From c8d363f7f47eb1330e911879d4c3f1df3f07b5d5 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Fri, 25 Aug 2017 16:50:07 -0700 Subject: [PATCH 1/5] Revised/edited Remote Credential Guard topic content including revised/re-branded graphics --- ...ndows-defender-remote-credential-guard.png | Bin 0 -> 15225 bytes ...redential-guard-with-remote-admin-mode.png | Bin 0 -> 25974 bytes .../remote-credential-guard.md | 121 +++++++++++------- 3 files changed, 78 insertions(+), 43 deletions(-) create mode 100644 windows/access-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png create mode 100644 windows/access-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png diff --git a/windows/access-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png b/windows/access-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png new file mode 100644 index 0000000000000000000000000000000000000000..f7767ac5f0dd612bcdac44338ef6dd5ad45c8e45 GIT binary patch literal 15225 zcmd73cTkhh7cU&KAc`Q00@9QYp`#RO7J8Q+st5s*-g{A`H|ZUuONW4zP$C^d6Oi7d zgbtwyAq2?#`2Ajf@BQOeX> zDRmI&DnAHxMeHU4P!r#FpAq;+WG@GC0)a?6{{CG_0FzJym4wdn%F=|3H>nJ5(LnXhztuV>j<%Mz7N8&0tHD4W;lICkaWsX3j_?6nm(5<=+1NmBok7R_ zi3p(X#@}X|md@5t(6`+YRsaZ)ywpog_w=1Pk8~QBl#~6!V$TAvL8aIRe)-2lL5JhP zS00T`>d-zsd6;6q62}3(OUh9djru&mo_NRMcp&yH^#ty9t!qpoq;JKMaPHV+_D?&Q;uDOP>iT5bHiEzz&Lxm&dc-Ge^=iy0D$eol2yG%P z#tDAS8qG8wEj3A*|Jf$g@5`*12eE*RB1NmWJbV}CnNqrv;uxA*7wvF~g@;=e@%Oyk z#9l*IbT50|FEMO1BgN#VV|Y3X@KJy8)J zZMPmuMwa>AV8NuF#UEi5;l5=NCND3TR{_k3?#T!=JdZMt$qkKE)AsDG zO;n&j<{5)apbsQVByB2E-b9J4(Jj0~XcL$>a;>IECg##CJSJKFVz91joqV8rXgCq0 z?BwbVi%jgpfxBBBycENi`k0eQ7iYW0lIrAZ2WHxdCmYD__@Pu;l_XV1#t*TVSRh|k!nmeZ ztw#*CMdg{IuM-_@Z*c4!O0Hqy92L9#yX6?t<+Uv9le@$7t)=r%#R!=y#%}aZDeZ)6l|xCV|QKL zT=i$^sHjttCAZua$VMCZ;_eBE$aPuJE>tZ;aW736X5wkENc^= zPetx$R5a1rkA%+i@}I;%<4%Pxodwl)U<%+O86xf{PR;o zi=QI=bk25QN~`z$JfT4H5HT?z3LBhH zX5|_B;MvubU7Z#eZ2DXfUMcbT`V@l`q}lrzHoz>Wou#SmImGeN8e?N&T(Oqvc8SG6 z&WWSE@5hlcOFo#FY37ck7iUny(}2759j7Py_#1Ue#TxOE)I!{b@TYiM#;npIRS?Mk zOl>T>KgwphrgyX&3fPA@LMRnb&Fa1$?^hq(o&*B9)Bp1z^9AGv2=tpM{%@=QUw-Li z@K3zN;(v3TzroG~{@~qa%>1juFByG2h^C+HfJ+rI^^Y&`ww5@*w7RkHuoqt8+?}VPua?*f)EBF6*bS5lQwcpWR@uvoy zki7g(c1;2nzlUM+kLY^uzKB^$N(QNqKIOU>nun`?d@B-nr9#llu&;f1vrdw?sNv--?!et|U^;r_M5n4V92{M|#ez1d!iv zyu^YA(v!n`}L}{T3j2Got2vhLoSdPfuF;hq8 zbAfn%&+>z&dXH!3mQJ|?2Vx2pQcld?RU1Ft;!?G_>F<1tSO0jkq@vug(G{~hx4gWJ zMT^UReDQX^$;0@hjY36u@$;)Sg1m$wM(wH0mEGU+`>WX_cU~b;fzP!T_RUTPuBiPw zFidRTYr8Fp?NvRPEeh!B?yj?2Xz{@v+j%cj_a$uc}2Hi0juntqo2tUtkN@p$|M%9#dR=tSzp!8SdWM*$Gs>VXyxR zYVH{8)fW31wLzEmSve}JNw00_Ufhfxo~l3*!Yr$TZTw6VCqLB~Sqp0V`UTOkorQR+ zDe~Q)$gIS5sH6%;%xr26IE2ocQXD|}E96mid7PsB-10`5yAJTchchhnM}3nqo!4MU zq$ij#PQLD^r#^_T<2pZY(e;4V?Ck9I<;6u4Ev>5`UzlhRfRywM9$$^q`?L0gmcnr1 zIKeOcoCx&drCMU^RxNrXY#pxH+P+vBLY!eg{byb zp&)+(ju?%LXuIMQDaE6a6fKRbdQSOv!^O0LgEv)*)1NQzL{*^|5R0pdLq9cH@m!1l z=n=5AciL}WBLI{I=-?E#U1|BzPb7OWFR}O)D**+2nC6i1%FeN&t){uw-?A+U@^1q# z1tcFmXrWK%UmiXrDPT#XiQl9OmRjqd#a#y(#Ma&3SDgl5tZBf*F%QwdDeP7~x?Z4O zRt+W&q^Y+YYzJ(D!x-^ayB9WWub53nFFum7M;p27h7P8jZ=F+L%x#ExZvH5~#6lo1 zexC#HA@_KZZobnCs)>oMqn#>>zjXqSAEAr2xK0H&`Wg|ITPpw400quTRg$W0p5QzG z9T+&6^M34^W+IOCEc@>yG6oHW%4Xe1nG0u1`VU;I_uj3w@-%${V!(2aR3yuMB)uJX zPAVtTSWADMTp>t(*tuthRz%A@?j<};P|q&&faTRNYQJ@K;2X4w8G5GiKPh^i(hu*( zr2wY2bX)4Ux=sZ)FeE?18YNvd$1CC?f5Z=^>31$k*{)gj3c)^vEYKVd^G?B?aiJb} zfzbECTCcE$wEY3D9(k#nwMQ!4&ok*8{QLfg{==LI!nT(dM5180m(A9^l%Dwpw#u`z! z-%e(*BG*3>N`b3~)3j|@C_o;GJB7uaM~1honzJMQNqk#{leM_#M8?rTQG78RyvNcLVhZ`$ff2WN!v8mq}Nqjo6yX+;5<7SypqH()xv9$ zsJ)Wg{mdXi%x7u)wDxrh@uvhDntlPiH7k0*tTraIlVxMIWXfhH;}Q#g!TuR9E>fPz zWy6)jfNy5x#t^~k;#u#&5L=oB%_@7(PLt8IVAVs}t;)|XVY|Pc=G`BLGSH9&F+A`^ z!lHX-*51yWH{466hlHd1&Ol#gJRW|Yi8HxwvL9GI!GzlXUb^9+ z9_xKCtPU|xJPwm|o6tGAKz$Bc`9PfCNol*_qU#j6OpzRD_FS12Y>NjYo|*?8oHe7S zbVl=OMxOCWKD*O{SOWLCl3r6@h0`sF{1l?IEdS%P)li$2E;yQ0z&j&E;|P{qA$pdw z#o&M-k9&%bRncXw)mzC$@GD{`nXDbpR>qdH6tMZ!3zphDq2x!T=Uk*LF}}H3e2$)Xb4$H8mR^Y=b5hSYABwN%jX4OB1>2Kew&Hk}U{;;}^#2`#CWSjGZv zY&>|pZvL=f(CO(cPqZBL6JoqSXrDO@Ei?($=X-JbQH67+ z&(MT9uT^)e!~EWw)p&nUZnq}OX1NNAuLPD(YGoJkhcn%%%6T=|jV*e;OHy*eb&e=f z!0Mh~p2v9WGmZ0Ul;8Vi%nN9(*W;7(q~{0edqen*bTN#sg0?vBbh!c(5~A^JD(DV% zI&$EK?fGXjn(-@lwc-!&m>9M+RPB5pB(-R2!K-%%29MLueL3|s4^IQz>5lvvh{OSc zv#^s^zmh^K^V-0thLTV928hi;T120PAve2+8G-wqYPuzD=9_^pm46{qc8P_^GZrxY zgzi3?b?9VG*~TmA(=W5m9^TJ?Q9B4bq2|t^1{-bJQj_?&4A(?}htkw9{G!ukl(q9@ zaMN=oy`Ng&`uX|U*`Yf+J}U;E|jgqbB1HQhOpCH7{`%AixNIJ=$%%qk$ zE@J_W!71+DEKrm+$}zcbi%`jn;jOpFrMGAbx+?V>Fzbr;O1)({hpvkmCGFc zx=kiu>4({kwv~(VRntt{t7U%@v}!&NsJed~k(R@72tWJ9VyFvgZQ|Kt%o?M!g5GzW z5>ZYp43GPnd&E~a$*#20$Qka(wY8vIh`U$OhlWDiae&YDR(?B|cVyo+{}PKN(>qnQ z!$adM-MxM+e<;1u9kY8+sj?L6Ucp&Jf{>J49_JDJqh*#7B(awLWgS8reF{%!cpTvH z(bnw2&A`D)!IEb2nfYbeA7X&@QiS=fFH^Zw)*QyOw4Qv<|( z7q9Xi!&e3oR=S^X&?6URsgIspJ`frB;yufOnLiZidoY9~`EqcQ(OJ8ZBLX%IvVHri z&+3*v5+6Y&z}>hFqY2oatXe+Zsu-#rJHsB@wP06i8gD2V!O;PwEv!l`OiC)_RmzIb zTRV%?urWgnBdsmg(Frp%Y0D(P-?9uI$Ko@pAKL}@mg@S2iuhfey?D$kA(5$7k{c~C zo$u}6%Xl!Hm7H=$gmSUaa4u)4seF6F`j zIX@cNAYZ((#ERe^_o^GwIr~ssCu9iN9{ybrON#!KN5Aa6=PCr6j2pCM&T`(@Xcmky?J3{k{_@|l()?W?kM8s+9A9cIrCz11ZWW*a+~^H{Q# z9_mefnN2fG2ufgC?FKuc=a7#raBvIJChg;PXYtgC=!BTM`fj};-tLUiB{@CxaMxqC za)@RrG-WdNN_knC3*-Ix*me@pZGboLLn)Zwzki>n`OgToUDM)QZIFNOSKW#O`cSFk z?Ws7MlJatHq1cz~BB*!`$0m5`0$TFumqrGX5X9?24uw1nmD+8=?Y6eIvMeZdU1DKP z4TMm&6%|8~@oM})h~Px3{tI#C8i-tBn5H8_iUEj4XlZHnYpti6Je*Wjqaz=em6hoj zd7xsM6;;IcI}-mXFCPDP2V7Z@pnEx|*ZI-JM7bd~4hY^gq)u_TfYz^!``z8$LIB}m zIa)9odwS}rrBwoy;^KF=|4zr_a8+c4ktJYm$CSG6m?|jU)oku8g`~d@2$7!*B|v?A zd^{v{oUTEBD|59b&@Lodv-o@N_sAdV+)4lB{V_NMoS2Bd1 z0hlg(%fWD{oL2GoDA$xY=|Cx%5132!ca)BHKER`YQ0NEy15wAvLD%c`Utyy&o`6^)bpqs`Xa|E z>8aS^2lTFOXJHWDc8d5gp#<#R$CHA|eTMdP>2y`r`T!n7CH32sE(5fKe`$kOVx;x- z(}RA2NXavkwu8Z~@{;D0rLg5Fry}FWZmM>>wmVd!mM?8QAlTxCIv>nZ!|GO@5(fY0 z;I-sBjgXZ2815=c>D5)xwtYTl_@6(2d~q|a6UG(TZ40o9gh;LTpN6%d-Fnlr{3LU6 zY@W6;T4v(Ku8Jglx8t={fhxO>)D4+7?bLWn^SP(z^e7-&?4IE~J_|3>;(J~%C&dKwa;q;J*f0M$E8@6N z25^;LcR@eQmc1d`Ui+N`s^a;-Caf5W<wZAs`(bCEb=}zF?fSeM>H}av_IE<_NB@!z&HJig}z<$ z*!1+~;gp}%=k`T_8zB5k3*56kzgK-a>r`mqGPX|Z77_l(8#lvnkBlfp(`QRx%OV3h zFQ`r0Nw-qS;#4tua*IcjnZ-Iy!Uw*99^#XemX@Xt-nasSIPSxtM?!OdT2GH!Y-ZY8 zzlOwzeha5i#b02`WaS`8DSFm^>t5MtJ(daa-YttUOUE;3OD4sT`&L#kF1At{(s#hx zMTbLEore53+vf741q|E4jn&x;qUPB{DFeQqtPOx3C|89_rt zK>aHF=kd-=BOD$S6!hW4hs~|6XyK)shy_VOLGzH1C&M#(j|k}^qM}+#K5ma)Vu9Oj z#9`1BF&m?WLuo=41qCe76_>5?P&xP%ESwwOldy9IL@w!8aZoXkUZkmw{QZ?7=ht}R z(11N;kn)hBR|XqoH z9#2U=EcGro zJ$i&hA`4Wr{&KrDH8lXuYBN*IT#7L5j#6WL>V8%z$_*;pm18Sa$Mq>?Yr_!Gou1cP?w($6g)LTT$AHJuJ z+u4`e@wd+UK2nr$^WkVN3%DLIv1E{%_ix$`0&i1<$=TW2wH>Tu&3r7@?nZyQ#KN21 z*931#5h4fJOD_)s5DWEMA1tb*!WW-x`YKwIjz7YYEJd_#Khx{cZvE>=)IJPPVt%JS zL({uxPTUbnz9yfXiaZe(OiS2(Z@LZf%1G_5b2k$Z`Dh*RgDfB*fI(eHC#ljKFs2Or zPoKtDih17BtF%-(YYXiP&?qMc`P&R8K@$`c-vocl59gU4;xe~=^Ut)nv z56F;N5~dWi+mBH_Iyz#20sQJ`)NnPjKqVu!QVedk>4b{yX;avwPJSt7)R1 zUiue13mht9e7+t>Qx;%V@i8~t&S(W7?Yc9qg)3YLvMRv%9-yTT$87WjTt+J%NQ*3mFpeCxp}DVs zrX2G*!C9i1uM1}^C=D&eByBFkO_@S}X@HpTjb%;~va_|a3P-G$46W%mxjP(O=K=gA zRe)gDG4^peMeC^G&ynk|q~An|?$)m`0^IrJsy(Ejm|leALkJshIvwN^3&IN?h9DER zu#w^Mi}lfHUsNAn&1NwS?@tZ5+z!W676|NW+T7e+dwcuX*cbp7;IS)|_vWnjr)cQt zU{=%YWc)g(CMVrH$YiDb7`{Yood7n^0mFeG_Uso{OJWZLJeYBkdqb zoQ#Z_{MNiHI?Qc#8`t+EP2oj?KZnd}t&;y0z)@}Afb}b8i#uOp!7J5qxBc#Ug&+9f z4_@Njb%)TdSk!s=>cx-a47=|;Rswh8b66DXF>n4joVCScWRdv~oLoSl$96Q_eGFj? zIbepcZ#Fi#wwMrxkwye2#cdodQg6fil<9TX1)&@LyZ&RH>q<*`rM*jNpZLnX_IXK9 zKPGTlEV?+p@@ME9VAMVRi!dbtVlo%^w=1pPbf<;%zRNuN_|g!ugO2txCofD?ot4k# zdOPg`uEPa^JF+WORrYcC`0ewn&Gz5&qdMA1mYFjCav;^?_v1pp&>}X!i$g2Y3cSnA z*+;J13ytVd+**G+#(S*~ z?J$R6jCrGmyOf58Mm9k8{NM=ggRN!yU8G4i)E>7bx}gGMEOQZFrW&2mNtg`bX`vPb zCbT(;&U;wW2&)=I8J10{AVu6cHJ_2-*hK<#z)X?^4Uf`2A7cI-qKKo(%wiIM!(&TTXp79SPcd90LQpj(ZSH|k}Omd)ZQHg%S7y>p4 z2yQ|C+rkEkW6D{_k$nh*FocV zvBS{5Xo*$b+esV%$jN!Y%4_lwYw;1Awst=(ZE=A1fydgnriaomdKG!Fsgz3_8ofXa zatpaJ#owvc!7DX<$8<3#kkk*86x{5!7mdKY*3#h5ln2fMc~eBZZBw44QU-mX4B~j# z=I@|#Gmr6e3$?_>+IYpIb&5L zeof9N^?*!zyi6a{bKLD(+Nslntuk6076OFdf&GX>%YsV`9@T< zQAeV_xUNFy0pNfdc{FdA(P}kzs>vAb+%BcX?L+Ho`fVL*frg+3eL`EwggScmy#t+v~I zB$;adl zt@*}_xCsO2#U#!fp;;(}hoTCs$As|=q-~EDk_yHN;pg3lh@C=nS z>*RrdDc*gD=XBR)!Ks!JWIF?}I~^TT+0~%*H4JWTAWa7#lE~9ru(9vh-cbg<3-Mho z95g68>z+WIM@u#?A8)2|v{!m6P=R=olat?n_y8O)`yW0R6$Lo8FR9Bq*a`ACn$num z4`Nh(4oWfjnyve+8JrAZIZ`}ajsLGIjQ*nvd~S9vdH<>ck6OY1N)>>7s2n$Tq5rN4 zwyq+8$@G`++|f?}cYU0;#?{)WBJem`Sr_Xq9}SJ!_TZqsODuLNfc5C9H>9Hq3;Bk; z$jqFXnEh^Z>?MkG!+kh2g|_xcO`^(K$;xMMfL;*UpJ}5Q-mT}z4($p>tPk{|{=1m3 zW*-<>tRPAqio4g(iR%S{MA6Q{|2j*=u>{?s=6h z&9GF&rDuCgR4L0Dag7Hih?SMz*B59ZyO?pm#A4K$I<`{9k%z=K*W>;zz1gkzI&cFuuaD2Ql!<#n#f_oIO{tOYtR?Wju*V4QhBat#FPa5|ZVNz2k=Pkf^1T*k|gak(*3`v-wq%f@?% zg|X+bT3nP}`ANr!hLjYUv=sSh`S%ac+~+T`xC&E#?D*m=YdAsN~7tkaOs4`bh6@gxlWFQ?hP9JCRp znTAm|R)wn$)`7%c5bfXp&>Al-b5Ko{w$kDvxU?3Vz&Mk<446IMB4M9H=D+rexbyCL zziLKo6lp&}^OeTHm_g#TV zQ>o!MfrTg_r)*bLlAv&IhWqH2QQRDL9+1kLUR|h?#=-#4-a5ZJ*Jt;py9*ip9Eo`Q zvHBcHswNj*Lx+kq*&5RMN|(JFm&azm;4B3p&s5g>qvoxlnj z8)ssYL0@jKS@dnToQ|!Im3)8knBiKR%iN`0WNdR~p(IoAmWN^~X+ zJ&XPhln-(Gy1Shxg8MzutOsiLyAa)ZbGY87RiB;SdFz%ap;N@{&wmPS;co#|A|i4z zdeHSnZwL#+v$ZT^w^8LQF+?#R6Tq_L73jvb%&&4U%r*~Dz%#T=AxNRO<@~-X9`P|1 zR<*^GE?(D=Gh3MM-4ValBJ3rWhucy1PHR5Xp`(}inZR3MNKj2CO)PEwM}#8w377Av^$MU?studPF*9~qciAb58jh!bRCViFQ~SNSAQ-2ilfTNwogK2?QoOhyqkt%; z`_|I+Nv7j2+1$_9j4}OLVnOBMQuFf`XexW`B^F|^szb#>p-?%tQvA}!c*qGk<5Ajh zj9y0`ivWa9@{YOs17@MBSf|<8ke1*d8xkeVAaG^Et>T)o~P`GODRl zPMuTaxLiEv)yRtM^EQ3*-C(rOC(I=II@KKxc=q^>i2EdE=e(t==N)ZuN%VB#w_RU* z=1Pa-=4IAx3*zL1Nw9y;@>1c<$#~g$UsABN6cgu&&z#Ex#l-lbEIZM+$mu>aIxy-v z(e3KyMptBRa4(tCI~Ghb4eRoFev?mQ=WOX?VLFpbEIJ4s_Z#9iRV6)#mQRO0L+Erpb7V}NF4Wat=+A69k$ zLLwsuG*tHT(p|&EAEXf}ioA*E4vBoKo+!1Nkb>QT3p_MpM?bP{De$n3e`l|iQt(SV zz9@{JPW{e#dxr8D@+x#X!V)Fq2Q^CJIoxqTxGS8K((QzL*EkC}Gm?)#NRgZBcqj7i zeBFePW2fw@LME7^hjIb#vM^;qC}f*{_l@u3oll zis5^;;xASjr*$|o{K#3}l=Y%-A~BE?ASw zKIeA)UHUAJIdCaMiB~=z8=qxZ^*c<|&6!k&SUl%ji~fbl;3AYrWpl@Wkqah(tmPYbz^N&@e`SHx|!wteIH18 zp!egV95=}P2}O((uSbcyp0(h*qzM=tN92zduu(b1k$>qln;C*Mq3G~<(mPsoe%?{d z9TQZm77i&D_YtWHvD{D}({pdXaB;o7&ab70f59B3-vo8F!A+8l%Q;(1 zPk(UX?e_wKQ&YFU-wBKa@6Ha7Q)lYsr~9=1!94Fur1 z0Oxy7Mnvt^|1gTNwnPcnKX9Y=sE^44!6tD?}-TxYR%d=IgT{j=2U1vqlon z-)9kI?=Y^MV>}{gHh2l%OUxv?&>}jAjggTtaF8G+Q|Rp_79fQzeMCpP>(LmpTXOe4 z5qho>({%VJlP>GhXdC@_@AFVHFmX@VWMIW*au4^6I&j z_%w6%J890TPo|`_>rt7E`pQ|(*175^!q*8mZ5(k{^Xf=d9QD;$i z+xh+x=y_65u=~s2c~XZwZ61ltr+9X9PWF)Iq}b%k+o2uHY}_qOk(bak3QtgsgL|qreimoei5?DLoy4Dk?8cl5F*q z$2zk0d+|Y*ez|)_0@>i3ODmqW&W5T+>qW$@Tt?R)Qw%0ScXSN+j(ZsSpOTXo-P<>I zQf`m-C8wgic|PG68Pd}gxdYJLzUN!Yb#trk6Ci^ewy+$wlnF2!+CrFWj|0?T-@DPYd zssFl~6HbGs@UMQzsjCL0{J(W{SY!fe*%-7KG_2>Os7mfw*+y|4KNG4G!{(j3`AzIq z;5qso0S?YP9=K(r!)au&|MPWkU!VDqt-*I>Bptv~g=I7*#a-tm3SJ;ilHe}EHMqNn;DO-o4vV`>2*C;N8YH*`mqmihBEcPkEChGAdw8Cg ze|>M=Ti>nkTGicxIxu@?&Ya&&cTac!I#fYU5*Yy>0R#deOG}9^&U8<`&MNQq(~{pcUnxR!39A z$6HCA!8WEK&I?p{;2ZeIZ12HIZ#+uy~}*c5d35U}%fo2Z?Qjj63O=zK7-4QPAyc$*5?+1eCT zxIab>00EK~6H#$b-(B=bCp66vK0HtsWEUJ4ypVl&Ax-)f?N_utJmvSFI*2snhq0<| z>f%^_rA;)5VI}T4f68C7er`Y$`9c%+nT+f;nm^iy&+qs7*;Ck^!Qsop-DmAW#8>0x;ocAt;a=p^M#yTtHIu|yc75bB(?Sz{%?M5;p8bKR7l>pByd@c1DA~ zlfpJ8ar4(7rj3GF)6_>uM7;S=PmeZj)-&_UMEnYX$vWB>_HDUY{BCo4Yb-a8 zKI}p2xtC+b`y5v(Ud{AgYdf=3OC-{I=5 z{6hpfqnZ{!e_A@n1^p`0dB+q)80chsaaJtso$1Mdr-B<*uT9LxQek8}aXV2CFUY7O zYTnI?myh@c;ijI5(u-QZfLA4@ZzyociMGow7`6~zb5~n3e)bOAdHHzFCUU4;F=b{j zVP3G-nrTlBVL=`d^rn0vT{Zq{MC6X{OD zedj5Vp%M~Ahj@*(#h0Jo_a%vnFKw_E8DdC|Q*@p7hvf>^!