From 25d8e138a802f1ae9859842b92ae8114a52b58a6 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 15 Nov 2017 17:49:12 +0000 Subject: [PATCH 1/2] Merged PR 4524: Add wired authentication to Surface Hub --- devices/surface-hub/TOC.md | 1 + .../surface-hub/change-history-surface-hub.md | 7 +++ .../enable-8021x-wired-authentication.md | 61 +++++++++++++++++++ ...anage-settings-with-mdm-for-surface-hub.md | 2 + devices/surface-hub/manage-surface-hub.md | 1 + ...repare-your-environment-for-surface-hub.md | 2 +- 6 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 devices/surface-hub/enable-8021x-wired-authentication.md diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 82f4db6262..69c603b84d 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -37,6 +37,7 @@ ### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) ### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) ### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) +### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) ### [Using a room control system](use-room-control-system-with-surface-hub.md) ## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) ## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 6643499b80..4f7d71f0d7 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -16,6 +16,13 @@ ms.localizationpriority: medium This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md). +## November 2017 + +New or changed topic | Description +--- | --- +[Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) | New +[Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Added settings for 802.1x wired authentication. + ## October 2017 New or changed topic | Description | diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md new file mode 100644 index 0000000000..c7a55bf866 --- /dev/null +++ b/devices/surface-hub/enable-8021x-wired-authentication.md @@ -0,0 +1,61 @@ +--- +title: Enable 802.1x wired authentication +description: 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: surfacehub +author: jdeckerms +ms.author: jdecker +ms.date: 11/14/2017 +ms.localizationpriority: medium +--- + +# Enable 802.1x wired authentication + +The [November 14, 2017 update to Windows 10](https://support.microsoft.com/help/4048954/windows-10-update-kb4048954) (build 15063.726) enables 802.1x wired authentication MDM policies on Surface Hub devices. The feature allows organizations to enforce standardized wired network authentication using the [IEEE 802.1x authentication protocol](http://www.ieee802.org/1/pages/802.1x-2010.html). This is already available for wireless authentication using WLAN profiles via MDM. This topic explains how to configure a Surface Hub for use with wired authentication. + +Enforcement and enablement of 802.1x wired authentication on Surface Hub can be done through MDM [OMA-URI definition](https://docs.microsoft.com/intune-classic/deploy-use/windows-10-policy-settings-in-microsoft-intune#oma-uri-settings). + +The primary configuration to set is the **LanProfile** policy. Depending on the authentication method selected, other policies may be required, either the **EapUserData** policy or through MDM policies for adding user or machine certificates (such as [ClientCertificateInstall](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp) for user/device certificates or [RootCATrustedCertificates](https://docs.microsoft.com/windows/client-management/mdm/rootcacertificates-csp) for device certificates). + +## LanProfile policy element + +To configure Surface Hub to use one of the supported 802.1x authentication methods, utilize the following OMA-URI. + +``` +./Vendor/MSFT/SurfaceHub/Dot3/LanProfile +``` + +This OMA-URI node takes a text string of XML as a parameter. The XML provided as a parameter should conform to the [Wired LAN Profile Schema](https://msdn.microsoft.com/library/cc233002.aspx) including elements from the [802.1X schema](https://msdn.microsoft.com/library/cc233003.aspx). + +In most instances, an administrator or user can export the LanProfile XML from an existing PC that is already configured on the network for 802.1X using this following NETSH command. + +``` +netsh lan export profile folder=. +``` + +Running this command will give the following output and place a file titled **Ethernet.xml** in the current directory. + +``` +Interface: Ethernet +Profile File Name: .\Ethernet.xml +1 profile(s) were exported successfully. +``` + +## EapUserData policy element + +If your selected authentication method requires a username and password as opposed to a certificate, you can use the **EapUserData** element to specify credentials for the device to use to authenticate to the network. + +``` +./Vendor/MSFT/SurfaceHub/Dot3/EapUserData +``` + +This OMA-URI node takes a text string of XML as a parameter. The XML provided as a parameter should conform to the [PEAP MS-CHAPv2 User Properties example](https://msdn.microsoft.com/library/windows/desktop/bb891979). In the example, you will need to replace all instances of *test* and *ias-domain* with your information. + + + +## Adding certificates + +If your selected authentication method is certificate-based, you will will need to [create a provisioning package](provisioning-packages-for-surface-hub.md), [utilize MDM](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp), or import a certificate from settings (**Settings** > **Update and Security** > **Certificates**) to deploy those certificates to your Surface Hub device in the appropriate Certificate Store. When adding certificates, each PFX must contain only one certificate (a PFX cannot have multiple certificates). + diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 12a1d052f8..a1a99dd250 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -87,6 +87,8 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | | Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. +| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | ### Supported Windows 10 settings diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md index bd66726afe..ec0bfbb284 100644 --- a/devices/surface-hub/manage-surface-hub.md +++ b/devices/surface-hub/manage-surface-hub.md @@ -38,6 +38,7 @@ Learn about managing and updating Surface Hub. | [Save your BitLocker key](https://technet.microsoft.com/itpro/surface-hub/save-bitlocker-key-surface-hub) | Every Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.| | [Connect other devices and display with Surface Hub](https://technet.microsoft.com/itpro/surface-hub/connect-and-display-with-surface-hub) | You can connect other device to your Surface Hub to display content.| | [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) | You can use Miracast on your wireless network or LAN to connect to Surface Hub. | + [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) | 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices. | [Using a room control system]( https://technet.microsoft.com/itpro/surface-hub/use-room-control-system-with-surface-hub) | Room control systems can be used with your Microsoft Surface Hub.| ## Related topics diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index d5fdb07a74..613ec77311 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -29,7 +29,7 @@ Review these dependencies to make sure Surface Hub features will work in your IT | Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.

If screen sharing on a Surface Hub fails and the error message **An error occurred during the screen presentation** is displayed, see [Video Based Screen Sharing not working on Surface Hub](https://support.microsoft.com/help/3179272/video-based-screen-sharing-not-working-on-surface-hub) for help. | | Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. | | Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. | -| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.


**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.
**Note:** Surface Hub supports 802.1X using PEAP-MSCHAPv2. We currently do not support additional EAP methods such as 802.1X using PEAP-TLS or PEAP-EAP-TLS.

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. | +| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.


