR(10795`V&PThs?vc~mi#_wB z#TLnqx$7QhNB+QU|1@}@cnQ1#a1@9@fKXtDNPV`VHDW9USy{D1y25*I~Nd#OfXbUFOfx8VEiMl16gkfrQ)CHc*cxT)EaK9OWS7 z5(A%1f0YI%H#q*J5e2#t#Hj@##Jm59wo-Q=+eYQ2PYsupOr4{~gN0gI*0*5eosNhh8M9mT031SNq;XIN5&f_ zwLLF$FrrTlSjvLk=?FDju|8;*;>=tQO3_$&qmf?6zA05 zSnLzn5svy1SAYcFTApY>Z+r2BkSEV5T|=b2lXJlI-fei)%A(?PuOnjTgffq7?Pejn zF8g@@6s84MoDi&g#jR+7xN8eDw!_tY4kmO71fZdY$y8XFF{}#zgg=$R&E$pgW+qF- zQUHr95OHj_+s85N(VGW1^dN>z#}e8!P?^&<8b@xfj5lR*p6P>k^>YUJF6Zi#yh>gh z@02fUI#Dz8MakNj{UrVT?8WR1k2LoO5=Xadd*61}Ou0jJ9=x9*)y?8O*JiM`Bkd0_ z`J;7PLz+8~Ht#;n0f_SxFLFfSe*YTW{?fC1_DKED2^7h2Rqs+trOPNVtHe1*!KtFgRktLl{2gGWsYI?|VHMn{21O;Z zCtv7JLs`C_r^KpOfTc3K*YWj}BdN#>ik9%rY?FURV8FrnD*}r(^o6C7WF*1_i<0o? z`(CE)V)mU}50m(6kA3@=%QcB!VfbR&73|S#v5}T^l&LgP@r;E0|_+%{RCG(M!9|kHhYV zzWM}2UkxDovg)XN_>tlyLyBSSPy7`R#b3&h$0T*&I!n|(jG< zJA>h(OIvPIm}dh@V*iM^L@xj-0uq1SoX`w!sO@&xZF!wQ-5>a82FeZeEvNMCp;Q+C_tp@xc@c{)1bIf=5XY7(Nn4E#}Q1 z7%iH)WLSCPV~x<)c0V;$)-&)Jh>v>fdhmiF^EC}gcgY*`oAcplm`S4;&|Di}2{tBh zxA6!;AV%;H5c?~TI$AS%2(znuZgChF7=OJ36-SHB8}RecMRR6d{!Kqt7CDn-PgoAJ z>qsQ7xz?$%G9K+JlcU5XD<4VAAG+(BAgD5-g2(l^DNwVu{;U_sOpZ7j7b`^*2>L@3 zqBa-7dxB5&UPQH2+y@%1ovYY?GFuDX!xka56P~dTOw?JnK|QjEX-Zyl$!-NPdA(D(Iea{|&xeLLj~4ilh~Mb5x+1DE=1? zYMY#yfP}?|E~Jo*OWpG%0<(xHd9TY@6*$Z0UFI>1g7!a>ff5#EE)MFdE{J`5B#b%m z-o9c21Qx@n?9dAbrOr<7UE zANrJ+o2x8vcw)#X!Js*Ix%#L+@}K*x*SjtrBe$N)JYUGt(E>2--aWX^9iG=e_@bHf z@dixv>mp-L->=7->brkN(|~(-hVGl{QCW8?8)Bwx*4beRCr#yzcEB=Dtr1tlXWJYlQ8QV|ivIk5q*= zePNY4bSR0@S0b}r2{6i`8XsmbfbJyvoB_mh0E*+I!?Amx?eEFl2SD~mBQ_%NN1=iF zP0j<>I9CnI;6o|gsq*;Q2lgKwcm7ED+?@cyhwXZ7X5a)I|Gr37%k`#DB?2@gNNV%R zta=jDg_9(p(bzkAwFZa{B_){~43|hTTn#f_%tep^;?11{EeFo2x$YM@Clja|Cnbl$Dfmww z$!G87Q(?N8Q>8lmXNeBuN3TnRb=)4&m98m!el<{fO&v+gy|v;2Wr-7jHznr1U4 zwTVg@(%VDno(pP!(mlRW^G!uYLFC32RSzHIqiqYbmPjG11(hfk6#L`a1I`SkVNxZq zSE#j=2g(~h=G#&=T_+At73#H?Vqf4Wqh8{%>@K$IRbvLltf}Mz*@;1iS+8nOdZM_o zu!0*Z`L;ii8T>Y&*9SQrGnc-i&ww18qRl4U9cZ84C z(Em$bYM@p-BCRPho@=5=5WH}KSE}?qT|sYBh`=Ll5JIyp(Jo!4uV*#3jDiO$f*G6` z#J?F9X{{LOprW@v_%D9(e;t_O;n06P^W+s@PHgby@ezh*ItYU%>W>Nj9`9feonskH~<>dg{q@P(oB*xuZD7{wYTCPYi+83hm@4 z$gbHRFZmhBnzV_hIRBVQtOiPG1fnHeE`0Q_~M4Udq zf0BLl7)+JBU1?4)3~)GC883xZDPFDH3triA{9E@-Gt3CCu6JJCrYTXyQEh9f8 z+5NQa<}|GdR}MmHs?-C^Ld8nN2@#5V2A7!3acpP(XrP+I;NEU=;=h&7&`deMA0cJS z1Q`=haKT#i6CX27;1qr4JE+eru!6Y=_S>WSi1vRk9jo{=4-M#jg06F~`as~$9lbtV z~>>K$7Yz0aZU1I{ty*wiPi@x9QJJ_VIVnsW-dei_Ehpf`sDl;9_bj-D$%+9%WVHz0q1$H-OvvdYi79wtm{<MFr>_Av=-h#gdn@27*%WZo7b)*K(d`J~xH3u)uhJ zcfibWITZjw9Alqar46F-U(KODGd2E->|R#hax?c;XZs$J$s?ALlpn0?RiI*^8)&+; zh-B1hPa`U9e7;Z&N_KIO4&{;4vMbllw0a~-#~AVshqiL)u6R9VTb?se4olZxc%JA0 zOl*SM8)HKm(+slHj#azKA5<9+aEML@96g5FY>INkt|)`56A!Dw%5N3rjSx#^BE)`w zZ5zy`AgERGh>m$m9b5bqLKd!VsBr)1^%I^nOyo8&d>sZpaRpt_1y%_(zOsaKgK zee_17T8qa>Ubl|#&wHeXiX)DwE+Z#I<{e5`#}xJvTH_5C<&5>MRsJSf9T0xQUc zQAQo&k>#4o{r455Y=xQpSn~?*>M%fJ9yPaNs*L8#|)&ugAjTDETy*mkNYk;4>` z&~K}&tG~Vn8FV<+_xD*}!s1?arQVsF)MCXjhPa+gChW}>*fU!!*h830p1KwX+;`i- zSefDJ3g>;*7jJyYUVCq~s6XGj?q&z3!KgM7KvDi;I6p{q_FN>B_j2S)x5|YR(lS>dX z5b4>1tX}mE)e#K(F1=e?@_>c^WpG6$D8hF(%|7vFB5wBj44knF9^k|cC1Jyd^Gzmp zUcHE=2TMe#sVfdV^ZD`Ae0iY@4E;a;`#=2rQ>HLg=aF=OA1n2hQYD|hICNCygqC|W zd}4>Yyp+JHZCGK{n^SyLGx1V`TGKiMcpTw_{4-4bEif*VbD9NsbuACcv{8MAOsR&0 ztURp^sRPK zf9UCE>+B5elIy4?QB~~Cv;rFVLBi#+rl~hpm&6y1%4AU|ccb#n(nU6v|IqcM<^kA! zyy+N_1$dz{d{3de5d`6X8VMSLU0j;#?t2CD-7;dS{r=ke*`V6lj}_fa8M$_+JiHXcdx6sF{r9S)=elkdQvy3~211c7_Yg3 zQAA`ajHcuY@-wzLR?gb~b9p{eoZD2HgZv|X-`Yq0OfxNJ`jb;m);Zu1zZRhYa-V>=_HXcO zX=5Cf9DdNYjwEh_dVF+g48MrjSlxRfJuRfb+G1K?1Rnj<+r@c63$5CBr!&c>l9|rX z&%ZDz3%;}1k|Pi?Rum!#_h5z(i8oIbd6SsR3YTwDjw@K2ICRtFCHVxZ?mL^Fj9>C} zV+Ts8AG~2tso&j|nU^18e{^bh&<^k%%ksPR*{(H6M|qyib1wt`*bV`_bI19yYyA7j zwQzbhEf@n!zbDBI`Ej(eThRx0dstfu`SLC+;{)y>j`vUxg@f4beq!xgKbgQ3Hf zsk4fR_Gvv{*@?gnurkl3k5o1pG*8GGw1_th~HWb!6w7Z}S7`0aAl*Gk3l_qeCT}FIWA#P7`DMz9w9h(Q|?YW*(2K z({{?|(Ia75aCQ8%wIfvyseI_Jg1}wT*3VBTy46Kg%J6y$Wu&j-DWUd)%g)a4$n5b@{fwkT7GN=}g{7`zMv!k=a=pIl~!`a{cn8 ztM615{_@2YmXH77)^sh9x93}EWaT%wTJ1?ca+@Tf^;>1UfQ@%`NrAPkVffEG(!E8w za=iy86KV}@Nh3EI;WS(P=CDn;{dQ;V>eIf;(y2m++-m&w_#StC4iyjA{t&mirjykR z4emA>gXrH_Yacu~>?-ASfaUg7IQWY}D5zfX-L~bAdbdWoM$PwAbLVA8&z(q~A&rUl zy$8k&kq~}n?VW`B+iyE=AusLVd#9y~pana#+ z-BV5yQ~UU2o_da+)2G<;IXsCw>hlAi;zq`8Y3So7Ny^z8J>nBqALKDcKdeU>P8aBS z3|E5fEL{q{&SQ@L1wF0jWX$m8y+IeQoF3DI()V_Z(}k0b+%GZpE+{8YQs2097W zfUo&kxZ#c-PzYb&igR"=_o(d>Uu$6TS}L1mFu6L%QlU>V7Qge?=SWAuyC6JW;f z{Rc7gcP%>>IoIF3%t+OF0HWjCE&{HW14SR8I5aZ^*Bg)$9LVmA4cxr-#YnOTTxl=} zald~DUt2q;Q9SWg_A0b5uX$g@8ll*88v0W;kZyjT|&AF!@W0eF8nkQny@aaiu}m* zEhn92ywBZZnAsg7g)e($SOVvudXfuX7VehN#wPRCCywZO&g7_pRwMN~;>E^h7 z-ho=s*Ys_gp3|0Vd0uEftO~|+K7gSwf!Wm9aDzVxsuqT=Xv}I-@Z%I~=&rU@ykX`z z`Q$?s5u_k681z2dGU|gW&#sN*>tdgya(>0)Jn17-l8b6s8|tKH84Nt@OFWh5nG^kY zIw@~C1K}rfJ1@XaQ@d96R14PhOmaeB&Na@3?tf{V`%I{Vx=Zc{EIs%CMmymucE8rWd_dx13n5j=rlgfHH(z?-Z8wccimiFDDs2+ym?IGoEyd(Wsxcb zuct}$*`@7qRNF07jiRMJ^2?3vcBSia9QbzqXnvezyEgW^=`VGC4JGc?_Of9KIxTKsfc`Y$T1@X`V66%O&)eXue&z|Dv_>hII>Zl2Tsle8{4TVhHAHh^Aivif+*Bf-B9Y3X)AB3iteJwJAQrZtzz$uWu#CI>M9q*+7g9r+ zwmRRJeSB+YYcvIhqMPU<#$>LLO=ekAR^vn8^m%#D_hqWRUW=YzPJ4ssYAq$(TA?4$+RzS+MxKVL;iq}Iljkb zPh_}IM7XxTUINSc8RW)I*^*(J<9i@nQ z?EbG#jNPMiCx(}jOu;C_Bu1Dn+FWC}fKmL=g|qtBXXL}BDG7R8WA%rjyABDjny#(4 zER?-moQZ(7&$c7wdD?>G{q)rynP81LMM3>CG(%fLZF%RvH zTDM&(!^>D@)CtWHmadZy^GrRrhU4sof}4|qPTAFDbQA04yBCx5?Y0u?H$4R42jO(o z<;kG-E0)G&;90@#?!M!`DLXf}$XEjRxXLn)SBE1Oqjez*`t>A0hWdxO;GT;MSfGQm z`Y=`toyNmKOJo=yZ{X6BMPA39@+r?>c&_*l%eNMH#XBT1H*CvOs1P4*V=FjY3K=hC zTl77{6rk<~5GAI%byepIa#zFhNz(K-xm}fo22LM0yJRw?%vWqH>!cMAuyl-2;NN`A zuqs1T6H2kaK-=mZXmP8Y#X+rsqjIR@O~MqGQATciHz>c#*Z;&?9_GGnd%U2jl!oRa zjKz=93qB)joL9W$GV{_I<^((FC^p?3zT|Sbqx196t*$k(aG%=lHoGpuv+}S+rSYDY z%vZc`zszS|nQU0&8X-TXed7D;hOV^i1jBTh-K+8?6A$VG0<0it2bmFCD*~Ego1x4a z-XN42-Ej4VU&rRLufKn<@SESq9A^2N8MVIy4q1O(2f1xL^S#2;D|Ol7AAGpzSJB*z zx5r1V3LWmlj-qqc+zynF7IhPS9L-ANoo5v|5_Hn9`^vhi(%C*7zHR3+WGCpC>X7w; z8#ASy8fkWi0BhxLv4s_)l5#IDYLUlj(1b~I>yaDv~ z`=1dp*5egr<2!}ZR;QO5OrY}G-S^Aaw6-w!RBOM|hw$jzWwv*IrltR0R5xR+ym4e# z$mGD4P-KwwrG!OYAvOF5x!x7(haFT3ir!5w#E~VPM2d0CT+y{!pKGx#w2Oxs8R3Tg zWf5-m-`0vIu~19(qD5+>`JfGfP!F^urp@YUGPhszhi;E-zoz70ZPu?+q&i^exam@% zpBT>SVg`$f%Wr0;$1)Ph3<+Wjc)4lz{va;ujAuBZ{$zqhVB%n6xV-HpAsz1()shu6 zi^wgelt%R1k~h)}91*GWSQC#$J{4~Cr-^T02Wl-;zVsx!}{=*j!e zMBz?nVS#e5W1LpPEP2i@{46}zEqByaFuQzropjN)cuS>fMeFkFfb^`UcS3{`IonS%u0E1Q=M=8Y*wbJ%ScNUByvlg(7OhVJi&uLoV_=WG477G-uyr_MWSk-vp@?gn4CIV0wYo*D3!?9hra2KI3WsY z?Zw@#6d{wQ<3vgauw?Vns`1<(K1Dg%QXjb<>RtAvPyKHz-6!4B$Q1Z(pU7oL-)}`^ z|7`t5MLx) z0@VzJguvezk(^5<^^*VeW+Ly0{K@ESH_5vT5{ZBXfm*jKpsl@gIcv|K#V+s-WH-x36TULrQeDAF7C(ABu5_b{K~zRj<2^ z+~HtN^gVZD8Q0J}BTP|{8++68(jpPo&(pt1_8YhmA(Z%E2_YDQ-l?xVWNc`6>oxOs zB1POtCl81PYFeT?Od^nXd{aAKoW-!TY;DUvg)on-i_Hu8S(FH&|2gmfKTHWCc|it;8W ze|MRpAI97t25i}7Xjt4-R>z4RSAUyiV`O)fSb8$yDvPP(=X|M|9Tmy(?%sr0I|aPp zP;m#DqTLlMU(Hd8Ai@abA?jJJZa;k;_jXv3ph$yEGeZ1?Pj0V{L-Of<|C^NQ0G@wV zV-#|19;7CrUx}x8?2oB}@{5?!umX7gW5wO$D8Q=w=dhOP@=r(1VcrM1^%a7MZow7m zf|B(cmFV%wCGPVGe^|5Wqo~4h`xy9MKF}KU#hXuuc^>tVNjmQI_k-LP#rig} zJt;N$2@PE>Rdq;?s-p_^LAxsxLd&_*zkOG);e#&VyE2wjqSiZIed>BpEk!wgx>4XM znH82%sP(i6crSe5dH%J~t@}0jXN7WlYwcPrINJ|0T3oTs-jd5Bud&Oh%JZ_YawH0^td348qdchd zC|${(Pn}L$@YZkrk*7@;CU(P3?0& z>S(d)3uDhS^oRCE+bRSz0r8JsV!3{|Q~dMGd7u7G0Hwz3oP68EEjp>t13t{awkV$W zvTU~hNFX2djE4I6>_(1fP74i2T+4Wt#i(6J_ zt?KPt&npqt&lA$5eyKu2+PAuC;|8-`Tdt1$|Esn44r^*#zlF0cSg|1%il~Sb1r()8 zvmqT+P?W9+NR5CHA&^+MT|_!cQ|TZCq)7<@Q9wdbT7W=83rGzl5C~~^uApb{eSY_x z@4L^v^YIUY$zrXQx#m0O`;IZ*=rQyAu9xSJm2b;T(tBgylS$B8ywBPe$G>B6dp5Su zSe<6?NpHyQCp^CR>}SXhT;eCkq=R=fw=L5A6;#_Ye2;jLChDsQLrNU648~ML5$3V` zMZ0tg{AIAQt!0n;N?5tuAmh(sd~|DGu4qeC;YWpWgrZq#+U4$7-#&&BDsz7t3!OMJ z3?`yg`iF&#y$$VMjIxP_t7%fXs$*~VhUiGt5M&JS^cXzR9Ox)b!hnvlH1}q_!Ov|6 z#+HtJb@NALlUx-t)qsHbQA(QJnyp7Ftd~MS{ z%?oU|?{Ys<8f8@?ZKaZ>7ga7kf4-)y?Mtfq8(g~6gvdYUJI^ zb+G=-MO>~6f9v-No7*U0l{`q*%#Dt+p$a^q$GLtM+&m<=Yj$GZTo_*!xjNvANxF23 zszZ5==m4ZFT@9tAP6NwnDlp#IW_h9U4G;CT^Wp8Op@HKg z8sVJo*Gkm1| zqrx;ov4uLF6-FR0mS1zXeb6;Y&6IV%oUGS+G zt}Yyq!J+bepUL(XVF-8 zKNVjZLp0BhI56e9$jZr;G{?pWL zsi3(ge*asUoPyeqmR(QVEwPL7W1D)WZK|rBjVK+LS~|=LKDcC7|Ew*7Bphbu zo^ptz0b#@FF@LX&oxU}n8<}u;fws+ju{l#=s6#!xF!85j(yb2{$M)PGkGDPdda^=( z^Nm+(f)`Q1^l05X66TiO!BM|lx`q$#@*u&n*j;ndPe4}f2KPDOYooUGxKZ8 zmu6hNLqo>1u4PNEDM%3jS<-&PL#otwHkXp+y-X?3?gQph&VM3Yz&rrFO*rNFplvT8 zan{v}m{8Ry!Vq-|N?TUdW-ezwNpp~+!d8G8cdvlug@POc>~4s;FH2$Ds17MQYfj=u zIiRa07y3l_fDfOA;Lxw}|I~lZ3{?0}Lv9I7nT+5Qkt7>juPiH^96DS9Dt~zk$+x;9 zn5I*03Q5U;j#E5a9y^af6VMS7=C8x%V>S1Zi)zl4QHLt2quqPrtzk2(_`X8Jc84{D z6DW>CJ9*2Lw(%Iz8_Fxkf@jvh0TS7FuXB+(_hOmBkJtBhE?h&7>K2yHZ3^MY9-rzh zJ%mh1xOcpE!&RH2lsi<`Dp+Wf3MyMw_DZf71A%tIxJM7>9-6*|&G#<1+pz{C?%$`t zHp!wN!uyv5@A3L6A_}`D4J~^vmr^te4xM1=7W}G2CaRBLuLNBEZn+%BGO_K;gA0N* zP|FPoiWl#_k+E^=RbAd@?eQSlZ+TwviUli6OX-`Mh668#JqSmwgME77$+=8@AYPeU z{b;JKsK%Tdw+c2X_baD)^@XU?&seRI#zdp+#1mODeeb$G^#tj5rkjVTKO7nL*8fOp zvN;u5oXSt)?e~crD;SU7PSnZWdavU$Mp`;&b_)FlK39HJ&QDzl=tzrhmqiY9HjbLK zR-R2I1Yw|ZW%WMg!M)sFx>wvKK97xg(ko`f>lPC|!bXkqrR0-UlS@6(iK`gjP@hJh z2a=O;_?Fsf^Oh@n*dLfD@|v6iY4IAeqcX6`*kSUxCtJb!Fn;neU5NT(*ofH|imlWy zrW2IaGv*IQv(8mM!cWWF*dMSt6dT|$V$#ldA-~%v@k}$T+PA*Q)QVmA9f|NItVfii ze5Bxt>N!8I(^P0w^KTInTM4d}L8|2P8f6t&zbTX<)6N7?6VPRXojmxuAwNtia1QT% zJ~Hlo24FpuAK>FhEnT?zWMNr$>ulPR{yH9eiyUeVj|FmB-Erq^go6KS$K@u5nb(aM$K`&LWm?tfKj*~yrC&Uj ztE_?!-ipq7l|4yd?ucZGJuCIUA}!CQ-Y8FOM)XoqoXBGAFxzNbSjkaz5&|C@>)WqD z=z`tV;2Ra-bJ(CrTh!=!xAW8*;k&zD+}2geRl5Eyz&ZsvU>m;^lJair6g`d$%Zvo> z4;=wW4dK)dRk<~CeGCzJG`XNH-#BTTaRK&G=W9-a8e<7F+29i_lj^it+Khi+-Z%sb zEx!B#oGHA8YyB2ZtxIvq9(@?ldtGhRD12r%2jI3rrKV^3X7A`yrX>17nL9T0c#VLP z)v(Qn=S!@*hpE?JemqR4qQJ$!NWkT;d-Dlfm@pTxxdUlUk78B33!<&!rxY|W!)gbg z!8OLqy$Q!J)a`ZYmT)y6{eHrA9ZDMSXWl%78l6ZloJytGhff9|OW12ikoUjP_rUTX zwW9+yR@koK^i_zsBM*V;8!5RNIbj<`>W*sFH~GCD>=Zp8bPZEIta4v5KJiR<#va44 zsDUe>rfTV7tBy_Tt!18UsqW%5;u3;hI3CAEUQ?gmRoY2>{MIvJXBL6{+GfJ3@?~(^ zcjh)JH{x!Q2Nyk;?r0B}u7p`fj+LBfutn{pM>=&6<0|u}zWFs7ew|9qK?am>K9&=Z zt8D0V{)d@(TxF$x+2yXY-MCEOn+b(q#A^g?4|xnP$$BE=c%mDL=TRvQh!8>870A`F zOOkFUeg5i(%QBcR6R(mV{jquS&^WWnLZr?+rp;S86-xXW{yceN%y#kpRTIGN#9wRa zmIE7grJca*wy15w;<%UrtCZ{i(P~dJ{#~SFXqbIv@LD1%;GM|EcBEsNl?}#pA?RwV zmSKCb>V@v!x!IsD-!-seX*}F7vYf3jatMDh$1nKZB*D*QM>j^fJ>*3b&0mzT)0?n9 zPKKrGw<#wg`jg|QO!tQ-Hae-E@EY`kFqJ5YvCh(30oX7dZQBAp$(84|`VHM;^Hl%r z8VflF6ez~>HM<3Rp|b6JO!@;p(mJ#hIlr_$)$fO}Ys?@rQzPo#(~a|Y+@#e8H8&Vp zjjT^M>1$MAX!x%tBj_sWtu|nd4NNRd@(zdywpY4PcN5CqIo_~FN?iBgRNSK1$M$qO zBq_T1>tc5N%v7Tqv;^doTx%?y5F>Ym315BKHmw7v?IEO8=o5FqCd&%R<1z@Qt?|;d z^9@A|f?eh;o=*_jO0=r)i_=EK7bYB8))tyn90hRGj#Ku}I0aO1$;A>w=TvwD+Ob}^UC%3yLA<}m{ z%>P2eueqRzkIeA7WIeQW-8ClH9n^IjBX=4M<|^}R$|a(Q;i~)vEbr+@G}c$fBcX5@ z=d~UsT~qW~9FtT`SB*WuUMT&+p1DegVy?@7W3IBNKLg)MitASLme8s5Aeh3a zpyRK9ghOt|u&7-b7dwB9CXV(hd)*IhxIbZ_wB9Qq&9>5(SUa{w&OI7}Lv z1D}y63~U_4V2{u+%U=bnVq8fE)Wqp7T1$}tqgf!gO^pgFt5CMC|Bnnii{+YgBYBN9 z4*PE5A#k>Gy!!p2AS|yYi&GvV({Htsbv=UM8ovO$g@z#646NPe)AK5=V|iL$DACRL z*8_g60@o^8E;#p8-WipEgjx{adL;k|_%-$(`wu@y*t2Pt5CU8tCsphh*`v^(SRQvL z|Mv60d!AH9T<80iq}pq*cS{0xmIOsaL*?*-qo$%}XaE^(_Ie(W{eg3^M#w`@aGsQE z2)38*TVSY!K;+Yp{Iv78oOU(gR)EQ(3V&Z6^*D7vd_`5Ly+qu1oU3o?q zIl;=q(m%tkNBzQCJ*u!fhX)(7H6k5FOD1qre{&Olk3t~2$Fz>)N78}|sc|Q8A3YGn z(Sb*~z;I+);Lx0eQ#vDD_r{`GlYI=kk{Y(jBygx@^D{^FOfB z>)1?BoZLyB%lCw!v|Oj^@3h>7Ong{a;q~m)w$uYu7d3b|LrM<2oNrsVDRb+Z**cle zR;(?iX7ISthg7wZwc9O1Q}+R?Yo{>Kd7sGBVMsD;o?1bCFEkEWi}(YUxTtiPts$x) zRD9k`D)Q6_wTxwJb_ZD-y>WM&yH2l?E|#iD*P2L?LIilw(bCKlva}PqUE$G3MGk29 z zp%Nc+;P4Fo8AWB(!8d-f3Z|`ili-Bljp@$6(a(=4)B5Z)vkU?9S(K{E;CbGK912tH>~ zNoKKJTY*T){PA6)*UsWXq&gO_q-&Boq)3nQYYoR~Hd{w$PJDV4FSY%%>zFCg&W9`Y zw4QiP?iSIp}Xf$)Yn14;f~|Ee3m^{^V6@`H9Fnz}Ox=pa%7jW+l=I@L#$jHRyI)`A2QhdsX%TtNkc_J2c4 zZrZ;nXv2S_p!tYa?=;(cN!DM~Wq2(8?ECrlIP4uY!)z&lFm zUENXk@_Bglbm5ez9538MM&}}>9QwBM`H&Zg@M=GNS#^kOiI;V1zcqEwmj0S-oa!xR zIrTLAdo6}wro3ZgN`&X<-XqzvpsS0zrWVLn!5>r^LZwg*tm(t=VTDN(aOrHy(K0bZ zb;d3xh4?sc3P8PUdRWyRnNGWN1_g{ho1fB5nUe4Y%i717Yvbo?ork7X8gf4IPZ)m2 zw{ou5nt#^=8k81Jc=?%Zm6GpsB@!*TQr#A)6zfswsjK_B6UT-G5g_H{f;JEwWjqSh zz@`CxN@%9wiJBq}AEm=ax3SX847PyOe=*o1zZ=pJJ1&@TVuvwS~pk?U5w*u(mi(j6RIhtKI(PX|JsCiL$LX zYnX9HcX-=cz_T=d9iR7v-0GD6#52DwRS} zY3Phjnr*>RFQ*+`S5wHh$s{cpDYYJJJP75L^vxy>$7uA2p#HJ*M2=UgU#o&T1a?HC z&i@avvy0;J8|?In{}b$dahRN!cc(Ir%7N_B@ks6_))r6E(T7qdR4o?0X31EIta9zO zqFZ2k`7pJQa-sy*|Lysq8a`-28zqR2iah+xUq~{5E2n5D{(*-hq3=>q&7yC{Lz`9ib3w~+v1o%aUWBP`V zUu?{sVO2t>cR#`w-20dS_CR-~ASj^;>mcTw7cmSz2Vb-u5Cct)9-cPnq2wR_`Eo66 zU*xs7E7t-E(7{UvXHQvl?TkB2RHyy{n}MFFs+H$`cPOq{XsoL734J=dHv8^q^j z&B+o0bh*kuzq`=B=v`!)8){hA=ZUZ3>;8?5>F&NKfTPMtM^Oe7XQ z)?U-dM!pyY)~=!CV37Q(djdtW10{pD5RER@_TOl9lcq$LP2gkar8oYY$f|zE1s(*C zyWIkGu`3AcYPxUVoEJ4{6|6VGycm9becn?gNbOY4501;q$S&bqqem5t$_t-k*}dmR z{((WRWzI$2xT4yss_{xR(1`S7oE`6{+aq1RU4I3vw;N>hAj7sW+i<{KgrT4(12EJ- z?oz$+{ix`zro_c;J9O6Lfp^`jzq^fZT{S?uH=_Tb1M!|9`t_e$dT)*Q|Bat+bz|w7 zyz6f4aB#Bx{&Q9b;EG7QoK=h_lp0IR5(9b72%WW>-)2I3q!X+qiB6_{4{E{57bX6r zAN`eJbP$A2Qo7( zky|;y5si{R{m?$<-L$gZKaj&VbQ{jCPJ6ikC(Zj^fNKOq`oHtf0XGa}WlVQ2i;CpS z-PFex(gXJGREoUE8dxhA3^FXMw2Z6gLx7XrZb30uB0kabRBdGd%huyt2k1EgKYlk+ zQpQzujJdV>jGk;o&WBNxH-(xZL%c+!wwIgfxqw4v9UA&7nMsU7NdJ7hV#`YS`2A0{en!Awyl(?0zf`6pD=<2b^p+W7oO)O> zI=h*O#6e{8uAEj+%&aq0>sR2PAkmfroY#BHphYZAMrpb5fXwL+V(D9v`Va9hcZhF<=^@>bffZ=AGnFqhT_8%z#)L`fjZhk z)uR^z z?=|u_o*nK|xvBt&%?_5(&Q@!1ZsWr0b#h!$O~u?V6OB1(uXevUyc~TA+eHaoqBuJo zi0uORN@ILMURb0vrcLU`2K^hZZyBG)d___nb#q!gwi^)bIxEVar+5y33%!k}kAUtA zUG#HD+lKqhY9gZ3z27fLA>V*zBkAYFAqVQQyT$AGW)ntbC0jJ(8FJ)j#8w!r%K)0odIx89_~ z$P*{3xBf2YjE^+VlJnaTY18%&r0qSxm=dH72rj(^RaePMcOr_hngK<*;B=cpH?{{H z6aN-484z($-fU>q!dDFmPlTxuZ0|AU*8GoUdiPne28i7mW^#m*^ZffZ8Zzmb z&{j<`9Vh!Uk;5g;O!v+gQC!wP9tnBS*T6Y&Z9Mj0gz&kPHGD#kSTscF$@o@?eAhOv zGL6)dF#8=O3sX~Yqt-iWl1703-Ta(7SY=}UoZQl=XNUD&3;|6?;X{nNYW#7p{jZC$ zHUUuvmrN6`gkTlK1r2)6O|xg#!Huv8n?3dYo6I+*Qe5Ld(Y=LSSHNxv1xExai(mY@ zTPylXF7acG(FLb1;C3_qKf393y#c<*Mg*T7ZxUrR00;d3j_`duZo&PJnt%_3;zZeh zBF@~=9BI{X#UJqNdAADcX%^D=#^>hFHXxk@QAr5u*L+tiEs%z6Gszfx0L8M-$xiBr z?BkJ39-JSW;)b;h`7h%g~-O((xH3n=NFwFj4ZqNTM zP%-~qq5A(geua`0rl^&p97i@1H~=|D3$v%e>1ytP0)up^F!eq)|EWOlKQ`HW7{lKR z=c!Sk%+ci7QP@( z0;m4Y-Cj4j-tU8<(g)ExH~+n=b7HGus{mnXnGKT)QTzL$9)b*ApxE<1BOva3;BGf7 zsAIxx{)p!Ba+sBg7GSPueE$#3mFcP{{VFRlmwM(H9gf0kKavVS3!muUgzIzP3Ooze z1ov|5(p{xycC!X1Bl2?`Zq=*yNL~khJ&|>emplycyQ+QcU9UdfL<*Zb)wpqEKXEPSaXP_L5CJkELwX+3(xY~ zI&~>Rw>Jswv?1ex+zM;RmE5t9UIA@%2bMeQxK-R$7SUhki*)!SA@5FSQ|kObiwJtv z$}Y+=q@O3@WK>3#L6b*+l76|Q&%0>bqWC#hTg9slyBn%Fw}5Md`+i3_af9NP@M7M; z@rS#UycwB$AO7$j))rWBvGFqccGJOtNDivY+UIf)_G*mVx@~)-q6QlH?pnP70@~gm zbcB?rB&YX@x_|0S@kg%UA5}xgcS`3v#8CO3rAkB8fN1h{>n~IV@KrJRtWayOWYmI% zWi8;MlpLa(em}K(uK=liwYOlyFE!Lk_y3`WDya+PQ#dUDjlv;5-7-o2fbWf#_T)Wq zeRe&lwp-dUxH5Pn7093%;^o7fCgg|kUPr6b_nE?eHjycwH`G;MOr^|n1e++%Z^R=1 zxU1)ca^;nEejQVNHL;+HhaUwe`mYeieyZ_5Vwf&JhT%zzsK0GG`MRg`7T7I7_aurP z+qS;BaINcLYkW-EyLTbf?jYtX8q;^!q(OMd0% zaHx(0-M%5y2g4z)a!|Vk^BdL0-^ka&2`!i4^hU6zd-c!HlKTU^rR>t(l%w!a10ZL) zkfBcpe|$;?r)g(Pj!BoS6{}9+ftN%9uJsCR3xK6`K~eAD0#s81*%`BSS0qhuF2 zm-5kn>d~i6uz|SJ@M>vjy(GAUpeyAst4>Y2=+ucnd$vKNB&BU zt8ukt3e}u&QKyAVjv_^SC&66M(bdU?oTh*e&AlwG#g`ow(psbQ!D&vm21I=$vPe7m z`|Sgx`RFsSnYEc=FM*fow%$79GJOB-i```pmv379-!^%4N~GfIz5+6NWpBbtTrt~t z;Csc@T%bHYU_5XUGM?ts2NLJ@24MeKI#~YR>-=PJ<@pHLh12OBp5GaP+KKwX%5v`l zR{X4lWrem=0Wp<4Xrpy@l}L zDxx~w>~|F88aFxm?e{6{r6P@u4qj6C8@$XYyM6qCt0=QM)Z)2>$x+|v@ZWqL^@1#R}vqM!v0c@9`D+A0@LnUR9$FXFZhAa;IQ z16YgExfG8d_8LbVlrJTBUEh71A7>nrDuP*;b?{UseUvuYU2wjez8Z4J^*w)BJOMT5Fcy0WW98DYttU0)ZTVU*w;z=>s^%C%8Cv#!TGas2>usI)={Kie%)7KG zN;%r~gch2%IBSbDyynUipG-A&l>K%B#S0!tRn1FqrcY0-P4yFBM|^&wHjK4LO*$Ae z)Lis|7@~phyn<;;LSt{8h)D|VT0>_h6pJEy+sl%h*YOqzTx-*}ooET1dzdSqnYobx zS&1Hy%YEBg)*ylvgnu1pztEH}SWC_JUMm(>w~w)~_j3;pacy?g!htNwOZ?0d;gvW) zUy{E?dZ_`AG-30xni=1C|EjO|;Cek>**(BmA*O6ra@i5PqXyag%7E4Ddiw&_U7B!g zK~kk7yZE9`t9kUUUwWK#j&GJbDj-8z#+5XWiuSyq+7+cleG(7l`$NFt`9Gf%HmUw< zkY}f&P?9?AK0|{mmhl2_?@<#x2O2z-b$mS4bTjXnfqB;wGfG`C*mc8(k+z2$o!-XC zh7o0phuw}wKT=(PvPC^S@*vOO*~dR9u+Hz#wz8LtQ(wh~VuJxIlQ39PKEjMBBbkhl zi;J_<^45)d&afsp^3vrPa?#JiOZ*PuNPdU#usV|J=WD2BfuSy)(P>0N|7^k|*)M}nB&%c*c zo;?+NyDSJe*gb~_cW~9dA5zQ1>K_eoz_pF9X&pDxvv~9VL!7-jO({~vTrDa7_|MTX z;!&w|0xkiFhVZ?|hOg=!$#FgC1$VO#9ZH!>6(7=kF*Kl$C(Jh|O^qatX_ts{xq)ar zcZjNOp@?i+Ko)!@E3@b$9PNt5Cv7LO8yU^O+3>`ve*M&yna1$=ma^pUT-I^62~(WYRIJhbqH@@LNlua%L6l_fIMZy(lo zMsN3`TBX-~SbsS(R1(=ywpNPoR*qb$5gY zi;*#Oz3$80)b0`g&!eA1>kf)vA2XPL6%XXORw^$e z;|Zj8ZRQ6IP0xra|3nAAXB-Z#oLxG&MG6MW;t+!hLN@iprcC00pv2K4661 z_fOF~*5^1k?Q(r9f@9;&)!U434<9H@kjW~^bn`H8nJ<2!p2KnN{t$o>YK!YLHjnh9 zyN6V~*lrgZA;8fj`_obo3emzHS&}rS!Rp z*kcpQP}!)(3{_TEYxXo+Gz>7FxGAaV1hNviLI+&%@9nnCQf*zvp-t-E@8cY@*7zv_4jcf6ly1)_E_X1WkHd@0w zP5x>Q>+JZs&7F(KALb<4GwDiJps(Ka?V`jV-fvaCCjEhDqc9?CvldR@C$MQM^2Ts{ z2;!=qTF%6iKD)uAU`EO09P{&qBhJ3!75o@nIM%`xDn@ZB%jq4t>PcMpkZ!@)uB)=k*+ z=I!ST=7D=Bh{&hD?h)b{Sds!EL<$Qj9pg(i1z*gES;mCg`neP}@IGiTEz5n;KdKzEzTQ04Hi_ z4Q~J4_#K#xd*C7ecNgIQzKqr!>|>{_Fp69qFNae&P={Y0PoQrg?exC@UH4!2qEOS zXwF1?)n`H_Lm7H$hN1~U@9_v*fB07DU-g3ji@eI+1jf@s9oAJ>^n3e}_mwOY=1+5u zQb{=qGUx$=FB|My=LH)ms2z$kea_Wr#bTqTHKx-UEB}BV4lw$Ug7nbj3k;qGhf^4x z!4(1XQXI%udCRE%u!Ou3ch-ImZ_|$8#WnIIINLT)KBkd&@=kJ>l0Y+;w&YZb?z%RUiADK-5C`IfmBo?4_(ho{P`@rdD!M#^%hj8j!?~xoF z*BahoG-r){q$27EvO?OuXn_1$^yHP)q35(Urf2&XhB-+*8xl`z!5kdo0yrTgrH)1_ zt+&s-AV@~bVsL#s6j#lR>5(Jh_BciO{FBGH@K8#T-Hy5DFixKlr^#&8E$`1D_JS9l zmyYJ;*T*Djv^*fPW|0!(Q^9f)wy1#894D*FIYUw}%HA$8S&`wsNgAvX;tRWFIi{Dg zE-lRBgn2tT+Kk6;jXYasId4W1a(SNCMp=aOxJSZP6XEzIj(&O#ik*aJTQ5O%n;WZk z+)a3gWX4ItPFE^Wc^!wm4;loH>f1FGHO}9Bw3!^yp+t_vrYF7 zSd+IgyLHr`bH`j5c=AH$wi2x3x9n**Yp&C&aqX?}KVK(+yHH#m->k30iz#KRYGv(H z({07Elhp?Yc%9V2O7;vkhE|}%3d8-uE8$+@syW}T+DtxnZacf${yF^7JBdn{7b-{e zv|=UqcfO9U=O1Xm9xw6Jb9K7DQrqGhG>1G7NY?!N^W;XJ)(#qiq4Vl`XDv&SQyFBW z9gXA7nKN0Tn}>g1y0FR4zCoIS!xOqYlh5gYNIQM8O#=X#&qld%sUtPZ8P@aD{D1rHbQuxRxVfC zw-l9Wm%f-HZ_in@&dz)lKNbpZbe=6Px|;_F#A4v_niSS*`E1ZQd@e32La~d?#DVXT zX?z*)!86LgsaS_)j`9?A+RWNG=atS83r zL5f{F322bJOM z{`>3KR_q9HB^gyq9A0F$@XWeNTCbB^LD@2K#flA8rccVN^O>lbW7P!va7%b2@_0($ zarHd55oXwAaH)yF^~46uH!O53VgrX1e7&}ZMMGO)4>G)AwDRpVF7J)bm_2tkz1MNT zjuXwEMPFW!S^MJ1;wUZ}w`sK~%B+(4n70@0)hltTZ;=V-&BWo6vL7<;e$}aOEQNpM z+UfYt4Q~2O^l8mV0xouSPy-w=H2=Ucsc1bz9CwViM-aEvYx$|}b1)0LKpE9pI>zkA zcLWPoE~1~Xsawsra7d6}@RDz{NqCH}Fy}mpUdj7Pj>54v>sXmO4wIe_P~14^TZA~( zI&cK^0W_naqnH%bMk=-gk!?>2REIyUv*xb!m?Dp+Ncm@Qv)~S!anIsttT8jRToSX< zW$uusGmbltp&YVjK0^sJ9!RiHRx*k(W0rRsQM8DpdezEVK@M=A^62@U+<~qL(Bq&Y z!>{olr4`JtifCwho$RXs580%u7ilB-w^L(zW7C+8>_51IibT)p-uaZE&@c9d`{AYYJ zG}2VHX*r%dEkM_-vodecgQRgyM2I}ocaF6Ius_hiK~h4HT5P+RD5 zToUI)P$#lb=f{RTWXKI*UuhD$M2*J*oB#%+dZ#u|9n9n8w<4mrrTn0YshnO?S!juU z;)Zvt`?n5I#rW@=TnpagI6DvjMnxOwlmw4;9176W*~zrfUP>e2)xS$FMliA#3OHB% z?sj4y>-^A4!7;Jrz_#qp$~Vi|KsSnb6RdOQ@tSI@y(Q zo{XQwR7wX1>q)Cz8K zxBk3i0M%v~)BaHvbGFC@we&-kLL^Wps1;Fd?^y<9m#KO7B6hQ*NV#?xqeQoo>Pasy z_t+I;mTuoVdU{MF(2^g?8wix(j<)g%FL~ApFA8SZF(4;K_i1xPYz3z^J0xBD6PvY$ zQQGgmZ%(4lQjakU0`Hg;qgc@%Pr%Kynr8(Yil)CahXSRYk@c<^Zu3y*tQuEgu!SWS zFm;&qA&5bfp%u)s_V7eSzK|86%XP4Z!p!HG;f^@#09H;YC3`FOqM|+8mV~xc)lv_M zkie5QB=T?sKhbUCRIzVHrO`|pp0U7fxZ;JGs9E@OhiXJ?)*xLRDtI@)N>|>j>ypPeSaS$&EKecwQ&4>vp;^h17nEeugOE~aF=li4YgaMYI?Ox?8tV{Ex6C5W z?D{E{own0Et$Z=7V!@G9Y%+h-)-+(UMK) zoac4%#Gfsrcp^9}w}6W^LmEDFv?80V3f>%*GV~z1YflT4ATHIyc;&3aZH}sABep7{ z?dqNq7gEUI_i|DEwSWlvvE2Eya&8nWyYxE47{)A3~#dy^*%}dZ3!9CyQPVtLR2@Yim3JxyM);zFC-L317@b5pE#XF$G znk7*1Egilc#5n*sA3yE05>G=pGYY zEx6~Ct@IP7t(9?&3i3sanOXi3xgJdndWj@PAD!bz42B$`4trtSW-rJLnDiN zRWJG(cBR$ska70@oOkN zIFX}aSUk0_+K!V@_hBfEZTrPa5;OFLie$rYZuxbto{JzHNI{JEhbY1RdqG2@i<_{*~a9pbaDBk U-bsrn4t>f%*Ys@eX@~p&3xj-Y_5c6? From c79c768c087a554486264fd64612ccaf036d7575 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 12:38:04 -0800 Subject: [PATCH 117/142] revise for server only --- ...troller-allow-server-operators-to-schedule-tasks.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md index b131e13acf..28361156ef 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md @@ -1,17 +1,12 @@ --- -title: Domain controller Allow server operators to schedule tasks (Windows 10) +title: Domain controller Allow server operators to schedule tasks description: Describes the best practices, location, values, and security considerations for the Domain controller Allow server operators to schedule tasks security policy setting. -ms.assetid: 198b12a4-8a5d-48e8-a752-2073b8a2cb0d ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.topic: conceptual ms.date: 04/19/2017 ms.technology: itpro-security @@ -20,8 +15,7 @@ ms.technology: itpro-security # Domain controller: Allow server operators to schedule tasks **Applies to** -- Windows 11 -- Windows 10 +- Windows Server Describes the best practices, location, values, and security considerations for the **Domain controller: Allow server operators to schedule tasks** security policy setting. From 7ebdc4d701c77f3ced5e8011b074e81faa14fe68 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 12:39:34 -0800 Subject: [PATCH 118/142] applies to server only --- ...main-controller-ldap-server-signing-requirements.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md index 3be38e20f4..39803ce695 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md @@ -1,17 +1,12 @@ --- -title: Domain controller LDAP server signing requirements (Windows 10) +title: Domain controller LDAP server signing requirements description: Describes the best practices, location, values, and security considerations for the Domain controller LDAP server signing requirements security policy setting. -ms.assetid: fe122179-7571-465b-98d0-b8ce0f224390 ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.topic: conceptual ms.date: 04/19/2017 ms.technology: itpro-security @@ -20,8 +15,7 @@ ms.technology: itpro-security # Domain controller: LDAP server signing requirements **Applies to** -- Windows 11 -- Windows 10 +- Windows Server This article describes the best practices, location, values, and security considerations for the **Domain controller: LDAP server signing requirements** security policy setting. From ed94e9d640bd3a6116b9421a15991d93a728f6d9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 12:40:31 -0800 Subject: [PATCH 119/142] applies to server only --- ...ntroller-refuse-machine-account-password-changes.