&X3&x+h?MljL_=ky0L+ zo@PQNoovH3qCT$1EUmUm4wPVS@$H$o9e-KLp_o$=e9-4$$E*eoUs&Tk@r0k-d`s&2 zOq(Ijm&W3nl~B~T8j%epdQVtPfs>m0ak(lia6@-2$Lo?kGQi6eKIDH375h;WzRP8C z6}jh!kDqFx<;ey{*2Rt=fQBaXf2@(p`tTHwH`)y^o^sRB1=ZKZ^9te<@Nzx-VZaqI!)hlZ%T-EjS2K zHu(raphG+fo$vNtYe)P0P)XYRCoJ~e1u~^5Jv}{xf`S~0&_N(~q)(kwo*>h>@4IdVx(-> z0A)Y2qJWMSY0smhsi~==f`t%BM@Kg>Fz{cGpkPu^_$c%EaUud<;1ce?;P~%W!yppz zCBeSi8xTve!T*WL_>5=#tW3ZPsiiMi4kn6(-=h)KzAmrtSWfzY*J6Wfj{WSV-nI;x z)kT6y#MV5Uz|cFlPv*h~dxBg=F9DnMuTA~PY3ZJdKpU*BL=t)ro^yA^t`?HZdTu{j z`{$n3%+SjdE)?Tx=)aO0gkj!nb3~=%mk3;!?l-5t~ck zCt)&cut}rlsrKN0<#($fggvf!Sg?pbX=m#jHQeY2yn@9Dwyd}bnf7brn(%aMp`O)L zIKeZ4*B@4&x7V2srS5WX@2MW#UY>CIb@zF<&Fpz1qrQ~n=xXEXzH#)S-^lMj-Lv+v z7SFHVpNfU&*-H*<)onN9m}c%1*yVb!`U5za{EJ1nX~ss`cF1B7hTqJ>S+^tOvH{7-S)bYNy;h5*R$N*aRf??8#e!3bdc{(kpC4Pwpfu9)hwR@IMas+# zf4;~tw{T2Xf}|>M?o1k^(}MWAYWwSVLSzLJO-+n`SNsJKaQdRoc!3#2as+O4pEijt zK>Fbm4io;6;`e;qS8f-l$sN)i^XBDFl;Vb4{5naD9|?4Uk||2)`tP{Ba7J9duGG6Y zuk&5aDidity91YL-J~6R5MkWIRNw85xWWrJo<9d3pv($W%_!M}!M3$(+BohHW-9%r z8pG=KHzEhi@6OIpDT8f(NJYk&JcyPgrHyBYF+l~Muuw16h>3G$ukpS*)(Hl|g^N^kN91ju0rVr>`PvAzItRJW0siW=UimF^Q3YB(stPDFBC_Mri*bEvj= z714=fxg6X)snjNRI0B$CfnCFiHa^cRF3uE3RuXiq=1a+>0}FQjIVI@rS+d{!gvBlr>dVp8age) z0l%zlcDvrvWJj} z`ZIjht40?wsg6U!&Xhh*{}P9-r?7M-xoim1G6YE0_s=kq)tq;6Bg>LEONw#urkkE~ zH;KiTNu^}Nyiuq{I;IaA5>%$v1L;U<#bq?Mg-jmC(=4NX9!^#x$-1VRyH(@c_mw|3 zOL-?>h+1m9-G(R0>Ks>92Q4j4rW+Q*Rn%5zg@kC#&O|uk+8wyPxq>g)2EG5dkBPff zm(_Md?jR>-=^e5vO2QzIO}hGRKAxyzo{Fj9TloEW%`xWA#{%_0Xm|o9@$5T`{awrw z?p?uBN@G_5dR@Q!hGiz<(?!V(S_Ges+avSga=q1`eNl>lqx~-y%FCB$C!Cy|DC+nw zA7c2(2L#-n6(otA6f3sFpllJ8By0)KL)!NpElsWq8z375@8#Bo9J1Xbw#Kl?$*IJ$ zjS}&Mwxbw@q>4XE9!y4-z(4#cb)b%l$q4A@-2=aEUadLqKXcJOM;^p8_nDG*h&hHq z-<@@1h>L$rfrL+?CwvoLS`5p@aKybx?o#a``_49~g+zh`i9&F4SM>Y5Fc8qy9eo*< zg5Pv3TvVm!vo~@&r|jw{Ooec>pR!h-stL1rj$nLhx)olfB6e)B7D3*pyTGz*JSbeM zjHnD@5@kL40G-_WOR_U(3`P8=-AZ{cV&^_t?wG=}=V`)Z=K|9qdBS1|W#c*6%g|O1 zEzd)A_6Pd)Co5O0@_l0@6N&&W{G-2!|qQ}M&yuz%k6uDO^Jj9#tOeiWyH z?V}U!$d7ybQ$LYJzfVj!ANK=b(+NeqoqyogC2_~NHjSWtPFjsR5+pcJSO{fQX+K93 zyK>?9N-bg0>$%kMtw(M%O`ZNogYB%|bG==XTCA0`tzGv{emAmAkYoL?U7}O5`?;pu zkUzh4LJ(%?rBoF|x_RhXA$mMfS}srHPz;-hziet;DSPK}EcUjSrQUNi29M|ltl%im z0o7J7inE&I$e!H%wy$9|DUDe?by^NLKRlIm`ztwDF8G4*crU|=_zgRTGx&A6;D-*9KYaVumK`KnMjv{fuz0J@ z)l#*7IX7lp+~H!Hjh;~M?)f?syhGnIt&I2(I~iF6w272P z>FA0|Jgvpu5);$Yn>oq>LpeKto}nK}>E>BRoTC{truz!dDe5r|eEovszw&_`XnfvjHW0EpEh)a9&F-Evi<=2l9A<64m zMUb`)uU5yVK`ZTCSUOh ziw|m$%7mMnjfub^s5;SKzcSwQKX7p&79Yj?x%DmYS7z6G;@|Q&Y`{58hk9m6PP)w}#`&ndz^ucro{9XIksIGqo;%L4vi78<1>U zLtHp-Vrl^&6gat!kF#@dtp97#za%xFjqVJ+aBH5+`N33)eilwokfh7C=t@8PgaxNb zQ|0-9<*}aiF3?8K8ijV(ilj*Y*7XKc8}d+7!VeYs@@uyUIZKaYdftO^F3>O56ubY} z65-w-h)=R0TCRQ&v#af4a<`nWYRGsPd?2;}_GwyC73}t@dZGP@AO8CR zY2yz$^jX3Rr##|8_)H{ea*g`r_|#DFesaY^R-Lz;(QwC>+&&X9oxVA)qxIM>9=Ab; znb2@EF_@RjWjPQ4!22-WA#H={X4IooB9=gf|>GvlhGJ09k(4t8EIzE>V z`ewWz<3YB?MtSm%Q#cWRvUzLJMsrG5O}ihg|FQ(JPlY_Bx7;d`b4R@%a{AN##-xgt zp}ws_>!hv<66-i8{JyhfU&z3NzHva`^9hUIP-v#0myooK6M?8!T9m+>*=0+RBUObh z!Fr_pGDT1Y9dwOo^#x7hjmp)5X3D_0YdcyS>;p72_Abe5E_#d@uL>zhmj4x`{#TV; z3L`^gR;jDHYw)jK47QY3jdB>Dl*o7@;+{}{B4@!j$!4Dg8-#qwU4!n_K8MQNFV;O( zX|5#Qw@GPTrW=DP5Z68O9DjfRp)~FS#w=<%o|UhF!)QQxdCs~UN~CIaADHTscm&a) z8IQidsPs12&p8VneDiHQ5L{nC%3aG4U59byPDz1okCnFbDMq>G&vIT{OweQ`Gx-=%d3hG=+9TE^RW!fSFiWS>xQ@iS2TqKJXYa%w^P65X=PyW zOBcDK^?Ex9nSikDIAz2;zqNHq*J;$kd8yfhii&Dq?KN88vAaZ2FlBS`!ZeFOd!!Kg zA8hCgv<qMi+HB5UZT0*osXjz(qwFM*qp$Ll8`H!!;Xg3RiS~crG)a0~@b_nSRtd7ti!y zZ<0|p<;wkTW}CVn=eix*u(eCM@I{mDTFPI&_vI57>1t_#6>x2EXQerfPMdsmegm`x zq*nfl-S)rR4^>ThHAlcO=hIB-R!323=p2$foH8aW#O1Km6x~ScI98_4!kJH~xs8h{nyQlY z$DHV*!vDrcr?0NQsZ0stHM#$QC6GXCpqF`GdF9{W=wQH>khhnVYe1=98KL02HZ!?P zBUeztcP-HHH++0Ve&Zi+lvFby{1e%Up=&)WW0HAQwvPFBBX(aJ1BRlVT}AHkoUS#X zmPmhpNo}}YLG`m&@$C#k*45P&f_u!v%%T$`|0ni~{!>(3R8%yL+fJ|5yK!7OjE|4c zwh@*HWp2AItsZvtu|)@&d|MYG2jSTqvpRU(olQ?y=x2HIad1q`&-3%}%uG#foW6tKLtN zMD<=AEZbd;U2SGXJqGbe?ciJ@ALEq~AFg;-9T$OUjoYG2W8`CI=osaH7W#~-?QfiO z$;ERR#t3(tPV1k{IvDqw(SvAA78e(_>#TXbFImthCntweIc4nKihXX*_ZA`a zmA*Dl`=Y+2q$EGzYG9GR>d~huSPhKOLXDQANB+Z z+g{HjG7CS1$_R-_>5v)&0`9p}RM>ZbvA2e6n%yaEIXg_}D zS2}}n88o6>?4N;1Uua6{@R)an(xzh?6D%(@xbMBtF5nEZA|Ef1J8N^Hu?J>u*K&q~ zJ_IN-U_7xJw}YjNWxt1(izNbfGg(p5fL41etDQQV`3ZZ?oyq#stY(@f*rY?$gT+Xu zAm%&SWFChc)4QN{>~IuWWvYeM$>&;qyv`|J18Ch!6Y)^zP;iT`iKU}|Lqc6{+im}3?6&)No+vWWCBoUQ#$`tJ z7hbhD1F0qwLIhWZ>0Ax?I&iKgArfWnwJiOD@Wt*#Y-=122KqiB3J49Wm6D0hSd5OM zyx7uDUl^St2gY3PUSM`}{@XS%{@%srsLZEQjKM}Vf^`8EXQA?Lo#x8D-2w;-tjMh9 z*pn;q&GVDEuV!l>v@-Itjg3v*obFh_&@7ORgpZno=-xdECua%fn5GCt;+z*cao^yv3=I8eu@H_)Hc^n^Qsq)*KNL5Hap{J9@9aRal?VjcQ7Alz8FsV1mX;29eb#qa6q0ajXH5o_jJDULv>j>_cE*p%U?NY^2=8 zs-9IE%QMd3xprpx7BSYBkW>TN)Z;MbQ0QFJl&{y(UMDV&8`8x)GkQ0M7N_(6YHjoS z3nn|w8OWc4iw9Y#7SCFQH74$GBd?nSdc;m`H00$6UEM`srI)-8THKa>E*9OE-w+r4 z$EJQ_%o6lE{|b+Z6xbU@B5d3f0sJfL{U>pvgH}0THieB!X5~5Py_vVP4h|#V!OAw( zve(~WK-5Zj%F1_kWAZD5)3}KQY&W~86Yt4%@ZXJLgmKUYlDRn~NjGTFbMCJ;DfZ<9 z8!h53JFvEUMTozNoCaApO2w-U+P|cxrnY!poS&Vks;J0j@J$M^~{Np9DhJS z5h9VFf!+(9m^#{qI1STkq5G_FwzZ@(eQTK;z43;YB`rGkXqxj8wMvGqQ6C<7 z+861w6D8Lo_(xjT&#(KLf~Wv36^(lP*1<3x(_vWVV`p2Vlf$aEzNM)R_p&oPx{p2V z!I`08A$9x>)aVOaqRbfJ@q#`J0Q<9pHqTxz-C^}dOcj-Ii=T!4&xX8Yr*d7<=_m<6 zZGQiA729Bedr7@Vl4IfFQPZ4m@1PCz?Tcu0L)>n@SSnw>pZfXJsy}vr`EGdH^|1@- zmHXbwJq*fk*OsBGnxJnlaul;;(si-7bK8y@>*FJiNu8+gp6yo#n1uH$NAwQ7-Xnq; z4_8^z!!p;`e11pam2KAvbp4mle#%w>1o%-goDvjw2<3g3wMxt^t7>^@;J zO$H1zeCbkHc&wa-pzm(TI*O(^5=(VQua2Ska10Yf72*+7k;M{vxE+x9?kJf0XO5M% zR?|#64Zov`CpAj1=B$G6&$;DPsw_tH%rkl2N5zlS^^ws7E1Df|jiYE|LTof7^=s82 zd0~dO6)>N`!6ZmG9H2%)2%SJ4VSQ~~hYADSa3I8Glll=$yWaLdQW)QBk5jJ8Y}op8 zvf`y?IMHxpqF){{0Nt;`)dNlO?l|h{hvTH;oI^44Mh|v}^2GRv#)Ho;{kB30qxwdo8 zM5(WM^eH@wh7sLsj9Cxf58=!or~cUfrg9lEmwkLy8cJU(rWYk@oIdv_pOSO{MTS96 zmm%!eF_5s*=p-uEpO}~*&TM;qyJ^hawkxf@`$papSmDpjFzwaj)A7?j3TahjbVVPZ z&RD7+)#g!GXB9=QdSoBpVE|uMV$<)cO-IG!$@y|2<=7M5m0Z`d>;u+U0q^#s&bIGq z?j>!33R)#R<~yMq>sd*m4`QQHzRs)FBUSL2bfFlCxKlox{6d9cUM){p)S~?Jh80~@ zDyozABZAxAxbk`}O}nS#%224Bu+MQA_V$k?t_2rddd9ON7vN?ZDWN4IKF=kO(UW0z zX4H`scG#@>oz)`|1VNRneC>mnSUTpWWPVyrUCsTfy09JCW=IW4q=FRQ{9~cJcv#7e zB5d4^I~V<0?6#oLSJ&57qmKj}ECdo%Y@&8v3OU)8biDb?jh=2Rk{P}-RvpX~A(!HZ ze?_4WNSRU?%^5)b?{1P>@4M<6gX>Q1ls`liShXB74XsK?*^lCbKzOyc(mFLV#e^Oo zy55fV9Uk66i5ECrdm~#HS1dGprQ9U7gPF@9d!@TSpRkC{P$4~`AFxPz(USlMfef6F zVG1z=$sgz_@{0wySkTG}N&g3(dh?m8ehxCFoV!@ zI}ueNlI29|^R{5Il0G_2+3ZY(_3nj3)H;L$lO0&`VDGmMiahAF8G9M10!P2g+?Epw z--5xGzMj1&UcI%HK^S)H69JBjoshF%&Wv>S z;H}d4bD?Sx2@;pOX7pBcZjO)&C#aUtrPpN{c+A2Pl>@xPFt0d$PSovfz54i%N_BqE zEW5_DD(zvO9oZDYVuR0O!rxR5C(1v=Fgj&cjexY^o)+;@! zFmMPsbb|!eM-rT7U)NL7(IP)=40ngx`4lD8E_#m-iFNVJ%3A@?1fc;BUBOb~p&sTr z8k3rh%~}%X;L*@g8swdh^uHXXd6X^zeGFWiFR#E4XyQ<4E)4cn*&OIf%C6bSfBKr| z;ZO+VTv)j^RL^Bn`6%aani&>|u3x0%QJ?L#c06IB6cQA?TB4_Ua?8(5$@gk=L^~Qt z>;S|3t%_@~mx~C&%2~>6Z7aKeDieOpfZ zaY6iMc~wr^BNqHy?`sLB?i+UkzaeX*_M*z;^GpAf+osfRGw;!uI`G&@UIz9;G%xT1 za$VAHx@fBrA=H!8OIi<*i_94vNOhd2YT#;rgLj6jdZLWrWKs=7oM(Tt(cDhKtghKm z6+F~vL(N1Dt2$!9QM7*=9vExn7T;lXn0kAEd#TpT+|7*}y`>Fy*S4qE>avj8S<2s9 z-*y7a7qjkC%qS{JXT5=N`{8}=T8ypOIr~qHuYcPY`XwK^wlepi#JZ8PwkaE16c6lW zl9HR8%l6X1;?ZOJd&@`E)K=lAKYp+7+EQnES3Kf(do50#d9qqp`#|GaQc}})Lt;bC zA$R3B?R#|`UXG^fXrgbGqJ($erE}fW9Xl>GST+yC3_?(r={ico)k4A7)Qg;|$}^Qp zUISD=Tu)LL6&K4P#Ps1p>BefP_sqIzkvj)iU3X8s3-$p9S^1$Pitxpur^pAfGsmZWVRL^AciO&yJK|a?Aj!?dMH13~m7S6f zcp9KTnED$HDk_P7cZd&1S%|i&&9!=9^|*pyZQ-$cuklFUn}WM*?Y6Nh96mPG9ylfk zWup|fpx9W(e4PBmzrlh?GL+geQEG$w^^OH;Us**)c#;HfcN@iz_nxy4EbtIC2f9jD- z3LN`PVX+T7kj~ZD>QawhD&)a)c`PXj`Si>*_aEzurPe&X=)V5(xq%dj6ig9+1E8ZMGi`obJMz|PUKTPBTvT1|iMB@ovj+s%ku@O# ziP(*yp0i$zSy{PB5^MnPMiTizI!CJ_WA-EKP#_38Iun#=0=qFgo-gT}3diG!w<<*A z3{{B-N(_Lr;u_$Uu}S2ytri!bUz}NuJ14a@tY)O{&5J^?m9D32yX()pF<3>YR?|>C zX{>IjUDp$XXTih2owqBS+Ct->un2y}Qen56e6lliS(6P|BYMD1M4%@BQQdOlPfgr( zwm%k^DM4NTbKM$+O%zUgVhEy)tgDjoo4_u z(7Q=p(WrYa!Ed?Jaynkr4yCNkfJafsFC># zW1Q;=LS3wH_7#M?&@3X*~h~_zI4Ee5Rt{woP$r6=viD+)}T|e82y>6PU(|%b0#b`M^ z!#?g>m`G)H_>@OF`kojYnre_4}|ai7mC54^Fm@#%Hc zJnvEH%>x<}GA5WGO>w7)muXeKyZ%yITSCt=LZof;qz)d6Gp@GJ7c}uJ)MKJ|K^fAq z6hs->j@jC33P>}z-!L5l?TNhZ;ks^=pX1?|_G!MGo~Y*e>ROYb!+>RNrD=stneZkN zT-2RG6BdfU$Jqr}Xn_7+ACdL1e8K`7P%&tm>B=?a*L@>?UYxr4UbVRwSBcup5LiU@ z@TrMp{52!fr8tvvkHT2Ogb@weUZ zV@=0$j=doH5|$=*UX_*w_b38ij0Djgyl3`t892{fd$AQLZ-Z1@H?Z38o!Vn z7;N;|vEzr-KlZjk8w~_H|BIaegvI|=9yRFyZylppd+>~}l;wqJ@>&5EV~Y*@X>&3h z(O^3~`Gkd2W(LlkElu#V28$055_nS>&47az?Q_Ms8rv^_Vu0*o@W}c56{r*0U~$^E zcDIzV={op+hiG$Q+SW)1xEDbK;6|`QM6rWlMFmCcpJl-c#mT0EL8>pQ`tRL821y6# z3T{O7qLuN=`8+!bORO=9s8o6DkWVEPMrnZ_oCOSCE5N5>vc!*{h*yQs9>%1FrA}_4 z*oxuiGKX!C+pHcSxLW`IcaHi25fBKKYb0@CjSBypM9_nAy7ufkHZhlWgKubW?inxcA%-$^wG07vul~+NJ#)PhBT`@3e`=nK#@NVDz%LX+gDPQo>5l(tK)lzc$B%JzRDd$ zM^3;)W{kqX4NxIA){}EomR^{&E0;u*-ku4&6~h$8yf&cRIZ7Cuol7JT6TavxXI{Mk zwl`^+0AESSSM#gX@VA*wGgq1@dwuc;*eW^H9s}}op2uPC9pAn)Uo8Wp_n9{mI>bn$ zQ##@HyO<{OXj%A5SB2J4!7lDnsF9iK(!O&|8v+88m!SU-l@#>+zo?`%3_|~jga5x) zjPQRbM4v-KSaE(2oD3CiTMrvrMST!&L;<~@y1Q7;+Cdv@IO-vAnsnaYNps4q#W}Ni zo4Jvo)4h?i=)Dy27Q=Z+u>#Q@)1MOHk@^=r(2Yz^dkP)MIAUuH*RNLgqG8~EUN~8M zALUU2o{7=Uf0IZxggOX$4{?RNal~bf1J@hA&HT;?jorX`YwYU7t!{xLs?Y}&g%1H0?IutwmnZsa2&X!yj!;8B-e@!Ae)2MANZPWa2MJ`5PubZCz(1g&I`vU zM9zbRQ=VMjMH{LlmUuNF!#dg90{rLy=(&&y^9$hvg(!V347VSlaG9q|Pgo2`!_Ug^ zvP>|u=j@Zm)|73AsZ*e3mRbxG=|;%sak=lH6>qr06-B6jG8tYZFw_j74isFrh=z}70KFux=e=uJ_+^jr z)i>Msa6xCRTo)Q36eKp_i0x4OCAqsK&t_3E{Fq(fG)*zz%mH>BJVx04&SF~Jy@*ZE z<XY2|qby>&Z(%h|**q8<@T}QJYgW1m@ zpU8xxW=3@;YFJHXJ~>d9FXtmIdqR>3U36M`D-u7G*cUz?^8hmZ1*_kmCoCQht^X;> z8FcXfrCn|IDN$SCp!uX~fgA*~VEOMgJi%e#zXJ(<4Tk(;OAdVG;Lb*r*8%}v(;gk& zW~Y`=b9WznZxAWK?^fVhJ#q)g1OmkJlo*17f23^y3qFW|KJ(Cj-O%w$} z>M^=hW92dCxskLQcneetA@u(G1w!Y%yOBrnwP8i?HmcN-jHjB58lC92cOpV@2iG98 zUrsEK*1bg}K*1JihsSoHir*ov>Sg(w>1o}H*Qhq;t*`ShNz3YoRTN|I1EW5MKH=hF zu`Z0wVeYI?XQ`P82+N;$ETof4>2BSwJz;SY#P<4q{vN|4Nh{ZHa?y;#{u-XO)buhw zjCs?pk?7^#Tnk(f)y7ByZ23#$L9|_T!~2yGF>>JT0OqH-mzJ7Z;=KDhZ;NoGNnlZh zb?0!DwQEXHMm=exG-D+srx_MGKp6E$)d?2s5PL`5XL~_QLprk@z9vl&K_ueggh8>i zW!CVPO1;txdMXd6t@@Mb?_V)7wBi;2#o+OugcR}50!76Ycsf?>RaI3T92^uC6-`Y| zKV#quYwWY{9wQYX>QZW~x|muHv$#LIS|GP^YP~nP$aBQi9y~z}$U_qDj5KJVdJilq z92Fr75b2bE2}>%>k_xom+Y#xJuKo=b8 z#qpsRJE~~aI)~iJGdL0d!L+y{_PAp`B9qhYy~K!xMG=m>CcXC29MX<#^3MkB-Y58G zFQVu53lptOl?vQ-r#a1AryXi;PQlchO=`ub>-I;KVBnykd9u+ zWb5uKS+h|5`9}dA6rsl>0lGwb`Aw*H(jU9Dw6s$WVVYh6L^nc-mtUm@CH_P_on^e3zy zfAp1r^N+4ZPpYfq+G|(Xi%%REiW|zeyO!#tjx0l=Rr2GKPGDZ1zv<<-o60;tKfiv9 z|Jj%g_as_>QQN~Mr-&z6R&GREyZVom#9P44{FjR|X0NAvIu+-6ygBq7t?y1#TtGzt zqi9rcGd@JQG&l-Lxh5z>2ThY$^>II&n=ZWlo^z)(I?`z_uzn3AvGflsNvV2vNOEKdJNSH+2g#()|dIXBXeH*<=>#y5XN~)D%n< z6Z^I&8dU}kMW!ARZggFdMv<@p>Dc=ylciWHLxk5Rd!MjKoVb@b{vGQpFClr50LREz zCSZe$bfnExvs;vn?Y2gf=yg%ESYr)kYh*p>7|+LlwUM-|7UL(%$o(BS$*H=M2so*H zvBvu)Cq%_`B+}{%rkVO7$0x#jgO5|Ta?sW_Ej+a35fhcxAIUFh<&T6!<#*nDr=F=P zY;JkQoFx<@OdX-%ZQ?1I8MPhSvPlnKMM3xmm%J; zJ~6y?zKp!VIMSdooSSuT3eAnqCTUy^HtzNEy+?e5{qX$x(ISDznFg#XP4i5H+{j!% z*D;~YPiyhsvk%f`+TGLndOkRWChzBpP?6Bg($Eag*)xFwSJ?jI2Ne+w-L_l;y| zYwL97N6_Bg1Tj^l2E`-K<0qASUj#q6wgO~t0pf%G{VC#$(^C~dZzd*ss(J`j6S&vY z?