**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.
**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. | Additionally, note that Surface Hub requires the following open ports: - HTTPS: 443 From badd69bcd45e1475fa50c1a188355a841d53834a Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Wed, 15 Nov 2017 17:49:37 +0000 Subject: [PATCH 2/2] Merged PR 4513: RemoteWipe CSP updated with new 1709 node: doWipePersisUserData; image + ddf RemoteWipe CSP updated with new 1709 node: doWipePersisUserData; image + ddf (text added via external contribution) --- .../provisioning-csp-remotewipe-dmandcp.png | Bin 6785 -> 22533 bytes .../mdm/remotewipe-ddf-file.md | 23 ++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png index 2fc6da33fcceb32d083ecde96781ca81c8710235..fdbeb278abe4ce801f674ee5c5fe60c3081f193e 100644 GIT binary patch literal 22533 zcmag_b8s$Q^eqaeq z!M2pw?swm6N3pj>i2z`8O`QWcX=q;Q_%*zANn zY-FIlJ6=NdxB-(r7hXCnP_J)ZVC^90jZFC+tR)MLm`BtcOt>(SYGeK}H!V!G)X?06 zWHAMrrmPz3BQvsbGOv>sk!FYzqC7fo@b{9tg+_Lvkg4 z^f&b2uqaG6#d*~RUWykkN7&8mu>8*7_O_UY{IlHA=iU8wN39eecewNqYf+f5$@rck zW$JVYpq+UUoNxN6_isy*CuI_jn*E z;YxynvmQzd_3l&Rdz6~_R7bwTnM3J^!**npKkHj%vmcDB9zciW&)50R2r+Da3hQ7@ zvK|0I2#sevPo#6t0>*@t@pfjQirwg!gzrV>jiF|+Y8k^fn`ca~kunmz2Q6@D0VcP^of*U z%3H;9`@w;7;MJ*63ORH|RP2I@#nwZQ)wg1W?ONkt3& zR!Cv)(h1=@O*c=smCc%AiZ1KclVs%D<`+k-nF_X&Rvm^aJRmY_=T9#Z&s&4wfeV3k zb2*u$C~de&HhiiBtJf&pPqkNpY{bPAxje**Q*!O1w;sv){cU2x*I#@229~bSNqwcH z>rY|PUmqWKjvLg(>mcIuRlO|}obJW-WiR$ff0iOhffBhmyoV7iO`XVAdXI}%gPoqS z=9t9jzD&UZ1oVxf4&0LT`+ALv6bb(0;la_0pl`VU4c3FDLKC)-8e9Sm@;J_AFf?*; z|5UE(i<8H`5!=6d_zoBQEsG}!#Ed0Xw;%6F4gpJ=;;eN|9%r9j^^c7+VrX86UVJKAQ(@SED8M6Ze;L*oqYW3F2dl&KZAtRCiZ2Ff z34>aeFqAgKf+620muY$-ehH7BS6L%EK68d{64b0N#d_#@95$oC_W&z3MEe;g_PdV) zM8-+#8r=g^J$5B}%l3VS&@T9wIoQvB_(gDY&?7OyEHVg65 zA*}8G_fmHwKIAn$Un+oY0o_KX-u$sgFUyU^WjzK_z8>Ct73sH4%Y?SWcPMU!0>4hj z>ryd=+%G6cm+k19?eFzS9z3=RThA|rvbxF=oasw{ zxQkw2xqON$$@AJbHakPPO?J%A?};q7@7s}{$C^7b(A6U`#lKnj>_LFGN7%v?HBC@QD%bE5aTh|5( zb&btOa5ikHj-GzrDX|7sD|#n}L^Ni6EZf%ZVvk~-q1c~){8K!Lp<9?#DzMS055k+_ zNbBx?O}zWE^D@ju-M71p8b;52zo<(%(4tABA9;8mV>2rRrLj;;y3a{s z?QK#{QCGH}v82D&f1JS{=jaigKhOCtQGe&1aB+Mv=R*Sl@iWr}%Q_f9Dw`t(&VQB&hv18Ud24;r7*@r>0UKMyKdf*c}wmd99{6h_ULwHyQhtRS# zNv`Y0+|UmCmHxb-M%b%FSw}YBm)F7!Eya|&ng4K@5+S`cZ~IKs z`>W89xIqA(W;`f%J&#tm0{lmiqoaK2lho7FC~W&`P> z`p)tP!_g#1J^6-4@x1tmq#9i3$Fvdj;#io-;go{YZzyb;0mCpllHo*KLIZ4L6Vt%K zfOKl056HF9Dl<_MB`vW!MY_cBul-fm(7RG;bhdt>u+NKei>@%iKIIWrSQT0t^o3fW zot}ra+Q&mpuTI50RU16>$alMa3?LwVh?xmsAi;6JT5ur0WMD&BARv0s{+|ol5JB`n zK#g!v03aZ9Y@}u&pcxh-Yha*U6Tuabp9h?oqzR_tB>(9UwB)kL5bb>)11xlD*p2J_wWuGQ|mD^-v{U!aV^RUyT1>%Yvh7xa;7 zTFo(LkZGb%tG4;(+H&~Uk^X}?P96l!XE^2GQd?=$60VsLTfy{`Zn4vB(S7fi;6DJY zC&+cQ%gl)Ud2*imDumF0`l zr|UuvJ?~6kSUDh|8!aNkin6j(rAc!1hictx+o#Bup`7)F>xUzsV+>b-q44YSI=35~ zL1wD-HbJ$1 zz6bnDMXHgVE#-1F^Pvu6(y&ystY0y{mOKET1biXeK|Tj|IUAW2g`Aqy+7UPG4ubvY*DJf zTdAJ4jXVlP5K2$M3Mg6bmil7Na>1*j6Q92DAyXzC<;ZOqbqC4XGp{!G3lt#=`A|Di z_`C?Dcfs5L;GBRuL6oS-AJR#$?rA43!!$6=j&mu+vcjAYoiqKTN2VnN-UH1)q!ReP z65I=kL|)o4p6S82^m@V#p&gTkQI{Pe5>$}P?Wr6--9&vKs^zP45H&5FMUR6zj zwMh*X%^2#J$GeAt81--USTi}|FZa)L&=}4ODIQrv(K%?O@!Vr5r@iisf@ccf=jE#1 z;Yh~-yrDAHh>A1`TJrph&T9n9Z*7tQYu)CC*Kh0A=9ij->u!Y=vBhgCQltn=0$OTU zJQV!=wT?ZH)%eWHbW431yO&U$I-SBt4S-&mC`(zqZ?)X&(?JJ)i+b|z#TypUBZu#C zQIyztcSqORG~~9eEbqA`K^gT&bWntP@ZM*6#g8$WD);y@LUCZkOyn0o9lOJ5j$uT3 zxgZ1UW{DFz@s_79+l_6P3IAkh&BJfZa%jp}2BTH~rHV|CcMfq2n$7ycgs-%E=H{er68f2MN!WVL;f@ z7{VyfRNIakr$5g3DbufrhkI!7xR3QRj$oAII@f=EV6-K5ql29SPUwHjh0?Q$+K z`U|mpuBnt~TK>c6$zha+%-4Keg4LxSn$AaFcS8Wj5~1q2Gh4bB&vob9-G?g9xaD@* zz$3j?T2)LR)->S&e{)GzMfkwJ5p))|TM#a~#KenP9k27rn&WJOBw7qX#m%aK3#efz z+UCewex=f&yK@yNcb*WvOxnDcIRJ#J;fQ-{Iruh*myMM6TYht7OuDC!5WeR&=cXX}dW-iLNdi`s%@ zYg}ifh+xcE%8alvW5vH8(@gz?3M185f)Hh#D&;<~($T=M>pyPJB!