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index 44906563cb..63d863c555 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -1,17 +1,12 @@ --- -title: Refuse machine account password changes policy (Windows 10) +title: Refuse machine account password changes policy description: Describes the best practices, location, values, and security considerations for the Domain controller Refuse machine account password changes security policy setting. -ms.assetid: 5a7fa2e2-e1a8-4833-90f7-aa83e3b456a9 ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.topic: conceptual ms.technology: itpro-security ms.date: 12/31/2017 @@ -20,8 +15,7 @@ ms.date: 12/31/2017 # Domain controller: Refuse machine account password changes **Applies to** -- Windows 11 -- Windows 10 +- Windows Server Describes the best practices, location, values, and security considerations for the **Domain controller: Refuse machine account password changes** security policy setting. From d6944380d13f141053228108b565f1f9cb0382c9 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Fri, 13 Jan 2023 13:16:33 -0800 Subject: [PATCH 120/142] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 41a3aec43a..8a63a27c99 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -81,7 +81,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us | Application | Supported version | App Type | Vendor | |-------------------------------------------|-------------------|----------|-------------------------------------------| -| `3d builder` | `18.0.1931.0` | Win32 | `Microsoft` | +| `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | | `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation` | | `AirSecure` | 8.0.0 | Win32 | `AIR` | | `Alertus Desktop` | 5.4.48.0 | Win32 | `Alertus technologies` | @@ -97,6 +97,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us | `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | `Data recognition Corporation` | | `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | | `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` | +| `EasyReader` | 10.0.3.481 | Win32 | `Dolphin Computer Access` | | `Epson iProjection` | 3.31 | Win32 | `Epson` | | `eTests` | 4.0.25 | Win32 | `CASAS` | | `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` | @@ -107,6 +108,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us | `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` | | `Immunet` | 7.5.8.21178 | Win32 | `Immunet` | | `Impero Backdrop Client` | 4.4.86 | Win32 | `Impero Software` | +| `IMT Lazarus` | 2.86.0 | Win32 | `IMTLazarus` | | `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` | | `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` | | `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` | @@ -133,11 +135,12 @@ The following applications can also run on Windows 11 SE, and can be deployed us | `Remote Desktop client (MSRDC)` | 1.2.3213.0 | Win32 | `Microsoft` | | `Remote Help` | 4.0.1.13 | Win32 | `Microsoft` | | `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` | -| `Safe Exam Browser` | 3.3.2.413 | Win32 | `Safe Exam Browser` | +| `Safe Exam Browser` | 3.4.1.505 | Win32 | `Safe Exam Browser` | | `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | | `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` | | `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` | | `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | +|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development` | `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | | `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | | `WordQ` | 5.4.23 | Win32 | `Mathetmots` | From 0df2d5a10818ab5fa65134e43333e9b4fa8e976a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 13:48:41 -0800 Subject: [PATCH 121/142] revise apply list --- ...e-encryption-types-allowed-for-kerberos.md | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index 8887f22d97..a9b0b1ae89 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -1,17 +1,12 @@ --- title: Network security Configure encryption types allowed for Kerberos description: Best practices, location, values and security considerations for the policy setting, Network security Configure encryption types allowed for Kerberos Win7 only. -ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.collection: - highpri ms.topic: conceptual @@ -24,17 +19,7 @@ ms.technology: itpro-security **Applies to** - Windows 11 - Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Vista -- Windows XP -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 -- Windows Server 2008 -- Windows Server 2003 -- Windows 2000 Server +- Windows Server Describes the best practices, location, values, and security considerations for the **Network security: Configure encryption types allowed for Kerberos** security policy setting. @@ -42,7 +27,7 @@ Describes the best practices, location, values, and security considerations for This policy setting allows you to set the encryption types that the Kerberos protocol is allowed to use. If it isn't selected, the encryption type won't be allowed. This setting might affect compatibility with client computers or services and applications. Multiple selections are permitted. -For more information, see [article 977321](/troubleshoot/windows-server/windows-security/kdc-event-16-27-des-encryption-disabled) in the Microsoft Knowledge Base. +For more information, see [KDC event ID 16 or 27 is logged if DES for Kerberos is disabled](/troubleshoot/windows-server/windows-security/kdc-event-16-27-des-encryption-disabled). The following table lists and explains the allowed encryption types. From eda8e4eef33695d99e3af28d5ffd465dd96d4abb Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 13:51:02 -0800 Subject: [PATCH 122/142] Clarifying tenant enrollment support request feature. --- .../deploy/windows-autopatch-admin-contacts.md | 2 +- .../prepare/windows-autopatch-fix-issues.md | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index e2b8f8816e..3c9553dbf4 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -17,7 +17,7 @@ msreviewer: hathind There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch. > [!IMPORTANT] -> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the enrollment process. If so, take a moment now to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. +> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-fix-issues.md#submit-a-tenant-enrollment-support-request). However, take a moment now to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus). diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index ee145b6390..0f64cf3762 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -76,17 +76,18 @@ Windows Autopatch requires the following licenses: ## Submit a tenant enrollment support request -> [!IMPORTANT] -> Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with troubleshooting issues. - If you need more assistance with tenant enrollment, you can submit support requests to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team. +> [!NOTE] +> After you've successfully enrolled your tenant, this feature will no longer be accessible. You must [submit a support request through the Tenant administration menu](../operate/windows-autopatch-support-request.md). + **To submit a new tenant enrollment support request:** -1. If the Readiness assessment tool fails, remediation steps can be found by selecting **View details** under **Management settings** and then selecting the individual checkbox. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. -2. Enter your question(s) and/or a description of the problem. -3. Review all the information you provided for accuracy. -4. When you're ready, select **Create**. +1. Go to Management settings > View details > select **the readiness check result**. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. +2. Enter your question(s) and/or a description of the issue. +3. Enter your primary contact information. Windows Autopatch will work directly with the contact listed to resolve the support request. +4. Review all the information for accuracy. +5. Select **Create**. ### Manage an active tenant enrollment support request From 5d892cdada4458735965f109e4c31c5c675701bf Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 13:55:14 -0800 Subject: [PATCH 123/142] tweaks --- .../deploy/windows-autopatch-admin-contacts.md | 2 +- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index 3c9553dbf4..70f54ca882 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -17,7 +17,7 @@ msreviewer: hathind There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch. > [!IMPORTANT] -> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-fix-issues.md#submit-a-tenant-enrollment-support-request). However, take a moment now to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. +> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-fix-issues.md#submit-a-tenant-enrollment-support-request). However, take a moment to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus). diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index 0f64cf3762..bd9e2f38e0 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -83,7 +83,7 @@ If you need more assistance with tenant enrollment, you can submit support reque **To submit a new tenant enrollment support request:** -1. Go to Management settings > View details > select **the readiness check result**. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. +1. Go to Management settings > View details > select a **readiness check result**. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. 2. Enter your question(s) and/or a description of the issue. 3. Enter your primary contact information. Windows Autopatch will work directly with the contact listed to resolve the support request. 4. Review all the information for accuracy. From e45384a6bbbe55910c7314a14ca133c29f40ded9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 13:57:06 -0800 Subject: [PATCH 124/142] applies to server only --- ...ct-ntlm-audit-ntlm-authentication-in-this-domain.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index 5cbbab6399..f0c1ef0a6c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -1,17 +1,12 @@ --- -title: Network security Restrict NTLM Audit NTLM authentication in this domain (Windows 10) +title: Network security Restrict NTLM Audit NTLM authentication in this domain description: Best practices, security considerations, and more for the security policy setting, Network Security Restrict NTLM Audit NTLM authentication in this domain. -ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.topic: conceptual ms.date: 04/19/2017 ms.technology: itpro-security @@ -20,8 +15,7 @@ ms.technology: itpro-security # Network security: Restrict NTLM: Audit NTLM authentication in this domain **Applies to** -- Windows 11 -- Windows 10 +- Windows Server Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Audit NTLM authentication in this domain** security policy setting. From a5ca52f4700f9230806c28e91df0c75d251823f0 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 13:59:46 -0800 Subject: [PATCH 125/142] applies to server only --- ...restrict-ntlm-ntlm-authentication-in-this-domain.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 30d45290d1..61092a99fc 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -1,17 +1,12 @@ --- -title: Network security Restrict NTLM in this domain (Windows 10) +title: Network security Restrict NTLM in this domain description: Learn about best practices, security considerations and more for the security policy setting, Network Security Restrict NTLM NTLM authentication in this domain. -ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8 ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.topic: conceptual ms.technology: itpro-security ms.date: 12/31/2017 @@ -20,8 +15,7 @@ ms.date: 12/31/2017 # Network security: Restrict NTLM: NTLM authentication in this domain **Applies to** -- Windows 11 -- Windows 10 +- Windows Server Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: NTLM authentication in this domain** security policy setting. From 8824f5d081433019df31657d2655d009869b0d2a Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 13 Jan 2023 14:02:27 -0800 Subject: [PATCH 126/142] Updates based on feedback --- ...ws-diagnostic-data-in-your-organization.md | 43 ++++++------------- 1 file changed, 13 insertions(+), 30 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 3816da6feb..2809134a14 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -325,8 +325,8 @@ The diagnostic data setting on the device should be set to Required diagnostic d > [!NOTE] > The information in this section applies to the following versions of Windows: -> - Windows 10, versions 20H2, 21H2 and 22H2 -> - Windows 11, versions 21H2 and 22H2 +> - Windows 10, versions 20H2, 21H2, 22H2, and newer +> - Windows 11, versions 21H2, 22H2, and newer Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined. @@ -334,8 +334,15 @@ Starting with the January 2023 preview cumulative update, how you enable the pro For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe. +> [!NOTE] +> The Windows diagnostic data processor configuration has components for which work is in progress to be included in the EU Data Boundary, but completion of this work is delayed beyond January 1, 2023. These components will be included in the EU Data Boundary in the coming months. In the meantime, Microsoft will temporarily transfer data out of the EU Data Boundary as part of service operations to ensure uninterrupted operation of the services customers signed up for. + From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows). +>[!Note] +> - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled. +> - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions. + ### Devices in Azure AD tenants with a billing address outside of the EU and EFTA For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: @@ -353,10 +360,12 @@ If you don’t sign up for any of these enterprise services, Microsoft will act > [!NOTE] > In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. -### Enabling Windows diagnostic data processor configuration (older versions of Windows 10) +### Enabling Windows diagnostic data processor configuration on older versions of Windows > [!NOTE] -> The information in this section applies to Windows 10, versions 1809, 1903, 1909, and 2004. +> The information in this section applies to the following versions of Windows: +> - Windows 10, versions 1809, 1903, 1909, and 2004. +> - Newer versions of Windows 10 and Windows 11 that have not updated yet to at least the January 2023 preview cumulative update. Use the instructions below to enable Windows diagnostic data processor configuration using a single setting, through Group Policy, or an MDM solution. @@ -374,32 +383,6 @@ Under **Value**, use **1** to enable the service. If you wish to disable, at any time, switch the same setting to **0**. The default value is **0**. ->[!Note] -> - If you have any additional policies that also enable you to be a controller of Windows diagnostic data, such as the services listed below, you will need to turn off all the applicable policies in order to stop being a controller for Windows diagnostic data. -> - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled. -> - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions. - -You can also enable the Windows diagnostic data processor configuration by enrolling in services that use Windows diagnostic data. These services currently include Update Compliance, Windows Update for Business reports, Microsoft Managed Desktop, and Windows Update for Business. - -For information on these services and how to configure the group policies, refer to the following documentation: - -Update Compliance: - -- [Privacy in Update Compliance](/windows/deployment/update/update-compliance-privacy) -- [Manually configuring devices for Update Compliance](/windows/deployment/update/update-compliance-configuration-manual#required-policies) - -Windows Update for Business reports - -- [Windows Update for Business reports prerequisites](/windows/deployment/update/wufb-reports-prerequisites) - -Microsoft Managed Desktop: - -- [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data) - -Windows Update for Business: - -- [How to enable deployment protections](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections) - ## Change privacy settings on a single server You can also change the privacy settings on a server running either the Azure Stack HCI operating system or Windows Server. For more information, see [Change privacy settings on individual servers](/azure-stack/hci/manage/change-privacy-settings). From b0cbda2824a774015bc833a1e9c49465b2c3bba4 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 13 Jan 2023 14:21:40 -0800 Subject: [PATCH 127/142] Move some info around --- ...ows-diagnostic-data-in-your-organization.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 2809134a14..f8fc2daacd 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -312,6 +312,9 @@ The Windows diagnostic data processor configuration enables you to be the contro - Education - The device must be joined to Azure Active Directory (can be a hybrid Azure AD join). +> [!NOTE] +> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. + For the best experience, use the most current build of any operating system specified above. Configuration functionality and availability may vary on older systems. See [Lifecycle Policy](/lifecycle/products/windows-10-enterprise-and-education) The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable: @@ -321,6 +324,10 @@ The diagnostic data setting on the device should be set to Required diagnostic d - settings-win.data.microsoft.com - *.blob.core.windows.net +>[!Note] +> - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled. +> - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions. + ### Enabling Windows diagnostic data processor configuration > [!NOTE] @@ -330,7 +337,7 @@ The diagnostic data setting on the device should be set to Required diagnostic d Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined. -### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA) +#### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA) For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe. @@ -339,11 +346,7 @@ For Windows devices with diagnostic data turned on and that are joined to an [Az From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows). ->[!Note] -> - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled. -> - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions. - -### Devices in Azure AD tenants with a billing address outside of the EU and EFTA +#### Devices in Azure AD tenants with a billing address outside of the EU and EFTA For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data: @@ -357,9 +360,6 @@ For Windows devices with diagnostic data turned on and that are joined to an [Az If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data. -> [!NOTE] -> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. - ### Enabling Windows diagnostic data processor configuration on older versions of Windows > [!NOTE] From d1b9e8a568597e951a0ea09128aaabc4624172b0 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Fri, 13 Jan 2023 14:28:45 -0800 Subject: [PATCH 128/142] Update lifecycle link --- .../configure-windows-diagnostic-data-in-your-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index f8fc2daacd..669941fd55 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -315,7 +315,7 @@ The Windows diagnostic data processor configuration enables you to be the contro > [!NOTE] > In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply. -For the best experience, use the most current build of any operating system specified above. Configuration functionality and availability may vary on older systems. See [Lifecycle Policy](/lifecycle/products/windows-10-enterprise-and-education) +For the best experience, use the most current build of any operating system specified above. Configuration functionality and availability may vary on older systems. For release information, see [Windows 10 Enterprise and Education](/lifecycle/products/windows-10-enterprise-and-education) and [Windows 11 Enterprise and Education](/lifecycle/products/windows-11-enterprise-and-education) on the Microsoft Lifecycle Policy site. The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable: From a04c557686243d134b4b4c3e7565cab4414f7c00 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 14:48:29 -0800 Subject: [PATCH 129/142] more tweaks. --- windows/deployment/windows-autopatch/TOC.yml | 2 + .../windows-autopatch-admin-contacts.md | 2 +- ...ws-autopatch-enrollment-support-request.md | 40 +++++++++++++++++++ .../prepare/windows-autopatch-fix-issues.md | 29 +------------- 4 files changed, 44 insertions(+), 29 deletions(-) create mode 100644 windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index 8789fb10ba..5bc21c33d2 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -22,6 +22,8 @@ items: - name: Fix issues found by the Readiness assessment tool href: prepare/windows-autopatch-fix-issues.md + - name: Submit a tenant enrollment support request + href: prepare/windows-autopatch-enrollment-support-request.md - name: Deploy href: items: diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md index 70f54ca882..b01e97264d 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md @@ -17,7 +17,7 @@ msreviewer: hathind There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch. > [!IMPORTANT] -> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-fix-issues.md#submit-a-tenant-enrollment-support-request). However, take a moment to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. +> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md). However, take a moment to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs. You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus). diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md new file mode 100644 index 0000000000..c36be7a98b --- /dev/null +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md @@ -0,0 +1,40 @@ +--- +title: Submit a tenant enrollment support request +description: This article details how to submit a tenant enrollment support request +ms.date: 01/13/2023 +ms.prod: windows-client +ms.technology: itpro-updates +ms.topic: how-to +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +msreviewer: hathind +--- + +# Submit a tenant enrollment support request + +If you need more assistance with tenant enrollment, you can submit support requests to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team. + +> [!NOTE] +> After you've successfully enrolled your tenant, this feature will no longer be accessible. You must [submit a support request through the Tenant administration menu](../operate/windows-autopatch-support-request.md). + +**To submit a new tenant enrollment support request:** + +1. Go to Management settings > View details > select a **readiness check result**. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. +2. Enter your question(s) and/or a description of the issue. +3. Enter your primary contact information. Windows Autopatch will work directly with the contact listed to resolve the support request. +4. Review all the information for accuracy. +5. Select **Create**. + +## Manage an active tenant enrollment support request + +The primary contact for the support request will receive email notifications when a case is created, assigned to a service engineer to investigate, and mitigated. + +If you have a question about the case, the best way to get in touch is to reply directly to one of the emails. If we have questions about your request or need more details, we'll email the primary contact listed in the support request. + +**To view all your active tenant enrollment support requests:** + +1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu. +1. In the **Windows Autopatch** section, select **Tenant Enrollment**. +1. Select the **Support history** tab. You can view the list of all support cases, or select an individual case to view the details. diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index bd9e2f38e0..b61915016d 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -17,7 +17,7 @@ msreviewer: hathind Seeing issues with your tenant? This article details how to remediate issues found with your tenant. > [!NOTE] -> If you need more assistance with tenant enrollment, you can [submit a tenant enrollment support request](#submit-a-tenant-enrollment-support-request). +> If you need more assistance with tenant enrollment, you can [submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md). ## Check results @@ -73,30 +73,3 @@ Windows Autopatch requires the following licenses: | Result | Meaning | | ----- | ----- | | Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). | - -## Submit a tenant enrollment support request - -If you need more assistance with tenant enrollment, you can submit support requests to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team. - -> [!NOTE] -> After you've successfully enrolled your tenant, this feature will no longer be accessible. You must [submit a support request through the Tenant administration menu](../operate/windows-autopatch-support-request.md). - -**To submit a new tenant enrollment support request:** - -1. Go to Management settings > View details > select a **readiness check result**. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. -2. Enter your question(s) and/or a description of the issue. -3. Enter your primary contact information. Windows Autopatch will work directly with the contact listed to resolve the support request. -4. Review all the information for accuracy. -5. Select **Create**. - -### Manage an active tenant enrollment support request - -The primary contact for the support request will receive email notifications when a case is created, assigned to a service engineer to investigate, and mitigated. - -If you have a question about the case, the best way to get in touch is to reply directly to one of the emails. If we have questions about your request or need more details, we'll email the primary contact listed in the support request. - -**To view all your active tenant enrollment support requests:** - -1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu. -1. In the **Windows Autopatch** section, select **Tenant Enrollment**. -1. Select the **Support history** tab. You can view the list of all support cases, or select an individual case to view the details. From f7460cc9d28f940eda5f69d128b7cfdcd8aaf4fb Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 14:49:30 -0800 Subject: [PATCH 130/142] tweaks. --- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index b61915016d..891576dd03 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -1,6 +1,6 @@ --- title: Fix issues found by the Readiness assessment tool -description: This article details how to fix issues found by the Readiness assessment tool +description: This article details how to fix issues found by the Readiness assessment tool. ms.date: 01/12/2023 ms.prod: windows-client ms.technology: itpro-updates From f9ab93633531c6d079c9c544a36918afe9660129 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 13 Jan 2023 15:32:29 -0800 Subject: [PATCH 131/142] corrected link. --- .../whats-new/windows-autopatch-whats-new-2023.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index f8aadf763a..bb56fa10e7 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -24,7 +24,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | Article | Description | | ----- | ----- | -| [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) | Added the Submit a tenant enrollment support request section. You can submit a tenant enrollment support request through the Tenant enrollment tool if you're running into issues with enrollment. | +| [Submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md) | Added the Submit a tenant enrollment support request section. You can submit a tenant enrollment support request through the Tenant enrollment tool if you're running into issues with enrollment. | | [Submit a support request](../operate/windows-autopatch-support-request.md) | Added Premier and Unified support options section | ### January service release From 23ba7a357e14b5edefd94a72e5c640f2b0fbd393 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 15:41:24 -0800 Subject: [PATCH 132/142] applies server only --- .../add-workstations-to-domain.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md index a2f8e17404..139d15f4ec 100644 --- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md +++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md @@ -1,17 +1,12 @@ --- -title: Add workstations to domain (Windows 10) +title: Add workstations to domain description: Describes the best practices, location, values, policy management and security considerations for the Add workstations to domain security policy setting. -ms.assetid: b0c21af4-c928-4344-b1f1-58ef162ad0b3 ms.reviewer: ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft manager: aaroncz -audience: ITPro ms.topic: conceptual ms.date: 04/19/2017 ms.technology: itpro-security @@ -20,8 +15,7 @@ ms.technology: itpro-security # Add workstations to domain **Applies to** -- Windows 11 -- Windows 10 +- Windows Server Describes the best practices, location, values, policy management and security considerations for the **Add workstations to domain** security policy setting. From 3ebe47c74dc0c3c4ba18acc5c9fe9d75912a8485 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 16:38:41 -0800 Subject: [PATCH 133/142] revise for latest policy --- .../interactive-logon-require-smart-card.md | 75 +++++++++---------- 1 file changed, 36 insertions(+), 39 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md index 32b2a60b44..c4c432757d 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md @@ -1,47 +1,44 @@ --- -title: Interactive logon Require smart card - security policy setting (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Interactive logon Require smart card security policy setting. -ms.assetid: c6a8c040-cbc7-472d-8bc5-579ddf3cbd6c -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium +title: "Interactive logon: Require Windows Hello for Business or smart card" +description: "Describes the best practices, location, values, policy management, and security considerations for the 'Interactive logon: Require Windows Hello for Business or smart card' security policy setting." author: vinaypamnani-msft +ms.author: vinpa manager: aaroncz -audience: ITPro -ms.topic: conceptual -ms.date: 04/19/2017 +ms.reviewer: +ms.prod: windows-client ms.technology: itpro-security +ms.localizationpriority: medium +ms.topic: conceptual +ms.date: 01/13/2023 --- -# Interactive logon: Require smart card - security policy setting +# Interactive logon: Require Windows Hello for Business or smart card **Applies to** -- Windows 10 -Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require smart card** security policy setting. +- Windows 11 +- Windows 10, version 1703 or later + +Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require Windows Hello for Business or smart card** security policy setting. > [!NOTE] -> You may need to download the ADMX template for your version of Windows to enable this policy to be applied. +> You may need to download the ADMX template for your version of Windows to apply this policy. ## Reference -The **Interactive logon: Require smart card** policy setting requires users to log on to a device by using a smart card. +The **Interactive logon: Require Windows Hello for Business or smart card** policy setting requires users to sign in to a device by using a smart card or Windows Hello for Business method. -Requiring users to use long, complex passwords for authentication enhances network security, especially if the users must change their passwords regularly. This requirement reduces the chance that a malicious user will be able to guess a user's password through a brute-force attack. Using smart cards rather than passwords for authentication dramatically increases security because, with today's technology, it is nearly impossible for a malicious user to impersonate another user. Smart cards that require personal identification numbers (PINs) provide two-factor authentication: the user who attempts to log on must possess the smart card and know its PIN. A malicious user who captures the authentication traffic between the user's device and the domain controller will find it difficult to decrypt the traffic: even if they do, the next time the user logs on to the network, a new session key will be generated for encrypting traffic between the user and the domain controller. +Requiring users to use long, complex passwords for authentication enhances network security, especially if the users must change their passwords regularly. This requirement reduces the chance that a malicious user will be able to guess a user's password through a brute-force attack. Using smart cards rather than passwords for authentication dramatically increases security because, with today's technology, it's nearly impossible for a malicious user to impersonate another user. Smart cards that require personal identification numbers (PINs) provide two-factor authentication: the user who attempts to sign in must possess the smart card and know its PIN. A malicious user who captures the authentication traffic between the user's device and the domain controller will find it difficult to decrypt the traffic: even if they do, the next time the user signs in to the network, a new session key will be generated for encrypting traffic between the user and the domain controller. ### Possible values -- Enabled -- Disabled -- Not defined +- Enabled +- Disabled +- Not defined ### Best practices -- Set **Interactive logon: Require smart card** to Enabled. All users will have to use smart cards to log on to the network. This requirement means that the organization must have a reliable public key infrastructure (PKI) in place, and provide smart cards and smart card readers for all users. +- Set **Interactive logon: Require Windows Hello for Business or smart card** to Enabled. All users will have to use smart cards to sign in to the network, or a Windows Hello for Business method. This requirement means that the organization must have a reliable public key infrastructure (PKI) in place, and provide smart cards and smart card readers for all users. For more information about password-less authentication, see [Windows Hello for Business overview](../../identity-protection/hello-for-business/hello-overview.md). ### Location @@ -49,32 +46,32 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec ### Default values -The following table lists the actual and effective default values for this policy, by server type or Group Policy Object (GPO). Default values are also listed on the policy's property page. +The following table lists the actual and effective default values for this policy, by server type or group policy object (GPO). Default values are also listed on the policy's property page. | Server type or GPO | Default value | | - | - | -| Default Domain Policy| Not defined| -| Default Domain Controller Policy | Not defined| -| Stand-Alone Server Default Settings | Disabled| -| DC Effective Default Settings | Disabled| -| Member Server Effective Default Settings | Disabled| -| Client Computer Effective Default Settings | Disabled| - +| Default Domain Policy| Not defined| +| Default Domain Controller Policy | Not defined| +| Stand-Alone Server Default Settings | Disabled| +| DC Effective Default Settings | Disabled| +| Member Server Effective Default Settings | Disabled| +| Client Computer Effective Default Settings | Disabled| + ## Policy management This section describes features and tools that are available to help you manage this policy. ### Restart requirement -None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy. +None. Changes to this policy become effective without a device restart when they're saved locally or distributed through group policy. ### Policy conflict considerations None. -### Group Policy +### Group policy -This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through GPOs. If this policy is not contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. +This policy setting can be configured by using the group policy management console (GPMC) to be distributed through GPOs. If this policy isn't contained in a distributed GPO, this policy can be configured on the local computer by using the local security policy snap-in. ## Security considerations @@ -86,13 +83,13 @@ It can be difficult to make users choose strong passwords, and even strong passw ### Countermeasure -For users with access to computers that contain sensitive data, issue smart cards to users and configure the **Interactive logon: Require smart card** setting to Enabled. +For users with access to computers that contain sensitive data, issue smart cards to users or configure Windows Hello for Business. Then configure the **Interactive logon: Require Windows Hello for Business or smart card** setting to Enabled. -### Potential impact +### Potential effect -All users of a device with this setting enabled must use smart cards to log on locally. So the organization must have a reliable public key infrastructure (PKI) as well as smart cards and smart card readers for these users. These requirements are significant challenges because -expertise and resources are required to plan for and deploy these technologies. Active Directory Certificate Services (AD CS) can be used to implement and manage certificates. You can use automatic user and device enrollment and renewal on the client. +All users of a device with this setting enabled must use smart cards or a Windows Hello for Business method to sign in locally. The organization must have a reliable public key infrastructure (PKI), smart cards, and smart card readers for these users, or have enabled Windows Hello for Business. These requirements are significant challenges because expertise and resources are required to plan for and deploy these technologies. Active Directory Certificate Services can be used to implement and manage certificates. You can use automatic user and device enrollment and renewal on the client. -## Related topics +## Related articles - [Security Options](security-options.md) +- [Windows Hello for Business overview](../../identity-protection/hello-for-business/hello-overview.md) From 531fd21d0144b36cdbdebae7a2e390a3d39f9d27 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 17:25:54 -0800 Subject: [PATCH 134/142] remove smbv1 policies --- .openpublishing.redirection.json | 38 ++++-- .../security-policy-settings/TOC.yml | 8 -- ...nt-digitally-sign-communications-always.md | 60 +++++---- ...er-digitally-sign-communications-always.md | 76 ++++++----- .../security-options.md | 73 +++++------ ...nt-digitally-sign-communications-always.md | 120 ----------------- ...ly-sign-communications-if-server-agrees.md | 122 ----------------- ...er-digitally-sign-communications-always.md | 123 ------------------ ...ly-sign-communications-if-client-agrees.md | 122 ----------------- 9 files changed, 140 insertions(+), 602 deletions(-) delete mode 100644 windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md delete mode 100644 windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md delete mode 100644 windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md delete mode 100644 windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index c8b24a5865..fba69a731f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -742,12 +742,12 @@ }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md", - "redirect_url": "/windows/security/threat-protectionsecurity-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees", + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, { @@ -3447,7 +3447,7 @@ }, { "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, { @@ -3472,7 +3472,7 @@ }, { "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, { @@ -12392,12 +12392,12 @@ }, { "source_path": "windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md", - "redirect_url": "/windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, { "source_path": "windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", - "redirect_url": "/windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, { @@ -12417,12 +12417,12 @@ }, { "source_path": "windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md", - "redirect_url": "/windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, { "source_path": "windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md", - "redirect_url": "/windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, { @@ -20314,6 +20314,26 @@ "source_path": "windows/configuration/manage-wifi-sense-in-enterprise.md", "redirect_url": "/windows/resources", "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_document_id": false } ] } \ No newline at end of file diff --git a/windows/security/threat-protection/security-policy-settings/TOC.yml b/windows/security/threat-protection/security-policy-settings/TOC.yml index 1ddc477ef1..1e4b1fa586 100644 --- a/windows/security/threat-protection/security-policy-settings/TOC.yml +++ b/windows/security/threat-protection/security-policy-settings/TOC.yml @@ -136,10 +136,6 @@ href: interactive-logon-smart-card-removal-behavior.md - name: "Microsoft network client: Digitally sign communications (always)" href: microsoft-network-client-digitally-sign-communications-always.md - - name: "SMBv1 Microsoft network client: Digitally sign communications (always)" - href: smbv1-microsoft-network-client-digitally-sign-communications-always.md - - name: "SMBv1 Microsoft network client: Digitally sign communications (if server agrees)" - href: smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md - name: "Microsoft network client: Send unencrypted password to third-party SMB servers" href: microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md - name: "Microsoft network server: Amount of idle time required before suspending session" @@ -148,10 +144,6 @@ href: microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md - name: "Microsoft network server: Digitally sign communications (always)" href: microsoft-network-server-digitally-sign-communications-always.md - - name: "SMBv1 Microsoft network server: Digitally sign communications (always)" - href: smbv1-microsoft-network-server-digitally-sign-communications-always.md - - name: "SMBv1 Microsoft network server: Digitally sign communications (if client agrees)" - href: smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md - name: "Microsoft network server: Disconnect clients when logon hours expire" href: microsoft-network-server-disconnect-clients-when-logon-hours-expire.md - name: "Microsoft network server: Server SPN target name validation level" diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md index e446db45a1..e4f7c05351 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md @@ -1,17 +1,13 @@ --- -title: Microsoft network client Digitally sign communications (always) (Windows 10) +title: Microsoft network client Digitally sign communications (always) description: Best practices and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting. -ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: manager: aaroncz ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft -ms.date: 06/28/2018 +ms.date: 01/13/2023 ms.technology: itpro-security ms.topic: conceptual --- @@ -19,12 +15,26 @@ ms.topic: conceptual # Microsoft network client: Digitally sign communications (always) **Applies to** -- Windows 11 -- Windows 10 -- Windows Server + +- Windows 11 +- Windows 10 +- Windows Server This article describes the best practices, location, values, policy management, and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2. +> [!NOTE] +> This article is about the server message block (SMB) v2 and v3 protocols. SMBv1 isn't secure and has been deprecated in Windows. Starting with Windows 10, version 1709, and Windows Server, version 1709, [SMBv1 isn't installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). + +> [!IMPORTANT] +> Microsoft doesn't recommend using the following group policy settings: +> +> - **Microsoft network server: Digitally sign communications (if client agrees)** +> - **Microsoft network client: Digitally sign communications (if server agrees)** +> +> Also don't use the **EnableSecuritySignature** registry settings. +> +> These options only affect the SMBv1 behavior. They can be effectively replaced by the **Digitally sign communications (always)** group policy setting or the **RequireSecuritySignature** registry setting. + ## Reference The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent "man-in-the-middle" attacks that modify SMB packets in transit, the SMB protocol supports digital signing of SMB packets. @@ -35,22 +45,21 @@ Beginning with SMBv2 clients and servers, signing can be either *required* or *n Negotiation occurs between the SMB client and the SMB server to decide whether signing will be used. The following table shows the effective behavior for SMBv3 and SMBv2. - -| | Server – required | Server – not required | +| Client | Server - required | Server - not required | |---------------------------|---------------------|------------------------| -| **Client – required** | Signed | Signed | -| **Client – not required** | Signed 1 | Not signed2 | +| **Client - required** | Signed | Signed | +| **Client - not required** | Signed 1 | Not signed2 |
1 Default for domain controller SMB traffic
2 Default for all other SMB traffic -Performance of SMB signing is improved in SMBv2. For more information, see [Potential impact](#potential-impact). +Performance of SMB signing is improved in SMBv2. For more information, see [Potential effect](#potential-effect). ### Possible values -- Enabled -- Disabled +- Enabled +- Disabled ### Best practice @@ -62,16 +71,16 @@ Enable **Microsoft network client: Digitally sign communications (always)**. ### Default values -The following table lists the default values for this policy. Default values are also listed on the policy’s property page. +The following table lists the default values for this policy. Default values are also listed on the policy's property page. | Server type or GPO | Default value | | - | - | -| Default Domain Policy| Disabled| -| Default Domain Controller Policy | Disabled| -| Stand-Alone Server Default Settings | Disabled| -| DC Effective Default Settings | Disabled| -| Member Server Effective Default Settings | Disabled| -| Client Computer Effective Default Settings | Disabled| +| Default Domain Policy| Disabled| +| Default Domain Controller Policy | Disabled| +| Stand-Alone Server Default Settings | Disabled| +| DC Effective Default Settings | Disabled| +| Member Server Effective Default Settings | Disabled| +| Client Computer Effective Default Settings | Disabled| ## Policy management @@ -98,10 +107,11 @@ Enable **Microsoft network client: Digitally sign communications (always)**. > [!NOTE] > An alternative countermeasure that could protect all network traffic is to implement digital signatures through IPsec. There are hardware-based accelerators for IPsec encryption and signing that can be used to minimize the performance impact on servers. No such accelerators are available for SMB signing. -### Potential impact +### Potential effect Storage speeds affect performance. A faster drive on the source and destination allows more throughput, which causes more CPU usage for signing. If you're using a 1-Gb Ethernet network or slower storage speed with a modern CPU, there's limited degradation in performance. If you're using a faster network (such as 10 Gb), the performance impact of signing may be greater. -## Related topics +## Related articles - [Security options](security-options.md) +- [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md index 3ef631a76e..4685a285de 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md @@ -1,33 +1,43 @@ --- -title: Microsoft network server Digitally sign communications (always) (Windows 10) +title: Microsoft network server Digitally sign communications (always) description: Best practices, security considerations, and more for the security policy setting, Microsoft network server Digitally sign communications (always). -ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8 -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft +ms.author: vinpa +ms.reviewer: manager: aaroncz -audience: ITPro -ms.topic: conceptual -ms.date: 06/21/2018 +ms.prod: windows-client ms.technology: itpro-security +ms.localizationpriority: medium +ms.topic: conceptual +ms.date: 01/13/2023 --- # Microsoft network server: Digitally sign communications (always) **Applies to** -- Windows 10 -- Windows Server + +- Windows 11 +- Windows 10 +- Windows Server Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2. +> [!NOTE] +> This article is about the server message block (SMB) v2 and v3 protocols. SMBv1 isn't secure and has been deprecated in Windows. Starting with Windows 10, version 1709, and Windows Server, version 1709, [SMBv1 isn't installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). + +> [!IMPORTANT] +> Microsoft doesn't recommend using the following group policy settings: +> +> - **Microsoft network server: Digitally sign communications (if client agrees)** +> - **Microsoft network client: Digitally sign communications (if server agrees)** +> +> Also don't use the **EnableSecuritySignature** registry settings. +> +> These options only affect the SMBv1 behavior. They can be effectively replaced by the **Digitally sign communications (always)** group policy setting or the **RequireSecuritySignature** registry setting. + ## Reference -The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. +The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. Implementation of digital signatures in high-security networks helps prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings can cause data access failure. @@ -35,22 +45,21 @@ Beginning with SMBv2 clients and servers, signing can be either required or not There's a negotiation done between the SMB client and the SMB server to decide whether signing will effectively be used. The following table has the effective behavior for SMBv3 and SMBv2. - -| | Server – Required | Server – Not Required | +| Client | Server - Required | Server - Not Required | |---------------------------|---------------------|------------------------| -| **Client – Required** | Signed | Signed | -| **Client – Not Required** | Signed 1 | Not Signed2 | +| **Client - Required** | Signed | Signed | +| **Client - Not Required** | Signed 1 | Not Signed2 |
1 Default for domain controller SMB traffic
2 Default for all other SMB traffic -Performance of SMB signing is improved in SMBv2. For more information, see [Potential impact](#potential-impact). +Performance of SMB signing is improved in SMBv2. For more information, see [Potential effect](#potential-effect). ### Possible values -- Enabled -- Disabled +- Enabled +- Disabled ### Best practices @@ -58,20 +67,20 @@ Enable **Microsoft network server: Digitally sign communications (always)**. ### Location -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options +*Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options* ### Default values -The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. +The following table lists the actual and effective default values for this policy. Default values are also listed on the policy's property page. | Server type or GPO | Default value | | - | - | | Default Domain Policy| Disabled| -| Default Domain Controller Policy | Enabled| -| Stand-Alone Server Default Settings | Disabled| -| DC Effective Default Settings | Enabled| -| Member Server Effective Default Settings| Disabled| -| Client Computer Effective Default Settings | Disabled| +| Default Domain Controller Policy | Enabled| +| Stand-Alone Server Default Settings | Disabled| +| DC Effective Default Settings | Enabled| +| Member Server Effective Default Settings| Disabled| +| Client Computer Effective Default Settings | Disabled| ## Policy management @@ -95,13 +104,14 @@ SMB is the resource-sharing protocol that is supported by many Windows operating Enable **Microsoft network server: Digitally sign communications (always)**. ->[!NOTE] ->An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. +> [!NOTE] +> An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. -### Potential impact +### Potential effect Storage speeds impact performance. A faster drive on the source and destination allows more throughput, which causes more CPU usage of signing. If you're using a 1-GB Ethernet network or slower storage speed with a modern CPU, there's limited degradation in performance. If you're using a faster network (such as 10 Gb), the performance impact of signing may be greater. -## Related topics +## Related articles - [Security Options](security-options.md) +- [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md) diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md index b7b56bf6a8..a53ae544d8 100644 --- a/windows/security/threat-protection/security-policy-settings/security-options.md +++ b/windows/security/threat-protection/security-policy-settings/security-options.md @@ -1,17 +1,13 @@ --- -title: Security Options (Windows 10) +title: Security options description: Introduction to the Security Options settings of the local security policies plus links to more information. -ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b ms.reviewer: manager: aaroncz ms.author: vinpa ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft -ms.date: 06/28/2018 +ms.date: 01/13/2023 ms.technology: itpro-security ms.topic: conceptual --- @@ -19,8 +15,9 @@ ms.topic: conceptual # Security Options **Applies to** -- Windows 11 -- Windows 10 + +- Windows 11 +- Windows 10 Provides an introduction to the **Security Options** settings for local security policies and links to more information. @@ -34,75 +31,71 @@ For info about setting security policies, see [Configure security policy setting | Article | Description | | - | - | -| [Accounts: Administrator account status](accounts-administrator-account-status.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Administrator account status** security policy setting.| -| [Accounts: Block Microsoft accounts](accounts-block-microsoft-accounts.md) | Describes the best practices, location, values, management, and security considerations for the **Accounts: Block Microsoft accounts** security policy setting.| -| [Accounts: Guest account status](accounts-guest-account-status.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Guest account status** security policy setting.| +| [Accounts: Administrator account status](accounts-administrator-account-status.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Administrator account status** security policy setting.| +| [Accounts: Block Microsoft accounts](accounts-block-microsoft-accounts.md) | Describes the best practices, location, values, management, and security considerations for the **Accounts: Block Microsoft accounts** security policy setting.| +| [Accounts: Guest account status](accounts-guest-account-status.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Guest account status** security policy setting.| | [Accounts: Limit local account use of blank passwords to console logon only](accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Limit local account use of blank passwords to console logon only** security policy setting. | -| [Accounts: Rename administrator account](accounts-rename-administrator-account.md)| This security policy article for the IT professional describes the best practices, location, values, and security considerations for this policy setting.| -| [Accounts: Rename guest account](accounts-rename-guest-account.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Rename guest account** security policy setting.| -| [Audit: Audit the access of global system objects](audit-audit-the-access-of-global-system-objects.md) | Describes the best practices, location, values, and security considerations for the **Audit: Audit the access of global system objects** security policy setting.| -| [Audit: Audit the use of Backup and Restore privilege](audit-audit-the-use-of-backup-and-restore-privilege.md) | Describes the best practices, location, values, and security considerations for the **Audit: Audit the use of Backup and Restore privilege** security policy setting.| +| [Accounts: Rename administrator account](accounts-rename-administrator-account.md)| This security policy article for the IT professional describes the best practices, location, values, and security considerations for this policy setting.| +| [Accounts: Rename guest account](accounts-rename-guest-account.md) | Describes the best practices, location, values, and security considerations for the **Accounts: Rename guest account** security policy setting.| +| [Audit: Audit the access of global system objects](audit-audit-the-access-of-global-system-objects.md) | Describes the best practices, location, values, and security considerations for the **Audit: Audit the access of global system objects** security policy setting.| +| [Audit: Audit the use of Backup and Restore privilege](audit-audit-the-use-of-backup-and-restore-privilege.md) | Describes the best practices, location, values, and security considerations for the **Audit: Audit the use of Backup and Restore privilege** security policy setting.| | [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](audit-force-audit-policy-subcategory-settings-to-override.md) | Describes the best practices, location, values, and security considerations for the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** security policy setting. | | [Audit: Shut down system immediately if unable to log security audits](audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)| Describes the best practices, location, values, management practices, and security considerations for the **Audit: Shut down system immediately if unable to log security audits** security policy setting. | | [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)| Describes the best practices, location, values, and security considerations for the **DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax** policy setting. | | [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)| Describes the best practices, location, values, and security considerations for the **DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax** security policy setting. | -| [Devices: Allow undock without having to log on](devices-allow-undock-without-having-to-log-on.md)| Describes the best practices, location, values, and security considerations for the **Devices: Allow undock without having to log on** security policy setting.| -| [Devices: Allowed to format and eject removable media](devices-allowed-to-format-and-eject-removable-media.md) | Describes the best practices, location, values, and security considerations for the **Devices: Allowed to format and eject removable media** security policy setting.| -| [Devices: Prevent users from installing printer drivers](devices-prevent-users-from-installing-printer-drivers.md) | Describes the best practices, location, values, and security considerations for the **Devices: Prevent users from installing printer drivers** security policy setting.| +| [Devices: Allow undock without having to log on](devices-allow-undock-without-having-to-log-on.md)| Describes the best practices, location, values, and security considerations for the **Devices: Allow undock without having to log on** security policy setting.| +| [Devices: Allowed to format and eject removable media](devices-allowed-to-format-and-eject-removable-media.md) | Describes the best practices, location, values, and security considerations for the **Devices: Allowed to format and eject removable media** security policy setting.| +| [Devices: Prevent users from installing printer drivers](devices-prevent-users-from-installing-printer-drivers.md) | Describes the best practices, location, values, and security considerations for the **Devices: Prevent users from installing printer drivers** security policy setting.| | [Devices: Restrict CD-ROM access to locally logged-on user only](devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md) | Describes the best practices, location, values, and security considerations for the **Devices: Restrict CD-ROM access to locally logged-on user only** security policy setting. | | [Devices: Restrict floppy access to locally logged-on user only](devices-restrict-floppy-access-to-locally-logged-on-user-only.md)| Describes the best practices, location, values, and security considerations for the **Devices: Restrict floppy access to locally logged-on user only** security policy setting. | | [Domain controller: Allow server operators to schedule tasks](domain-controller-allow-server-operators-to-schedule-tasks.md)| Describes the best practices, location, values, and security considerations for the **Domain controller: Allow server operators to schedule tasks** security policy setting. | | [Domain controller: LDAP server signing requirements](domain-controller-ldap-server-signing-requirements.md)| Describes the best practices, location, values, and security considerations for the **Domain controller: LDAP server signing requirements** security policy setting. | -| [Domain controller: Refuse machine account password changes](domain-controller-refuse-machine-account-password-changes.md) | Describes the best practices, location, values, and security considerations for the **Domain controller: Refuse machine account password changes** security policy setting.| +| [Domain controller: Refuse machine account password changes](domain-controller-refuse-machine-account-password-changes.md) | Describes the best practices, location, values, and security considerations for the **Domain controller: Refuse machine account password changes** security policy setting.