@l@o%hFwNBDw8Ka1P4cA}%R9f`xPvgb9>0$G!1MvoMkZw6Vk$3r5DPaL99VFt~PP zT{@RF%mK!yqG|y3r!tRvNG<(Qj4`>Fc5ppm2<=CyY#zn!s9CJ>)HJc zyxz0GyGlc^H8*0tJ;QxA7MAy7pC0ZpIh9zimePzWH54$C7!K@AP_9j~AGtMO$tc@H zzHGKbgp#p!uFm&G@1bdrwDCQP{GV0GZ|VMX)^gki=Zd9=NWmZZ6RRoq23>pDy{?wl z8IbwVJ00{|a>5_o#Z&c&pGY(#AV=oN_YO0z?e1`Cy8f(C=W2AbAPKvg7Ws$tS%7e6 zEV=1j-IAo9b%uueN3mWxI$>vbJW(d!kco)pIl>bzH!^Yr!2Ydk+B`E)cKxG_c|U3P zw(a%tnX{4IItXaaY{ZY>|sYeE)Q>)brqPgKo%K0Wa!Al{Bgb*H9 z{I~h{a&i%S?irKvIaMF;JYiJXQ4zFdjPy+wmfc6SKh|=@#ZHe3Trop2l2|9H*s0@N zn{wA@D!1X|C`=94_A-Tl2e=*HZRr^(JX~3FkD@6uD zUrptQ*1b~a((oGeLB^hoxI-7Z7wxS2pwcR{A6(?Q&9R$+A@78yF2<)j@7}Dx7@A z6hom%bNN*zgj-RFc$%JE`B?!#MP1QlBr#!ZlBGJcvmuj-{JkO}k&cN-yPK7t7%V!F zVg4YW8eJCfz9^u7fFE$@jb6`US4MOH3`AqLd-9 z$mohc)?%<;5A={681Du4KomY~^oTfMTOZ^BH7P#%lLnl&J zt*WN>J@AO@;0mAum+^A!T6x%uLv@XoJ<#*A2A{BScTuY4`}{gL>K_`C>alT`crYzl zamxES&ih_j*h(Rr!1ssZR7D~oA04r@;GGZR(tqtiZ^?8|v+pv)cE-8W8sh zUxHXX*L7EOB9W>y?0y4WXDO=Xd;GJS;wDjXu?ZX*9befWg<-iw+L)PWjFC9>M|oO# zKV#8kA|sH#@!(m~As&%Y>wZT1lMEC?hOA4j=8)XL(g95(PcL3lWa=iR7~4P5IFufu zB8N>?r@nPrp^k!0y9;&N;S0v3Q#5s;NmQVY$0gAw5~^&iX)O&2vDI++?!xj`DS4`N zu;`1gTo7RPL7E;h4L_v{%xMd|-a?@=&7<+5sGGL9nhmN; zLhbHJ#1?FUY_> z;V>zaTKh#B7AYdI*x9M@93FCo;GNe2^r1X^K52Ms#l^@yG+`Z3EATPlm~P7QpQ4OK zzlGVB+kv-dF*y}wwzty>uOE&_#u+h__6<3uNg`?}C!CkrF7XG5O&D$QTobPgg!Uu_ zE2eYw z=-lsq|H`PS7xX=fzm`HrU-Y`qi;B1sL-^1iqBPf>fMX1Je>auk*6UHS1 zRsLheNzKor48jsRAsTn_ziS`LY_*1$HM_4->BDk-kc&Q|6S2#u_`Uta8I`nt*Ys0--((~{bVIU=|IqLY=o;u_cTdRhB?*o!(uS>;b&Qi7Y{)w z)ZnC!p$5Z3Knb@9KUYv}YV|dQU<&UQ9YYe{$5gvz(R>{;mqn?&rt82B10`lny*JBD zub{O^qMw2$hYa5&Q`8X7wFhoLb0i1SPDT-QI|(?A}`L4r5=kFMvqqC!`EM< zg#iXN6jrar9Ql)D&fmm;#{*q5{t86|o$wcnECYDRkz1h+~F(Rr@qomBafOlCt4s!a)5|UOtBh4*fpaFKh$a|7-(&a;{QbW*_3 zCT@lNDH`wCPs}URY()gqC#6?2yyXJ9Bj%ne@Vt8UDx`3083@^1g@@AMgv0oNn7}`! z<$u10H5hpj3@i4HW|ISqr=**%9~R%MZFdF$T5=#MM(FA3DZnAa*#iURnzn2GB)Kap zq#!&h$HWGp0M-~_GK#4X?i3@-t+Ih*FWA|C(f^Ouw9g{>&vOvV+`4rn)Li&xR)NM~ z?J8U0ZxDfPpNpScHT4q~Sfm&z!B&=*mR43VwLls&Fa2A?U>f%UKy}jv$gf=4V}ZH= zi*vbcd6W(jhoP{v)OlKm1Ha{OPWWSFgDGMzyftDjGQiJ~x7TzmPg?)716QY_)p8Oj zds==-VAfYsa)dJ0{|V;7!pnNMWaMX@7-$oF{wms4{mcbFIoPM)W`_j<=IdB)<+M5M zqT+kLJKLuPFtr?_jCR!>J4QJjkHr8_436Pfs0={u%smDOoQJd+eP!MdnBo0T!iZ6Q zB{do6)2+y>s_P=QqK{*0Rw3Ra`(_q`_Dyu~9WGpe$>1fl7p_X9*VyLC*^Plsd zuM5D-Y$E#W&ka`gpRibd-suP-U`XZ;l--dEAT0w?Gs#i+V&UT6V8Oo+y1ksLTiBe1 zk$_98AOo$uXAWA~x)~cru1Cr2An0&vk`!^$DDj&nTFfZZT9X8USvb1g9*Ijkl68ZtEEqpsGWe1;pDG$>M#Zy^o}X2y??`n>3Rm zEFOnN67wL?cDlceVuyd}*_poQqH}lP$f9KaqGRb7+o_D?LDcAi(G12!R(3#eA$6kVkmNABT zPa@tYFpr1X8zl)-4SHuM(4ZCd`tim2k5`FsSnph;zhSBIviZf08#ktFpfv$&=X-;y zi`SpDM>lbitM{b~H?xm?Mm9#&x`Pj2pi}NG;zzOe2{S<*4;9fvtScd#-6H@OJu?(- z`HIq9PbeR)ygrEkJ%Gi+sPs3y+GaUyH_@x$(-X4fI^*83eL@Z-)K^K7lL_iUvv-Sz z!Qs233?|X7{pZKNM^B4haAI1yGuEa3HAFH8_gs%yhxw=Uh{&~m$nC`>o2qRo+KZ$wwrBtA_`FL~?VhpJm{Rh!{ zTf#1w{zycJd8Q|zjh-Hh+X&P&HxvIk&SeIcQ#Hk4TMwbKjP{X zZ>n?KnZmEuaU>d7DgbBj8sWKE{EejI6Ub>)+ACWU|0nI7Puk>f zWz)Sot6dqn5D*-GwJwJDVz~ZScsZ{WwJSPY2tlmU{W*4v&tYljZrPrJus-=;(k74p7pw5&Vx&rxQ{* z?2KZRqJSwOazWkC9x=$Gldaqt@ot6y6hbR3d3ZAD7?lw02kk;%)?H*qRY$>nq?>(g zHFJc9nj0>9w!60cHtqD`I&p>lpOLk_>@%~Q@$Zi=JO}=(gPVk&e+QK(-(O;Snzvq5Ird~rd>At?KV2L{RGSj_Grr4c7P$H295~kz9lQ>uUF|VJSoA zfV!%p#-rs#U;_!DXXD<6o4X^2 zm}$wCE++p?fL#6<5djBh1-0JhA{!bjh4gc%s;KyZ8^0~5Lc6-O=nCoQy_YXHWH&xq zi`F?$SDUm0*u}tcY%RaB=Um&osi?0O$ykhdvS&d{qQhO6%`eYHO|TB2WAF5Ezik$8~*V$iVnuJ_DZV}=&Je- zWRcT!O0p&F#SU*nu_gh_KTZfIQ~u$m)d2+UvjGI6sRXzx3OVpe7+7*rQ|S~@r>B0b zMP^5K7p+Bxmkvg>e>rd=U{|;U*eUGNU)$$7p}5eDpBX~9)+ktNn?3^7iUJy|^%5AbFXd~z+N5P`@P zvl}?uYHkj?IQ`YS6eWcK@bjml6tKQ5xyycu`4Y&9+H8+%WoYDg-#xT_SDL(*fx*np z8z6T+LJ1>wR#u&K5nRish>0)>@pHG4d9&9iCt#D^+dzf-p43h|C0k54P#s3r*B2ER z!vO@}1Fh8?J5r!sj6lql+eCN|=mJRpP8V|-qmyWNaqkkEdgYw?^0-TEP#B0>xQSB{|WK2eT$1-sav0>?`VByQ-DtPnc=h=^mnqPkWjm0`6?}>5%KAFMC z8~n{nJhUk5-AsS%$zIlF`f1OHrxI6Mj7$ULNdUin@c9yR8foV>AQC3@`B2aYB`Zy; zuf8K#e*H6E^92T)6?AIPT2xY!E&#-FV=``I<@S$MPUrFMwBm)*1dx z#l&C~*A(R3iv1uF&Y2%<3JGw`>Lbp%#$pJZcHL`fGXn#!Y3CaIxD3VYpQDE6fgN`Z z$%c9o_@tzyJQ&$Pk%9nk{r?UWX$NbX&7jFxxGHOwPp`CyMg8ggL=Rh?@fgeywtS1r z55}zobLJorf_uc-AW*>a_@5bt`X>*5tOAy*>8U9VCBQo*((u5hCms;IvZiKhx@Iev z`Qnve&W#Y=o-*Jz^<;lLw1cs&5jNSwsJWFMxVt$viD~SGP#+2&uU#oF7Gtt>1;Jepi)>j7tpwP>M$U1VVqVB^Y5Q0I)xe##AxVaf-be9cB} zP0vX{qJV(^i-AMcg{<*e@Vi%oVGz9(;$fD`mz{ytdrN4mV{e^jwm2+Uw z;8d;Kl07^l(HD6->x%G3we;M0dsiTY3-~PxK*}~noYU-iW|-;cIcJL##TmckRuo@)fR6R9x|bMUTtzhfRMdF_ z?QK)fd9Rd(2%rV0!wCWYhq>;F=f74DKzq6r!bd(!pCr(a-w(B>rwVu44y4z)F0=x= z8#Ggy{G)19H_xlt@<^?S)4O7%H@<+56KW@BSW;b;sY6&&f$J`@ifqWpF5@6={+#pS z4bI-p!_$=b{j#tC7ZR2)4?=z zc6rDaxxtkdU+^s2^S51MRsp=;S!SEms?YUVl1RZa0}wg`COFx^ZEM@Fuf)Iyn)`$Y zl*auWn5io1EfwK=9BtnOxG+7Q0?w7mQ`d9fY{4`)e3~JFm@3OzjyDZEl3QU1dq80Eb=2z=s)&)QAmwrAxUC(VT z-`?@(;m@#($^}1)MR;N{LE@^a=uH}g8YCNsU)&Tqf}Oal*1=OzkHg}7D?W^cjG9zv zCA<-Tc%?-j8UM!|6W10zDeujn&4Ku&OioTt>?7u5`)ea$*^@sEO1D9|vC$qTBtm90 zr)yxYI8+l?Chb&%5#&*=o7JU0m}7Bg%&`n(T;8r+H8r5e7L+>WL)Y^{Fq_T1Yq7|h z_t#d%2)25p6YA1S2G{BdtXb3|_?Z=lW@+)>^gmU%^@K3xdmn}+J@DAJ(qcflt~!909? zRum0x2Ul8%>pWh|1FUFAzx2WVUf=58D++^*&`a4lyAgt^+i*F?`tw~SFnDn=m?_}Q zS%dwSVF^plQ?G;fau+;)*gAVYx9>s^w({z*t}48gqWo?{?=8K`RA`6}tZ9pKRr=Gq zht{830ORJM4LhBDh}xG2>!b7%F4CT>KY#zW;HD}nEKGUmIF_Rv@i);lF-hMLzGmUM z;}fO1KjY!pw3m?yanY58o|RqdS$+Rp#H%#wGZQ23C=v};i+V93LOT73t~;jismbv4 z?~8wY0&hSm!j`Q-4jK$NX`>?}0X`xpCnq+RA`)>;9&sG>Tz6Jm;z0U@-FZTIzm-sl zMJ5?`r9~cD=zt{ru-M$oG~0J9bXGq$6YGGOF{x-u_N}u)-t+D{FB+L*w_?$c{>LnE z{{;|-iZopZNv@pXt-i2dJ4SAyZEVz86T*{{qLC|1&-G%xm62?+K-WC$u+a2cFGpBX zdk23KJ#cL;T1`H5JNI^0AG0-lVJm>bCKIOpO_N@;(i;wZO83w~Nv_0`-K9)0du_RP zeq!`5lL!{4NXqU{Qx$jCAma#M+!!Z?&ZdT{0J+$g?c>ba?U)#}P*6-&jU(7dU%z*} zsZ&+u+~pr@PjoY^SIuKDd!r0oVxGmWSD>w5psh*vsl<5n{A4h?vifu?*zw}OIyg|^ z0#PwBQzk_rv5#M4>lDGVDJ(Cuf4=9??7UnzyrY}`YI~R(W-01?KL}Hr|LlR)&vd25V@$kqfR~2N^9dg=@Ak`n22i7jg2Q?!&t-2QSIU zMZ|G){+hBEYjip7Z}AT1&uynP^tdKZ16%ldPi3HtNtn04AO95JFa2;NbK(xkdryJ- zQ;vHZDR;5mx*Ki+LKbKJJ_0mfO@~26W)>QBM^rsdzv)=>dcYEQB!qz$E4F;59 zWZ>E zcBO@hTHMGyi?P2&ir$Mk|8V9&E=Hu4yk5*SX+G`8d%RSUN8xS4)`np(6WgQ{b=MSI zQh;3Z+hh;`oRdbF3XQHuyro2*F!}wkwl-balp4ioLKs7G##4(>h>_-n7sNJ`D7 znzGBBld7R%GIER~YvKl!v`J34(7NyJhQa^sq&Nv9FBW7x`7?Rh z-01)5(_;N1C@yC%yds0W{QEI_ zdii;G)u$?z^TJqJm8mGyDCO0GI_$O@Pdp1eMB_C|o?+r)goxv2$6VLihmK+!yTgG^ zKRb*%P7XCZu$gg2JMBL>S0`2@-Q>HgFt||h_9mq&>~1VhPPF28H!LE%cl;Et&CQ-u z?a@LX*vCru33X@GEL3D<*^vzvuX}Iyn~FsKq4N2*ryI=r7(dPwq;g%hIBe}oi{9%r zwiIt+c(-$oqbH`P%8^IE-L`l}*9hFp=2x<$M_>Qs2)x}HL6N2&7dxz#YK>0H6zA^< za9*y`K!9G-ghQU1FM7T=j>1#C&}HS!;g+-=E%MR!gv$JeCYzcVBzmvu+s^rYsSw&U zmL8{%HV$8n!87oe!?=)g7xD5*ATwo`xo5Q~q$u4YEqkSV&a|lqi{PO%L{F8MS&h7*R}x{RDB9>cqL$wIF)=yPAQs74c=PQ-hO^IG(&H;F z$f4O{-&F~CUCGIP2?dyIAIkZ9uZ}ozNajWEgMNJbwoa*fpH)w=()>m9(x<8KqhP^6 z_i3y%oXhhj>ufgL?0o%;n$xo26eGEjoZ)Nod=JRocOEHO&3K8Sb0EYX4(#~0K84&Hiea>Rt2*98=x9e3P#d7e@>uE5 zGk;m9Lq=({K<~kpvCsItZ)cs+o17SmKK<|B) zZ1i|c;X^!>T5?bkf%We$-RakmA|lTfUHnsGf%U@Tu8mdv*rWbv^0dQxXtrvkWT zSHis3-LTBA{K#DyO!~nEyE=2&hh94vfrYCPMAm@*42@#nB#E1o6%`jHt0ryZ;u_R|ltpJB*oxwZoLBI=>Y5@( zOjVMvwAd0b**80=R5d(bEomD!qp8K=Ld^#P9Z+qgkY}u*?z;5##)EtXUFu&njtv; z+MbK6bPIU72gC0qva$hz%B?1;D9PEL^qEL`^*{z)l7AYX4-W!}Pm-;tDgrw!ZGK(S zNq6i-jiirtFuju7_XK|5HbIfCNED#nM#Bl?a)iZh+h$7c(SN}0xOJ?S^SiKV7)1*o z-DQlgS;3I>z6-2UUin6XA{1L@pSBF1BYN%!zzyF^=-kNJ)d=pp1Y4Fe=ofzFCFHE1 z6?1(PdZh)&aUf2vBxrQy$Sx6+aYJ~j|4)3qJq6UB^p|$QnQ@xv?B{nb#8t4kIMnp3 za*{CTU+A*Z<~%C(>RmBtxj?KpN}>ubF{|S{Qpu&EXE0j9Ui53j?1vFjG^!8I{W8+C8wh4=JPC)+FvX+HitjW+4}dbT4`EksqO#$$CUJc3AT^fWi= zS^4I!*~=>}ioq&8%PH3Ty~Enl@z1RdS%L3h2Nx@n;=(m)gj}T05AA%+aq|g-wncFh zuew#|_>$Me+^5Ufn>M&sob1PKME6QIJ_~k_I2T$fCCBliHa=5^i-SN;J>{CpJ3EIh z#H`dx3piYXz{YfEy5xw*9EOMBJ@Q6|WY8D=9#>5rA{*g0tcrrBssa$lS-k(|=kActoT7EKt>{L+wslKjb?YX*a9Gm2&R&gF*J_!#X;@U(0XK4uwFa>@*kgy3q zSf3wCIQ(^Ciy$+_v&_3Wy$(@xIb3)Hs)ftnMvZFL>u$dXJ1M;IBL-9rvQ&TpS z(zML0Gq1MXKPh?s8Re=$25L<4$?E)tVJHd?)wL#Zeq9QO^)6W9 zZo5`3%?%3z29gi+Ggf%Xk_WTJTFP}d%4-qW~vjtck0t>uGQ$B zkJ+oQpqz8@>y_!zrn>yoJO0iZu&TW$bAhjW^XhzfdUwG+yd;;pHD3fo%bD0g3?zmF z4W(sHK@avVR_9G+mRh@@>F$BQnsE{vyhXevyi}mbJZZK^gCA~yh++)hMD+A&F_o?K z8%jv)M4XY}y_E_a6!1l7;>~xC|IHM-qio``Z;FwNAyw+e5hj#IxOj6<*^3A`OwF}Z zQ{ZpM=5s=^V(}fZ?-q-?p?Dk5AI{zhO&8=6i)dK^f_%Uz-VWTZaUqw-tV2qFczAcI z?vi88`SXF?4AlSkKR1+s2O;-=Xv+Xc3wi>e9R~U#PFDN(RcDsJgBw88@<5jw1gd`X z0}nVj-FWjio0_`Y~~NO^sx&z(~A66?h6# MSJqKNC|JDxKRafg;s5{u literal 0 HcmV?d00001 diff --git a/windows/access-protection/remote-credential-guard.md b/windows/access-protection/remote-credential-guard.md index f57a685f07..55acfe25d1 100644 --- a/windows/access-protection/remote-credential-guard.md +++ b/windows/access-protection/remote-credential-guard.md @@ -13,43 +13,83 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. It also provides single sign on experiences for Remote Desktop sessions. If the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never sent to the target device. +Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. -You can use Remote Credential Guard in the following ways: +Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device. -- Administrator credentials are highly privileged and must be protected. By using Remote Credential Guard to connect, you can be assured that your credentials are not passed over the network to the target device. - -- Helpdesk employees in your organization must connect to domain-joined devices that could be compromised. With Windows Defender Remote Credential Guard, the helpdesk employee can use RDP to connect to the target device without compromising their credentials to malware. - -## Comparing Windows Defender Remote Credential Guard with a server protected with Credential Guard - -Use the following diagrams to help understand how Windows Defender Remote Credential Guard works, what it helps protect against, and how it compares with using a server protected with Credential Guard. As the diagram shows, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass the Hash, and prevents usage of a credential after disconnection. - -![Windows Defender Remote Credential Guard](images/remote-credential-guard.png) +> [!IMPORTANT] +> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#helpdesk) in this article. ## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options -Use the following table to compare different security options for Remote Desktop connections. +The following diagram helps you to understand how a standard Remote Desktop session to a server without Windows Defender Remote Credential Guard works: -> [!NOTE] -> This table compares different options than are shown in the previous diagram. +![RDP connection to a server without Windows Defender Remote Credential Guard.png](images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png) -| Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode | -|---|---|---| -| Protection: Provides **less protection** than other modes in this table. | Protection: Provides **moderate protection**, compared to other modes in this table. | Protection: Provides **the most protection** of the modes in this table. However, it also requires you to be in the local “Administrators” group on the remote computer. | -| Version support: The remote computer can be running **any operating system that supports credential delegation**, which was introduced in Windows Vista. | Version support: The remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | Version support: The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.