_F{km`g3AAgOS zNJ(ldCg$Z1a}VCOdPv@>{q@tMu!o1upB?Z@o#d2`Br0VtXkQv97T%nUVKUJ!khmU- zH4h)?F)V}t0wP3BmM`+GGujFBH|?ZM+i|T!I=4cGC_5-&LB!Rr)Wq)amOo&WDOdt@ z16JbMwpUWJ);8U~<3}!?{t&PPWM_|am;6f5NI1asGMArdw$}{QcU~pmCOP}SG&ez1+KjI%vp0;~C930fwCyaU( zI;5wxG$XMZSZw4tk+@Z!ewslIE2})=d(^ehTTGMC{KS3?7D{GPo=f|!w<#uXoB~$c zEKU!LetEV}W<~o6!zUSDo!H|a9l{Gja(-yFZ!!tLTnhAhJQ)3A&yOSOhgibJ)&>vk z_FKPU$8Ob_6ej&PS%tsmB;1*NkUBEt`0VQk`~VO>{njH3pF97*Nib@V3b%d;hC~;d zEp~i(A2Vz}YZ$z*CD$0amuZ+fx~Rf9wsQ32WFlFAaLK$dfL`JP_nW@-SeYxWtoG9M zI<6v-lbV)V(Dt)T@yh`W**wLC1vN~ygQUBhrSNgl z2=xciWATByhmqoBHcnht$mlp`0!W%4V6%NfWNp#=N)jhYhfa(3?T~eTGoW1rgF|2t zHt4gnQy&8otwKhUCYL)ADCti;_t52{?d6txQ5{^7syj^7DJsT2*JBof;1dN=rBo! z>3%6i2;%{$UowcH%=<3B=_AkV`pfE&Oy%yTeC0L!{i;txv3i4sSXI9m$Q1=C^%3R zc>fY+{(;YsAUwwQZ-vKMD(j5?J&5UE_{+sNjUG(M_opoE4*a39KM!eI4_@iSk~ zIkqdG1})+DN_V&5xuC1Y`!p z+?Q^=#Q1W)4w9e+^7doJS5#CY%0KoQ*!1P?X#~!fy>e*0aL9>_Iurgq|2pegvwi-Z z3obzB$l2t2?Z0twy7^>MEZatU)xbSszPU&*T@f`d*O0vV4$44?+c@57GR^pl+TP|o zBee{YQGq@VY8SCUW~ZC#VzSEO8B_E-@#VKELnfpU!_vIS&9OSU?q@u1l7XYb@q&~U zfQ7s;sQbXolAA5Qva$|Cj_-J~SS^Ju4?0*GxaZ;YC{{XEZ`mOKT)J2Lyga*j$tfuS zRW8WZhfcdNOTtkL<}C!1+Jv4a_)SuMK~s!m#sSNl7vl{3W}s5?0Nwc1ujr&}fg9Y9 z5j0i$(79x)NVZ z;o>kZ-&(2{eE&{p=y!xw_l`B^Q%uEe8!xiXSJ9gKLr_kQtX*9H@-QUC#d&l`6Z>Uf zz{w+}9h~HHHuO<$^Wrc6?kdIvsw&>mWvgz!@u>|aFGF`bkTunPvt@KJNU#0gde$Wu z1gFfuR{V(&!*r=HQfV7rsS@Tsy43Ni)N{Dfo0X7C2WfI7WTs6LOj;Zv-{Oq zpHApBw%<{iMZk7$J61`H9vmCsc{5c=V;z%*ynZA~|7dz%?Dsk1&xm49<|@s|j?#qn zGmy`1{vQTZp%P#C;pOd60aqynZ%&TX%uSwDD7KLMvG)!Mlq>T8&w>7jG@W*W63L@~ zQ>nwu{Om`2mq%dj!3EH{^CyLd70uPfbxi~Ty=y9KQDU4-N2$60bK!?(U4p;;AEfI4 zp0H5&E{PqzGkL20W8j+f620(X87{q$k$ zG19wy$s0BwNw~Wj6H-hBvT9U%?d666DJK%!^mu^$)Qz<0qB>)Q$pSj*t?^ee$Ak0( zqf{T&`{8?$m)|L}4)tU2)EowgpYvyLz?w8!QYYnekxWk{U>%ueSp#fKCj=3tr^pdX zYQh*o{g$M5zn0qhjeB1`#HGboqfEkix^8leCR%m=-GTom z1Jp|i+`p6}oF`pntG0r(Vi9j0m`mZ)6sqM%0UfugbFz^r&P*n``E1}+_9BwJL0uu$ zn(lexes+c${JeQ#8ZY1sxQdV0e=5?Mz2fr)vIzk+S)%`WDQZvNtW*}7Ww53@Du`My zFRK`{?xxl7zT+d3oiLL{%)&OG?Mji;@J^>z%Jy#I#jU1xm>5=o*IHT32jt#A2u8bz z3|vxR|6_x4GBCK(C?vMwZt3%g@nLO@DQEn(oa;w72?@q@a12{B64pI##Cepgk1=9m zJvEVL`=y>7xPJ-x{)A_dT*z=c9qMY<7Om~GN71*nm+;qUXvhFTlhU|m>P zC+H@Tef|ps*?bV5gv(Kr^q&G*XyzxzTXpO-iwVf22UIKQ#388|l3kqU>ErUf*A=I! zTKT_+7deaRx<6BjE@K(U!ukogdxw56x9w)w%C7%8wlh0ERCmrVW{NWUJ<(V{^9;r2 zT3y;rrX)-zzRY~pH*71b<7>S3CX=Cg#M-%vCTEC?;eEWC4LeP*aw^eYo77<|zv1XI zb_e+GY#nIwm(OiMzJCt71ysxFX4}^`UhQQU_K=OG8$TCcN^VSPU;xjMH1n5RjaOEwC?9Q=m zE>=!WL#&n#pGBL}Vkc$iHrl$p_%h^~son-7u_7ifevIesh|eqSt!)u;hpgsTq|9C` z-~nxcPtaI_2h5v~L>aapHFNT$Jbx(P(iT;GHeJ*HF8R%+=R&?Itb+QzoI(g+9K0wo za~7>zBVBPWVgXoRl;Vs!Na6YzZzZR3VAO~X*T#V)%$cE$uK^ ztvTawsO_}<03V$V@0L^As1CEU@|aCb?XQ~kuNn~3=!bV(i)VcuJ?v-`3l>YmXZ_uZ zK1NCVZlS+N18|RTj3-~~RNrYLpBjqfoHW6)lIr9tCr>x}+*Ae}sJ0s*y_7)NWIoFE z0dp1bj_C5E(=@AYRcsPO<#cv7ie(34hr>8QFyP{JXuNId&9n)OqT59K_h|i{cmFDv zXk0=fXv>gcB2>z+ZV%7Yam9;N?Zp_62j9g7cLxAFc~gG*A@ zUXP!r5_;Rl_0UQZMh1>&XVc|*c;WKGv0a1_EfVWIQdg3v&XEX0)48fD81-$TQiJ)W zBTzX+{hQZET1w@y2xh-Qm|GW$vMRmcKMDE8n-Z6$JRLsUH`D8(J;JeGElY_I}c`omtSlVx$8#qCx?( z5-@_Q#J-Mn{R^(;kgW7gWhew$7WCU zC+8A4)i{q@a>G+b0hZ}7IJ5sKg;|*G)f`!O^(niU*JD||940V^%_?eKdmUY`N&D=6 zs3{@j&wN^P`}_a)oHQI=Gih4)4SoejgxYhl07nk)Q~l=Ex_213zk>4Z; zoJOge{>BjHMNeBE?sBC#jyF~1fd~v_U9=-6x!&32OYlw(&9?Mq2MZDG-(}VW$wd6# zIDVD%0Fm;hCeZ809KsJd;;?)