| | [Domain member: Digitally encrypt or sign secure channel data (always)](domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md) | Describes the best practices, location, values, and security considerations for the **Domain member: Digitally encrypt or sign secure channel data (always)** security policy setting. | | [Domain member: Digitally encrypt secure channel data (when possible)](domain-member-digitally-encrypt-secure-channel-data-when-possible.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Digitally encrypt secure channel data (when possible)** security policy setting. | -| [Domain member: Digitally sign secure channel data (when possible)](domain-member-digitally-sign-secure-channel-data-when-possible.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Digitally sign secure channel data (when possible)** security policy setting.| -| [Domain member: Disable machine account password changes](domain-member-disable-machine-account-password-changes.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Disable machine account password changes** security policy setting. +| [Domain member: Digitally sign secure channel data (when possible)](domain-member-digitally-sign-secure-channel-data-when-possible.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Digitally sign secure channel data (when possible)** security policy setting.| +| [Domain member: Disable machine account password changes](domain-member-disable-machine-account-password-changes.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Disable machine account password changes** security policy setting.| | [Domain member: Maximum machine account password age](domain-member-maximum-machine-account-password-age.md) |Describes the best practices, location, values, and security considerations for the **Domain member: Maximum machine account password age** security policy setting.| |[Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Require strong (Windows 2000 or later) session key** security policy setting. | | [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting. | -| [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting.| -| [Interactive logon: Don't display username at sign-in](interactive-logon-dont-display-username-at-sign-in.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display username at sign-in** security policy setting.| -| [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.| -| [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) | Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.| -| [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)| Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine inactivity limit** security policy setting.| +| [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting.| +| [Interactive logon: Don't display username at sign-in](interactive-logon-dont-display-username-at-sign-in.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display username at sign-in** security policy setting.| +| [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.| +| [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) | Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.| +| [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)| Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine inactivity limit** security policy setting.| | [Interactive logon: Message text for users attempting to log on](interactive-logon-message-text-for-users-attempting-to-log-on.md) | Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Message text for users attempting to log on** security policy setting. | | [Interactive logon: Message title for users attempting to log on](interactive-logon-message-title-for-users-attempting-to-log-on.md)| Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Message title for users attempting to log on** security policy setting. | | [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)| Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Number of previous logons to cache (in case domain controller is not available)** security policy setting. | | [Interactive logon: Prompt user to change password before expiration](interactive-logon-prompt-user-to-change-password-before-expiration.md)| Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Prompt user to change password before expiration** security policy setting. | | [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)| Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require Domain Controller authentication to unlock workstation** security policy setting. | -| [Interactive logon: Require smart card](interactive-logon-require-smart-card.md) | Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require smart card** security policy setting.| -| [Interactive logon: Smart card removal behavior](interactive-logon-smart-card-removal-behavior.md) | Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Smart card removal behavior** security policy setting.| +| [Interactive logon: Require Windows Hello for Business or smart card](interactive-logon-require-smart-card.md) | Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require Windows Hello for Business or smart card** security policy setting.| +| [Interactive logon: Smart card removal behavior](interactive-logon-smart-card-removal-behavior.md) | Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Smart card removal behavior** security policy setting.| | [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md) | Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2. | -| [SMBv1 Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md) | Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting for SMBv1 only. | -| [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting for SMBv1 only. | | [Microsoft network client: Send unencrypted password to third-party SMB servers](microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)| Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network client: Send unencrypted password to third-party SMB servers** security policy setting. | | [Microsoft network server: Amount of idle time required before suspending session](microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network server: Amount of idle time required before suspending session** security policy setting. | | [Microsoft network server: Attempt S4U2Self to obtain claim information](microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)| Describes the best practices, location, values, management, and security considerations for the **Microsoft network server: Attempt S4U2Self to obtain claim information** security policy setting. | -| [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)| Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2.| -| [SMBv1 Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md)| Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv1 only.| -| [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)| Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting for SMBv1 only. | +| [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)| Describes the best practices, location, values, policy management, and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2.| | [Microsoft network server: Disconnect clients when logon hours expire](microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network server: Disconnect clients when logon hours expire** security policy setting. | | [Microsoft network server: Server SPN target name validation level](microsoft-network-server-server-spn-target-name-validation-level.md)| Describes the best practices, location, and values, policy management, and security considerations for the **Microsoft network server: Server SPN target name validation level** security policy setting. | -| [Network access: Allow anonymous SID/Name translation](network-access-allow-anonymous-sidname-translation.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Allow anonymous SID/Name translation** security policy setting.| +| [Network access: Allow anonymous SID/Name translation](network-access-allow-anonymous-sidname-translation.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Allow anonymous SID/Name translation** security policy setting.| | [Network access: Do not allow anonymous enumeration of SAM accounts](network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)| Describes the best practices, location, values, and security considerations for the **Network access: Do not allow anonymous enumeration of SAM accounts** security policy setting. | | [Network access: Do not allow anonymous enumeration of SAM accounts and shares](network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)| Describes the best practices, location, values, and security considerations for the **Network access: Do not allow anonymous enumeration of SAM accounts and shares** security policy setting. | | [Network access: Do not allow storage of passwords and credentials for network authentication](network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Do not allow storage of passwords and credentials for network authentication** security policy setting. | | [Network access: Let Everyone permissions apply to anonymous users](network-access-let-everyone-permissions-apply-to-anonymous-users.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Let Everyone permissions apply to anonymous users** security policy setting. | | [Network access: Named Pipes that can be accessed anonymously](network-access-named-pipes-that-can-be-accessed-anonymously.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Named Pipes that can be accessed anonymously** security policy setting. | -| [Network access: Remotely accessible registry paths](network-access-remotely-accessible-registry-paths.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Remotely accessible registry paths** security policy setting.| +| [Network access: Remotely accessible registry paths](network-access-remotely-accessible-registry-paths.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Remotely accessible registry paths** security policy setting.| | [Network access: Remotely accessible registry paths and subpaths](network-access-remotely-accessible-registry-paths-and-subpaths.md)| Describes the best practices, location, values, and security considerations for the **Network access: Remotely accessible registry paths and subpaths** security policy setting. | | [Network access: Restrict anonymous access to Named Pipes and Shares](network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Restrict anonymous access to Named Pipes and Shares** security policy setting. | | [Network access: Restrict clients allowed to make remote calls to SAM](network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting. | | [Network access: Shares that can be accessed anonymously](network-access-shares-that-can-be-accessed-anonymously.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Shares that can be accessed anonymously** security policy setting. | | [Network access: Sharing and security model for local accounts](network-access-sharing-and-security-model-for-local-accounts.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network access: Sharing and security model for local accounts** security policy setting. | | [Network security: Allow Local System to use computer identity for NTLM](network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)| Describes the location, values, policy management, and security considerations for the **Network security: Allow Local System to use computer identity for NTLM** security policy setting. | -| [Network security: Allow LocalSystem NULL session fallback](network-security-allow-localsystem-null-session-fallback.md)| Describes the best practices, location, values, and security considerations for the **Network security: Allow LocalSystem NULL session fallback** security policy setting.| +| [Network security: Allow LocalSystem NULL session fallback](network-security-allow-localsystem-null-session-fallback.md)| Describes the best practices, location, values, and security considerations for the **Network security: Allow LocalSystem NULL session fallback** security policy setting.| | [Network security: Allow PKU2U authentication requests to this computer to use online identities](network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)| Describes the best practices, location, and values for the **Network Security: Allow PKU2U authentication requests to this computer to use online identities** security policy setting. | | [Network security: Configure encryption types allowed for Kerberos Win7 only](network-security-configure-encryption-types-allowed-for-kerberos.md)| Describes the best practices, location, values, and security considerations for the **Network security: Configure encryption types allowed for Kerberos Win7 only** security policy setting. | | [Network security: Do not store LAN Manager hash value on next password change](network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network security: Do not store LAN Manager hash value on next password change** security policy setting. | | [Network security: Force logoff when logon hours expire](network-security-force-logoff-when-logon-hours-expire.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network security: Force logoff when logon hours expire** security policy setting. | -| [Network security: LAN Manager authentication level](network-security-lan-manager-authentication-level.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network security: LAN Manager authentication level** security policy setting.| +| [Network security: LAN Manager authentication level](network-security-lan-manager-authentication-level.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network security: LAN Manager authentication level** security policy setting.| | [Network security: LDAP client signing requirements](network-security-ldap-client-signing-requirements.md) | This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for this policy setting. This information applies to computers running at least the Windows Server 2008 operating system. | | [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network security: Minimum session security for NTLM SSP based (including secure RPC) clients** security policy setting. | | [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)| Describes the best practices, location, values, policy management, and security considerations for the **Network security: Minimum session security for NTLM SSP based (including secure RPC) servers** security policy setting. | @@ -116,12 +109,12 @@ For info about setting security policies, see [Configure security policy setting | [Recovery console: Allow automatic administrative logon](recovery-console-allow-automatic-administrative-logon.md)| Describes the best practices, location, values, policy management, and security considerations for the **Recovery console: Allow automatic administrative logon** security policy setting. | | [Recovery console: Allow floppy copy and access to all drives and folders](recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)| Describes the best practices, location, values, policy management, and security considerations for the **Recovery console: Allow floppy copy and access to all drives and folders** security policy setting. | | [Shutdown: Allow system to be shut down without having to lg on](shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)| Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Allow system to be shut down without having to log on** security policy setting. | -| [Shutdown: Clear virtual memory pagefile](shutdown-clear-virtual-memory-pagefile.md)| Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Clear virtual memory pagefile** security policy setting.| +| [Shutdown: Clear virtual memory pagefile](shutdown-clear-virtual-memory-pagefile.md)| Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Clear virtual memory pagefile** security policy setting.| | [System cryptography: Force strong key protection for user keys stored on the computer](system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)| Describes the best practices, location, values, policy management, and security considerations for the **System cryptography: Force strong key protection for user keys stored on the computer** security policy setting. | | [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)| This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for this policy setting. | | [System objects: Require case insensitivity for non-Windows subsystems](system-objects-require-case-insensitivity-for-non-windows-subsystems.md)| Describes the best practices, location, values, policy management, and security considerations for the **System objects: Require case insensitivity for non-Windows subsystems** security policy setting. | | [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](system-objects-strengthen-default-permissions-of-internal-system-objects.md)| Describes the best practices, location, values, policy management, and security considerations for the **System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links)** security policy setting. | -| [System settings: Optional subsystems](system-settings-optional-subsystems.md) | Describes the best practices, location, values, policy management, and security considerations for the **System settings: Optional subsystems** security policy setting.| +| [System settings: Optional subsystems](system-settings-optional-subsystems.md) | Describes the best practices, location, values, policy management, and security considerations for the **System settings: Optional subsystems** security policy setting.| | [System settings: Use certificate rules on Windows executables for Software Restriction Policies](system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)| Describes the best practices, location, values, policy management, and security considerations for the **System settings: Use certificate rules on Windows executables for Software Restriction Policies** security policy setting. | | [User Account Control: Admin Approval Mode for the Built-in Administrator account](user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)| Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Admin Approval Mode for the Built-in Administrator account** security policy setting. | | [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)| Describes the best practices, location, values, and security considerations for the **User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop** security policy setting. | @@ -133,7 +126,7 @@ For info about setting security policies, see [Configure security policy setting | [User Account Control: Run all administrators in Admin Approval Mode](user-account-control-run-all-administrators-in-admin-approval-mode.md)| Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Run all administrators in Admin Approval Mode** security policy setting. | | [User Account Control: Switch to the secure desktop when prompting for elevation](user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)| Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Switch to the secure desktop when prompting for elevation** security policy setting. | | [User Account Control: Virtualize file and registry write failures to per-user locations](user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)| Describes the best practices, location, values, policy management, and security considerations for the **User Account Control: Virtualize file and registry write failures to per-user locations** security policy setting. | - + ## Related articles - [Security policy settings reference](security-policy-settings-reference.md) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md deleted file mode 100644 index 99e2eca53e..0000000000 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Always sign SMBv1 network client communications (Windows 10) -description: Learn about best practices, security considerations and more for the security policy setting, Microsoft network client Digitally sign communications (always). -ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz -audience: ITPro -ms.topic: conceptual -ms.date: 01/04/2019 -ms.technology: itpro-security ---- - -# SMBv1 Microsoft network client: Digitally sign communications (always) - -**Applies to** -- Windows 10 - -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 isn't secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 isn't installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). - -The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md). - -## Reference - -The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. -This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted. - -Implementation of digital signatures in high-security networks helps prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security. - -If server-side SMB signing is required, a client device won't be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device won't be able to establish a session with servers that don't have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. - -If server-side SMB signing is enabled, SMB packet signing will be negotiated with client computers that have SMB signing enabled. - -[!INCLUDE [smb1-perf-note](includes/smb1-perf-note.md)] - -There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications: -- [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md) -- [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md) -- [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md) - -### Possible values - -- Enabled -- Disabled -- Not defined - -### Best practices - -1. Configure the following security policy settings as follows: - - - Disable **Microsoft network client: Digitally sign communications (always)**. - - Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). - - Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). - - Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - -2. Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems. - -### Location - -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options - -### Default values - -The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. - -| Server type or GPO | Default value | -| - | - | -| Default Domain Policy| Not defined| -| Default Domain Controller Policy | Not defined| -| Stand-Alone Server Default Settings | Disabled| -| DC Effective Default Settings | Disabled| -| Member Server Effective Default Settings | Disabled| -| Client Computer Effective Default Settings | Disabled| - -## Policy management - -This section describes features and tools that are available to help you manage this policy. - -### Restart requirement - -None. Changes to this policy become effective without a device restart when they're saved locally or distributed through Group Policy. - -## Security considerations - -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. - -### Vulnerability - -Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client computer after legitimate authentication, and gain unauthorized access to data. - -SMB is the resource-sharing protocol that is supported by many Windows operating systems. It's the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission doesn't take place. - -### Countermeasure - -Configure the settings as follows: - -- Disable **Microsoft network client: Digitally sign communications (always)**. -- Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). -- Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). -- Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - -In highly secure environments, we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems. - ->**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. - -### Potential impact - -Implementations of the SMB file and print-sharing protocol support mutual authentication. This mutual authentication prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server. - -Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure devices to ignore all unsigned SMB communications, older applications and operating systems can't connect. However, if you completely disable all SMB signing, computers are vulnerable to session-hijacking attacks. - -## Related topics - -- [Security Options](security-options.md) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md deleted file mode 100644 index b4ac13d05a..0000000000 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: SMBv1 Microsoft network client Digitally sign communications (if server agrees) (Windows 10) -description: Best practices, location, values, and security considerations for the policy setting, Microsoft network client Digitally sign communications (if server agrees). -ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz -audience: ITPro -ms.topic: conceptual -ms.date: 01/04/2019 -ms.technology: itpro-security ---- -# SMBv1 Microsoft network client: Digitally sign communications (if server agrees) - -**Applies to** -- Windows 10 - -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 isn't secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 isn't installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). - -The rest of this topic describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-always.md). - -## Reference - -The Server Message Block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted. - -Implementation of digital signatures in high-security networks helps to prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security. - -If server-side SMB signing is required, a client computer won't be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device won't be able to establish a session with servers that don't have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. - -If server-side SMB signing is enabled, SMB packet signing will be negotiated with client computers that have SMB signing enabled. - -[!INCLUDE [smb1-perf-note](includes/smb1-perf-note.md)] - -There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications: - -- [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md) -- [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md) -- [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md) - -### Possible values - -- Enabled -- Disabled -- Not defined - -### Best practices - - - Configure the following security policy settings as follows: - - - Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). - - Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). - - Enable **Microsoft Network Client: Digitally Sign Communications (If Server Agrees)**. - - Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - - - Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems. - -### Location - -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options - -### Default values - -The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. - -| Server type or GPO | Default value | -| - | - | -| Default Domain Policy| Not defined| -| Default Domain Controller Policy | Not defined| -| Stand-Alone Server Default Settings | Enabled| -| DC Effective Default Settings | Enabled| -| Member Server Effective Default Settings| Enabled| -| Client Computer Effective Default Settings | Enabled| - -## Policy management - -This section describes features and tools that are available to help you manage this policy. - -### Restart requirement - -None. Changes to this policy become effective without a device restart when they're saved locally or distributed through Group Policy. - -## Security considerations - -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. - -### Vulnerability - -Session hijacking uses tools that allow attackers who have access to the same network as the client or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so -that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client device after legitimate authentication and gain unauthorized access to data. - -SMB is the resource-sharing protocol that is supported by many Windows operating systems. It's the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission doesn't take place. - -### Countermeasure - -Configure the settings as follows: - -- Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). -- Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). -- Enable **Microsoft network client: Digitally sign communications (if server agrees)**. -- Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - -In highly secure environments, we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems. - -> [!NOTE] -> An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. - -### Potential impact - -Implementations of the SMB file and print-sharing protocol support mutual authentication. This mutual authentication prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server. - -Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure devices to ignore all unsigned SMB communications, older applications and operating systems can't connect. However, if you completely disable all SMB signing, devices are vulnerable to session-hijacking -attacks. - -## Related topics - -- [Security Options](security-options.md) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md deleted file mode 100644 index 45b7731eb7..0000000000 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: SMB v1 Microsoft network server Digitally sign communications (always) (Windows 10) -description: Best practices, security considerations, and more for the security policy setting, Microsoft network server Digitally sign communications (always). -ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8 -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz -audience: ITPro -ms.topic: conceptual -ms.date: 01/04/2019 -ms.technology: itpro-security ---- - -# SMB v1 Microsoft network server: Digitally sign communications (always) - -**Applies to** -- Windows 10 - -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 isn't secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMB v1 isn't installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). - -The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. Fore more information, see [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md). - -## Reference - -The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. -This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted. - -Implementation of digital signatures in high-security networks helps to prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security. - -For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). Devices that have this policy set won't be able to communicate with devices that don't have server-side packet signing enabled. By default, server-side packet signing is enabled only on domain controllers. Server-side packet signing can be enabled on devices by setting [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - -If server-side SMB signing is required, a client device won't be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device won't be able to establish a session with servers that don't have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. - -If server-side SMB signing is enabled, SMB packet signing will be negotiated with client devices that have SMB signing enabled. - -[!INCLUDE [smb1-perf-note](includes/smb1-perf-note.md)] - -There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications: - -- [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md) -- [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md) -- [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md) - -### Possible values - -- Enabled -- Disabled -- Not defined - -### Best practices - -1. Configure the following security policy settings as follows: - - - Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). - - Disable **Microsoft network server: Digitally sign communications (always)**. - - Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). - - Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - -2. Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems. - -### Location - -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options - -### Default values - -The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. - -| Server type or GPO | Default value | -| - | - | -| Default Domain Policy| Not defined| -| Default Domain Controller Policy | Enabled| -| Stand-Alone Server Default Settings | Not defined| -| DC Effective Default Settings | Enabled| -| Member Server Effective Default Settings| Not defined| -| Client Computer Effective Default Settings | Disabled| - -## Policy management - -This section describes features and tools that are available to help you manage this policy. - -### Restart requirement - -None. Changes to this policy become effective without a device restart when they're saved locally or distributed through Group Policy. - -## Security considerations - -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. - -### Vulnerability - -Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client device after legitimate authentication and gain unauthorized access to data. - -SMB is the resource-sharing protocol that is supported by many Windows operating systems. It's the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission doesn't take place. - -### Countermeasure - -Configure the settings as follows: - -- Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). -- Disable **Microsoft network server: Digitally sign communications (always)**. -- Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). -- Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). - -In highly secure environments, we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems. - ->**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. - -### Potential impact - -Implementations of the SMB file and print-sharing protocol support mutual authentication. This mutual authentication prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server. - -Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure computers to ignore all unsigned SMB communications, older applications and operating systems can't connect. However, if you completely disable all SMB signing, devices are vulnerable to session-hijacking attacks. - -## Related topics - -- [Security Options](security-options.md) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md deleted file mode 100644 index cf2feb9753..0000000000 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: SMBv1 Microsoft network server Digitally sign communications (if client agrees) (Windows 10) -description: Best practices, security considerations and more for the security policy setting, Microsoft network server Digitally sign communications (if client agrees). -ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1 -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz -audience: ITPro -ms.topic: conceptual -ms.date: 01/04/2019 -ms.technology: itpro-security ---- - -# SMBv1 Microsoft network server: Digitally sign communications (if client agrees) - -**Applies to** -- Windows 10 - -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 isn't secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 isn't installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). - -The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-always.md). - -## Reference - -The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. -This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted. - -Implementation of digital signatures in high-security networks helps to prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security. - -If server-side SMB signing is required, a client device won't be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device won't be able to establish a session with servers that don't have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. - -If server-side SMB signing is enabled, SMB packet signing will be negotiated with client computers that have SMB signing enabled. - -[!INCLUDE [smb1-perf-note](includes/smb1-perf-note.md)] - -There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications: - -- [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md) -- [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md) -- [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md) - -### Possible values - -- Enabled -- Disabled -- Not defined - -### Best practices - -1. Configure the following security policy settings as follows: - - - Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). - - Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). - - Enable [Microsoft Network Client: Digitally Sign Communications (If Server Agrees)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). - - Enable **Microsoft Network Server: Digitally Sign Communications (If Client Agrees)**. - -2. Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems. - -### Location - -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options - -### Default values - -The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. - - -| Server type or GPO Default value | -|--------------------------------------------| -| Default Domain Policy | -| Default Domain Controller Policy | -| Stand-Alone Server Default Settings | -| DC Effective Default Settings | -| Member Server Effective Default Settings | -| Client Computer Effective Default Settings | - -## Policy management - -This section describes features and tools that are available to help you manage this policy. - -### Restart requirement - -None. Changes to this policy become effective without a computer restart when they're saved locally or distributed through Group Policy. - -## Security considerations - -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. - -### Vulnerability - -Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client computer after legitimate authentication and gain unauthorized access to data. - -SMB is the resource-sharing protocol that is supported by many Windows operating systems. It's the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission doesn't take place. - -### Countermeasure - -Configure the settings as follows: - -- Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). -- Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). -- Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). -- Enable **Microsoft network server: Digitally sign communications (if client agrees)**. - -In highly secure environments, we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems. - ->**Note:** An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. - -### Potential impact - -SMB file and print-sharing protocol support mutual authentication. This mutual authentication prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server. - -Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure computers to ignore all unsigned SMB communications, older applications and operating systems can't connect. However, if you completely disable all SMB signing, computers are vulnerable to session-hijacking attacks. - -## Related topics - -- [Security Options](security-options.md) From 815d80d6c0896686655c4cb2982be2c3cd08443a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 13 Jan 2023 17:45:56 -0800 Subject: [PATCH 135/142] fix build warning --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index fba69a731f..288fc7b572 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -746,7 +746,7 @@ "redirect_document_id": false }, { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md", + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md", "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, From f1f5c550f2b30ba73be403fd838afb387de13321 Mon Sep 17 00:00:00 2001 From: Office Content Publishing <34616516+officedocspr@users.noreply.github.com> Date: Sat, 14 Jan 2023 23:32:18 -0800 Subject: [PATCH 136/142] Uploaded file: education-content-updates.md - 2023-01-14 23:32:17.9897 --- .../includes/education-content-updates.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 education/includes/education-content-updates.md diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md new file mode 100644 index 0000000000..f3861da706 --- /dev/null +++ b/education/includes/education-content-updates.md @@ -0,0 +1,26 @@ + + + + +## Week of January 09, 2023 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 1/12/2023 | [Configure federation between Google Workspace and Azure AD](/education/windows/configure-aad-google-trust) | added | + + +## Week of December 19, 2022 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 12/22/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified | + + +## Week of December 12, 2022 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 12/13/2022 | [Configure Stickers for Windows 11 SE](/education/windows/edu-stickers) | modified | From 993f74f999b0cf57edc0d376c757993918e7ad0e Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 16 Jan 2023 12:37:38 -0800 Subject: [PATCH 137/142] Renamed update rings to deployment rings for consistency. --- .../operate/windows-autopatch-maintain-environment.md | 2 +- .../windows-autopatch-microsoft-365-apps-enterprise.md | 2 +- .../operate/windows-autopatch-update-management.md | 4 ++-- .../operate/windows-autopatch-wqu-overview.md | 2 +- .../windows-autopatch/overview/windows-autopatch-faq.yml | 4 ++-- .../windows-autopatch/overview/windows-autopatch-overview.md | 2 +- .../prepare/windows-autopatch-enroll-tenant.md | 2 +- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 4 ++-- .../references/windows-autopatch-changes-to-tenant.md | 2 +- .../references/windows-autopatch-wqu-unsupported-policies.md | 2 +- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md index c5a7514fc4..aa13524ff2 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md @@ -26,7 +26,7 @@ After you've completed enrollment in Windows Autopatch, some management settings | Setting | Description | | ----- | ----- | -| Update rings for Windows 10 or later | For any update rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign update rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).

Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:

  • Modern Workplace Update Policy [Broad]-[Windows Autopatch]
  • Modern Workplace Update Policy [Fast]-[Windows Autopatch]
  • Modern Workplace Update Policy [First]-[Windows Autopatch]
  • Modern Workplace Update Policy [Test]-[Windows Autopatch]

When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.

**To resolve the Not ready result:**

After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

**To resolve the Advisory result:**

  1. Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
  2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

| +| Deployment rings for Windows 10 or later | For any deployment rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign deployment rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).

Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:

  • Modern Workplace Update Policy [Broad]-[Windows Autopatch]
  • Modern Workplace Update Policy [Fast]-[Windows Autopatch]
  • Modern Workplace Update Policy [First]-[Windows Autopatch]
  • Modern Workplace Update Policy [Test]-[Windows Autopatch]

When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.

**To resolve the Not ready result:**

After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

**To resolve the Advisory result:**

  1. Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.
  2. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).

For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).

| ## Windows Autopatch configurations diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 3089035470..ebe7cda8b7 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -34,7 +34,7 @@ All devices registered for Windows Autopatch will receive updates from the [Mont Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update has been downloaded, there's a seven day [update deadline](/deployoffice/configure-update-settings-microsoft-365-apps) that specifies how long the user has until the user must apply the update. -## Update rings +## Deployment rings Since the Office CDN determines when devices are offered updates, Windows Autopatch doesn't use rings to control the rollout of these updates. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md index 549d7d5bba..81dd91dbd5 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md @@ -20,8 +20,8 @@ Keeping your devices up to date is a balance of speed and stability. Windows Aut | Software update workload | Description | | ----- | ----- | -| Windows quality update | Windows Autopatch uses four update rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-wqu-overview.md). | -| Windows feature update | Windows Autopatch uses four update rings to manage Windows feature updates. For more detailed information, see [Windows feature updates](windows-autopatch-fu-overview.md). +| Windows quality update | Windows Autopatch uses four deployment rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-wqu-overview.md). | +| Windows feature update | Windows Autopatch uses four deployment rings to manage Windows feature updates. For more detailed information, see [Windows feature updates](windows-autopatch-fu-overview.md). | Anti-virus definition | Updated with each scan. | | Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). | | Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). | diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md index 2dbf3db0a5..fcf007a516 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md @@ -48,7 +48,7 @@ To release updates to devices in a gradual manner, Windows Autopatch deploys a s > [!IMPORTANT] > Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will cause a device to be considered ineligible for management, it will still receive policies from Windows Autopatch that are not in conflict, but may not function as designed. These devices will be marked as ineligible in our device reporting and will not count towards our [service level objective](#service-level-objective). -Windows Autopatch configures these policies differently across update rings to gradually release the update to devices in your estate. Devices in the Test ring receive changes first and devices in the Broad ring receive changes last. For more information, see [Windows Autopatch deployment rings](../operate/windows-autopatch-update-management.md#windows-autopatch-deployment-rings). +Windows Autopatch configures these policies differently across deployment rings to gradually release the update to devices in your estate. Devices in the Test ring receive changes first and devices in the Broad ring receive changes last. For more information, see [Windows Autopatch deployment rings](../operate/windows-autopatch-update-management.md#windows-autopatch-deployment-rings). :::image type="content" source="../media/release-process-timeline.png" alt-text="Release process timeline" lightbox="../media/release-process-timeline.png"::: diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index fdb9b1f891..e51bf1f82a 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -81,8 +81,8 @@ sections: questions: - question: What systems does Windows Autopatch update? answer: | - - Windows 10/11 quality updates: Windows Autopatch manages all aspects of update rings. - - Windows 10/11 feature updates: Windows Autopatch manages all aspects of update rings. + - Windows 10/11 quality updates: Windows Autopatch manages all aspects of deployment rings. + - Windows 10/11 feature updates: Windows Autopatch manages all aspects of deployment rings. - Microsoft 365 Apps for enterprise updates: All devices registered for Windows Autopatch will receive updates from the Monthly Enterprise Channel. - Microsoft Edge: Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel and will provide support for issues with Microsoft Edge updates. - Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates. diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index 88cdfa1b6b..8ed02530ce 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -27,7 +27,7 @@ Rather than maintaining complex digital infrastructure, businesses want to focus - **Optimize your IT admin resources**: By automating routine endpoint updates, IT pros have more time to create value. - **On-premises infrastructure**: Transitioning to the world of software as a service (SaaS) allows you to minimize your investment in on-premises hardware since updates are delivered from the cloud. - **Onboard new services**: Windows Autopatch is scoped to make it easy to enroll and minimizes the time investment from your IT Admins to get started. -- **Minimize end user disruption**: By releasing in sequential update rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized. +- **Minimize end user disruption**: By releasing in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized. Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge or Teams. By crafting careful rollout sequences and communicating with you throughout the release, your IT Admins can focus on other activities and tasks. diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md index 2dfa7a8912..b091a73a97 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md @@ -51,7 +51,7 @@ The following are the Microsoft Intune settings: | Check | Description | | ----- | ----- | -| Update rings for Windows 10 or later | Verifies that Intune's Update rings for Windows 10 or later policy doesn't target all users or all devices. Policies of this type shouldn't target any Windows Autopatch devices. For more information, see [Configure update rings for Windows 10 and later in Intune](/mem/intune/protect/windows-10-update-rings). | +| Deployment rings for Windows 10 or later | Verifies that Intune's deployment rings for Windows 10 or later policy doesn't target all users or all devices. Policies of this type shouldn't target any Windows Autopatch devices. For more information, see [Configure deployment rings for Windows 10 and later in Intune](/mem/intune/protect/windows-10-update-rings). | | Unlicensed admin | Verifies that this setting is enabled to avoid a "lack of permissions" error when we interact with your Azure Active Directory (AD) organization. For more information, see [Unlicensed admins in Microsoft Intune](/mem/intune/fundamentals/unlicensed-admins). | ### Azure Active Directory settings diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index 891576dd03..8e9d0f1a63 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -45,9 +45,9 @@ This setting must be turned on to avoid a "lack of permissions" error when we in | ----- | ----- | | Not ready | Allow access to unlicensed admins should be turned on. Without this setting enabled, errors can occur when we try to access your Azure AD organization for service. You can safely enable this setting without worrying about security implications. The scope of access is defined by the roles assigned to users, including our operations staff.

For more information, see [Unlicensed admins](/mem/intune/fundamentals/unlicensed-admins). | -### Update rings for Windows 10 or later +### Deployment rings for Windows 10 or later -Your "Windows 10 update ring" policy in Intune must not target any Windows Autopatch devices. +Your "Windows 10 deployment ring" policy in Intune must not target any Windows Autopatch devices. | Result | Meaning | | ----- | ----- | diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md index ce916ff862..10fa706030 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md @@ -64,7 +64,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to | Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices.

Assigned to:

  • Modern Workplace Devices-Windows Autopatch-Test
  • Modern Workplace Devices-Windows Autopatch-First
  • Modern Workplace Devices-Windows Autopatch-Fast
  • Modern Workplace Devices-Windows Autopatch-Broad
|
  1. [Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)
  2. [Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)
  3. [Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
  4. [Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)
  5. [Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)
  6. [Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)
|
  1. Enable telemetry change notifications
  2. Enable Telemetry opt-in Settings
  3. Full
  4. Enabled
  5. Enabled
  6. Enabled
| | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency

Assigned to:

  • Modern Workplace Devices-Windows Autopatch-Test
  • Modern Workplace Devices-Windows Autopatch-First
  • Modern Workplace Devices-Windows Autopatch-Fast
  • Modern Workplace Devices-Windows Autopatch-Broad
| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 | -## Update rings for Windows 10 and later +## Deployment rings for Windows 10 and later - Modern Workplace Update Policy [Test]-[Windows Autopatch] - Modern Workplace Update Policy [First]-[Windows Autopatch] diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md index 1c19a4bac4..feb85e282f 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md @@ -14,7 +14,7 @@ msreviewer: adnich # Windows update policies -## Update rings for Windows 10 and later +## Deployment rings for Windows 10 and later The following policies contain settings which apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention: From e069dfe47cb25f8ab485edeee4e63e3e6df9d5fb Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Tue, 17 Jan 2023 10:43:35 -0600 Subject: [PATCH 138/142] Update windows-autopatch-wqu-unsupported-policies.md Acro: behaviour -> behavior --- .../references/windows-autopatch-wqu-unsupported-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md index feb85e282f..09842260a5 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md @@ -36,7 +36,7 @@ The following policies contain settings which apply to both Windows quality and | Setting name | Test | First | Fast | Broad | | ----- | ----- | ----- | ----- | ----- | -| Automatic update behaviour | Reset to default | Reset to default | Reset to default | Reset to default | +| Automatic update behavior | Reset to default | Reset to default | Reset to default | Reset to default | | Restart checks | Allow | Allow | Allow | Allow | | Option to pause updates | Disable | Disable | Disable | Disable | | Option to check for Windows updates | Default | Default | Default | Default | From 052e417f330b7f2e84a1caedee166672b365e849 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Jan 2023 10:24:38 -0800 Subject: [PATCH 139/142] bulk metadata update --- windows/deployment/update/PSFxWhitepaper.md | 8 +++----- windows/deployment/update/WIP4Biz-intro.md | 8 +++----- windows/deployment/update/create-deployment-plan.md | 6 +++--- windows/deployment/update/deploy-updates-configmgr.md | 3 +-- windows/deployment/update/deploy-updates-intune.md | 7 +++---- windows/deployment/update/deployment-service-overview.md | 8 +++----- .../deployment/update/deployment-service-troubleshoot.md | 8 +++----- windows/deployment/update/eval-infra-tools.md | 6 +++--- windows/deployment/update/feature-update-user-install.md | 8 +++----- windows/deployment/update/fod-and-lang-packs.md | 8 +++----- .../update/get-started-updates-channels-tools.md | 6 +++--- windows/deployment/update/how-windows-update-works.md | 7 +++---- windows/deployment/update/index.md | 6 +++--- windows/deployment/update/media-dynamic-update.md | 7 ++++--- .../update/olympia/olympia-enrollment-guidelines.md | 1 - windows/deployment/update/optional-content.md | 6 +++--- windows/deployment/update/plan-define-readiness.md | 6 +++--- windows/deployment/update/plan-define-strategy.md | 6 +++--- .../deployment/update/plan-determine-app-readiness.md | 6 +++--- windows/deployment/update/prepare-deploy-windows.md | 7 +++---- windows/deployment/update/quality-updates.md | 7 +++---- windows/deployment/update/safeguard-holds.md | 6 +++--- windows/deployment/update/safeguard-opt-out.md | 6 +++--- windows/deployment/update/servicing-stack-updates.md | 7 +++---- windows/deployment/update/update-baseline.md | 6 +++--- .../update/update-compliance-configuration-manual.md | 3 +-- .../update/update-compliance-configuration-mem.md | 3 +-- .../update/update-compliance-configuration-script.md | 3 +-- .../update/update-compliance-delivery-optimization.md | 4 +--- .../update/update-compliance-feature-update-status.md | 4 +--- .../deployment/update/update-compliance-get-started.md | 2 +- windows/deployment/update/update-compliance-monitor.md | 4 +--- .../update/update-compliance-need-attention.md | 2 +- windows/deployment/update/update-compliance-privacy.md | 3 +-- .../update/update-compliance-safeguard-holds.md | 4 +--- .../update-compliance-schema-waasdeploymentstatus.md | 3 +-- .../update/update-compliance-schema-waasinsiderstatus.md | 3 +-- .../update/update-compliance-schema-waasupdatestatus.md | 3 +-- .../update-compliance-schema-wudoaggregatedstatus.md | 3 +-- .../update/update-compliance-schema-wudostatus.md | 3 +-- windows/deployment/update/update-compliance-schema.md | 3 +-- .../update/update-compliance-security-update-status.md | 4 +--- windows/deployment/update/update-compliance-using.md | 4 +--- windows/deployment/update/update-policies.md | 7 +++---- windows/deployment/update/waas-branchcache.md | 8 +++----- windows/deployment/update/waas-configure-wufb.md | 6 +++--- windows/deployment/update/waas-integrate-wufb.md | 6 +++--- windows/deployment/update/waas-manage-updates-wsus.md | 6 +++--- windows/deployment/update/waas-manage-updates-wufb.md | 7 +++---- windows/deployment/update/waas-morenews.md | 7 +++---- windows/deployment/update/waas-overview.md | 6 +++--- windows/deployment/update/waas-quick-start.md | 6 +++--- windows/deployment/update/waas-restart.md | 8 +++----- .../update/waas-servicing-channels-windows-10-updates.md | 9 +++------ .../update/waas-servicing-strategy-windows-10-updates.md | 7 +++---- windows/deployment/update/waas-wufb-csp-mdm.md | 7 +++---- windows/deployment/update/waas-wufb-group-policy.md | 6 +++--- windows/deployment/update/windows-as-a-service.md | 7 +++---- .../deployment/update/windows-update-error-reference.md | 7 +++---- windows/deployment/update/windows-update-logs.md | 7 +++---- windows/deployment/update/windows-update-overview.md | 6 +++--- windows/deployment/update/windows-update-security.md | 1 - windows/deployment/update/wufb-compliancedeadlines.md | 8 +++----- windows/deployment/update/wufb-reports-admin-center.md | 2 +- .../update/wufb-reports-configuration-intune.md | 1 - .../update/wufb-reports-configuration-manual.md | 3 +-- .../update/wufb-reports-configuration-script.md | 3 +-- windows/deployment/update/wufb-reports-enable.md | 3 +-- windows/deployment/update/wufb-reports-help.md | 3 +-- windows/deployment/update/wufb-reports-overview.md | 3 +-- windows/deployment/update/wufb-reports-prerequisites.md | 3 +-- .../deployment/update/wufb-reports-schema-ucclient.md | 3 +-- .../wufb-reports-schema-ucclientreadinessstatus.md | 3 +-- .../update/wufb-reports-schema-ucclientupdatestatus.md | 3 +-- .../update/wufb-reports-schema-ucdevicealert.md | 3 +-- .../update/wufb-reports-schema-ucdoaggregatedstatus.md | 7 ++++--- .../deployment/update/wufb-reports-schema-ucdostatus.md | 7 ++++--- .../update/wufb-reports-schema-ucserviceupdatestatus.md | 3 +-- .../update/wufb-reports-schema-ucupdatealert.md | 3 +-- windows/deployment/update/wufb-reports-schema.md | 3 +-- windows/deployment/update/wufb-reports-use.md | 3 +-- windows/deployment/update/wufb-reports-workbook.md | 3 +-- windows/deployment/update/wufb-wsus.md | 6 +++--- 83 files changed, 173 insertions(+), 245 deletions(-) diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md index 0e62430e64..a0f9346acc 100644 --- a/windows/deployment/update/PSFxWhitepaper.md +++ b/windows/deployment/update/PSFxWhitepaper.md @@ -2,13 +2,11 @@ title: Windows Updates using forward and reverse differentials description: A technique to produce compact software updates optimized for any origin and destination revision pair ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index 9671062faf..15954efa93 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -1,12 +1,10 @@ --- title: Introduction to the Windows Insider Program for Business description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join. -ms.custom: seo-marvel-apr2020 ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby -ms.reviewer: +author: mestew +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md index 9db3fb6b10..bc649af09d 100644 --- a/windows/deployment/update/create-deployment-plan.md +++ b/windows/deployment/update/create-deployment-plan.md @@ -2,10 +2,10 @@ title: Create a deployment plan description: Devise the number of deployment rings you need and how you want to populate them ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md index e15dae5bcc..3a6115792f 100644 --- a/windows/deployment/update/deploy-updates-configmgr.md +++ b/windows/deployment/update/deploy-updates-configmgr.md @@ -5,8 +5,7 @@ ms.prod: windows-client author: mestew ms.localizationpriority: medium ms.author: mstewart -ms.reviewer: -manager: dougeby +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md index f81e158e4b..d30f45fc12 100644 --- a/windows/deployment/update/deploy-updates-intune.md +++ b/windows/deployment/update/deploy-updates-intune.md @@ -2,11 +2,10 @@ title: Deploy updates with Intune description: Deploy Windows client updates with Intune ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.collection: diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index b04b472ad9..3d655149d9 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -1,13 +1,11 @@ --- title: Windows Update for Business deployment service description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates -ms.custom: seo-marvel-apr2020 ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md index 8d974c72fe..f584bbae71 100644 --- a/windows/deployment/update/deployment-service-troubleshoot.md +++ b/windows/deployment/update/deployment-service-troubleshoot.md @@ -1,13 +1,11 @@ --- title: Troubleshoot the Windows Update for Business deployment service description: Solutions to common problems with the service -ms.custom: seo-marvel-apr2020 ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 29557c5e99..14e8129982 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -2,9 +2,9 @@ title: Evaluate infrastructure and tools description: Steps to make sure your infrastructure is ready to deploy updates ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.localizationpriority: medium ms.topic: article ms.technology: itpro-updates diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md index 019f4f5331..1385930bef 100644 --- a/windows/deployment/update/feature-update-user-install.md +++ b/windows/deployment/update/feature-update-user-install.md @@ -2,14 +2,12 @@ title: Best practices - deploy feature updates for user-initiated installations description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz +ms.author: mstewart ms.date: 07/10/2018 -ms.reviewer: -manager: dougeby +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index 3d51115d70..2978105443 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -2,14 +2,12 @@ title: Make FoD and language packs available for WSUS/Configuration Manager description: Learn how to make FoD and language packs available when you're using WSUS/Configuration Manager. ms.prod: windows-client -ms.author: aaroncz -author: aczechowski +ms.author: mstewart +author: mestew ms.localizationpriority: medium ms.date: 03/13/2019 -ms.reviewer: -manager: dougeby +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates --- # How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md index 777e52fd68..0ed7fc519a 100644 --- a/windows/deployment/update/get-started-updates-channels-tools.md +++ b/windows/deployment/update/get-started-updates-channels-tools.md @@ -2,10 +2,10 @@ title: Windows client updates, channels, and tools description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 4a82f9dda6..907f34dd28 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -2,12 +2,11 @@ title: How Windows Update works description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md index a9e7a9592a..98552e3194 100644 --- a/windows/deployment/update/index.md +++ b/windows/deployment/update/index.md @@ -2,10 +2,10 @@ title: Update Windows client in enterprise deployments description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client. ms.prod: windows-client -author: aczechowski -manager: dougeby +author: mestew +manager: aaroncz ms.localizationpriority: high -ms.author: aaroncz +ms.author: mstewart ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 83136ce4d4..a6e318fc46 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -2,13 +2,14 @@ title: Update Windows installation media with Dynamic Update description: Learn how to deploy feature updates to your mission critical devices ms.prod: windows-client -author: SteveDiAcetis +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 +ms.reviewer: SteveDiAcetis --- # Update Windows installation media with Dynamic Update diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index d9091e373e..06c5076a73 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -5,7 +5,6 @@ ms.author: lizlong ms.topic: article ms.prod: windows-client author: lizgt2000 -ms.reviewer: manager: aaroncz ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md index b362518be7..ee5da0bb30 100644 --- a/windows/deployment/update/optional-content.md +++ b/windows/deployment/update/optional-content.md @@ -2,10 +2,10 @@ title: Migrating and acquiring optional Windows content description: Keep language resources and Features on Demand during operating system updates ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md index e3399f0279..cf56100362 100644 --- a/windows/deployment/update/plan-define-readiness.md +++ b/windows/deployment/update/plan-define-readiness.md @@ -2,9 +2,9 @@ title: Define readiness criteria description: Identify important roles and figure out how to classify apps ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.localizationpriority: medium ms.topic: article ms.technology: itpro-updates diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md index 32d063dab3..bc225337f8 100644 --- a/windows/deployment/update/plan-define-strategy.md +++ b/windows/deployment/update/plan-define-strategy.md @@ -2,10 +2,10 @@ title: Define update strategy description: Two examples of a calendar-based approach to consistent update installation ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md index 8d7abb8429..4d7cf5c662 100644 --- a/windows/deployment/update/plan-determine-app-readiness.md +++ b/windows/deployment/update/plan-determine-app-readiness.md @@ -1,12 +1,12 @@ --- title: Determine application readiness -manager: dougeby +manager: aaroncz description: How to test your apps to know which need attention prior to deploying an update ms.prod: windows-client ms.localizationpriority: medium ms.topic: article -ms.author: aaroncz -author: aczechowski +ms.author: mstewart +author: mestew ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md index e88bc01c45..7d787fbeda 100644 --- a/windows/deployment/update/prepare-deploy-windows.md +++ b/windows/deployment/update/prepare-deploy-windows.md @@ -2,11 +2,10 @@ title: Prepare to deploy Windows description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md index 2f3003eef4..4597ce3369 100644 --- a/windows/deployment/update/quality-updates.md +++ b/windows/deployment/update/quality-updates.md @@ -2,11 +2,10 @@ title: Monthly quality updates (Windows 10/11) description: Learn about Windows monthly quality updates to stay productive and protected. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md index 7287acbcc1..7d3d501e00 100644 --- a/windows/deployment/update/safeguard-holds.md +++ b/windows/deployment/update/safeguard-holds.md @@ -2,10 +2,10 @@ title: Safeguard holds description: What are safeguard holds, how can you tell if one is in effect, and what to do about it ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.collection: diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md index d5e7feb5f0..96b29c913a 100644 --- a/windows/deployment/update/safeguard-opt-out.md +++ b/windows/deployment/update/safeguard-opt-out.md @@ -2,10 +2,10 @@ title: Opt out of safeguard holds description: Steps to install an update even it if has a safeguard hold applied ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index f7d7f2d1b8..a74559df0f 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -2,14 +2,13 @@ title: Servicing stack updates description: In this article, learn how servicing stack updates improve the code that installs the other updates. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: high -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.collection: - highpri ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md index e860aa2cbb..9173c21e30 100644 --- a/windows/deployment/update/update-baseline.md +++ b/windows/deployment/update/update-baseline.md @@ -2,10 +2,10 @@ title: Update Baseline description: Use an update baseline to optimize user experience and meet monthly update goals ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index 56aabc0f35..2cd4b2f59a 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -1,7 +1,6 @@ --- title: Manually configuring devices for Update Compliance -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Manually configuring devices for Update Compliance ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index 2a40c16a2a..14c94f5341 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -1,7 +1,6 @@ --- title: Configuring Microsoft Intune devices for Update Compliance -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Configuring devices that are enrolled in Intune for Update Compliance ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index bcae3d1cce..2d8e1183db 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -1,7 +1,6 @@ --- title: Update Compliance Configuration Script -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Downloading and using the Update Compliance Configuration Script ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index d4189f5d1b..37aad4dc7a 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -1,14 +1,12 @@ --- title: Delivery Optimization in Update Compliance -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration. ms.prod: windows-client author: mestew ms.author: mstewart ms.localizationpriority: medium ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md index 6144ffaf3a..51a728c4c8 100644 --- a/windows/deployment/update/update-compliance-feature-update-status.md +++ b/windows/deployment/update/update-compliance-feature-update-status.md @@ -1,13 +1,11 @@ --- title: Update Compliance - Feature Update Status report -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices. ms.prod: windows-client author: mestew ms.author: mstewart ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 1b4b422507..693f8b440d 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -1,6 +1,6 @@ --- title: Get started with Update Compliance -manager: aczechowski +manager: aaroncz description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 4e34f7828b..323cc9207e 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -1,14 +1,12 @@ --- title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance -ms.reviewer: -manager: aczechowski +manager: aaroncz description: You can use Update Compliance in Azure portal to monitor the progress of updates and key anti-malware protection features on devices in your network. ms.prod: windows-client author: mestew ms.author: mstewart ms.localizationpriority: medium ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md index 7ac31b890b..2dcb66b2bf 100644 --- a/windows/deployment/update/update-compliance-need-attention.md +++ b/windows/deployment/update/update-compliance-need-attention.md @@ -1,6 +1,6 @@ --- title: Update Compliance - Need Attention! report -manager: aczechowski +manager: aaroncz description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. author: mestew ms.author: mstewart diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md index 068ccd2f9a..72b284c0c6 100644 --- a/windows/deployment/update/update-compliance-privacy.md +++ b/windows/deployment/update/update-compliance-privacy.md @@ -1,7 +1,6 @@ --- title: Privacy in Update Compliance -ms.reviewer: -manager: aczechowski +manager: aaroncz description: an overview of the Feature Update Status report ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md index 9974fa5753..071e0da12f 100644 --- a/windows/deployment/update/update-compliance-safeguard-holds.md +++ b/windows/deployment/update/update-compliance-safeguard-holds.md @@ -1,13 +1,11 @@ --- title: Update Compliance - Safeguard Holds report -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Learn how the Safeguard Holds report provides information about safeguard holds in your population. ms.prod: windows-client author: mestew ms.author: mstewart ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md index 62ba2be862..125d1a6de3 100644 --- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md @@ -1,7 +1,6 @@ --- title: Update Compliance Schema - WaaSDeploymentStatus -ms.reviewer: -manager: aczechowski +manager: aaroncz description: WaaSDeploymentStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md index b159c82ad4..9e8a73b355 100644 --- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md +++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md @@ -1,7 +1,6 @@ --- title: Update Compliance Schema - WaaSInsiderStatus -ms.reviewer: -manager: aczechowski +manager: aaroncz description: WaaSInsiderStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md index 762486f62f..3a83aad3f6 100644 --- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md +++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md @@ -1,7 +1,6 @@ --- title: Update Compliance Schema - WaaSUpdateStatus -ms.reviewer: -manager: aczechowski +manager: aaroncz description: WaaSUpdateStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md index 066c38fee1..a16ae4d5a3 100644 --- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md +++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md @@ -1,7 +1,6 @@ --- title: Update Compliance Schema - WUDOAggregatedStatus -ms.reviewer: -manager: aczechowski +manager: aaroncz description: WUDOAggregatedStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md index 769508bbff..60ae8e5991 100644 --- a/windows/deployment/update/update-compliance-schema-wudostatus.md +++ b/windows/deployment/update/update-compliance-schema-wudostatus.md @@ -1,7 +1,6 @@ --- title: Update Compliance Schema - WUDOStatus -ms.reviewer: -manager: aczechowski +manager: aaroncz description: WUDOStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md index 9f3340f361..5c760ad6d0 100644 --- a/windows/deployment/update/update-compliance-schema.md +++ b/windows/deployment/update/update-compliance-schema.md @@ -1,7 +1,6 @@ --- title: Update Compliance Data Schema -ms.reviewer: -manager: aczechowski +manager: aaroncz description: an overview of Update Compliance data schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md index e20fd18105..829e562eba 100644 --- a/windows/deployment/update/update-compliance-security-update-status.md +++ b/windows/deployment/update/update-compliance-security-update-status.md @@ -1,13 +1,11 @@ --- title: Update Compliance - Security Update Status report -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Learn how the Security Update Status section provides information about security updates across all devices. ms.prod: windows-client author: mestew ms.author: mstewart ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 6dbb018e21..a8eb872ebf 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -1,14 +1,12 @@ --- title: Using Update Compliance -ms.reviewer: -manager: aczechowski +manager: aaroncz description: Learn how to use Update Compliance to monitor your device's Windows updates. ms.prod: windows-client author: mestew ms.author: mstewart ms.localizationpriority: medium ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 7b93908dff..1eb791b4fd 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -1,11 +1,10 @@ --- title: Policies for update compliance, activity, and user experience -ms.reviewer: description: Explanation and recommendations for settings ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.localizationpriority: medium ms.topic: article ms.technology: itpro-updates diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index a0ce1d97fe..1329d93a6b 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -2,13 +2,11 @@ title: Configure BranchCache for Windows client updates description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 0dec620c52..a3f6cdf2a8 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -1,11 +1,11 @@ --- title: Configure Windows Update for Business -manager: dougeby +manager: aaroncz description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz +ms.author: mstewart ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 2cfbaa9a5d..007f114627 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -2,10 +2,10 @@ title: Integrate Windows Update for Business description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 504427dbce..1257d066aa 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -2,10 +2,10 @@ title: Deploy Windows client updates using Windows Server Update Services description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.collection: highpri ms.technology: itpro-updates diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index 9adb25acae..dfe5a33f26 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -1,13 +1,12 @@ --- title: Windows Update for Business -manager: dougeby +manager: aaroncz description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz +ms.author: mstewart ms.topic: article -ms.custom: seo-marvel-apr2020 ms.collection: highpri ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index caa224c51d..84840a0222 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -4,10 +4,9 @@ description: The latest news for Windows as a service with resources to help you ms.prod: windows-client ms.topic: article ms.manager: elizapo -author: aczechowski -ms.author: aaroncz -ms.reviewer: -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.localizationpriority: high ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index a254a031ee..dd9bc872b4 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -2,10 +2,10 @@ title: Overview of Windows as a service description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.collection: highpri ms.technology: itpro-updates diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 73aa593ccf..825676e789 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -2,10 +2,10 @@ title: Quick guide to Windows as a service (Windows 10) description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: high -ms.author: aaroncz -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 83911247af..4ff1d88197 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -2,13 +2,11 @@ title: Manage device restarts after updates (Windows 10) description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows 10 update is installed. ms.prod: windows-client -author: carmenf +author: mestew ms.localizationpriority: medium -ms.author: carmenf -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: - - seo-marvel-apr2020 ms.collection: highpri date: 09/22/2022 ms.technology: itpro-updates diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 150ffc53ab..1b6ef429f8 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -2,14 +2,11 @@ title: Assign devices to servicing channels for Windows client updates description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: - - seo-marvel-apr2020 ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 08636638a2..278ccbed60 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -2,11 +2,10 @@ title: Prepare a servicing strategy for Windows client updates description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md index fb55c40664..1d1bbb1115 100644 --- a/windows/deployment/update/waas-wufb-csp-mdm.md +++ b/windows/deployment/update/waas-wufb-csp-mdm.md @@ -2,11 +2,10 @@ title: Configure Windows Update for Business by using CSPs and MDM description: Walk-through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index fc123bcbb6..286ed2119c 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -2,12 +2,12 @@ title: Configure Windows Update for Business via Group Policy description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy. ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz +ms.author: mstewart ms.collection: - highpri -manager: dougeby +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index 4781231061..9ce2940f5d 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -3,11 +3,10 @@ title: Windows as a service ms.prod: windows-client ms.topic: article ms.manager: dougeby -author: aczechowski -ms.author: aaroncz +author: mestew +ms.author: mstewart description: Discover the latest news articles, videos, and podcasts about Windows as a service. Find resources for using Windows as a service within your organization. -ms.reviewer: -manager: dougeby +manager: aaroncz ms.localizationpriority: high ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index 5c1e95ca70..2280794391 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -2,13 +2,12 @@ title: Windows Update error code list by component description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors. ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.localizationpriority: medium ms.date: 09/18/2018 ms.topic: article -ms.custom: seo-marvel-apr2020 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index c2bc7fce94..d1fc86d90c 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -2,11 +2,10 @@ title: Windows Update log files description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file. ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.collection: highpri ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index 223d10783e..cf56c12408 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -2,9 +2,9 @@ title: Get started with Windows Update description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors. ms.prod: windows-client -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.date: 09/18/2018 ms.topic: article ms.technology: itpro-updates diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md index 0ad5f772c7..9cf0c08919 100644 --- a/windows/deployment/update/windows-update-security.md +++ b/windows/deployment/update/windows-update-security.md @@ -1,6 +1,5 @@ --- title: Windows Update security -ms.reviewer: manager: aaroncz description: Overview of the security for Windows Update. ms.prod: windows-client diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 05d34805c3..2c627d3a6e 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -1,13 +1,11 @@ --- title: Enforce compliance deadlines with policies in Windows Update for Business (Windows 10) description: This article contains information on how to enforce compliance deadlines using Windows Update for Business. -ms.custom: seo-marvel-apr2020 ms.prod: windows-client -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz -ms.reviewer: -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md index a59cc0511f..0ba338dd97 100644 --- a/windows/deployment/update/wufb-reports-admin-center.md +++ b/windows/deployment/update/wufb-reports-admin-center.md @@ -1,6 +1,6 @@ --- title: Microsoft 365 admin center software updates page -manager: dougeby +manager: aaroncz description: Microsoft admin center populates Windows Update for Business reports data into the software updates page. ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 5f07d75c3e..1f773ef7d8 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -1,6 +1,5 @@ --- title: Configuring Microsoft Intune devices for Windows Update for Business reports -ms.reviewer: manager: aaroncz description: Configuring devices that are enrolled in Microsoft Intune for Windows Update for Business reports ms.prod: windows-client diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md index d2e5f13df1..0ee8a75bb0 100644 --- a/windows/deployment/update/wufb-reports-configuration-manual.md +++ b/windows/deployment/update/wufb-reports-configuration-manual.md @@ -1,7 +1,6 @@ --- title: Manually configuring devices for Windows Update for Business reports -ms.reviewer: -manager: dougeby +manager: aaroncz description: How to manually configure devices for Windows Update for Business reports ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md index c3213f8a7d..784ab095bd 100644 --- a/windows/deployment/update/wufb-reports-configuration-script.md +++ b/windows/deployment/update/wufb-reports-configuration-script.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports configuration script -ms.reviewer: -manager: dougeby +manager: aaroncz description: Downloading and using the Windows Update for Business reports configuration script ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md index 7550754b01..4cecd5ccdd 100644 --- a/windows/deployment/update/wufb-reports-enable.md +++ b/windows/deployment/update/wufb-reports-enable.md @@ -1,7 +1,6 @@ --- title: Enable Windows Update for Business reports -ms.reviewer: -manager: dougeby +manager: aaroncz description: How to enable Windows Update for Business reports through the Azure portal ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md index 982e826da1..378595d1f7 100644 --- a/windows/deployment/update/wufb-reports-help.md +++ b/windows/deployment/update/wufb-reports-help.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports feedback, support, and troubleshooting -ms.reviewer: -manager: dougeby +manager: aaroncz description: Windows Update for Business reports support information. ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md index 6653c0c587..aa140f9778 100644 --- a/windows/deployment/update/wufb-reports-overview.md +++ b/windows/deployment/update/wufb-reports-overview.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports overview -ms.reviewer: -manager: dougeby +manager: aaroncz description: Overview of Windows Update for Business reports to explain what it's used for and the cloud services it relies on. ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md index 9159f0c74d..cbd081c2c7 100644 --- a/windows/deployment/update/wufb-reports-prerequisites.md +++ b/windows/deployment/update/wufb-reports-prerequisites.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports prerequisites -ms.reviewer: -manager: dougeby +manager: aaroncz description: Prerequisites for Windows Update for Business reports ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md index b3606b35cc..3b460f113f 100644 --- a/windows/deployment/update/wufb-reports-schema-ucclient.md +++ b/windows/deployment/update/wufb-reports-schema-ucclient.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCClient -ms.reviewer: -manager: dougeby +manager: aaroncz description: UCClient schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md index 3505563197..de73ebfc5b 100644 --- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCClientReadinessStatus -ms.reviewer: -manager: dougeby +manager: aaroncz description: UCClientReadinessStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md index 826add8c73..6bd8442700 100644 --- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCClientUpdateStatus -ms.reviewer: -manager: dougeby +manager: aaroncz description: UCClientUpdateStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md index 79f1a9ec5b..78efd1d68b 100644 --- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md +++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCDeviceAlert -ms.reviewer: -manager: dougeby +manager: aaroncz description: UCDeviceAlert schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md index 796bbb75e2..d064e27be4 100644 --- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md @@ -1,11 +1,12 @@ --- title: Windows Update for Business reports Data Schema - UCDOAggregatedStatus ms.reviewer: -manager: naengler + - carmenf +manager: aaroncz description: UCDOAggregatedStatus schema ms.prod: windows-client -author: cmknox -ms.author: carmenf +author: mestew +ms.author: mstewart ms.topic: reference ms.date: 11/17/2022 ms.technology: itpro-updates diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md index 9eadfa7eb6..a27114504c 100644 --- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md @@ -1,11 +1,12 @@ --- title: Windows Update for Business reports Data Schema - UCDOStatus ms.reviewer: -manager: naengler + - carmenf +manager: aaroncz description: UCDOStatus schema ms.prod: windows-client -author: cmknox -ms.author: carmenf +author: mestew +ms.author: mstewart ms.topic: reference ms.date: 11/17/2022 ms.technology: itpro-updates diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md index bc5677f9d8..87184d6464 100644 --- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCServiceUpdateStatus -ms.reviewer: -manager: dougeby +manager: aaroncz description: UCServiceUpdateStatus schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md index fa14e12358..f00e02af9e 100644 --- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md +++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCUpdateAlert -ms.reviewer: -manager: dougeby +manager: aaroncz description: UCUpdateAlert schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md index 1afd09b646..cbcae6c319 100644 --- a/windows/deployment/update/wufb-reports-schema.md +++ b/windows/deployment/update/wufb-reports-schema.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports data schema -ms.reviewer: -manager: dougeby +manager: aaroncz description: An overview of Windows Update for Business reports data schema ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md index eb4d607c10..6b58c8cffb 100644 --- a/windows/deployment/update/wufb-reports-use.md +++ b/windows/deployment/update/wufb-reports-use.md @@ -1,7 +1,6 @@ --- title: Use the Windows Update for Business reports data -ms.reviewer: -manager: dougeby +manager: aaroncz description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs. ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md index 585d03adb9..c6ddd21005 100644 --- a/windows/deployment/update/wufb-reports-workbook.md +++ b/windows/deployment/update/wufb-reports-workbook.md @@ -1,7 +1,6 @@ --- title: Use the workbook for Windows Update for Business reports -ms.reviewer: -manager: dougeby +manager: aaroncz description: How to use the Windows Update for Business reports workbook. ms.prod: windows-client author: mestew diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index 2d25f4fcc0..7feb6b10b2 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -2,10 +2,10 @@ title: Use Windows Update for Business and Windows Server Update Services (WSUS) together description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy. ms.prod: windows-client -author: arcarley +author: mestew ms.localizationpriority: medium -ms.author: arcarley -manager: dougeby +ms.author: mstewart +manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 From b1856c63746205853421f4e3279742adf63644d9 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Jan 2023 10:54:31 -0800 Subject: [PATCH 140/142] metadata tweak --- windows/deployment/update/media-dynamic-update.md | 2 +- .../update/wufb-reports-schema-ucdoaggregatedstatus.md | 3 +-- windows/deployment/update/wufb-reports-schema-ucdostatus.md | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index a6e318fc46..af27a5c840 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -9,7 +9,7 @@ manager: aaroncz ms.topic: article ms.technology: itpro-updates ms.date: 12/31/2017 -ms.reviewer: SteveDiAcetis +ms.reviewer: stevedia --- # Update Windows installation media with Dynamic Update diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md index d064e27be4..25c5d1ae59 100644 --- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCDOAggregatedStatus -ms.reviewer: - - carmenf +ms.reviewer: carmenf manager: aaroncz description: UCDOAggregatedStatus schema ms.prod: windows-client diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md index a27114504c..7897c27f1c 100644 --- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md +++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md @@ -1,7 +1,6 @@ --- title: Windows Update for Business reports Data Schema - UCDOStatus -ms.reviewer: - - carmenf +ms.reviewer: carmenf manager: aaroncz description: UCDOStatus schema ms.prod: windows-client From f8f72c1723bd52f6f924424c1e3837acdeb1e393 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:00:59 -0800 Subject: [PATCH 141/142] new entry to breadcrumb file for contextual toc --- windows/deployment/breadcrumb/toc.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/deployment/breadcrumb/toc.yml b/windows/deployment/breadcrumb/toc.yml index 3cb4555445..80e881faf8 100644 --- a/windows/deployment/breadcrumb/toc.yml +++ b/windows/deployment/breadcrumb/toc.yml @@ -21,4 +21,16 @@ items: items: - name: Deployment tocHref: /windows/whats-new + topicHref: /windows/deployment/ + +- name: Learn + tocHref: / + topicHref: / + items: + - name: Windows + tocHref: /mem/intune/ + topicHref: /windows/resources/ + items: + - name: Deployment + tocHref: /mem/intune/protect/ topicHref: /windows/deployment/ \ No newline at end of file From 09209e2905151e5b35e12fe166e142faf7008668 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Wed, 18 Jan 2023 14:09:38 -0700 Subject: [PATCH 142/142] Update toc.yml Line 37: Add blank line. --- windows/deployment/breadcrumb/toc.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/breadcrumb/toc.yml b/windows/deployment/breadcrumb/toc.yml index 80e881faf8..bbaa26132d 100644 --- a/windows/deployment/breadcrumb/toc.yml +++ b/windows/deployment/breadcrumb/toc.yml @@ -33,4 +33,5 @@ items: items: - name: Deployment tocHref: /mem/intune/protect/ - topicHref: /windows/deployment/ \ No newline at end of file + topicHref: /windows/deployment/ +