For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). | -| NA | Helps prevent:

- **Pass the Hash**
- Usage of a **credential after disconnection** | Prevents:

- **Pass the Hash**
- Usage of **domain identity during connection** | -| Credentials supported from the remote desktop client device:

- **Signed on** credentials
- **Supplied** credentials
- **Saved** credentials | Credentials supported from the remote desktop client device:

- **Signed on** credentials only | Credentials supported from the remote desktop client device:

- **Signed on** credentials
- **Supplied** credentials
- **Saved** credentials | -| Access: **Users allowed**, that is, members of remote desktop users group of remote host. | Access: **Users allowed**, that is, members of remote desktop users group of remote host. | Access: **Administrators only**, that is, only members in administrators group of remote host. | -| Network identity: Remote desktop session **connects to other resources as signed on user**. | Network identity: Remote desktop session **connects to other resources as signed on user**. | Network identity: Remote desktop session **connects to other resources as remote host’s identity**. | -| Multi-hop: From the remote desktop, you **can connect through Remote Desktop to another computer**. | Multi-hop: From the remote desktop, you **can connect through Remote Desktop to another computer**. | No multi-hop: From the remote desktop, you **cannot connect through Remote Desktop to another computer**. | -| Supported authentication protocol: **Any negotiable protocol**. | Supported authentication protocol: **Kerberos only**. | Supported authentication protocol: **Any negotiable protocol**. | +
-## Hardware and software requirements +The following diagram helps you to understand how Windows Defender Remote Credential Guard works, what it helps to protect against, and compares it with the [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) option: -To use Windows Defender Remote Credential Guard, the Remote Desktop client and server must meet the following requirements: +![Windows Defender Remote Credential Guard](images/windows-defender-remote-credential-guard-with-remote-admin-mode.png) -- In order to connect using credentials other than signed-in credentials, the Remote Desktop client device must be running at least Windows 10, version 1703. +
+As illustrated, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass-the-Hash (PtH) attacks, and also prevents use of credentials after disconnection. + +
+
+Use the following table to compare different Remote Desktop connection security options: + +
+
+ +|Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode | +|---|---|---|---| +| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. |User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server| +| **Version support** | The remote computer can run any Windows operating system|Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**.|The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.

For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). +|**Helps prevent**                    |      N/A         |
  • Pass-the-Hash
  • Use of a credential after disconnection
|
  • Pass-the-Hash
  • Use of domain identity during connection
| +|**Credentials supported from the remote desktop client device**|
  • **Signed on** credentials
  • **Supplied** credentials
  • **Saved** credentials
|
  • **Signed on** credentials only |
    • **Signed on** credentials
    • **Supplied** credentials
    • **Saved** credentials
    +|**Access**|**Users allowed**, that is, members of Remote Desktop Users group of remote host.|**Users allowed**, that is, members of Remote Desktop Users of remote host.|**Administrators only**, that is, only members of Administrators group of remote host. +|**Network identity**|Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as signed-in user**. |Remote Desktop session **connects to other resources as remote host’s identity**.| +|**Multi-hop**|From the remote desktop, **you can connect through Remote Desktop to another computer** | From the remote desktop, you **can connect through Remote Desktop to another computer**.|Not allowed for user as the session is running as a local host account| +|**Supported authentication** |Any negotiable protocol.| Kerberos only.|Any negotiable protocol| +
    + +For further technical information, see [Remote Desktop Protocol](https://msdn.microsoft.com/library/aa383015(v=vs.85).aspx) +and [How Kerberos works](https://technet.microsoft.com/en-us/library/cc961963.aspx(d=robot)) + +
    + + + +## Remote Desktop connections and helpdesk support scenarios + +For helpdesk support scenarios in which personnel require administrative access to provide remote assistance to computer users via Remote Desktop sessions, Microsoft recommends that Windows Defender Remote Credential Guard should not be used in that context. This is because if an RDP session is initiated to a compromised server that an attacker already controls, the attacker could use that open channel to create sessions on the user's behalf (without compromising credentials) to access any of the user’s resources for a limited time (a few hours) after the session disconnects. + +Therefore, we recommend instead that you use the Restricted Admin mode option. For helpdesk support scenarios, RDP connections should only be initiated using the /RestrictedAdmin switch. This helps ensure that credentials and other user resources are not exposed to compromised remote hosts. For more information, see [Mitigating Pass-the-Hash and Other Credential Theft v2](http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf). + +To further harden security, we also recommend that you implement Local Administrator Password Solution (LAPS), a Group Policy client-side extension (CSE) introduced in Windows 8.1 that automates local administrator password management. LAPS mitigates the risk of lateral escalation and other cyberattacks facilitated when customers use the same administrative local account and password combination on all their computers. You can download and install LAPS [here](https://www.microsoft.com/en-us/download/details.aspx?id=46899). + +For further information on LAPS, see [Microsoft Security Advisory 3062591](https://technet.microsoft.com/en-us/library/security/3062591.aspx). + +## Remote Credential Guard requirements + +To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet the following requirements: + +The Remote Desktop client device: + +- Must be running at least Windows 10, version 1703 to be able to supply credentials +- Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host. +- Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard. +- Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk. + +The Remote Desktop remote host: + +- Must be running at least Windows 10, version 1607 or Windows Server 2016 +- Must allow Restricted Admin connections. +- Must allow the client’s domain user to access Remote Desktop connections. +- Must allow delegation of non-exportable credentials + +There are no hardware requirements for Windows Defender Remote Credential Guard. > [!NOTE] > Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain. @@ -60,15 +100,16 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and s ## Enable Windows Defender Remote Credential Guard -You must enable Windows Defender Remote Credential Guard on the target device by using the registry. +You must enable Restricted Admin or Windows Defender Remote Credential Guard on the remote host by using the Registry. -1. Open Registry Editor. -2. Enable Windows Defender Remote Credential Guard: +1. Open Registry Editor on the remote host. +2. Enable Restricted Admin and Windows Defender Remote Credential Guard: - Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa. - - Add a new DWORD value named **DisableRestrictedAdmin**. Set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard. + - Add a new DWORD value named **DisableRestrictedAdmin**. + - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard. 3. Close Registry Editor. -You can add this by running the following from an elevated command prompt: +You can add this by running the following command from an elevated command prompt: ``` reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD @@ -76,7 +117,7 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 ## Using Windows Defender Remote Credential Guard -You can use Windows Defender Remote Credential Guard on the client device by setting a Group Policy or by using a parameter with Remote Desktop Connection. +Beginning with Windows 10 version 1703, you can enable Windows Defender Remote Credential Guard on the client device by using Group Policy or by using a parameter with the Remote Desktop Connection. ### Turn on Windows Defender Remote Credential Guard by using Group Policy @@ -104,7 +145,7 @@ You can use Windows Defender Remote Credential Guard on the client device by set ### Use Windows Defender Remote Credential Guard with a parameter to Remote Desktop Connection -If you don't use Group Policy in your organization, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection. +If you don't use Group Policy in your organization, or if not all your remote hosts support Remote Credential Guard, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection. ``` mstsc.exe /remoteGuard @@ -113,18 +154,12 @@ mstsc.exe /remoteGuard ## Considerations when using Windows Defender Remote Credential Guard -- Windows Defender Remote Credential Guard does not include device claims. For example, if you’re trying to access a file server from the remote and the file server requires device claim, access will be denied. +- Windows Defender Remote Credential Guard does not support compound authentication. For example, if you’re trying to access a file server from a remote host that requires a device claim, access will be denied. -- Windows Defender Remote Credential Guard cannot be used to connect to a device that is joined to Azure Active Directory. +- Windows Defender Remote Credential Guard cannot be used to connect to a device that is not domain-joined to Active Directory, for example, remote hosts joined to Azure Active Directory. - Remote Desktop Credential Guard only works with the RDP protocol. -- No credentials are sent to the target device, but the target device still acquires the Kerberos Service Tickets on its own. - -- Remote Desktop Gateway is not compatible with Windows Defender Remote Credential Guard. - -- You cannot use saved credentials or credentials that are different than yours. You must use the credentials of the user who is logged into the device. - -- Both the client and the server must be joined to the same domain or the domains must have a trust relationship. +- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own. - The server and client must authenticate using Kerberos. \ No newline at end of file From 151483ab8792913a5c672b04081a609731270e9b Mon Sep 17 00:00:00 2001 From: John Tobin Date: Fri, 25 Aug 2017 17:36:39 -0700 Subject: [PATCH 2/5] Fix non-functional bookmarks/fix bullet syntax for consistency --- .../remote-credential-guard.md | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/windows/access-protection/remote-credential-guard.md b/windows/access-protection/remote-credential-guard.md index 55acfe25d1..02ee7d7bc8 100644 --- a/windows/access-protection/remote-credential-guard.md +++ b/windows/access-protection/remote-credential-guard.md @@ -20,6 +20,8 @@ Administrator credentials are highly privileged and must be protected. By using > [!IMPORTANT] > For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#helpdesk) in this article. + + ## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options The following diagram helps you to understand how a standard Remote Desktop session to a server without Windows Defender Remote Credential Guard works: @@ -42,7 +44,7 @@ Use the following table to compare different Remote Desktop connection security