^P3j_q3;K@%?9%?LLvRO5eY{_M4h_^3@x=k&8 zviGPfpb`pIL(bgXxA=N|Mojh3cv7=Ria`9!kO9>juJYdMikrtS(^{exkX@1uzyGV} z`MEs3!6Ybe8$x1>O8iJQ)U)z!%&ZWXvalk{({)ytxa)gt2ADI_cA!L z#UI^^Jr0GWc4+eU(!`F3ZG|qsHC$ zwkBgbGVkalS8Iy5ok|F`e6mLioec2l3-|Et7{d|lEKH7KHCzLJ62KuJ+GrTECd`T8 z#A2zcp{rt1kXVKY!pLD!`N`M?hmOZ$bPv1M^-u$tuy zD|>aCDQI&}I-dtvJ@af$cY|kkVW8m&mPH97A{AL5&SL=9kvdIeh6`L)7H~@SeaYyzjf?iA+(#+^K>D_d&!=y z(?PQeSa*~2ZaQ}&da=a&eaeu^u-;AMblD7O;N<5uHY1Q2CV^MiSZ~9-t&7qqvF_q` z(g)_8V}McM_#R^?V|ChZ&R|WU^wO_NwA%VAS9hS-sme!5wZBx299m9QsRL7emEBb3FwRT; zl+T0$6VNZ1i-lGMh0Kn_jaxdQry$Jyi@JJ11+2+>P4D$6I@b=dd zPYH9B#lFQp-mqT+q8bOYl}=niBIeLstdV>lcfMjS?moUhQ`;Fji!)ALm#*E)0Ev^q zUahmvBlOd)^R3}E)~9kjv##6e7g#L@*bTFP?PDBy5krnIi|yAUG-5jU$Cq&!SEcal zT&^!jG~B54*BJdn!$a|@c84KT8a?<)8^Zj%Z=cjewF#x`sqBLTKSNvA!^hWch9f@Gll8_Nz@>Ib7PlI&o&mf7M0gW z;hk&MM?%diqB9MVwYTY9=Npc4$-otJrliznw9yu9 zq&D%xDp_gn+0ZHvY6My}0=GGX4$oLs1^bN4LZx-EhCV%J+uHd;3VUSQOZmhYkHwjW zk_xqkI*l3@7V`q;V21t4bj=qCT+}JnE*1dL-Xl(DridR^I{71N%2deGA@f_Q!W>GI zAXjPB;ZNWZlw3+uwcR&TsN6ySY4V$b3#yu~sy7fLW^lB)2!{sVp19~9M%K44V}qU2 zD4na&9?fF_4p*4&QU2wCz5O|@6}SC2ocl_S-d!>DsGkP5o4Vgccj>(K$nvT6W4vhO zh_5CgzF~Cc>b*>6{x3u|C{yZai%rixbJf=S5h`ub{_s~djBao~yYnee=$?vf04 zbY%(_;@x;hjDQ8pf9 z0Sw^nF@>7=dYjU{5|<+BFjKo(u}xBlG9ool&VmTQJ6*Q2GjFB~9C1=(Wpi)Pq;$<_ z5NjD5tp*yWN5c8ECanD}&o>1xkdD)U`d_?mxvLM$~YprzG3g5=@*d|IpMk`*6 z(pX>aBzH6YkbS{noa^iG=;*IoJ`9b~SaP8avB-|or(6a^f0jYISky6AkPm%*Q)q}f6IBxapO zi@55ZpCwjT?=ima>FEH1QTk^CJgo0yV-gOba9`Lc1f2Na<~C^)&hy; zG7@(0Zymi7bSktZM4kZ@?*cBDJH^?|0}Ogydb1nNfPhw0Ij`QFGWlEMA@{fhVGs!Z zYH!a8$e)BTcW$B#g204+r)lKbQe#Qdw8U7cDomW;^f4^?9VV_GO_^laf%M^Jx`r}y z{Pb}o+L)P{DoZ#NHC?jn3`W68)rYI`x1daGswP$JD0(_=Sm7n0;0kz?$V5mFyM5*P zHW7r=EnyXx!MwVRjw?$BAyVCrf7$IKfV|-2#y&%p1Z6zYu?(v_cc&<)IzD2tg)FYi zT}C=smP*hE5GVOJnoCjgm4vOb6pf`@Fn1wSu`K9jvmDSe?PKzKudlVgR^8*Mu+cG5 z$h+;w@P6SYa5#rZsLgKkaN^>Nha)S!?Y8IgxPJVT*7ie?jBn;Q{hP{9V$@l1HiQ1# z*gmQ!IY|5D1u-I`AtuasCSYlR1tHp@=>cznajTEg`M&IUyFGKDf$#Do9|HbvnHdrP zJJ8haI$vh{&w2+u9@oe?r_s{W_~kG{#JM;Rz{jl(E1pCCp_!1+)yU5?Mkp`uh@eix za+ZWjBxBVzBBM;~Ow`39ZnTnJA9)&|PS{r3@z1{c@fM%l;_=hu8EWS#zn8uJZ10wn zx>&0Od_=gRmd977Vm?3OVUE^?#W9EZ4v|~VjhLsMIm;k>nnRqA9x`&^AGap9mYm0X z53-iS#83;n$t^{bxrn(qZ|E(!pZWmzq?=_sb%hMp5Gjr?*T)&w;Tm)95N%r< zf}V;)QI)Zx!VIZ(jJd^uuiuY9cJgt$>cj1}#PoKmQp1aKR>sH5eR#7f zJm=j9xxzLz@9rr+BWFR*=$(y(OmWFM_Zw%M-^&c?0gQj_KSvRttM#R2y*k$%w$cT5 zA`+B0xE)6Md!#yc0W_U%RE?L((UsV7p=ozJQ~NT|F)Sz?nVS61bUJnOxO0PFTMCqM zS+l6s8x1oBgo?x6$pJlM^r5az7?+y0Y?cFrH#J`5th?ueu#ZXE1N%A44Q$foXHeE6 zyf~pZ5XC_uM=WxC@c((2Mk3|3G}*(Gn_`)&IH*P)LG>3O_Nb5Zb6%7gqc2XqKf^HR zKe%_R~#tRn5S0>SUlcFz586Dl!{rU=h!fR=e=SXO(~U0 zRL(kXxH~rnD1~^}D=wGwKPc}<|CZ34{POBedFP?q0wy!N0hb(^iV`rf;Ml*DZ>Uhu z*}tLB%WcES`}8D-)p?2oF~Lt%c0li2{r|W`RoQ3A$7`qzzFJDV9W++EY|k2w0INDZ ziw`bj={LmH$L6h=_q1M#t$dhoNUd?zsoZ z@ASCV)qHo#xc$yg$Lcq4yZ%`dDU&9f&!GOoa}Zi5xBuI2uK$jsb8tKw%NrX7t8VUw zkkh1k#?fgYH8S4bhIJlw)NSSTs=z#~hYi-0OBEXKGU8eyXzF1tV?kT>j13F?#=P2} z@XMEKBw9Q0e-hgBoHPo5DzA#;7m5lKJ5{m{*qOLCkT^?tB)&d6{0}evM5*Ot>H>l) zBx-bUIo;UgR8DMezyQg54$?StSAqZ7PZiklmDPQA%YB~;!xj`kf*zL>B5S<^;yhHB zkR7@M`eBEk4XybeRxv;?4tl)a_iaW-$H$-;ULFjavwSZW=sT`u)w6nPR*UcD0@~l% zmUU@&Nj5*`hU&Y(U9N=m(pBt$ej-h0<=I@g>Qsb39viffuIbdHq(>vGhUu!EE$>k^ zIIYo8ufO>$#W`i6Aujn`q@KFkqhHLIr}Zj#bsne(&?I$})i^7JdYq z!8UmISSIFi1KX14P@_dOhaS&5_rFla6_@9C#h#T^Y-30)z@ziWTc{zz*^kp$6g-sB z@#7<7!tSPdd)9xwTGd>g*iFVVY4wmV@Qeuf42@hNXGp)hS#3*iHd+t;ea#3m8r<%{ znAB{Ir;SY=q|>`fIW$B0h8y1k<&iU91^E~`y(fvV0i#??%1gK8dsWsv|uf~JV>b}GD+gc!pL z4Qcn(y2zuRQo7rVxhlfS8W-cNkoQ%Rg>LH8W4cq=`Tm8vYiEmq;@^6S{OsqSS52nf zi}Hzo>+ElV9lsi59P{r`C92~<+K1cHEm*Sk_;RKKA)cei_hx;!eubwvS?GQ8M%^V; z^OLs@dy*n+(NOU^H0Akz3los7G4?