    -|Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode | +|**Feature** | **Remote Desktop** | **Windows Defender Remote Credential Guard** | **Restricted Admin mode** | |---|---|---|---| | **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. |User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server| | **Version support** | The remote computer can run any Windows operating system|Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**.|The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.

    For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). @@ -71,30 +73,33 @@ To further harden security, we also recommend that you implement Local Administr For further information on LAPS, see [Microsoft Security Advisory 3062591](https://technet.microsoft.com/en-us/library/security/3062591.aspx). + + + ## Remote Credential Guard requirements To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet the following requirements: The Remote Desktop client device: -- Must be running at least Windows 10, version 1703 to be able to supply credentials +- Must be running at least Windows 10, version 1703 to be able to supply credentials. - Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host. - Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard. - Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk. The Remote Desktop remote host: -- Must be running at least Windows 10, version 1607 or Windows Server 2016 +- Must be running at least Windows 10, version 1607 or Windows Server 2016. - Must allow Restricted Admin connections. - Must allow the client’s domain user to access Remote Desktop connections. -- Must allow delegation of non-exportable credentials +- Must allow delegation of non-exportable credentials. There are no hardware requirements for Windows Defender Remote Credential Guard. > [!NOTE] > Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain. -- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication +- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication. - The remote host must be running at least Windows 10 version 1607, or Windows Server 2016. - The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Windows Defender Remote Credential Guard. @@ -117,7 +122,7 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 ## Using Windows Defender Remote Credential Guard -Beginning with Windows 10 version 1703, you can enable Windows Defender Remote Credential Guard on the client device by using Group Policy or by using a parameter with the Remote Desktop Connection. +Beginning with Windows 10 version 1703, you can enable Windows Defender Remote Credential Guard on the client device either by using Group Policy or by using a parameter with the Remote Desktop Connection. ### Turn on Windows Defender Remote Credential Guard by using Group Policy @@ -132,9 +137,9 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C > **Note:** Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server. - - If you want to require Windows Defender Remote Credential Guard, choose **Require Windows Defender Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [Hardware and software requirements](#hardware-and-software-requirements) listed earlier in this topic. + - If you want to require Windows Defender Remote Credential Guard, choose **Require Windows Defender Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic. - - If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other options for Remote Desktop connections](#comparing-remote-credential-guard-with-other-options-for-remote-desktop-connections), earlier in this topic. + - If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic. 4. Click **OK**. From c0c5c704b5a9b6438d6d82dd53b43fd70d83eae2 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 28 Aug 2017 12:18:17 -0700 Subject: [PATCH 3/5] changed server to client --- windows/access-protection/remote-credential-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/access-protection/remote-credential-guard.md b/windows/access-protection/remote-credential-guard.md index 02ee7d7bc8..c4498dd47b 100644 --- a/windows/access-protection/remote-credential-guard.md +++ b/windows/access-protection/remote-credential-guard.md @@ -65,7 +65,7 @@ and [How Kerberos works](https://technet.microsoft.com/en-us/library/cc961963.as ## Remote Desktop connections and helpdesk support scenarios -For helpdesk support scenarios in which personnel require administrative access to provide remote assistance to computer users via Remote Desktop sessions, Microsoft recommends that Windows Defender Remote Credential Guard should not be used in that context. This is because if an RDP session is initiated to a compromised server that an attacker already controls, the attacker could use that open channel to create sessions on the user's behalf (without compromising credentials) to access any of the user’s resources for a limited time (a few hours) after the session disconnects. +For helpdesk support scenarios in which personnel require administrative access to provide remote assistance to computer users via Remote Desktop sessions, Microsoft recommends that Windows Defender Remote Credential Guard should not be used in that context. This is because if an RDP session is initiated to a compromised client that an attacker already controls, the attacker could use that open channel to create sessions on the user's behalf (without compromising credentials) to access any of the user’s resources for a limited time (a few hours) after the session disconnects. Therefore, we recommend instead that you use the Restricted Admin mode option. For helpdesk support scenarios, RDP connections should only be initiated using the /RestrictedAdmin switch. This helps ensure that credentials and other user resources are not exposed to compromised remote hosts. For more information, see [Mitigating Pass-the-Hash and Other Credential Theft v2](http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf). From fcc92cee0896cf2fa82da9b7f99a1a5eaf8f8bf0 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 Aug 2017 14:58:49 -0700 Subject: [PATCH 4/5] updated image --- ...redential-guard-with-remote-admin-mode.png | Bin 25974 -> 26878 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/access-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png b/windows/access-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png index 0bbff2aab898a449deb20314b572321b56f700cd..56021d820eb2160a81f3405d3d5ce0efc4ccddab 100644 GIT binary patch literal 26878 zcmcG$2UJu`*EZOQh={@^iGYBTgMehoDnWweoIyY&G&x5V$sjo=iA~Nll5O5h(HJ85l45D2gH<_9B=6^{bw#CDRAm&9JYPen{|uODQ+@pqS` zmeU(&r%$#Hpn}ptX`t(&6VN4L=4j$zVdrFFYXc&}c}@%TKe*`^x3zP3urUAR1S-ZK z6a;$l{_b@!Grk%6%*g_52I4)&#{sV3++0z${pjRs>|h4cx4XU>j{En+EgVg(je(&K zpxV~z2%!7^O}D18gN=oaIjEIlH4x~-{^x#Y2NN^U;k6&~c9^&=7;I+a1UedwZvp!5 z-3(K+aI!W7<)g+JK_Co}jKmu?x74k9_s>tw(oU{N#zl_lVv( z{lKpwG$_KmBZxv|#ZRAv!`5;X3yZ0^6mfP4Tj@r;35BD@jpM?f1V-MpYpX2bFPGh6{X8FA3DDT;ZDP`4i%lZ)SJIB z?UV;AFg}-j&69^BqGg$p@oE(+7a!zvg*F;p+Mv-Nh@=%m-$=ca&BA?iX`zMaj9wQ7 zeWO{HtY6l2k;%C)pdx#^o(HR6{%&mClyW6C?NUZ_@%jvz)*={MehyNi3-OM+59y@8 z#iDdMI)E6?Tus2-1ficDQt_(#dNy7TQze|o{;WjI10K_1y#9hjhi6nA{665hOqt(E zG>3<5e}^679ka2Q2vux1sEQP9L+4#ts87nZtd3ms`S68I+~y%tPji(%31-uwly zBYKGUJmL*}q3&R!z{2VYv}^F1J(Zl7tbXj0l;HE|i$O_2h(xE|J2*rkq6+my8tGob zXmxt=NRE9RKb>Vni_ZbUe@wu==={@x%o2eSSUH@ygdHrv2FlH!Cf!J#zVe*17;9gd zTs~0jR#Q3?L!}MBcRjfbupRbm@$#uGDpIcy_)|JZ3u1AytJ(35tz>JHl7zYw}TqFGn-_Q2iJy=;_q`JK9#e)trDNSSaYx47H3;LGgz+$+*&t&1 zimm+Z-Ypiq$rWB7(S_iL8xX_993kl3z|X*BPxpOq$AXyxK4j9YyN6@irVRQusyTbg{gtn|Wy%E6 z@3$&f3SLK?=}_IT-n3|*iPh)sXKHSOR`8XA2m?FWSD#gghpl7!I0~)#Jw)(Un0aw5 z(?)Z1ATIm-FGM{y8ysT1codUzr=SipAH49BTj&^&_ua_H<|ybL?2q3!vC ziQSIZHniLq(}9NpiX{5@pOs`wPKPwq>l9s{+`QY4+hIu#ie&ufY5!={b{a~lD6JPT zIGmM+mzOs#F3va*6U4+h$Y)#~)b$}PEiKp~>G3TV;(s@NeSJ(!OyhTVfpIzVPuQaO z-+PK34T)r&Q4?$+k+?!Mpx43A!R_l=1FS@5B*yPBKuj{J@Nc78d3kw7MOK>}rShUB zrKNcMRG`;=z`#$++S=NhnhAO-MWv+-0N`$tv)`0+3U3|D^9{ z20Q54>;L0|{*#HgP?8NV4|u?k{Z4YSE$e}lM6Ajie>H1;Rw{q8r1EaDU6(o=qL=kK zzQLbL#BrWA&4)oUcPYiS+8QE^H!V2Bz|S5tC*5Kp+dVo!SN?11n81-8>|Ww)dchXB zfLkV=@>x0OzH0n0%qMLjVC&HBD)X#QCRAj;1CrCB#lTgS=!*nxB~{uDN5TzWq04iQ z8j)-&IC^99<3#FcybKWv%NowLmCQ@mL9pADZQL^Uu6xBUdNaG`bIm=-XjS;o3V7&j zx~a;+6r|rhJ-o3KrN}#RY4pBUFEjlOF>o$R4dcj`m@g-Ly2@C%(7pj5r%d>m~&!hVPW|=m{{Sq_or$^RA@`<^KbV{1G#I6dHJLVi*2Q?=v7^k zTn$v*TvvCqoOt3(&r1q!W|MP7-Me*NCH*QJrzCWrjtrBD%0u4)Q9+wmV#|jkbLFn- z#0LpZ_+l5kY_)SYQ;zi~NzgqG1urz7!VyfKx9e!e03$z{fxTbC*>RA!J@90nu5Hml>|#z9td~rW9%=EuS{#nmsN@1KX?i zL%VClSMmoj0mXhl+S3nZ(0f#5-*umL=nBUX|G+7WyE~TON9|BCXlysb+`;3DtLRNdqzF)Wli~@%N z-K_hOEmC>BbpitN)8iAo?0cTQra6`0_kC&)IruhmhgCasPIbUpaS zFpu|t29FUAFtO$0re5+)xgqWAIR~}(Eji;j8)7diF!XiH`u82ADO6F8%9V|c!qd`9 zZWUU^RaM-lKZ}Y0T~P|?hq=hN#wm8D^B?9>2h$eWi_IH|lz>Ndjhkgwt6dk{pBh42 z{A%4_iZ0;oYqKBcSHe~g3K!vPHC6%Oq$%r#>Vf9fF1-iDBZ$g#YKLb8^%K@txr^fV zIr2JkQ(ro(t`pq6{W}9EJC`PA65g$*k-BJ&%}|sTD3SQYu$`0}nof?}2 zM&I=H?XXm5ZLR0dPpO(u7t^pChzLfny+&iJRww*P`aV^C7)M=uT5j`;UBOzpArdst zX@dKcCCqAwy_oNUUfv;oGt0x1Z+HRD@m9=gmPzweHyw0q@~JEKl)5_lmd+(d$;GQTsDYH4NFP+y;SxwYR10Zamh z#&^5$2|Bl&BU~nZV~D&C^1FAi^MJZKczMifqFR6^i-9WPuUwc|%=Cc+&#!8Wo-bD& zm%+=$ekz4Uu1tJ6j4<=`+G@yWETW}bEZB}VkJ1f&d={pYE62^_!%LVw4@R&tA7Y{` z$&>j|NL*pZ!s6oMq9Qr=Np;PehON#GGKyvTT5T~EkRRQ7Fdi)s6C@385Zw zsYP~dTW+2F&^g~&YM6p{ZWa;JjE!;=GnbL1{T1hK1QX26wVt%nS0z=Lo9Fx4;`p=F zg(?3@WSk0Do&~JiTNiUA6|gq1GH^h@b=NIa-`1kkShA88URjO!nf)$@?KBsZ!9i8nDdZ}vgiA6C9 z@I;#Z)A$}8$s+kmh&%@RB@`R6wrOs$Xn2Sp9K@81?U8$3{ykm>ZZqlhL8(OFXE?|F z3bt1Sf!8R!FPRc+Jp1`2v9u)QBQYEydJ;@+ldP5TKBd2qb)q_0{k)0)_}WHakXZ39 z!3mQ?evu{%xddJ0AT#yxI2I^OCo@mJqvFI55hs#Dq*J6nVESugSq-;Qz zwEq|)xWH?&b=vbiO<7afkgSAVH53K^v#{z9;cvX^@s^e3xCre2M5kg^`+?icYsJi5 z@dN<6RL~b4--KzVeA8*SU z9x7IUh&{n$T&D=-SLv8GohzU4!$;HL7K_3B^N9kY)v#k1RM%Em6 zP)=sMA5O|K+8%I&$11)I%8xoQvnI4PXY+Lj(nUp9FRg446(zh#^y;P)TRUQ*&uFUN zI7l*q*@zWOvQ~_w#Hxgn${RHHzQeu$G)dLyYkdTXtQtx{wJ>191RmZV_=r|*dW|pF zN*KD;lrd#Oamb2~Y!Ti%z;@}|GimX*QB_YGFpd;yh!2OrJp^eh1>bsXvz3;4D+gtZuJ4#|)6s>zR?_h$|+Dvj5A z;;6}G(|>%tnA4o{vDHHc3b2^9slpSCkd@u+epcH3;RI&J{8nLZlW8Rf4rfwqxQDk|LxX0ZvovvuU;GhF) zpQSdt_W>`Et~7DVhx3y1B+A#=VGXqh-Hp_CfrMupkc^{wCZ+mRyrgFQTw_YVCa9H) z0YshwYpm=*_5rt&Xn-W;Vl%;$f)KMPg`-D6nEJ1n9skkhBaVDk4z)+}XSRxk3&Y=5 zc24~q$-k4SM#-_Zz+u;O&2P%wHQmokD;cSWa`o@NIo^T`))su^;TW@Mh|A7WallsC z|NICWk(0Qij6TEY?ZIX+nH@BveM#e=%ttA5S}Y-_7#Nm9C$bGSWF@8K?=}?TU5Tn& zVpRke8%(IpE0J6t88+(s6;#$|UHx1#@Z9G0Eup=?{N9!cZK4ttXuiU11QrnKHLTE+ z>U(()u|m%_6HVwP{>2NI8?0hNPNx&!*qIB{Id&;v^nD)3TW`|RxfFfDpQNI~&3?*V zZ-RUeNmj7VPlYQ9xW1iC-Bai8QGZ`}>d7BSH0BJS5xd1g;K?zux#YEynQse3|1Tzo zJflwo0(Jfw6i7$5z*hMP6`&>*oy{12V-FJo-G|MOm3e}&kxCyhGmP^o2iImF|B>&I`Ac# zF4yc>{CNF5rX$O5=Ql&S!NeUnPpmkP70gP0(FKGNK(CxykvYlZoi&}+hFdH=0u-LC@hu+gF}h4@ zN~O3QHhShQNirGG$7rd?Q7begK^J)e%EX@w}SVLaE1q(dz$m58a&L;PoOek-z=9)^Yn{03DuRFy>f zy+Ab_TE$+-x1!mz^*F;(Ur&{?