&vt5 zTBno5SDEiqC?(52#1kvoeo_9~dP#LsWDyzc`Pc5QYXADV@(;^VwL<_P8NQkG?Cr-B z*0cL^@6FA+He-F|_l)5z+zt*;8x`hRe+8dy2^Bl*jmOFMd4Ae->d2YCqSh4MCV_Pp zG%*zA**-oNyAjZY;|eSQ-`CpfOLf?8a}FS!92;mTJ#HqrZBl)YBLaF;5ZO=!C|Aqa z@>*N~msthI(Mm|Ss?pI$JyKX2pu)PSDCJZ9rMw^6%rYVjDcLd>T$!p3U#iqw6I2hE z##O+A?>p*M+Q9@qWz{B}1ML0gm>d}QvosQmO^-1Z#A$b=I9a}8+08IJ7{rkr4IQtNZmwY+eL!ybvaF0bCI3e2kbT;Nu_xiBN5%(xHAfipl(8SH z6aWXBbcTvRJf{wFd5Y|vp*CWKO4u2YfD@LHeNcF#4LGAJ>R|Q{ig4-SpeCjv z>(~U_8X{0%4u&R8BL9J0V$xo$_V}s57-lR-1v_zZQ{yr$oYeu2slO`%6ON^jO+;C= ztn+|{0lF?j|N8-2=t7i|7^9_E5 zr%lSOgO=yNJIThlri5Brdh*J2CYm{;o5*lj%7mV{--PujG)#`o8%sl_7T9@ z?i!_kM`xB5^~Gz>Q$cRJV^W05&-wqubPB$N^!7y(K+Ob)v@HP6igaZ|u>urPw3Gc5 zW`NZJrZ5utrAe7dCZ1?nzd8q+=-oH`^p-xcy(ZXw~KJ5myf4fm;RR2wG1m^5LO)sBjGjwwW??-hS{xs zoVRBcG96rl{{Xmx9i=E3_tRB7Mi=j%j{Dy68ICD zZ0_#^r)!b7XJI2jz)Hx4oI^-P^kMQ|={qEVKtRL29Kz$uc$fl%ZB*ZyEZ!w8;|=HX zt%OOUluV^;dkCP{8t>Tw-od?9P0`{g0fU$yfBe|wjKUruPI6;sE<~)lwG#DUtR>HaGcGT@xuy)1g>Y%S^^xN`}fZ)gQ#pzu@jw z>QAnBYEV*eN>3h#1^W)DxiUE=wbb;eyINhWcRJfm1t&b24Fk)(a3IEEt46;+vG*fx zhTTpDGNaIozK+z{cK0Jq@*C8ggC620OOlS?2>M5-DWvkQ#{>z>ts5Txz#g#8KBtiq z9b5@Nf(D`#TIn8Jqjw}o)t&OKw1+-ZW+Ab{@*Bk$%kp{N{ypZgenv$=;1#PD>m*65 znu!;>W~XJ4sZ|_y7!HLcSjgiS;Gj1z&KwTk$BLUUT5Q7-cyK{F`V(dw7A+| z>~ET?Si*HE)OI3h(isam`)kJ2CZA;nudy(+2T_9KjmE_7<_E(_(4+<>{ZvNL>=oxX zYRVg>fJYBC7MDZymmS*VWN$uvu~De4`NZ;Q#K1dmKQIQ zHz;1zi%78h6eT`U>$o_IE>S`J5W(9IzUlMeaPW*Q^Ca$^W^qk|QE60L8e$n<)#(h~ zF^$b2W|xxr766<)WfwY0rfR5dZNWl_R{cc_LnM#Avh;5 z{Bz_AM30Wkk9Er~%w!(F>PY`eN?a#nw$KD|bCY(iBH-nNhO*a35?8cQcRdy{ykdH+ z)LD3a1!|L-OOrd+5qK72jwj1IJ9AuE$+Ww7Jy0V;1Acp}>vPgX$~7e1TqWIPZOTHn zo@k!M_2WP6dq32}WSqIfBxm{PL$>25;9;1fiNBwPfeZqlQkY2(7X zE!S}n{Q;c7BeIxN+0mhvj)+eH6VP!4vi0Wd=LZtgkmbsJfi5m_%$}ZE1Z3f0wLD%M zPE@*lYPr{mdXdXu?aKP54h9ckOe`o4PbY>AQsJHjBhrXY!TKeGSblIv1imlehtv8fuGn4M&?70|8zU`7C)kd-<7Ks+laL4b=J|$Ws3# z0r)uB@uMcx9-Y#S{GqVUv+Tsi#C0E1QdVj0HaKVHW`Y4Q_vv%5GrqfL1``9>cvmG7sLS}|x09h3>dUGhJ*ZIq4&$lk#vzdswv77u&4o{U; zj|K9Hb{FNN?cINFmV5Zs2?v4>52GRx$Zhbhwlkd#4j$+|X!3chwrt+&MFixHgcawm z0o|{L60FI(tD5L*Ze!Jx;}50ZmWAJtKWW$TVral{ggbr}6{H_!__fp@ulDWC@#N^@ z$6vY}jloqZjlZ+a+Ti))wAY67i8ubSo^||dV*Ma0C0Uy4Gxu2gVtxvJwsVTeIvwzD z9rbk-KKe{bN4_pi(|maKi-rJtX?&u;;(5fXKY$f3%4DuQpLUBSm&&-ip2j)>#qBxK zaMl)+xm&IiIlotcyFQ)wd<7>4%lh`9Q0_N7*{T?f6>fBJ-hRY{Wj6tL8QhM>2F;0# zIP+{#{nTeyI!xT@1;os8OyPhXPYb-A1w7C+bZ?uPX8rZ>F75HQ6gX(3>fg*I;kgZ; zu-LJmx7t^B>b12Fr!u<)z*8#`^QKGzUgGUG6WFu@#J${Evv&TXKj>P(ibD-xvfdQH4r-?2OGb6`sf4LKKGg z`Zz}onomNi@l~sLdm|h8r}M9>D8To8<%~Q7WBOD(KFwz-)}4PK%v+Bd(X}TJ$Ua zcPLBA?``CbohyEO*cvW{$CDWHYMkBuyP!RoNo|im+(IV>!h3#lW+b`y^0q$2`t3s@{JY>?NI)R;BvZcZbOi|J%?`h*$EH`c6; zM-cqs=7DgV#;^J`V!utuu=FzoT$kw^|CxdP5J4{^u0Zsjs?LY=@PCvoXL9}h8+1fr zx#L3*nePDha;d?|>-^`jb|2Y$JH(Ajd0u>)b~fubZZ=f^hR0k^PRv|tNp)?-{ommX zI`@4z@yh}z;&M1Ul~ODZvdk;Ek0(QdigWu$`1cHjm`mN9Y>(&5Sx$#}rXqi*VSXfn zmxB=kC!L@kI&Dvuvy4xUkvpxz+3yVRubsTgAqxJS?TroR=Z`*(r&8etwhAwAi~{rMZg7s}9b=dm$#P_RrOufrb7{bF6$&8r7#a_J^L)!p@|oH+zRUY@vX+3Wp0tA_MqM#ZlG-H_-5G^?8@UGIL~ z{Keq*`b5uC4Ei`4DQuvl4}OIM!WJ9Rr)GnFerU9h+xnna|B3{ZnCPCrJHo%OFIryS zCyv$Fm%H7QO`GREv$yp>q22+Ig<5L!|LfxUf2zj*Yx|k^=r~|J949{+&=&*@{!#(i zVDESa&XS~r2mI9gQh6PBwfZrlhl}RVpPGaGFD?G356IKM`~PSY%4)Q$DE;X*Q7?Vb z%peE(MwUQWoLU3W}Lu2 zu#Xq((WeyZL-g0S$EwR_pwQN)!&h|r>z7QK1?4Q=xtBRm8{6=zn)|&=X!E^}A`94K_6fheLC>)I5k2lF*UbVlKm%|7INO4noK!sG)T&3nq{tPjcuDAT* zf{s~tseqgG&;8o~=*PRv^!BDNo!am2xnX#Q{$FA}_4ob?X^syl!8AbcONrylSAttT zcyUAbJ5n^E=9q9%La&{%0c;a+JhdpBpZ{=-N}ob1pVn9}lI+b4=u<}F(WUwJxZqFuOt{o|T^>z{<_i0uNci30vv%WMcGH(e&zh1=)7|Mw?A152 zx_+L+X>#tX&oMeZ?K`tJ5M_>#zt>mi&&+JU%WSN!Zk1ji)AAnmsqPKtkdu9Pj+3Gh z`5_pb>!7-QBch<4$TIq6x3}8@1}4{?yj@7WDqiQfyc(1sL&a##_ZIXgiFl>POH0i&z(Mp zPPN)FmDG7X@K=Y5ROIpZH2?QXJN@y3Slm>N+~=lzqNgmN)7?GSTu}7l^H1w(*&3f! zZ+>7BEG9idJlSM=ZOP}Jl(fg}e4}MGnDVF$%lz?Fc0v@qF0X^pTCu~vJYP&UloZlnKlNa_Q`x^t^E_BBn6mB*5?