(-=zxYw*vYPXq;IjEw2Ij~m~~3yP|{xw;P0gU^mv zJQqYvw&JRgJ6f*mN6yzuX}z zqSi?p{ojeWQIrEwh(_Kxjzk7z4oug@W+>n5rRx{y5BcZ_n9WzQCRX z!TDrLw#*6{;h6XW%X}y)9+GVJw;%TXa)bBA57QPE0D(-Int&z$!SO~|r6mj(BdKAU z9PrDd4HE=!b}4#Ycc|tNzr~~cdg>P@)-4vANFls~uA_s8LhAmb*_D-*rKRk3e40QI zudh$(BJtX#%O%_oWb2>_#KA27WT{FEUsZe&a$I29vrDKAfq;q1q2bZ-rG=-fyPA4} zB%uyo&mR%-;GglOZ70Jht!d+|AT{-y=1(d4sTiRl+T0?wTU&<%X`SOBNb=B8yF}Yp zpg#m5j(K61H7iT_bce4F!a5P>T`P=padxw@)p<3(@~r$}m`Zm-wx6kG9fz^bmWOWh zd0jc=Wo^DCc)$iOgx7Hu=QS0sFWzHjdW^vyH4RIR-D^skP4u#+5Jw|JQJwgl0y{qU&ksWu%>F1!Uf@~~Zcd1Px>lM*gUB7vu z7l-s#Lk#i|MQ&4JJUVILI~&QWRvPKRIm$oh;1vfW<%@s0gZZ`G&wAYpVedAr(QJ!{ zWyMdL$sE*v&Eyr8))&^-pH=iwS%JZ9rVU>{Sz78ey6xS>)a96M>nj#*?F9h`5C%lB z0QA$7IAd1-U`Emc%(`>2OWZ!h53-MwZ|D)}oA$}|Os(&wp2@qF&~?7yn=!ll{+YYV zx?>7^!&c=0d&7$a@(&f$*kUJbT7z)K<%J_?t-j+BZ(TJmv0poNz|hp}gK=5oKYMSe zy&tHlM0IYM{6cdsM(ub!csY^TNhY1`uER`WjBCdryS2(fqoS3L*b=9%Wu&wP6S z-eE^=bMFi(NM*F83`K0i?YRMk$2>UF2aq)96{|g#Jf8 zPi>n^g`2YnYnpfiK_wp;Fxumt-M+2bmWo`*&|D6V9Weo|FcP5+7^>%YxkFi_OYU$16$u9BYY z!jfSUio#|)W;1x#?M(`t@mjmOPulT(-PB=^^8}CD#a8BhU=TMQi=S$%xU}lm>GqnI zZ+9$!?V9Kj%GyRLNE~g$*9yFZsdm=adsSb8@!lWYVgY1iVgWT{akx3j(Q;8a)kNjB z+var_6G+HJjA`XiJb5zR;JO3ce~nIPDb}i>p^ES(xIG>aTox3si0G?0%^cF?)i=aO3oV1*yJg(10UlrJYNQZ}Hn!LKj z0_&<2FgzUrj{@;138Qd`7zWctJlntF)R8vtG@t8{H*FRcIfRmfl$_8>d=><`gfy}e z%rzDr-Ja>bzegFVe0uzM=)iB=tY<3C06YtHEe{S4w-=f`7aHC7SBC~FUV@CO`wVAu zY6uBPMrmZBw)0nh*uK@y!)=9qCgww_QMFQEvYlL9N)4KHBvyyhJTLZoLVHW~84XT|EwL9?({YQW$3{s&27x z-7J8F^ybN@SmV~VY{j$Bxo{Nunm^A7X&AwXen)*!miovrvu4 zrDB@RXO@PJIb7sLVfY7lg4;3aps0t>U4eb1iB2__O%ia-3#zWEnR$$QwUh5D;L7e* z76dGKmHR#DwZ(ldAO&SLiX#&wjpnf!Qb&M*^R68sUi?C@IsmSII zb6|Ld_AJp5hD()jXp0&3wG-B8*ZC~bgId=gf11sSB@C7})py(%j}ReNwtU5R&?*;! z65TU8SJL!)XMK_mMRFK&nP|j2rT~tQO1~gMT(dGI!Gyt}bNItP>bC9a3cCAt#J5<` zdYj0}$!*eGE!uO4MK@R2OsYctfu$=&LcYC|xOZ-X&*pt{iqh0*s&`mSS(qCetE8#0 zNvQ62?dlfE+_}CQ^T#C(LB5Cv568|$U#UoOB9DqaXGA~7TYXCsazz0Wl9G}_8zt=k zF3rs~8%pM-aTt?foOx_>(LqVbCRaK%S>j`NBV4mAt!IW{m= zpzZ#KLj-Jkt^V}~cUBi@660>M02v(s z+qC&=qQYeDJBdDpsj>RuV7;M;&&XG-ef&qYM_0{<6bWALqgj$V62XMW8w?GDeTGy^ zCS?<;F*{Pq*1(kffE>%G@YU4RSd=inPqYKpDvtG;?M3mLD+XsZ|bS}!j-M1so}SLngrk7GG93Yz-;xi6E zy{5;PgP2qJBBK;`^nQ+Xt* zlPn$9s$V8Vb^a9N<@i_$xM9zjf29;Ll}IpFtH}CZh8k|4l!<%ZJJNSvIS15bKa(wx z*=EvslP9l}mE|l^4a>@kqW0Mj#Ju#5l9sS4iCy%%$z?@706a1Sd6n0rJ=m z2DlEbL4RFD%zDJL!LR)}v}$**Bd*sCD`<9Cf!BUO`@5PM3f6`5PB|gG97l*0b8N*L zoh+uLYf3#L&E2}basjjjm>Zzp1`JJO5y6_OwQi1{Nu1=fK;u}a}M^* z0muVCgpcPOzZlfY&vIhDYt_~n1J=D~0jsUFw zQ3(y3FnxQ;`IbxFy57j%a_Kthj+&|OO$RC+^WGzbxh~6j4j@njOc@yck6b*nbC*ex zFufpc{>%1LP>_Tqp}hQ(*!8I}FF=4$dU7h8Qoqw;C@4rsgA;Xfbvb{$fV4P%%9xsH z3BdDZKyKFQWHAule31K1T8)k-t6KCRm%~gC#O+F!KnG0HTl8Z*Z*lP`rOUW`bqv4_>)UV?rjKH1&#@F`>{+oaC`VF9|c=bHN z%asG&Argg!43}q9k1|dq9L`UCFQMv<<~~ppDLDU ze4p~NTG!dbsi_w_u~#aWfns{1X0q@hetw@N3JmCd0L_;e2)*1t--zE-zs@oiQu45^N1LSCXeWZBcK+${?5 zWt8gC32mQbR^(G;$=gG8jqgrNOKU{yA)h-LmcB5ksMOhSdy|&^i$_7Mq zEBTTQQk*@{{GNJ78I0xN!t~J-Z;thg+3tXp-U1t24byRYOGrb5?q*ThpLHIoZn^O2 z`2L*iyGwsw9EB^&Vo$9^h2>I|1*JQt8d&Vv7qyWw(S5)LJD|79-k@;YNRZ1{AMq+5X{d*1G>)x<4WHgtZ%3pRda~k{EBv<8n9XX z>lTY>8II!joBV^zmEAEle(b;*kJ8vzVR~U2u4!t|Pa7R0t}T_DlX19+gVp%>c#>e} zh8*5zRz4Jt_w{iCyWUSFy@*)PnHYG}?~^vthel0Otg`ES0vFnub=cTcbyax!sd?e_Y9G4V{@G2W@jR z;i2*A%3+<;#2$2$r={eetD`76o2l*_=f6OoqyI9Uov_b0=^3VEt>^1)FWgLWZt=KC z$HHBuCb!wX^hWZtpQ5uQL#u-b=~3hIk2kO#kc8>u@nI0CF4yMBE9Rc$4l`?4=D|K9 zfE4wQTs&24@tW8XDts-NxReM0G5A%u)}l=tm+JhqV=8TT<|=nv@Nt=kt;s-`_<6>R zvqgvG6kDCb!p~=4rWJUD=au;`PrxE|`8uq*e1a;E5(xR71)^yH12mJ~X20 z-cq(7!wtw;03?5OG$++K>Q?0pJ;!S*APsmMs3|Bo9a?t<-MQjv)c`(_w*;oMH%5?P zbjsVNZ*BDg`D=U|Q_*Q|x6f9=Cb|6^5Fju)e_7Czw4fKvj8i#78eUlT_)^Ytm+us^ zA|R5X8tq*GW8pP3F5uJ=l9bS9)jTE%zt~L?d%C_8DnX-Tm0KOjj{*9u^4L^EUWWD- zi`m%5gUqLW5m{!Vvz#UodRVHxH~Ly;U`^lI8Qr3W_KlN%!B>4zXYO-U1V1}FLr=2< z*QxG$*r?vijkzXZlP!Q2T?_=S4b63}1=O^xP<1Lsf$$_!TszUh6}U#T(8}0KE|TNDEbTmVEH?HC2JP zo7;L6BeiGscAv8eA2n*DluXmptrZ?D-#16^ea5(CFC}9|29Yi9()&=JMk9p)p74)c ze66%`N-n4b4;Qo-?=2IiK>7hdWy`DNbtEL|DjUp>GYqe)2uUJ(riyjVwIN@v2TZLe-q~Q9JB&pr#H72K%}ICG(>Dc#troxe zxSb3RSmx#9Vg!LMaL}>4LHW(71&Dzb6#Wa~vIBRXt2SXRV)fl0!)#En1hm_;N;ZQA z8i%euO@niPq#lb5;A+YWb{L`LH%6YJp#W7iJq5ypuZo@P~zN^`CZ*g z({=++t*?~5xzwV2JiRr&bz~7Jq=6D~hac?t90Y_SPLF7(?8Y!k@pT}{5Blo2)P-@4 zyNCdaBJFFVIypLW?;Xzt&vV~}BiLeaouGHuR~rUT%Gi;o9iB;7y*57M+Qy=u&kIFg_1`1OhEHwK}E{uB@z>r~9mG1|%FH z=8v~l<0fs%;Iob3i~3Ct12lDlp}VAxOl@PEX?6sgLZ~5w`U+uyDuz1gm-JgK_T5qq z&=a@{4tD@y{xZbJeA&HsGI(n4bBeZFJ5Fs}>zgt)yEY#_?F=kCvr{SoB=Q^mPu#zl z2y%&ZB$gW;htJz3uldXe4)D`XVO&;m^e_d=B_sN_T6e6NDcLpt~a$iYyB`>X!An&4=F`U~<>_OpPw=Wy5VO zz(P;dZtN^p%!uch1%Wb-vd%w|ati8tk5ci%_MNUL6$Rie_eMM`BlO`Zi3`dPdaPXO zjXa_jKFKa|#M6+c60%wiYvk2wywidAVD^EPtl+w?(GV5Tk^zY8J;6xN@+Rio0VHg(+`%m8}zyFIr#T z0flJ%hv>C_`(qs|+a1lfL;_t;EjfGcfqDabm=tP1YFxc zVI4RDRYn?Y$eZ%4QDu6H2kg9+5=Uh(R&ydh3q8t)xL|;CS$kF6X=(f}D+1$1FT9Rf ziwyMZcI9ntEG)F6v})yamKr`RrT;qi_1yqWXcw=X45bkl-Wb%3Zd7j2Uf1^e_Z7OQuj5nm&Jt6y=3JwWT2nt$9 ziq6=4a%WU;F{M^RoIs_%)Svf)zgH#$KI~w#@Ds1|B`!YS`>Q zwiwM)r&72HUYJsW4}?v5R1mQ5%A>vbEvFq{u9~IkvT8JB*OpA}0QK<|=O(fx*8blk z+Y-PpX$^{O@f-uD31j;In+;x#vv)Oga*M_PH23`fo&t)NWX_Fcffj~z_96*DMm$Wc zUNO)fxf16um`tXj3Y^PA4}C?3$aRgsVgnxn@qo4JGe`WkVdIyy0I*~JFX6GVqRPs@ zx9AQ8q9^E-xVQ%lg#}>N6chz?AfpK&ZPL$jxtnUg3-xBM;q*3R5qVQ#Q?0RXkm9KZ zJv>=eQ#HJyKT@fL6Rv?2edYcD2lN?4GC-pr5XKyS0Ac4K zgRP4uP`OFak@7EMA3VaoN!am3k5~J z;xZ2%yaAo=Cbs?P)k9OW>BxvxVKdD?jRqSkRS|7CcEESr8?&p3<0{BDYqrO9s=_oy zaNqK9NU(#ae;g|>0R-yexKM3R^HGX-)}W0OCgECq0`8OFoR<+9G8A_&Bm<5Nh`VUg z*dW|KX#4xF$#>txzWH|!kt?EKRpjiGK!BR?oC%-TWbQ){Xz_tBROSVd0@;9_21AQ0 z_xr+!aM@LUcKRyV5@F&LiZoI54E+dYW?e=bdHxFnr1UVv3EIb3TkhR=v}W53cPJb3 zmP17?XBU38H#8YCGXfS&_4ImlAaN?e!Fm9>IA`Txq&1y8tCue5zbsVJH~t&& z(&>N)0Y1o&>Hp3d{vWEJ_zZexdn*^W9Ozd3+==^EOb1f$f;NIDm4K4GFO+B6%M%stCx(cbh~PVf`k zPK_)3;gjzv?#7T0+Sqe~<*2<^hfG$|WF|-p!wQot7t>4YpTv%*(?27iH7)GMT4LL| zR|#0GV+=n`bDF2_WY9YZKF$+!7L=-oya3Ge_l8yDpVmBE2`vjrPW??EV-{wbm!0lc zV|>(Yyv1UEO0YaVojhQ<^SC*{Hc+m9RVA}8CB?Z~ev{wUqw~Tn{9`I1Uh94f$D@I@ zf?2PsfJNd&$Y<||Is|yqmgyb4uTwlpqj~QhMh!6icCKy;XfuTMc32ZBaaESO-t7{c zC$x4)sJl~Qz|mJ(yfXu;Ll}6;5e#>pCe0l`f(GA__yZ3*9UvdNp%SYka@3Sxu_2pP z;uqpilfTw9MtqXLv#;Zbu^@ZQaEFYn1L|OY^7zSP+yUvc0rDEH984+PG#7G<=$$3m zW_;;I1<#+|5AluPt2 z7lPl)uyc$up|-Uk@jQis*lLg+Yb=yx-|+DbDSEVP*~>hJ`$tu}oRu4@M3oaBM|&*M znM;_^`aY|lJQ1?{(1e?e{#a0?D`rUwaZY|DIk<2KqFLo5+$ic2@vHpv)Z;2>bVSPw zQ==&02=f12P6TkzqpSg%iZQSEqCaWCBoFABV&bh#-&7z;3Wm{KUS4{8d()@@X>nCm zB9~X7&xF9PNQG*>a5>psbQ7kE=<)RMxOeYf`}g};?Qv22biS^ptLnkGa&gRRTH_`B z8^;2;$25JS{$&4L^kQ;iTv<97hx48y+^C7PgaK;JOL^hYHA4T1hc zMPkrX(d~=$agM*DGBYzHF&~JdH9jzV)kW}SAAR_RwSJOM2_Fq`OnIpj8yDC0p(1%o zlb)qWG6x{VZUtS~)vv`aHY*(KmN#)|RW=@eR0mR#n^D<2ZgF1L+d38@n z24ti-71R1(p;mo5hjak$SdJK;sgd_qoU?S-b6>8l8r4)3wHqX&LiO7d&fCeB_LiCD zfvSYuL_U)Aam|(;@wZw%gk{^wv5J(Geu7dT>9FfG*9*Gd!jy!W{rPkYhdF<@im}`$ z0Jb4&_U~4ny*uKvlAj+t*Qc_IL4nsS!->dVKE(X%4>m)q;#Y{l^7KmdIVgMg?=Pwv zNA+K9E;uhOb(aGfea928goJEHqYzV_QB@8vCjk?~R;-qrFA3=(v3Ly@X}{t%{5HT| z7h$(KmzK4unND2MRRLIwe`5A6Ozm&fBqukr#D#*SJg0S(^$CXC3^qBy&$yvlid*uC zbl#VcI|if^ddbq9sh=wzJMO5#9>{;_eX@9vf#(KpC(k@|+A1bFLuRWsXb1A7$t0u& z3|LLG8xvo92zt?i??{nC5Lc%2i9Wv^SUxttFw^2fD);12m0_gV9@N^xxELbjU0kVM zAo+8?*a-uzXYhe>_~Me|3NMH{`%4rc{-E7pGtwu2vbjFIgx>|7H2ioB{z4E8xGrAg z1^LFw`W1bTMY zKOL+CwVnx|Cgvc!#e#p~Cy@92FZ_Ifvfut4i2T0&07?dEBZO6cKgM*uzB~@31l*ka zZ!$?YTu^gK9&@6{f9}+#AAE6CZ1}U~zM?!HYtNMKw(cM2dvT~3qj%P<5GyDO&_l3xuMlQv0xBeur zojXQq_H~sm<#B83Txie|qj~#%RUV5NSpEKIAJp{$bdpP$F1)9JzlEP`=fciUr=f)0 zMpO0{i+8btU@7oVV-WLc!)V+%30{foR%Q5e=b!RTrfjPYQ+OR3oetxi5W(>!nX(>> zhVlERv936S!7X2go+w)J>mLDJ(3d_5lugYW?0&XdDG{ai8wz)ew8j|bCzDU+A4MIB z+>pyDr&$!QXhz{=0?4M!PHvvmpDR)N;Q77E%3jr?*{e(H2weJy&-BmObo@j>KN+bD zwo&_kZFmNY>zIty%dw^l+K3o62)ih5q@t!)neQd6S~pm8-G|1AGlYLEX89O9m_Kgz zuFSUn+~{M;kk!=OyL-Etug3B+-(3E&rQP-&UEfXKSIyde+QqR+18!qpeuW8YFmzehhn42F~>^aKEEf(V)m6CUpz(v z1c0dIOc-7W z8_w)|MB;E@xE?U?$4IHF{8(LQAhB>gWUAgT9D_an;v$$r?D9Ln#s{h;W@eJS<|hAU ztE;P%SQDMbSA1J61L!f@5$tuf|DwnAP$!%|fw#MF2SqftjSqgndG7zVJcJgk^SU7D zRxW1iM9G8c^3t9r37&_C*Bo-~G~O`W@lX?i@X6^t48EUdhp0=+J^m50aeF}gS8Yg` z;nfX_->+PPV%1T?zYzS1O0v*x>Q7HKsf<8&{C`oLjleU`h8a2V_#9=2xwlUfcIa5F zZir=o!J|*$lX9*AKQ|o{Yo)}QF=N96%ko9 zV~7$@K{_3V5}}D$ZRk1QWPFBjCR(3+Q=zylRiKoHT$xm)oY!iW$6inJavHrlzlWCo zprLx0#0b+K(6dM7=u(4crbM-rslXQ7z6f_!lo#__X}gx>p%#vyV_`wT#^z@7S*TTv zB2a*WS>R%7CurPthRo5^NZ|63jPnU-FlJ?^2YVWyBU#|v?2xT#m$veA*uM3cqC50a zt5+_U`YRJdh?IVJziR07ReA;67}akI;ut57U4Z(HNVgNuN^{4zRy9`QAEpAr&aFZu zZ?TxF2@<|ek#JWxMG0)ckt{Tfd}=;RZ1Mn2*bS`8?0mFUAAWvLZgpl(ZRKnKW&Gp! zx{J9!M3ZkV;pNe3_*w?c4l?yIG6fLV{{DV|rg?ScLr?&a0lP@*pK9Yj(H?0%tR2nO zfhV9Rs#Q;)>hdthpSRY#(pjl7Q1T00&mM_5AU-XGEdE$2u=*_a93p>a6uM=pa4FXd z4cipWcP);qt}dv5fxg`TuFV4uYmr*QX(}^W$6TAxhz*~qtla^)_25wbN~3lx2rpf= z0{i6YE^Op_4Dnt10Z{KzSV-7bEmCfnj%M%MngHB*r{NhB$)rh)c~BXAc(Tf zW+A~OyVrk507BCU6es?0B2k{D(?K?O*e-K*_;HzPw-D8>zsgwS4wjZwzM^oI!x$QJ&2Syk|BpcNU8~abj|SNLOh}!x?bmVTHEc z%Eg&bM6H;&(1zWM1-_T5&AA28;yht;b;}RVPA=jr7DPoovF~iOYg*cu{w$xIZ7SG$ zK63*W8n~Hqb)KMjiL#>3XWDm97X_+RZeEoJFj|55eLsW8ym#}r-=QI7OHX%bA1khp z2v?bVscU=sUYyvIjCaRgc64rzGiZ!Z8VW#Zk`1z#aOMZ;h`&VOW8x7*%6(-t#UzJB7|BJr+u3$xYJAlrjBeWggpz{lYN?(8ufQhLcuTIfmXkl(TGnjM)FK zL)Xg#boleNH-$Y;rU&w%rLxTSWhv{pO+&-#YlNoZ%yrjk413bvu~~I8y0>X3 z*=HNq^ZIf|1o6tVpPn0FDUCOHJQyvaJ+e7*e4awVsgi(0Z{Gj=+{aG4NWN@*gU*iP=mvY!_1p6Jcty2W}vi3x^VQgg1XSm(D=g{Xe(Aw7Ad+;78CnnR|MTk5NjTwn$ zo7w2;PW(|*Jw(4NFgH(O6C&-ry0Z%KnupLLVhx{k&>L3^i;5iZ{WgI^&7sl}CbIDS zl;Mmszc}oc3-r}naw<&<@aP`Qxj;{uNXke z{$D=0m$N{#q_L7tL2ar_s5?9Yom$~7w0{W@+&0g|is6o%pAvXirnRW``$2$bqWn892zzs`I$sD!8a8@*f=)zwN3 zUv=f~E^1wHoO=Y;c$rHUeG*x|5Emwn`{9tcGLV2x60Ldq^R;_-eOwFqSjIgEmTEA4 zT_Cy9OaC?IFq&Yp&%tAIDH1upul9;okNRrN<|{g9j%|{Z4fjSIDL#f3B?{(wZ6>0@ z`e_#-fG_<|JW>&ln(jXOvUYsX=wYX1rB4<-5i2=+cFL>QXO!M2gHid{KDXQ4z;r2W zMK@~jkK2Q6=@0jevVf{k0R_oeKjDLOliNeCMd)bhzQ8u)7?84 zG5kYl%*+uQ&F!Dx8a&)Bg#g-+iP!Mz*Xi>6=du~# zXluvkWd8KvXl4^vh?!7K9~&f+Yt!jL_w2U;@+=4{MFMFM3~2|w<$pWI5JtC_Axf*r z+w-AfVZnf)0BFTdjmjg^W+^mUh7M;l$*StmK==J{)ED>pDMKQLxSt7}4{5FF7 zi}Ab_6&%n>>&EHElSkj^zm1zf zXtg!4C}?5=<_1pg^R_OWmWJRzN0-p~suPDxDTXD?BJ0wyV>!WVOIcWBt358eTXD|^oy#9Fj zqNHznojBzjzD(r@dc)K=!$1%$As@gY=T7r?P6y0Kx zA5-B8WAOU6sp1H0SC}9C2`_aHHJ*ma>YodcW zlJF-e?lCrV6Gp;@+qT|tOEFDFjdQ0M^%iyKmXG=1t&m44vWRNacG{o3x(qaP<>;zj z>tf3^tS}EAYu;|yDE*rx6r^tHgElG?)ZOXf?B}$;QEAWQ#!S7f<%!k|U*K0Ln@3mZjWohF0>y`_;-~PkZ#<9i; zHgoMBMwAonk^*(drcxjRPAAA*thB&&>RB9JV?iln3Y!gk^$+y5pL(p{CU^1ZV-dL& zp&6$RhJsslv$L}>7!1f+#l*zC;Bc_D^_dGIP**D|ECd+DvX=WxT?Ntap-xCD9YZp( z%Zov0(E()ga8?DVEiVIHZ4GTsUkv=97K{Ku$%_<*S?wPKJ_5!zr zEHLR$TT?HUH-`U=u1P#e37jG5<5WAc{QadzfXcLJ6)+j{T3D<$PuQx7v)%>ZQdz*Znn^S@abfm?=HGmaU_ z0BWoyIwnIHdqMzA6kZn>?}Y z1fj%5<;`?nX9^>bKi60&8SXos$-BwE@u}Da$aV2}206;Gp2T}4vg~j5BenIz&z2pw zrzO#U^2TlBDycVh${njeTKtsxw#k+c5Ci|HNH%CX_ z&8LAM0rfXj&{li=t?B36ygVtjy6|K3X`(LzXnfLF}0K1)pLF@?=1?%f8F$X|&h7ywAy=yny zR1b$A?asGZbi~-(*+IoUAX-{U@FhRY40>o)OUEe5XDNt|o*pXUgKD>Z>q-r06id$J6R;6<_CQfxs@ygND9uyrOzQ#;eJ!V)T0i+)G3=D)|E8d zIKeg^wX`7IdiACEvP`5!>TN0kB1e|e()0BD9<%aYYnz*f&ED{^-VAZfXA0GOalphS zEG%4Rg79DX9S+DWlz66xhY!XOI5$tvIv?DWIJa+r-TodGf%{*?$)7qMe}waL_s!Sk z|E(bc46L&=Z(E8{Jr<1KQ_zbw!e{pD);r_P?=d|D#tdTO4;V~N&vJ}var61%oVE?Z z)zL4dCH(1845(k7p!wl`gv zhdjI(KxQ~k<-W}@aB)LIL&a&hW&=jzmy&UdYHQNC#Q6#eR*547oiN0(&e1GO9H>RJ z2KAjmohJ)OQMkESl+$(xB8U zhh(EELndyMkj4~v;1+da_R{I=`x~|Z!-X;q(5ytY0&X2lL%2~=E4v+$9m1)cbNJ@< zxY!2))bsLc_Q!XqqK)0!lRN^>jwkcUv7!GM)6LfVtgYChj(2p7PI2G#Z+u)xq}Tvg z|BM5o136P04S`b)vB4dGOk)5x)#R@P)lNXxRxeDW#dj-!U<7|oYoErY(S1t^H9j;H z@6B%H+*gWg4}D$}d)~8S-*ZKrpHuAv?!r-h7T1M^NNyae$N^ygeP#4tUg5K_)mwk1 z`)&YMlK24vnXPkLocq_dQHE%F*Y|)-bS)>LIQaYE>gRl%N4KA__Li3lF|qdcl-Sy@ z^aq!Yq3R#{p`vDoKw(lAuL+`|Ssi0NNXDYi?LQ^1josrRUZjg3`<2Mt_pyKR8jH)D zltcfMz#zd3Tkf=o?8}r67%9{`;*rq3Z2eTQrBuK_AmMUxvR9+B+b9a6mBdp{kH>Jv zF<-JVQ9PiNTZ(Qh4pYLJmV9qsyxeZw!0w#S~Cz=c~{=B9h_Koy8l_$-i=LhEtg5QqSvNL1FeuM`k)37k8NJFaCb zyKzN&DX;E=QNQJQ46MY|(}nDs(5D0s{TAju3{O;tSSfpR6ce783eIKM)VSj=PFYzZ z55(r=%sXNj#!LdRwq?!9zGn+ITFbH5SVZywO(U>}`O?