$3bCt@5-=I^;9NBT8=Y*i8 zkWbxT*dBs1QJ4eX&esFIy+;%>JXnv_aBNvb%CSju!}SE4U44%)Dup-Lj)XF1zOK!+ z!$T9*84H5n@qfU`LoW8jY%R*way(G~3s2|~@lBB`W-(y_M9Mjb;UuE=*t3BKQR{$^;&*`XJvTe(tVZ&B$Kd^aTZ=@&$72Q6# zHnDZ}>N)Yz(PNf>H_*6c$LSQ6O7iEK`xAfOGkEZzMVoj0wQmx-SN&`Bp1Nk++9`u3 zPo6u>|NL)PUhelH^;x#?$zNxyAV_>_o2p9}UwfZOLQQ&pm8zj~Yk|nivx7Z#F!oda z{AJ0YF=MuUKlSPH>u?~I3Y-7DkT!k$&Ow6*FWvIXuRngJE~q^8)8emB-Cs9r>Yx$h zcOH4{!Q1`&JvheNx_DzY@4Kynp!3)7jU3r$=b?v6xVCv_OSNB5H=5*Wa;|63m_fbz z4Vf`5$m;F;?6-KD<{jwBGZwR2w&ge?GQuP!C=D5T0bbL6}4zWe@ooleWK zHGk*9`Smq?13gc|%Ugp<#MLsXyMvW3nr_2wZW6aP#sxbgTs`+C6$q;9RH{+|&(_bw z5H0jJy80~50h^_#Id~D)dZ?A~%&mOUpSuqY?Gp}BO~>@cpS^mowkk_3j*JTIV8d5} zjk%@@hBvp+^mZu~WkP|2r;ENi^-NCseUr%G=gm2$u0cX_I(*Q#TX^%OQ#^U?(@OS) zMS~g-oh*TPC;q&=aC|geYU;te#B=|1^9+if{Zn)M#}ysWV=yGy&pHofHI*_Qh7p>2 zJrK44puLMnel-ahEN(3;LDbk=StcJmpin^+8c`-|YBwDYkEdaA^`cjXJdnr~s;=LI zJapq}u~>F;c@GT4BoJHpA8C964sQ_bYI5k0KQ~`hdfQvUL220Bd6^HBpWZudwqU6f z87=l^7%Y=OXntkUOfzfOri|=oP1sf*SLkJjZ1NZy7bh(|S91IJYCZ2TGk*uh#j{5) z@5^8fKz7@PNG9%kuH>Zsvt2J~TND^y4JsI!Z?N$pLM|I*&K-lUS z7K^13KgJwL4E%rpF);D+{V2=Moy=Zw;NT9_&ixz4XJudKOBJErdspNoKB%e}^7(fT zuesjX3K!QibTriC{e9wwP#|c@*t_DVOPb5Lc!fcdtgBBl`F!{cFZ<@9DP_kzLp>SCF=^SeT9xPv9qVub>~HqSmabNjik`nju1yd8;b zYHdx}zyGvQDCFk;J$?Qmbv84mZ}j@mN!e9Ap@5%yYRN@u+^k+mjgsct{VNOZs-HJF z`bFaC`con~`{r)s8;rL$r9x2Y|GLd6spXUG-Fw^A@P+NGTVjz=C=$bAUn&s^MI!h= z08#x0wB+CYE3=3%{GR2dICO!mtJo;N$%dh7 zehl-+|q@Q?nf%oq8|GUbP+F{<{0Dy$3e5Mu%BC+Pja~DLH%O2NTT+ zh&^~l-1(E-z;GY<%{>Q1WmG@uwSKnx%VIcoFso;vyQ7`g7Qx1?)4Qt6KT|z8*wHbl zPpd$>`l|>>-|kPFg^)wPN0*oU6%}IZXd66j`}Y^0#=XPt+F%8Uj&UrFHv~a*{;qya z_aJfMC>!qWykE*RTAm zvFtSm3ya=yj5$~VqO$_Et(Rc27(5Pxevx~p@$KdkBSF)Nwdq zKQG*N1vm%3nkFC4gZ~HrAfyZyNka9_`;(eAF$+$^q5s(_O?k~5-}>*M{bgUdng()= z(PU~el#jBS;a}vR`_*et7YOxq2fH#fCy)!m#gLB_c{lPdRNU)TqBHjVZZS0__wNS>mOG`GUZDbG&Er?i#3a|W5#;0-1JC#1lh$* zK3p@zBfx{x--QVWf&u{q*Mq`6m=B(|@RgWuLB{gD20n*DE^R6ht5_`B zKo{Eihjn#I!lEH|x;%bfivnV@H^v%SS?G*%W5swFL|al)%XtDhWa?nNq6ep&B_l4B z6Q~O%7YpI4hP}0}IZm2TD1@tSEG9k5fpjaau|Wp0Ee)3UG>)}q#&j_XHzXt%BDWV2 zU^&5#9NooikcUo9MoV~v<%B>ze;b_vE~KPvzKCV8JBD#K7a6t_7i>Nw)F8l$+1Hht zQzo6z&BTgDGS{aCI?yXBT17Z&vFLq zN7;NK1PzL?oD!@LU#-8dzL8RrUN2Ko=o^PxS(-4v3N((ff^O%^BYfzY$<3Nk&nl%# zqQi(X!e7YcK`iR@9_9nRbh0%$33uUh~4E#)R7Mut?Tf&Yv>*T=^|USGfZWbxdS<+*L&5F8P|Ak?5J zuX6U8l2u1@PUK66^s+R>L8bKq35H^>i-+)pP!n8wL+hPlS*#oKOj%clPHb)|;J5#h z(RE0;lG^zvi)WuHSLrk2j7elBeNm{+u}j4Z&XmmBUnpSf_pm^_I>;ovgAv8moF3!H zZY-=T5khz}ac-F2{rhEe&Xmmgtso!I9OZyMpEj|iA3B>q`Cwr>fgE5({PRrVs?){) zJ5lrUAZ%iY9p%`Wf|X}VW*@IA5lA*)sH~L8FD8_%I#ZGV#%Ei294XL>co4qqnUb06 z%j#L1hU-d}9YU_Q?oO+pn;}hoF9b5qTG+DqVAibD^{;N|R@5M2YKBOwaD{2r3lGB| zX~D4y%;Z33b$QdzcbgO{$==H)TNCOfN=Vf#-g7c<<>`{;m+P&pSS$+ow+f)ZKZR!q z7A)xYqZVXbp;VTTF3>#UArnYUiXu4={SH24QLb~Q31Le|D; zPb$ZVy|j<@;xH3QUgeUTEpV+$hekFeV%_Zw;li`J89PxR8*8R!3=X%j_9+j!Ux{2& z%fpQCV`|oZ6cJ2X(x@8U*W6zJy(_J9rKF}6Gp>)RIXa36+tr(i!BD!iQ5}F492rUR(3Z<$^ zAm4ncY~#h!kM%m4hiTVB)Ohvz1QvtEVieLBC)27sk|0QS_>m~Yfu^rZ#Z)&{N})T`u?xGO2E8@n%S^r5`Ja^a@r zGxFRjwD6hK+JjH|?I-yvls{f5*_AAeiL~F;*VOLiuls@PCEFhIg1Xpl>2K!J@t__Y zMH2|sbg6j0SRK8Us-G_v?|dwXj&RuA*VJBpSuRhgxs%7G&Aac^RJ1kWUik>0!FZaH zYmf*GnOYib8)$9Ekiu`zX>I>YXpHV|yCIa7UB!P~E$Zlb0?>JBLD(V@u<$pbv{78r z@X=n?d`SJs??ti(KGxQRfCMuf&elME06}88m@gsOo1o9`?G303iL_aWe3|Q>)=La% z-OXtCGg{zpo>U;qm8yK5*le-1THaCEBH&$FNSy>vAO;#?