@dQY+jWGLRD37$6e;52UBN z7)gHafs7_s4WwYEox{WTK1L4Q$HbIFfEiS2^YP?Nqemq839!^;YHMo)ESjWod$G)M zoj|-6RDKg5l)3K>ha4eKU+ZHqN3+<&X7QEUvQ0e-vJxi$Nfje-I48%A_RX3p$W+z) z*f2xS`QTcV|9LZJ_B@xzkKHT!XvzWM*OSa;MsOP>wJc~q6yKZ9wBGNtbLO&KRCX+= z!12AJ`{aegu}}GVONAmbW;%}MX%3e`%`=0V*S3DRQ#8u4jhHRdcOQTrx0Z=pLtm5| zTw}or$PEM@FwoMT%|#O1#|#%OG!G$qP{1No;UCU1AyGF5_?>j?5Loy^x?P+S#F4h z3~AHh>NW*w4XInZ2Qp;GrV+Q#!vD@nw013e(i!GxUU=te`O(H$WG65bR3-L)N2T;j zVhl^%09~&09a12K|M~wG`(PDOm)Kk)8g9zx_f4NDJs~F`eMlK+5hKd_AR4*2_g8t) zdgbL^AUyc@dc<}8Z$VeU5WR%wm!43(r*b#)RSaq%r?VL-2Whu*ukM=UPvZXWJ6q~h z6TiAdwXGA2sxtj`@gLq3lEuWh z+BzlubDn;^p+3#UqD`y*JYEJ-{m6@3>SG-uGP- z*#We$QM|fa%3Y7q|FEMR>an96DgI^0Mihm!Q{(Dh)|ZU#Mw5<%Zpx)!g@%H! zu}EMR*6k7-NrZu{p2)1I8FBmy6Zn_xgm&bi&n91+bOS&ZHE)lIrW1yFuNS<8&z>Od z@5su&QdD?8^sV*1T#Lb7N#}2$@u5QP@Y2EpW9Pnf2Evh?Bx(14sAo2;Cy38tRKPxu&h0eIDT z909~;iA4DqTjg^Sc@4dk_Fbn1VL@MGzFO3y}-dos}w|u+SwHPimPc+*I2OU zB5>_x?iXWOk~hyw8}|M5tF7f`@uMCp74Z1)MWz^g7lavlEhlB3_P(!y%zTI!&1KBj za5nLGPK)b)YSCDxtku=gMc>K}PT{?){BG+%UkG_f4zS6fLN?(Mqhy2nkrDF#Cw+`0 zhZs2~vJ$v@ukelU!Rm!sS@TT?{mN1$MMdH}O$S%)S2_d|n3ief4t&Emu#aImNK9N( z=kg+#&kr2VTVi2d2K!TTMUKWWaN3}SLA1oxqd;+;fq?;7{C05>kkH>2e&Y1CgRtD! ztdL`0J}9na)gMb_YDr5=TX!^S;Lx;(1n%WlA|61*k`RIxx>Z*!;Tm*}1vtfm<)z9G zk&>G$bQG^%%z@LDjGb9yIiGzSw=MxxbEJ$?h9)Km$V|f_XGr5gZ6$Rl&)R;*uw@D2 zC)*t-Rq{ElxA`i!T6#SmrxO)&m41$4%1Q*{&E9bl0fFjweQ8J}ve^ftFZ~0kYQBWS zoK)lOIZP!T*!7+*(wNo68WqAv9k`Nl@jfe-`v(H~{qOKi$4%NgXJqi?Nv}LlVF9?) zU)qyZc6tMhINoIf>CW+%OKF_Nbf}bOvuTixBeSqQp%ObX>Yn|0`QreZTiC%^|HCO1 zPRJ{1mvU<2O|GV&AJ)iYMi5ZNN!-$i_bu`%rV#X2f@9_yi@3RZG>pH2 z56V_yKQ&oepLf2J?gR5=@;jf;Rc?gTTcJ9nA5PWu<-jaoeR1Nh7h~F>X7sVzwB@px zwf43j-7*(dnDyWpQciRI)u0R$TWyJi%SC}AX?Pw=`}-o#i{Lfyj+F{}co0zNoflnq zMC{j_(6Eg68G?VOi>o1*-8zSJrp`W1`T5wh4Q8hBqYZ<8$=Z#Ub6?HU#32RCnRu9( z<&1L7g{=sjuQ^K4uWQo!3~6|_JVa#Mdp}yt?Q!$|g&S`N-%Iv1F}HOf$~+1Q`6s1U zBvshNeZq?Ie7uA3J{<_3X|B4!e5H3ak)15=E7-0*;y4|m1lg&ZVq|}Ljl~}Fq)>~G zjD`HZbjwBE;`GK_g;7{B!BMdt+NRh_VkFhg!}fc@(xZ`E%T_P@a%i+!kLcbx>n(Oo zzDzOVRR>~^%NX%(Pqa8n&&a4`v-d0CqOHmKWIT&<#4c+~mPIhhQ~zI?Qvyu^m$3H8 zP-A~D-JGVZ`EjkHCvnz#<)%Nre>cpzfV$*K?Y@{uWY=r06ra`~CQ0C0qk2dGx5VK2 zijLv>Ym}rd?Rw|O?`Bw-_q=B8ma?Ak%J)y(8Lu8MA5G`E`e3$=fJqHd*#gvsg*{Ju z`>n&Z;Q^7wC=J}@@wSv$_j>=$lO3r6%jb%$H{xG_U*FcQz85!BNFXPyTf=dU#S8n9 zwuP1}?Ki6BNL9{=eNswJK8lj#f_tws`{Tv`+J1Ow@1i6Q2qM zeQrX$UODpG#_{pS3`|X@PAk4!#W1fsqNOmHMm4;H9>3Whri7ebOKX`GrqxkdCw}4h3kbeV|fM{1H5a@ZXRmL=+*~^8)?TKhY1XKc+sZ?{w3b@C{O)e)T zoy@!2kO5!PN#`fvwEnge=CmkB^_cn){%Ud8WWh2@q?#xvI|coM)D6&spW&R>Sb#cT z?3d+4a->NkR<|2n!dhj?vgxz=dQxa+T@yNMR@5d=1{~T%+wU023h^~9Pxn>M(Es&P z?@y2HZIy@t7bcfcuqL$P%UxM;c5<(Aq=)@DQIH-&M!gNwWNL0|06J~%})Wc}e8Jya*kU)UZ2l^s6 z^hQXI$q2}Qc~99xU1;7yR8+PT**W53#6*;hL;wrMo>^5@Q_){`xdv$5?LoNyn|g*CXPz6E(HAyx+X0yP-Xi z9iA@oV$7gGN=5E;6dsvaW6KR6^ zzAfE=>@whZ^Q2ZDXtw`kj{y$PC6#*mTy^t^*SA+(!srQu=-mo;C(kg#7xEK6)tIal z{fNlv9&{`gnUk%idRGeZ-R-C+p#HMawcS!v74*e#DU*B~CQ$HFJ7WGC3-1mRnLbJ_ zN9@ta(UE9U64T;uNV14sEJar@J*YA<@1OzGz?|0N3Yj=8i|v1#WP|p(w0H^cUacs} zKf~U4wE^4Mtcg*e~a;5})2TWW`*h+xl1nWanHprm8DmCkv{R=xy;rA0`c3K{mX zp;dIbQ2&sPNjd86qh7a+u&3l6x4@5z30lQ8re|)-G;=?>shmuv1`w9HqOB#>Nn?KeoYg8+G0L-FL!chxJNFbxWsz&qkCy(JO_I6UW<;B(p@iEH7QWnfe?Y zw_N3x;Ul&bqJBsAGgD3@q3=r*|59>n>4I#_w|>QWiC552su3^zeo?0xMt5o4WVjYe zT>7l9zOzGCD3)=QxAL)Gg`Vm)7Rlh- zdnBMQHbZ(sa$~6?Y{3j?CyQfCLdTSKt;3{5&lIn* zV54cD+5%9h-q{PMKZxl(`+pUt?@mTxO>u!hP+VI$%5s7 z9x-*~dP;I5DNO=hN-4-JBF5ULxsUr0_xWwtSLp>`K9=(EUMp&x6vX!4SA7fB&>cPk zn<{DP=^w-@9xn)n(=>{bT8VtU4Ri=H@%z40aN=mq@RWO#*Ko9pa)k2n=EQ+nKbrz! z+SA{@jIOaC=195ye`FUj{d!}L2Ic-S_t;go{E?MoHuh42v9UHj?G~VbV1$#q_YyhQ zPNZj9rr9UPw=2&gc5dJ@kGsDiWj+i*o|&| zF;$6k_W^}W(!ZKCu+4phpXu%b$3SI3u_onIt8z{VZ>CP7^IqJx5Bt2a3J6V}YNg@g za?pl2_38-zq>_{`bx@6S#}MUuv2;Wjq@Nc2lJ+p!9URxmEaK$kVOE8%JtOv*#LolA z{5RhTs`vIY%b;K{%x(~kJUnYw$GE<|H3;|-3Xy*zC6K&@yXhhRA zzRr9&FEqhYk3V(5Ai|yBkox`Uq?zu)$qHo8K~Gz?E{fz4T}4Pph;3=Te77zEDZQbV z&!tZ(cAirUE|NlWlJDo#(()+aGV4>lTb2&vgoMj+@u~`sXqFuw?G3=4g@cnqvcURh z8Q1CZe7`@o$^6J5z@Q0u;;g}T&jK>Zo6A+{(Mv?~B5cSXkH&%{DNMftZWAMa|3wnjMjK19{xP*4Ge%Y=nbsm3Czt2tO*-=Q;cf37kwd`bn- zg|2+@E{}4O2O?4zY{-U#C(b03zIOP06$_tj{b*U{_TI_zoi!tbHv7%A#%>53)QBXx zY&j%MMMFF6bx~%BnJ^ycMP8f_iZw|@N5mgIv|>I8}icPWzGoO6 zUtWBF7+FP73$E#-ua*{8>N2F(Sj4GoZN)T_{Ox&71|fsaKY{^dRK$FS7pY7nL{ILV z|MuXg-?&uzZyx+!lpr#5(VVuA`?INa9BhRo`F+=2t4enZq_Rlg=lS@)Hxd+WoeSd9 zW_T+M5NpM)NPxpX0p8!@4p01r`!zP}i!B|&(4SaKli3$folN}J=wMXyNL4;_wO7rTy7w%) z$?arjcOYQM&Ei`X+7*?TOi+q&7|b>Z7jcq*t#&Z63NoF~j^tJk*@F3bvClGo!Ruv5S7b^1?%-xFfd-q z3`Ub)EZqnPaxx%LNanOgt0-EQu;gsd&lckObYK2*E|eiD6e)F9r6B3$1x#wdX?LXy z*t+>tWyL;Lhyz04f8Qf)$PJ;ilHe}EHMqNn;DO-o4vV`>2*C;N8YH*`mqmihBEcPkEChGAdw8Cg ze|>M=Ti>nkTGicxIxu@?&Ya&&cTac!I#fYU5*Yy>0R#deOG}9^&U8<`&MNQq(~{pcUnxR!39A z$6HCA!8WEK&I?p{;2ZeIZ12HIZ#+uy~}*c5d35U}%fo2Z?Qjj63O=zK7-4QPAyc$*5?+1eCT zxIab>00EK~6H#$b-(B=bCp66vK0HtsWEUJ4ypVl&Ax-)f?N_utJmvSFI*2snhq0<| z>f%^_rA;)5VI}T4f68C7er`Y$`9c%+nT+f;nm^iy&+qs7*;Ck^!Qsop-DmAW#8>0x;ocAt;a=p^M#yTtHIu|yc75bB(?Sz{%?M5;p8bKR7l>pByd@c1DA~ zlfpJ8ar4(7rj3GF)6_>uM7;S=PmeZj)-&_UMEnYX$vWB>_HDUY{BCo4Yb-a8 zKI}p2xtC+b`y5v(Ud{AgYdf=3OC-{I=5 z{6hpfqnZ{!e_A@n1^p`0dB+q)80chsaaJtso$1Mdr-B<*uT9LxQek8}aXV2CFUY7O zYTnI?myh@c;ijI5(u-QZfLA4@ZzyociMGow7`6~zb5~n3e)bOAdHHzFCUU4;F=b{j zVP3G-nrTlBVL=`d^rn0vT{Zq{MC6X{OD zedj5Vp%M~Ahj@*(#h0Jo_a%vnFKw_E8DdC|Q*@p7hvf>^!&X3&x+h?MljL_=ky0L+ zo@PQNoovH3qCT$1EUmUm4wPVS@$H$o9e-KLp_o$=e9-4$$E*eoUs&Tk@r0k-d`s&2 zOq(Ijm&W3nl~B~T8j%epdQVtPfs>m0ak(lia6@-2$Lo?kGQi6eKIDH375h;WzRP8C z6}jh!kDqFx<;ey{*2Rt=fQBaXf2@(p`tTHwH`)y^o^sRB1=ZKZ^9te<@Nzx-VZaqI!)hlZ%T-EjS2K zHu(raphG+fo$vNtYe)P0P)XYRCoJ~e1u~^5Jv}{xf`S~0&_N(~q)(kwo*>h>@4IdVx(-> z0A)Y2qJWMSY0smhsi~==f`t%BM@Kg>Fz{cGpkPu^_$c%EaUud<;1ce?;P~%W!yppz zCBeSi8xTve!T*WL_>5=#tW3ZPsiiMi4kn6(-=h)KzAmrtSWfzY*J6Wfj{WSV-nI;x z)kT6y#MV5Uz|cFlPv*h~dxBg=F9DnMuTA~PY3ZJdKpU*BL=t)ro^yA^t`?HZdTu{j z`{$n3%+SjdE)?Tx=)aO0gkj!nb3~=%mk3;!?l-5t~ck zCt)&cut}rlsrKN0<#($fggvf!Sg?pbX=m#jHQeY2yn@9Dwyd}bnf7brn(%aMp`O)L zIKeZ4*B@4&x7V2srS5WX@2MW#UY>CIb@zF<&Fpz1qrQ~n=xXEXzH#)S-^lMj-Lv+v z7SFHVpNfU&*-H*<)onN9m}c%1*yVb!`U5za{EJ1nX~ss`cF1B7hTqJ>S+^tOvH{7-S)bYNy;h5*R$N*aRf??8#e!3bdc{(kpC4Pwpfu9)hwR@IMas+# zf4;~tw{T2Xf}|>M?o1k^(}MWAYWwSVLSzLJO-+n`SNsJKaQdRoc!3#2as+O4pEijt zK>Fbm4io;6;`e;qS8f-l$sN)i^XBDFl;Vb4{5naD9|?4Uk||2)`tP{Ba7J9duGG6Y zuk&5aDidity91YL-J~6R5MkWIRNw85xWWrJo<9d3pv($W%_!M}!M3$(+BohHW-9%r z8pG=KHzEhi@6OIpDT8f(NJYk&JcyPgrHyBYF+l~Muuw16h>3G$ukpS*)(Hl|g^N^kN91ju0rVr>`PvAzItRJW0siW=UimF^Q3YB(stPDFBC_Mri*bEvj= z714=fxg6X)snjNRI0B$CfnCFiHa^cRF3uE3RuXiq=1a+>0}FQjIVI@rS+d{!gvBlr>dVp8age) z0l%zlcDvrvWJj} z`ZIjht40?wsg6U!&Xhh*{}P9-r?7M-xoim1G6YE0_s=kq)tq;6Bg>LEONw#urkkE~ zH;KiTNu^}Nyiuq{I;IaA5>%$v1L;U<#bq?Mg-jmC(=4NX9!^#x$-1VRyH(@c_mw|3 zOL-?>h+1m9-G(R0>Ks>92Q4j4rW+Q*Rn%5zg@kC#&O|uk+8wyPxq>g)2EG5dkBPff zm(_Md?jR>-=^e5vO2QzIO}hGRKAxyzo{Fj9TloEW%`xWA#{%_0Xm|o9@$5T`{awrw z?p?uBN@G_5dR@Q!hGiz<(?!V(S_Ges+avSga=q1`eNl>lqx~-y%FCB$C!Cy|DC+nw zA7c2(2L#-n6(otA6f3sFpllJ8By0)KL)!NpElsWq8z375@8#Bo9J1Xbw#Kl?$*IJ$ zjS}&Mwxbw@q>4XE9!y4-z(4#cb)b%l$q4A@-2=aEUadLqKXcJOM;^p8_nDG*h&hHq z-<@@1h>L$rfrL+?CwvoLS`5p@aKybx?o#a``_49~g+zh`i9&F4SM>Y5Fc8qy9eo*< zg5Pv3TvVm!vo~@&r|jw{Ooec>pR!h-stL1rj$nLhx)olfB6e)B7D3*pyTGz*JSbeM zjHnD@5@kL40G-_WOR_U(3`P8=-AZ{cV&^_t?wG=}=V`)Z=K|9qdBS1|W#c*6%g|O1 zEzd)A_6Pd)Co5O0@_l0@6N&&W{G-2!|qQ}M&yuz%k6uDO^Jj9#tOeiWyH z?V}U!$d7ybQ$LYJzfVj!ANK=b(+NeqoqyogC2_~NHjSWtPFjsR5+pcJSO{fQX+K93 zyK>?9N-bg0>$%kMtw(M%O`ZNogYB%|bG==XTCA0`tzGv{emAmAkYoL?U7}O5`?;pu zkUzh4LJ(%?rBoF|x_RhXA$mMfS}srHPz;-hziet;DSPK}EcUjSrQUNi29M|ltl%im z0o7J7inE&I$e!H%wy$9|DUDe?by^NLKRlIm`ztwDF8G4*crU|=_zgRTGx&A6;D-*9KYaVumK`KnMjv{fuz0J@ z)l#*7IX7lp+~H!Hjh;~M?)f?syhGnIt&I2(I~iF6w272P z>FA0|Jgvpu5);$Yn>oq>LpeKto}nK}>E>BRoTC{truz!dDe5r|eEovszw&_`XnfvjHW0EpEh)a9&F-Evi<=2l9A<64m zMUb`)uU5yVK`ZTCSUOh ziw|m$%7mMnjfub^s5;SKzcSwQKX7p&79Yj?x%DmYS7z6G;@|Q&Y`{58hk9m6PP)w}#`&ndz^ucro{9XIksIGqo;%L4vi78<1>U zLtHp-Vrl^&6gat!kF#@dtp97#za%xFjqVJ+aBH5+`N33)eilwokfh7C=t@8PgaxNb zQ|0-9<*}aiF3?8K8ijV(ilj*Y*7XKc8}d+7!VeYs@@uyUIZKaYdftO^F3>O56ubY} z65-w-h)=R0TCRQ&v#af4a<`nWYRGsPd?2;}_GwyC73}t@dZGP@AO8CR zY2yz$^jX3Rr##|8_)H{ea*g`r_|#DFesaY^R-Lz;(QwC>+&&X9oxVA)qxIM>9=Ab; znb2@EF_@RjWjPQ4!22-WA#H={X4IooB9=gf|>GvlhGJ09k(4t8EIzE>V z`ewWz<3YB?MtSm%Q#cWRvUzLJMsrG5O}ihg|FQ(JPlY_Bx7;d`b4R@%a{AN##-xgt zp}ws_>!hv<66-i8{JyhfU&z3NzHva`^9hUIP-v#0myooK6M?8!T9m+>*=0+RBUObh z!Fr_pGDT1Y9dwOo^#x7hjmp)5X3D_0YdcyS>;p72_Abe5E_#d@uL>zhmj4x`{#TV; z3L`^gR;jDHYw)jK47QY3jdB>Dl*o7@;+{}{B4@!j$!4Dg8-#qwU4!n_K8MQNFV;O( zX|5#Qw@GPTrW=DP5Z68O9DjfRp)~FS#w=<%o|UhF!)QQxdCs~UN~CIaADHTscm&a) z8IQidsPs12&p8VneDiHQ5L{nC%3aG4U59byPDz1okCnFbDMq>G&vIT{OweQ`Gx-=%d3hG=+9TE^RW!fSFiWS>xQ@iS2TqKJXYa%w^P65X=PyW zOBcDK^?Ex9nSikDIAz2;zqNHq*J;$kd8yfhii&Dq?KN88vAaZ2FlBS`!ZeFOd!!Kg zA8hCgv<qMi+HB5UZT0*osXjz(qwFM*qp$Ll8`H!!;Xg3RiS~crG)a0~@b_nSRtd7ti!y zZ<0|p<;wkTW}CVn=eix*u(eCM@I{mDTFPI&_vI57>1t_#6>x2EXQerfPMdsmegm`x zq*nfl-S)rR4^>ThHAlcO=hIB-R!323=p2$foH8aW#O1Km6x~ScI98_4!kJH~xs8h{nyQlY z$DHV*!vDrcr?0NQsZ0stHM#$QC6GXCpqF`GdF9{W=wQH>khhnVYe1=98KL02HZ!?P zBUeztcP-HHH++0Ve&Zi+lvFby{1e%Up=&)WW0HAQwvPFBBX(aJ1BRlVT}AHkoUS#X zmPmhpNo}}YLG`m&@$C#k*45P&f_u!v%%T$`|0ni~{!>(3R8%yL+fJ|5yK!7OjE|4c zwh@*HWp2AItsZvtu|)@&d|MYG2jSTqvpRU(olQ?y=x2HIad1q`&-3%}%uG#foW6tKLtN zMD<=AEZbd;U2SGXJqGbe?ciJ@ALEq~AFg;-9T$OUjoYG2W8`CI=osaH7W#~-?QfiO z$;ERR#t3(tPV1k{IvDqw(SvAA78e(_>#TXbFImthCntweIc4nKihXX*_ZA`a zmA*Dl`=Y+2q$EGzYG9GR>d~huSPhKOLXDQANB+Z z+g{HjG7CS1$_R-_>5v)&0`9p}RM>ZbvA2e6n%yaEIXg_}D zS2}}n88o6>?4N;1Uua6{@R)an(xzh?6D%(@xbMBtF5nEZA|Ef1J8N^Hu?J>u*K&q~ zJ_IN-U_7xJw}YjNWxt1(izNbfGg(p5fL41etDQQV`3ZZ?oyq#stY(@f*rY?$gT+Xu zAm%&SWFChc)4QN{>~IuWWvYeM$>&;qyv`|J18Ch!6Y)^zP;iT`iKU}|Lqc6{+im}3?6&)No+vWWCBoUQ#$`tJ z7hbhD1F0qwLIhWZ>0Ax?I&iKgArfWnwJiOD@Wt*#Y-=122KqiB3J49Wm6D0hSd5OM zyx7uDUl^St2gY3PUSM`}{@XS%{@%srsLZEQjKM}Vf^`8EXQA?Lo#x8D-2w;-tjMh9 z*pn;q&GVDEuV!l>v@-Itjg3v*obFh_&@7ORgpZno=-xdECua%fn5GCt;+z*cao^yv3=I8eu@H_)Hc^n^Qsq)*KNL5Hap{J9@9aRal?VjcQ7Alz8FsV1mX;29eb#qa6q0ajXH5o_jJDULv>j>_cE*p%U?NY^2=8 zs-9IE%QMd3xprpx7BSYBkW>TN)Z;MbQ0QFJl&{y(UMDV&8`8x)GkQ0M7N_(6YHjoS z3nn|w8OWc4iw9Y#7SCFQH74$GBd?nSdc;m`H00$6UEM`srI)-8THKa>E*9OE-w+r4 z$EJQ_%o6lE{|b+Z6xbU@B5d3f0sJfL{U>pvgH}0THieB!X5~5Py_vVP4h|#V!OAw( zve(~WK-5Zj%F1_kWAZD5)3}KQY&W~86Yt4%@ZXJLgmKUYlDRn~NjGTFbMCJ;DfZ<9 z8!h53JFvEUMTozNoCaApO2w-U+P|cxrnY!poS&Vks;J0j@J$M^~{Np9DhJS z5h9VFf!+(9m^#{qI1STkq5G_FwzZ@(eQTK;z43;YB`rGkXqxj8wMvGqQ6C<7 z+861w6D8Lo_(xjT&#(KLf~Wv36^(lP*1<3x(_vWVV`p2Vlf$aEzNM)R_p&oPx{p2V z!I`08A$9x>)aVOaqRbfJ@q#`J0Q<9pHqTxz-C^}dOcj-Ii=T!4&xX8Yr*d7<=_m<6 zZGQiA729Bedr7@Vl4IfFQPZ4m@1PCz?Tcu0L)>n@SSnw>pZfXJsy}vr`EGdH^|1@- zmHXbwJq*fk*OsBGnxJnlaul;;(si-7bK8y@>*FJiNu8+gp6yo#n1uH$NAwQ7-Xnq; z4_8^z!!p;`e11pam2KAvbp4mle#%w>1o%-goDvjw2<3g3wMxt^t7>^@;J zO$H1zeCbkHc&wa-pzm(TI*O(^5=(VQua2Ska10Yf72*+7k;M{vxE+x9?kJf0XO5M% zR?|#64Zov`CpAj1=B$G6&$;DPsw_tH%rkl2N5zlS^^ws7E1Df|jiYE|LTof7^=s82 zd0~dO6)>N`!6ZmG9H2%)2%SJ4VSQ~~hYADSa3I8Glll=$yWaLdQW)QBk5jJ8Y}op8 zvf`y?IMHxpqF){{0Nt;`)dNlO?l|h{hvTH;oI^44Mh|v}^2GRv#)Ho;{kB30qxwdo8 zM5(WM^eH@wh7sLsj9Cxf58=!or~cUfrg9lEmwkLy8cJU(rWYk@oIdv_pOSO{MTS96 zmm%!eF_5s*=p-uEpO}~*&TM;qyJ^hawkxf@`$papSmDpjFzwaj)A7?j3TahjbVVPZ z&RD7+)#g!GXB9=QdSoBpVE|uMV$<)cO-IG!$@y|2<=7M5m0Z`d>;u+U0q^#s&bIGq z?j>!33R)#R<~yMq>sd*m4`QQHzRs)FBUSL2bfFlCxKlox{6d9cUM){p)S~?Jh80~@ zDyozABZAxAxbk`}O}nS#%224Bu+MQA_V$k?t_2rddd9ON7vN?ZDWN4IKF=kO(UW0z zX4H`scG#@>oz)`|1VNRneC>mnSUTpWWPVyrUCsTfy09JCW=IW4q=FRQ{9~cJcv#7e zB5d4^I~V<0?6#oLSJ&57qmKj}ECdo%Y@&8v3OU)8biDb?jh=2Rk{P}-RvpX~A(!HZ ze?