^6I3G0vQH_FRA9;E8xPf zN9BUjX7wzRjtHePnF8O?#McylSjsP`QwP5n;IMcGMxK`6{M(rVK80cb(g+T`ECmwC0AmIZ3CeN5*|-X^0Pr#3ZOCRJ*_cMYmocFV(?6?BCVk1_tW_; zWQL=zGNW2f#wZ@C?*x9OR*89v*T*Xu7Gr2kk1-~s6(f%=ZOm!>2Ht@*_`R(aBJ_<) zCH&i9+a7ul>^ZoT*Q;*jbCatjZ@e_n>1e?K2$@2qRH-_s8vP5Y8QJ?%+Yf;7@iLk1 z!$>LTv-PM(3Mr(LF8l`>0O1p8J%aZ)hh3rdp$N-370)OR|hIUaYDBOOsEv~qM*T5%uTas^I%lWec ziVU>uPiUNd7wL4Tkaaf==Tz77ctnOjg}>lPMZK=UFX6aJr)waH`Tf@>E%m%696gXG zT5`CoN(D{s=jch3WbmP++a-@%APaZ%wf=OWOj*xUnXquO#`-yD8{nuyBP{}{GwLDD>dZK6}IG} z@0ZP2d5&2yA^^?#K+S(_{4UdB%%*tFG#X{f(Ji~LzqA@+j|ofS{gDy3HxF$*a;q4E ztVYb86yd0OXv4bIuFO6DSIVDEZO<%*)=EAzUgCs zVSeb8v!=tRMM|!mIgq0|mvkk>ko3>$fn)!uT`;y!b!p;-zaRdYlo8?FZW{I{2g26p z0>aiO02+z!sd%bMaMam^-0fq2;cRFNTQ4cNxx+r{Kt}Te!-|VG-hKW^Y8c=R*QXR4 zhK8KsEWY!TZ>(k5kZbu9>#`n)lzjCp2?h+jA>=?54cpB31Znzy{V!eJsZ$}G^b+?~*MVEU9 zc-sdD2Rnw$`Smd*7fcVdn|3HueI@A9?s@K}rar;JUY5H3$IdS0LXe<1nns>AeP)Dr zNU)uqebl6s_H)y$H|ORJ_H`sZUy!Dq)<3`B)MeE#4!YR-%1nu(pQrlS4FusloGk0^ zT^7j;>dI&w1N9RsEY2-7EbaWw7Z*hRJV4k2fKMy5XWz0v*OaKcJDUzID-4-D!IRc< zcmDU+8Mh0v?22`OqLoRo+bS&Au<6M4WVcye}r%!URX+<3@E&Yjs zumu30mYsj3voQH|QXT}=uAP2%!r*QYBs{X}Ckm_lhh>Og?>5v{*A@uXQ_S@&&-^q- zJp+}{e|Wz;2e(hz^iYbRZ(7cpyzT^h=GyzTdZ7F3tS=R>ipG z6EsPtu?bdEiA<4IE6l86GQvqji0v45DKnGL0^z?%i z^R5x37XpT``N6X3mnIJmM$?}W2wMQ~$&tw6_HISrE!Ph_3PDc)XojgTk3>zGy#P9_IrL%MF>WvEwXe6Y23Cjow4Wba>_&|yr8cTq<^*l`I(2Xmn zM!=OZr4q9933BAnAOfY=(6J1LK-i+>xDDTVXq&qM@^nxE5j?{qO>~hNrz)jF-_||A z$?%1L<)V`Nw~AYpX3lPbCi+UHQqRW6Mcp^mQeOeF&A%Qpkp65^Di-e(Kh>Eo<+ez4 zx^~~YX_YAh`4MIu!NB{r;nX;0c4gi3ci2MKj z2L9zY%}Wm451yNjqAcKD&)pT=0fFsP^``(pbsXvG3qss6@jpsNZUDfoua_UZcIQ$n z0Dyr;S?;Nxx7m8uy7OIq_?silA<^R3K%x`(bdW{pn{QLv z;LPTy~Ea7mFK<0l};B*kc!;mEVV-D%!JY#>4G| zrh!-qF-de&lT#HhAeZF{Y$~le;8b?AIq+DM-1c2wCP8H8=e-Z8ohBoSMs?! zFu^-KF|Vs=-{b>?AXl~$Jrw)gYIagJ=dAXdxZIJJSCoj8naC(TK#QpYlx)C_k!uo) zXj?8o^ncBN|Ak9Bu*ATScS!vptj*|jf(4-e6pI}jql1~)?ST+qcOh|$e#=X*rn8aU zW&;{Y@L0%opkonlnXPAR=h5*SUt0Z$*tFLm#k*GSko8T~{=M$@4@vvMLmK@JXdwHuSUC_O8q= zUB5TBFGkZ-HhY=0Im&{?$ZG%z416VV|Vl-nnR{V4djm+XrQnfy+lUN73zbTccv=*WaCBK7tHMf9nOh~sC z7oqZ~*3UPhIwwJx9EulM{uF3z)xG9>Qlo<0OBrXT? z02z8Ehy!izK0Zsgp%y-75*)#>Su)$Fyb+N4iKf`v<24$oyY|DgWO418z7tnsSQeK& zq=VYEzV8uZBs3~^%E4ZLB<~|8Jd>O05I_K+mc=^kyXY1py2z4xe72QukW7g*Jd1vu zR0Oi+nM#b!LhISNrG+n~_JOe^lJyVomEFOBc!VN9sQbWv9{2%D?+n0aCpO<*^wM?@ z@}I!VA^D^RrRPBp2Snd&h5&N8E78ItBJKRKk53Ndf>MTJ`eS(fFS?pC>YP%4-2`yO z4Z|%wJoeTOnVTFdu!p;!Hu(Z1?fD-8a!D*;4+2fh81DXRA05@B?lhW9QNXdp+8!Z5 zFQf$2Iu&&4j&>oLVKEm-I-Zd@%W=pdw8hgB(}9q9)QJiSK6>owf6*~D=7VCWV)8pa z6FgDm?3p<}FK)~Q1gj|b!(UiiFRY??<|r*~+cdbtJoHb?oafDNnI6rrE#>>STUwo- z&KGUh*Gr69;q{3LpccFjxAJrh4YpNg>NJ6;i?em#_dh~EmD~l4T~CKrkov5*z={wR z(x;BScmNN4EIxqXI+74@LCNOrj`5*11&F3cBS=zJ?_V)HLShtx3K*m;Sbfm4VEhb~M zowMzATkJgs|GBKsqh`|Ej<|-J7iaYcacA3yyZQb^bKN1d!(qpEhd;vFw&vaErW^hC zb?^b@9P*IeD7OO2r5PYL${AtLzt0q8^L*YCMF?qk24CyLD@4DW%3N>W!VA@x8lrKu z+PRw@b35$-t=Uzgt9kEjfbKhJHSZqcd_g=-X+}b7^GGYZIevIrqDJ- z=s;GJ6L4~*cjV-P0^8mLtA z#tw)?9QUY(_3Toq(>+M-s(bm+G}Z27lOCTxmA-ZFP6jPQfi}Oxvy;jXq1Rm`_{|{> zd{7>Sn3#AeRi5pY`U7}MO1C@_ASnbXBqi2RvZjCU6gsqOOUxMG}aikJ` zHA8tHc$K%Zhyi4r%uPP=?gKq=$&SYjKD*t&^|`2s{V(IHcdLC2oHfFY`~_ngTu8_|1%w-u+(mZyP2fMgkL!}>##L2;C z4#SyRp;5ve?7*rEBc&xCZFOS0{deJ7;L#yB%iiHTm(O+f*{==gETO{b3@q z35U-vbYr3{|7sX^a`J8lolpHHae|`|X#q&vQ2j20?;K`gCY=YT0L1pH)$bq9`0c}R zm!mZ7RnIPD&dl+0ga|J=jOy)ROk;Zv`2&NJYP<~p)4UbWVWBd|~$fnjlCKNRNmW`7n_ z*V%%zAxv~fbSJz3@sJ_-mnUf3LYIwiDMZ*4ItSRZDT__%`jeq$Tb#Ms{;2~Hmy1N- z{PpWsR8*9%Amv=-bxEH}KZ_ry)#tTmB??wYx7zC4=o_>s3k<4E>w_+u8p8p>x8ln{ zJ&TKrDk9sTk2cN3clM5)Y1VvbgEc>0dk>=;0M~8zY<Kj0?X<0tG6Nhd@#de*eHC=>?d~3L7Sm$P1w{WL73vsA|< zxx7x!zAL%dAAijJj)W%{;foJbemMgp+v9WUCc9Oin4N||C`M46F+=P~35b#G#1|Y1 zR!Gs4Ovzyyh+5LaD8jpaU`b*fNF${*Hw<{P%IRnJz_bKZ6OH9t0S@wx!l!x0%eyeL z4Yrw^kEGQ>Kt)vlRK7U4;6X|nA}yO|-*{0@g6XOc#S(ZjdYV4F`S@#Za(hR0)KnoT z@Sbg^Ma$>!sDKYzv+DFh1pzb@#bs?yOAAm{G7DJiH1jUUZ0E1n!RS@xc&zW<7^n!* z)4F@lpJl+ZU3Rih?Bp9p{=hR?RG+BWuO?L1j>kGQ$*c2l!!{%5TE&JO{@sXhBDJf?mVqSlou{<)e|29IHo}^4=uC4QJZ@1rWCGPsxLR^Z zG;Ar1jpOEsTY{Ct~Z9m7zAwx^=Je0weS zu!%nynej>dugP7e1vmuv|8PJ5GLtxwMFo25~yxrTPuOPWfV^))L;e1_O9ykw# zPUU*gEVjcwt2g#J7%iiZOL8QNT3XlF=^r>$byM9@f6?^*`m061E=^t4c5M)42!nck z<%(d@Ttp2j8EYn#%IKInN`mv`&Dy~=}iNtDpx34MKA5Qajd>RyNPz^Bv_WSCT8zKx01^&Bf zpRP7cp8j2Wb$7y;XKVMes3OEfld9OLK~7+T6J<^6!B{LSQCztL<@pc5#$e-^+OMm& zNlP6R)M;4P-Oef9yW?0DSWY>DYk5JdD(O)Hx5rIbNcjyzh-6Ms(B7LIp15;T+6(Vf zp9H4$>(-b?(;7y4OP)sh2-nmdF|7Xh`oXRkbvG1s2cNat;^(9k zBXL}?6ou&Xx!uiVv^Z_^88k;JZl864%qKKU(w}xk;F66g9UpKF6^qlovsKy-ZGy?-n3l&G- z^uxJM_by9fYZ_iS+Y5u~%0O}zWFQoFJh@k;L#zuCBE!LipbXIgxt)YQhc3rTR#9DD z$I(Xvj(AicRaqZky*z|i60WOU=OTh}%*ojYC-}EhD#S;sNmCS82(?DaH&0Pqn2}zP zWeDU2O>peeTHqFdq!@G|R6eGh_4E(ilZL@ocg{|_l2a>AkgdgoG|(LZ`4p0Ce+DV! zh6x>wguZ8iK+tRl6~J7O7N`$icnzyV6v1yHf?>OmQe6yUBXu_9juu~SJ1>0jHT_HU z=9~AZ2)v7rr0E@9nx;sE%f1_c?NIs^DQ7 zp$sJxwr_hsLXKulZg>6N@SZ_FxZ>1Z1JM{ikHD)%CXaMMwRo>m?+Jz^;FC-$ z^fR+X4PY%W+_d>m3?OQHx0D&nZ!Px}2iDioTCDASP<`-HtFGJlHU$ooWpTTNAcYr&O36%FtC- z7WpN5MKfL8F&6EJU>uwYmuGkHLQ;#sqe>8O5d#QmyPf{*!ZjD{~_EPI*{+TN0QNI z%Z*O|@7o{ckx&nk&$~mg0GKjgpvO@W zt9ivX`P99W6aJr!%nmq@fr~dX)(-l7)G}_J;XS96n0^@&8+fvEPF;)#Q^p}b9|+UV zUo3WLM|oJz%*nq|7B0GfZ^r9uHo0RWjRG2Z9ElBEOrTsDHa3P_yXsFES+rw2`fk#s zyJH^w_DN#^k82)!Qb+uZlD+@=R2it&CQO7pS)uCHJzBg!zD52!Hvc2I!}3Cjlk+V^ zeFr>I^21LxM>3ns{{9>xb>(|vu(Ab9^%{*i;nfIWl>B&}TRYHjd2;KpDWHQu6%ol3 ziHeKR8LNER<9LGnh_bJWQzzQhrCp{Nsp|WtN1rU>Cx3qE58AfscL|lw2onK^54QM7 zT@|(Q5M0^DYk5Gmqyq8qXi0#pA~I$7v+L`~2vXBPk7Hsv&)@?6k`c`%Ab0aBz!9W;*-xFYg$O13?B_=M0^jw*q`K)N z$*FaJeGo5rR1t2Y{GeKndYsi35np$I(r5B1a0QrY-&T^_HZ7ibIHzmtEM8s7am8JB z$`EmVf3^JZ=!Fs^{RfsSk(qgP+K+lqyV^(~1?S-c6HFWpa)jfoQG6SEx2SUzEz6`= zZtK73rC1lD-yxr~)ifZmQ^ki7QX%Yk66lh=#oH%CLPWaCDHdY?^n{A75Ma93hI7!Tx3fBsLAlPC`{oK7VB}iiL+`var_D;c?hk1 zLRbeDnrFWqVUV0 z>H}Jbl2rp3P^j$4CQva;qOO-Ms3(V{YZmAC>drMGDwad@KdxC(38&VPh;n8Ms%aUj z%z3GQC$Q)XS(cco?#m%~zO(PqkNSHp3T260s0r?P@8%pcO4zMQtgm~}(Lw(F$fPcj z^Y0lEA{YJb+^1-h%Do^KMt4(p9mtPSxl-)v-J&mg8 zR1Xd7|-t2^28+vt~nJjvs~p2Q6j^}6xt zqIy!^lO{lu5@nj|0;`oK8zw{2^jE-JQs`ekL)feSG0rEzx^eQ7)lcr4aIN?AB{wzc zpH6GHO`(EKKD2&_$p2V zz2kW-3(2L!Nnq;%nyX_SqMa1#aPI|0T&L-@&Mid@HzT_GVS;&LA9(Np?M*cd-q$&^ zwpE``uHdWQNk8ar@Rk27tn#qdhP8B972nt|w&G6#ULX@;mGJUyNCt*fKC~>CEqxfWrye z6{Fue1($X@a-bMo9rS@^`l+2eAf}I!$0!2U5;A`4DL2k4)YMDxSAn?q;9Mh_dlWlM zSiZjjg`wT~PRw=Hlyl%y^~(3sUJB(u8x7H@R91mT#Zdo5h;0-`&b>COf?{xGblEvO zcEE^l$H>+@x=fX;#XVXH+G2coyp`cyz;Iek{VoU|ptH2ouDpV}_BVVQSjalzzwVg1 zU}u{h50Y<(Z^RXpaONQxaQVf(SJC4L)-p6TMFqL#3jf>V$A5cHspSYelkP55SNy^7 T@c{SQ2%s#lA@@%9`OE(TfyM&L diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index e9e79fbfaa..51f0a550f0 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -17,6 +17,8 @@ This topic shows the OMA DM device description framework (DDF) for the **RemoteW You can download the Windows 10 version 1607 DDF files from [here](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip). +The XML below is the DDF for Windows 10, version 1709. + ``` syntax Exec on this node will perform a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command. + + doWipePersistUserData + + + + + + + + + + + + + + + text/plain + + Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command. + + ```