_4WNSRU?%^5)b?{1P>@4M<6gX>Q1ls`liShXB74XsK?*^lCbKzOyc(mFLV#e^Oo zy55fV9Uk66i5ECrdm~#HS1dGprQ9U7gPF@9d!@TSpRkC{P$4~`AFxPz(USlMfef6F zVG1z=$sgz_@{0wySkTG}N&g3(dh?m8ehxCFoV!@ zI}ueNlI29|^R{5Il0G_2+3ZY(_3nj3)H;L$lO0&`VDGmMiahAF8G9M10!P2g+?Epw z--5xGzMj1&UcI%HK^S)H69JBjoshF%&Wv>S z;H}d4bD?Sx2@;pOX7pBcZjO)&C#aUtrPpN{c+A2Pl>@xPFt0d$PSovfz54i%N_BqE zEW5_DD(zvO9oZDYVuR0O!rxR5C(1v=Fgj&cjexY^o)+;@! zFmMPsbb|!eM-rT7U)NL7(IP)=40ngx`4lD8E_#m-iFNVJ%3A@?1fc;BUBOb~p&sTr z8k3rh%~}%X;L*@g8swdh^uHXXd6X^zeGFWiFR#E4XyQ<4E)4cn*&OIf%C6bSfBKr| z;ZO+VTv)j^RL^Bn`6%aani&>|u3x0%QJ?L#c06IB6cQA?TB4_Ua?8(5$@gk=L^~Qt z>;S|3t%_@~mx~C&%2~>6Z7aKeDieOpfZ zaY6iMc~wr^BNqHy?`sLB?i+UkzaeX*_M*z;^GpAf+osfRGw;!uI`G&@UIz9;G%xT1 za$VAHx@fBrA=H!8OIi<*i_94vNOhd2YT#;rgLj6jdZLWrWKs=7oM(Tt(cDhKtghKm z6+F~vL(N1Dt2$!9QM7*=9vExn7T;lXn0kAEd#TpT+|7*}y`>Fy*S4qE>avj8S<2s9 z-*y7a7qjkC%qS{JXT5=N`{8}=T8ypOIr~qHuYcPY`XwK^wlepi#JZ8PwkaE16c6lW zl9HR8%l6X1;?ZOJd&@`E)K=lAKYp+7+EQnES3Kf(do50#d9qqp`#|GaQc}})Lt;bC zA$R3B?R#|`UXG^fXrgbGqJ($erE}fW9Xl>GST+yC3_?(r={ico)k4A7)Qg;|$}^Qp zUISD=Tu)LL6&K4P#Ps1p>BefP_sqIzkvj)iU3X8s3-$p9S^1$Pitxpur^pAfGsmZWVRL^AciO&yJK|a?Aj!?dMH13~m7S6f zcp9KTnED$HDk_P7cZd&1S%|i&&9!=9^|*pyZQ-$cuklFUn}WM*?Y6Nh96mPG9ylfk zWup|fpx9W(e4PBmzrlh?GL+geQEG$w^^OH;Us**)c#;HfcN@iz_nxy4EbtIC2f9jD- z3LN`PVX+T7kj~ZD>QawhD&)a)c`PXj`Si>*_aEzurPe&X=)V5(xq%dj6ig9+1E8ZMGi`obJMz|PUKTPBTvT1|iMB@ovj+s%ku@O# ziP(*yp0i$zSy{PB5^MnPMiTizI!CJ_WA-EKP#_38Iun#=0=qFgo-gT}3diG!w<<*A z3{{B-N(_Lr;u_$Uu}S2ytri!bUz}NuJ14a@tY)O{&5J^?m9D32yX()pF<3>YR?|>C zX{>IjUDp$XXTih2owqBS+Ct->un2y}Qen56e6lliS(6P|BYMD1M4%@BQQdOlPfgr( zwm%k^DM4NTbKM$+O%zUgVhEy)tgDjoo4_u z(7Q=p(WrYa!Ed?Jaynkr4yCNkfJafsFC># zW1Q;=LS3wH_7#M?&@3X*~h~_zI4Ee5Rt{woP$r6=viD+)}T|e82y>6PU(|%b0#b`M^ z!#?g>m`G)H_>@OF`kojYnre_4}|ai7mC54^Fm@#%Hc zJnvEH%>x<}GA5WGO>w7)muXeKyZ%yITSCt=LZof;qz)d6Gp@GJ7c}uJ)MKJ|K^fAq z6hs->j@jC33P>}z-!L5l?TNhZ;ks^=pX1?|_G!MGo~Y*e>ROYb!+>RNrD=stneZkN zT-2RG6BdfU$Jqr}Xn_7+ACdL1e8K`7P%&tm>B=?a*L@>?UYxr4UbVRwSBcup5LiU@ z@TrMp{52!fr8tvvkHT2Ogb@weUZ zV@=0$j=doH5|$=*UX_*w_b38ij0Djgyl3`t892{fd$AQLZ-Z1@H?Z38o!Vn z7;N;|vEzr-KlZjk8w~_H|BIaegvI|=9yRFyZylppd+>~}l;wqJ@>&5EV~Y*@X>&3h z(O^3~`Gkd2W(LlkElu#V28$055_nS>&47az?Q_Ms8rv^_Vu0*o@W}c56{r*0U~$^E zcDIzV={op+hiG$Q+SW)1xEDbK;6|`QM6rWlMFmCcpJl-c#mT0EL8>pQ`tRL821y6# z3T{O7qLuN=`8+!bORO=9s8o6DkWVEPMrnZ_oCOSCE5N5>vc!*{h*yQs9>%1FrA}_4 z*oxuiGKX!C+pHcSxLW`IcaHi25fBKKYb0@CjSBypM9_nAy7ufkHZhlWgKubW?inxcA%-$^wG07vul~+NJ#)PhBT`@3e`=nK#@NVDz%LX+gDPQo>5l(tK)lzc$B%JzRDd$ zM^3;)W{kqX4NxIA){}EomR^{&E0;u*-ku4&6~h$8yf&cRIZ7Cuol7JT6TavxXI{Mk zwl`^+0AESSSM#gX@VA*wGgq1@dwuc;*eW^H9s}}op2uPC9pAn)Uo8Wp_n9{mI>bn$ zQ##@HyO<{OXj%A5SB2J4!7lDnsF9iK(!O&|8v+88m!SU-l@#>+zo?`%3_|~jga5x) zjPQRbM4v-KSaE(2oD3CiTMrvrMST!&L;<~@y1Q7;+Cdv@IO-vAnsnaYNps4q#W}Ni zo4Jvo)4h?i=)Dy27Q=Z+u>#Q@)1MOHk@^=r(2Yz^dkP)MIAUuH*RNLgqG8~EUN~8M zALUU2o{7=Uf0IZxggOX$4{?RNal~bf1J@hA&HT;?jorX`YwYU7t!{xLs?Y}&g%1H0?IutwmnZsa2&X!yj!;8B-e@!Ae)2MANZPWa2MJ`5PubZCz(1g&I`vU zM9zbRQ=VMjMH{LlmUuNF!#dg90{rLy=(&&y^9$hvg(!V347VSlaG9q|Pgo2`!_Ug^ zvP>|u=j@Zm)|73AsZ*e3mRbxG=|;%sak=lH6>qr06-B6jG8tYZFw_j74isFrh=z}70KFux=e=uJ_+^jr z)i>Msa6xCRTo)Q36eKp_i0x4OCAqsK&t_3E{Fq(fG)*zz%mH>BJVx04&SF~Jy@*ZE z<XY2|qby>&Z(%h|**q8<@T}QJYgW1m@ zpU8xxW=3@;YFJHXJ~>d9FXtmIdqR>3U36M`D-u7G*cUz?^8hmZ1*_kmCoCQht^X;> z8FcXfrCn|IDN$SCp!uX~fgA*~VEOMgJi%e#zXJ(<4Tk(;OAdVG;Lb*r*8%}v(;gk& zW~Y`=b9WznZxAWK?^fVhJ#q)g1OmkJlo*17f23^y3qFW|KJ(Cj-O%w$} z>M^=hW92dCxskLQcneetA@u(G1w!Y%yOBrnwP8i?HmcN-jHjB58lC92cOpV@2iG98 zUrsEK*1bg}K*1JihsSoHir*ov>Sg(w>1o}H*Qhq;t*`ShNz3YoRTN|I1EW5MKH=hF zu`Z0wVeYI?XQ`P82+N;$ETof4>2BSwJz;SY#P<4q{vN|4Nh{ZHa?y;#{u-XO)buhw zjCs?pk?7^#Tnk(f)y7ByZ23#$L9|_T!~2yGF>>JT0OqH-mzJ7Z;=KDhZ;NoGNnlZh zb?0!DwQEXHMm=exG-D+srx_MGKp6E$)d?2s5PL`5XL~_QLprk@z9vl&K_ueggh8>i zW!CVPO1;txdMXd6t@@Mb?_V)7wBi;2#o+OugcR}50!76Ycsf?>RaI3T92^uC6-`Y| zKV#quYwWY{9wQYX>QZW~x|muHv$#LIS|GP^YP~nP$aBQi9y~z}$U_qDj5KJVdJilq z92Fr75b2bE2}>%>k_xom+Y#xJuKo=b8 z#qpsRJE~~aI)~iJGdL0d!L+y{_PAp`B9qhYy~K!xMG=m>CcXC29MX<#^3MkB-Y58G zFQVu53lptOl?vQ-r#a1AryXi;PQlchO=`ub>-I;KVBnykd9u+ zWb5uKS+h|5`9}dA6rsl>0lGwb`Aw*H(jU9Dw6s$WVVYh6L^nc-mtUm@CH_P_on^e3zy zfAp1r^N+4ZPpYfq+G|(Xi%%REiW|zeyO!#tjx0l=Rr2GKPGDZ1zv<<-o60;tKfiv9 z|Jj%g_as_>QQN~Mr-&z6R&GREyZVom#9P44{FjR|X0NAvIu+-6ygBq7t?y1#TtGzt zqi9rcGd@JQG&l-Lxh5z>2ThY$^>II&n=ZWlo^z)(I?`z_uzn3AvGflsNvV2vNOEKdJNSH+2g#()|dIXBXeH*<=>#y5XN~)D%n< z6Z^I&8dU}kMW!ARZggFdMv<@p>Dc=ylciWHLxk5Rd!MjKoVb@b{vGQpFClr50LREz zCSZe$bfnExvs;vn?Y2gf=yg%ESYr)kYh*p>7|+LlwUM-|7UL(%$o(BS$*H=M2so*H zvBvu)Cq%_`B+}{%rkVO7$0x#jgO5|Ta?sW_Ej+a35fhcxAIUFh<&T6!<#*nDr=F=P zY;JkQoFx<@OdX-%ZQ?1I8MPhSvPlnKMM3xmm%J; zJ~6y?zKp!VIMSdooSSuT3eAnqCTUy^HtzNEy+?e5{qX$x(ISDznFg#XP4i5H+{j!% z*D;~YPiyhsvk%f`+TGLndOkRWChzBpP?6Bg($Eag*)xFwSJ?jI2Ne+w-L_l;y| zYwL97N6_Bg1Tj^l2E`-K<0qASUj#q6wgO~t0pf%G{VC#$(^C~dZzd*ss(J`j6S&vY z?@l@o%hFwNBDw8Ka1P4cA}%R9f`xPvgb9>0$G!1MvoMkZw6Vk$3r5DPaL99VFt~PP zT{@RF%mK!yqG|y3r!tRvNG<(Qj4`>Fc5ppm2<=CyY#zn!s9CJ>)HJc zyxz0GyGlc^H8*0tJ;QxA7MAy7pC0ZpIh9zimePzWH54$C7!K@AP_9j~AGtMO$tc@H zzHGKbgp#p!uFm&G@1bdrwDCQP{GV0GZ|VMX)^gki=Zd9=NWmZZ6RRoq23>pDy{?wl z8IbwVJ00{|a>5_o#Z&c&pGY(#AV=oN_YO0z?e1`Cy8f(C=W2AbAPKvg7Ws$tS%7e6 zEV=1j-IAo9b%uueN3mWxI$>vbJW(d!kco)pIl>bzH!^Yr!2Ydk+B`E)cKxG_c|U3P zw(a%tnX{4IItXaaY{ZY>|sYeE)Q>)brqPgKo%K0Wa!Al{Bgb*H9 z{I~h{a&i%S?irKvIaMF;JYiJXQ4zFdjPy+wmfc6SKh|=@#ZHe3Trop2l2|9H*s0@N zn{wA@D!1X|C`=94_A-Tl2e=*HZRr^(JX~3FkD@6uD zUrptQ*1b~a((oGeLB^hoxI-7Z7wxS2pwcR{A6(?Q&9R$+A@78yF2<)j@7}Dx7@A z6hom%bNN*zgj-RFc$%JE`B?!#MP1QlBr#!ZlBGJcvmuj-{JkO}k&cN-yPK7t7%V!F zVg4YW8eJCfz9^u7fFE$@jb6`US4MOH3`AqLd-9 z$mohc)?%<;5A={681Du4KomY~^oTfMTOZ^BH7P#%lLnl&J zt*WN>J@AO@;0mAum+^A!T6x%uLv@XoJ<#*A2A{BScTuY4`}{gL>K_`C>alT`crYzl zamxES&ih_j*h(Rr!1ssZR7D~oA04r@;GGZR(tqtiZ^?8|v+pv)cE-8W8sh zUxHXX*L7EOB9W>y?0y4WXDO=Xd;GJS;wDjXu?ZX*9befWg<-iw+L)PWjFC9>M|oO# zKV#8kA|sH#@!(m~As&%Y>wZT1lMEC?hOA4j=8)XL(g95(PcL3lWa=iR7~4P5IFufu zB8N>?r@nPrp^k!0y9;&N;S0v3Q#5s;NmQVY$0gAw5~^&iX)O&2vDI++?!xj`DS4`N zu;`1gTo7RPL7E;h4L_v{%xMd|-a?@=&7<+5sGGL9nhmN; zLhbHJ#1?FUY_> z;V>zaTKh#B7AYdI*x9M@93FCo;GNe2^r1X^K52Ms#l^@yG+`Z3EATPlm~P7QpQ4OK zzlGVB+kv-dF*y}wwzty>uOE&_#u+h__6<3uNg`?}C!CkrF7XG5O&D$QTobPgg!Uu_ zE2eYw z=-lsq|H`PS7xX=fzm`HrU-Y`qi;B1sL-^1iqBPf>fMX1Je>auk*6UHS1 zRsLheNzKor48jsRAsTn_ziS`LY_*1$HM_4->BDk-kc&Q|6S2#u_`Uta8I`nt*Ys0--((~{bVIU=|IqLY=o;u_cTdRhB?*o!(uS>;b&Qi7Y{)w z)ZnC!p$5Z3Knb@9KUYv}YV|dQU<&UQ9YYe{$5gvz(R>{;mqn?&rt82B10`lny*JBD zub{O^qMw2$hYa5&Q`8X7wFhoLb0i1SPDT-QI|(?A}`L4r5=kFMvqqC!`EM< zg#iXN6jrar9Ql)D&fmm;#{*q5{t86|o$wcnECYDRkz1h+~F(Rr@qomBafOlCt4s!a)5|UOtBh4*fpaFKh$a|7-(&a;{QbW*_3 zCT@lNDH`wCPs}URY()gqC#6?2yyXJ9Bj%ne@Vt8UDx`3083@^1g@@AMgv0oNn7}`! z<$u10H5hpj3@i4HW|ISqr=**%9~R%MZFdF$T5=#MM(FA3DZnAa*#iURnzn2GB)Kap zq#!&h$HWGp0M-~_GK#4X?i3@-t+Ih*FWA|C(f^Ouw9g{>&vOvV+`4rn)Li&xR)NM~ z?J8U0ZxDfPpNpScHT4q~Sfm&z!B&=*mR43VwLls&Fa2A?U>f%UKy}jv$gf=4V}ZH= zi*vbcd6W(jhoP{v)OlKm1Ha{OPWWSFgDGMzyftDjGQiJ~x7TzmPg?)716QY_)p8Oj zds==-VAfYsa)dJ0{|V;7!pnNMWaMX@7-$oF{wms4{mcbFIoPM)W`_j<=IdB)<+M5M zqT+kLJKLuPFtr?_jCR!>J4QJjkHr8_436Pfs0={u%smDOoQJd+eP!MdnBo0T!iZ6Q zB{do6)2+y>s_P=QqK{*0Rw3Ra`(_q`_Dyu~9WGpe$>1fl7p_X9*VyLC*^Plsd zuM5D-Y$E#W&ka`gpRibd-suP-U`XZ;l--dEAT0w?Gs#i+V&UT6V8Oo+y1ksLTiBe1 zk$_98AOo$uXAWA~x)~cru1Cr2An0&vk`!^$DDj&nTFfZZT9X8USvb1g9*Ijkl68ZtEEqpsGWe1;pDG$>M#Zy^o}X2y??`n>3Rm zEFOnN67wL?cDlceVuyd}*_poQqH}lP$f9KaqGRb7+o_D?LDcAi(G12!R(3#eA$6kVkmNABT zPa@tYFpr1X8zl)-4SHuM(4ZCd`tim2k5`FsSnph;zhSBIviZf08#ktFpfv$&=X-;y zi`SpDM>lbitM{b~H?xm?Mm9#&x`Pj2pi}NG;zzOe2{S<*4;9fvtScd#-6H@OJu?(- z`HIq9PbeR)ygrEkJ%Gi+sPs3y+GaUyH_@x$(-X4fI^*83eL@Z-)K^K7lL_iUvv-Sz z!Qs233?|X7{pZKNM^B4haAI1yGuEa3HAFH8_gs%yhxw=Uh{&~m$nC`>o2qRo+KZ$wwrBtA_`FL~?VhpJm{Rh!{ zTf#1w{zycJd8Q|zjh-Hh+X&P&HxvIk&SeIcQ#Hk4TMwbKjP{X zZ>n?KnZmEuaU>d7DgbBj8sWKE{EejI6Ub>)+ACWU|0nI7Puk>f zWz)Sot6dqn5D*-GwJwJDVz~ZScsZ{WwJSPY2tlmU{W*4v&tYljZrPrJus-=;(k74p7pw5&Vx&rxQ{* z?2KZRqJSwOazWkC9x=$Gldaqt@ot6y6hbR3d3ZAD7?lw02kk;%)?H*qRY$>nq?>(g zHFJc9nj0>9w!60cHtqD`I&p>lpOLk_>@%~Q@$Zi=JO}=(gPVk&e+QK(-(O;Snzvq5Ird~rd>At?KV2L{RGSj_Grr4c7P$H295~kz9lQ>uUF|VJSoA zfV!%p#-rs#U;_!DXXD<6o4X^2 zm}$wCE++p?fL#6<5djBh1-0JhA{!bjh4gc%s;KyZ8^0~5Lc6-O=nCoQy_YXHWH&xq zi`F?$SDUm0*u}tcY%RaB=Um&osi?0O$ykhdvS&d{qQhO6%`eYHO|TB2WAF5Ezik$8~*V$iVnuJ_DZV}=&Je- zWRcT!O0p&F#SU*nu_gh_KTZfIQ~u$m)d2+UvjGI6sRXzx3OVpe7+7*rQ|S~@r>B0b zMP^5K7p+Bxmkvg>e>rd=U{|;U*eUGNU)$$7p}5eDpBX~9)+ktNn?3^7iUJy|^%5AbFXd~z+N5P`@P zvl}?uYHkj?IQ`YS6eWcK@bjml6tKQ5xyycu`4Y&9+H8+%WoYDg-#xT_SDL(*fx*np z8z6T+LJ1>wR#u&K5nRish>0)>@pHG4d9&9iCt#D^+dzf-p43h|C0k54P#s3r*B2ER z!vO@}1Fh8?J5r!sj6lql+eCN|=mJRpP8V|-qmyWNaqkkEdgYw?^0-TEP#B0>xQSB{|WK2eT$1-sav0>?`VByQ-DtPnc=h=^mnqPkWjm0`6?}>5%KAFMC z8~n{nJhUk5-AsS%$zIlF`f1OHrxI6Mj7$ULNdUin@c9yR8foV>AQC3@`B2aYB`Zy; zuf8K#e*H6E^92T)6?AIPT2xY!E&#-FV=``I<@S$MPUrFMwBm)*1dx z#l&C~*A(R3iv1uF&Y2%<3JGw`>Lbp%#$pJZcHL`fGXn#!Y3CaIxD3VYpQDE6fgN`Z z$%c9o_@tzyJQ&$Pk%9nk{r?UWX$NbX&7jFxxGHOwPp`CyMg8ggL=Rh?@fgeywtS1r z55}zobLJorf_uc-AW*>a_@5bt`X>*5tOAy*>8U9VCBQo*((u5hCms;IvZiKhx@Iev z`Qnve&W#Y=o-*Jz^<;lLw1cs&5jNSwsJWFMxVt$viD~SGP#+2&uU#oF7Gtt>1;Jepi)>j7tpwP>M$U1VVqVB^Y5Q0I)xe##AxVaf-be9cB} zP0vX{qJV(^i-AMcg{<*e@Vi%oVGz9(;$fD`mz{ytdrN4mV{e^jwm2+Uw z;8d;Kl07^l(HD6->x%G3we;M0dsiTY3-~PxK*}~noYU-iW|-;cIcJL##TmckRuo@)fR6R9x|bMUTtzhfRMdF_ z?QK)fd9Rd(2%rV0!wCWYhq>;F=f74DKzq6r!bd(!pCr(a-w(B>rwVu44y4z)F0=x= z8#Ggy{G)19H_xlt@<^?S)4O7%H@<+56KW@BSW;b;sY6&&f$J`@ifqWpF5@6={+#pS z4bI-p!_$=b{j#tC7ZR2)4?=z zc6rDaxxtkdU+^s2^S51MRsp=;S!SEms?YUVl1RZa0}wg`COFx^ZEM@Fuf)Iyn)`$Y zl*auWn5io1EfwK=9BtnOxG+7Q0?w7mQ`d9fY{4`)e3~JFm@3OzjyDZEl3QU1dq80Eb=2z=s)&)QAmwrAxUC(VT z-`?@(;m@#($^}1)MR;N{LE@^a=uH}g8YCNsU)&Tqf}Oal*1=OzkHg}7D?W^cjG9zv zCA<-Tc%?-j8UM!|6W10zDeujn&4Ku&OioTt>?7u5`)ea$*^@sEO1D9|vC$qTBtm90 zr)yxYI8+l?Chb&%5#&*=o7JU0m}7Bg%&`n(T;8r+H8r5e7L+>WL)Y^{Fq_T1Yq7|h z_t#d%2)25p6YA1S2G{BdtXb3|_?Z=lW@+)>^gmU%^@K3xdmn}+J@DAJ(qcflt~!909? zRum0x2Ul8%>pWh|1FUFAzx2WVUf=58D++^*&`a4lyAgt^+i*F?`tw~SFnDn=m?_}Q zS%dwSVF^plQ?G;fau+;)*gAVYx9>s^w({z*t}48gqWo?{?=8K`RA`6}tZ9pKRr=Gq zht{830ORJM4LhBDh}xG2>!b7%F4CT>KY#zW;HD}nEKGUmIF_Rv@i);lF-hMLzGmUM z;}fO1KjY!pw3m?yanY58o|RqdS$+Rp#H%#wGZQ23C=v};i+V93LOT73t~;jismbv4 z?~8wY0&hSm!j`Q-4jK$NX`>?}0X`xpCnq+RA`)>;9&sG>Tz6Jm;z0U@-FZTIzm-sl zMJ5?`r9~cD=zt{ru-M$oG~0J9bXGq$6YGGOF{x-u_N}u)-t+D{FB+L*w_?$c{>LnE z{{;|-iZopZNv@pXt-i2dJ4SAyZEVz86T*{{qLC|1&-G%xm62?+K-WC$u+a2cFGpBX zdk23KJ#cL;T1`H5JNI^0AG0-lVJm>bCKIOpO_N@;(i;wZO83w~Nv_0`-K9)0du_RP zeq!`5lL!{4NXqU{Qx$jCAma#M+!!Z?&ZdT{0J+$g?c>ba?U)#}P*6-&jU(7dU%z*} zsZ&+u+~pr@PjoY^SIuKDd!r0oVxGmWSD>w5psh*vsl<5n{A4h?vifu?*zw}OIyg|^ z0#PwBQzk_rv5#M4>lDGVDJ(Cuf4=9??7UnzyrY}`YI~R(W-01?KL}Hr|LlR)&vd25V@$kqfR~2N^9dg=@Ak`n22i7jg2Q?!&t-2QSIU zMZ|G){+hBEYjip7Z}AT1&uynP^tdKZ16%ldPi3HtNtn04AO95JFa2;NbK(xkdryJ- zQ;vHZDR;5mx*Ki+LKbKJJ_0mfO@~26W)>QBM^rsdzv)=>dcYEQB!qz$E4F;59 zWZ>E zcBO@hTHMGyi?P2&ir$Mk|8V9&E=Hu4yk5*SX+G`8d%RSUN8xS4)`np(6WgQ{b=MSI zQh;3Z+hh;`oRdbF3XQHuyro2*F!}wkwl-balp4ioLKs7G##4(>h>_-n7sNJ`D7 znzGBBld7R%GIER~YvKl!v`J34(7NyJhQa^sq&Nv9FBW7x`7?Rh z-01)5(_;N1C@yC%yds0W{QEI_ zdii;G)u$?z^TJqJm8mGyDCO0GI_$O@Pdp1eMB_C|o?+r)goxv2$6VLihmK+!yTgG^ zKRb*%P7XCZu$gg2JMBL>S0`2@-Q>HgFt||h_9mq&>~1VhPPF28H!LE%cl;Et&CQ-u z?a@LX*vCru33X@GEL3D<*^vzvuX}Iyn~FsKq4N2*ryI=r7(dPwq;g%hIBe}oi{9%r zwiIt+c(-$oqbH`P%8^IE-L`l}*9hFp=2x<$M_>Qs2)x}HL6N2&7dxz#YK>0H6zA^< za9*y`K!9G-ghQU1FM7T=j>1#C&}HS!;g+-=E%MR!gv$JeCYzcVBzmvu+s^rYsSw&U zmL8{%HV$8n!87oe!?=)g7xD5*ATwo`xo5Q~q$u4YEqkSV&a|lqi{PO%L{F8MS&h7*R}x{RDB9>cqL$wIF)=yPAQs74c=PQ-hO^IG(&H;F z$f4O{-&F~CUCGIP2?dyIAIkZ9uZ}ozNajWEgMNJbwoa*fpH)w=()>m9(x<8KqhP^6 z_i3y%oXhhj>ufgL?0o%;n$xo26eGEjoZ)Nod=JRocOEHO&3K8Sb0EYX4(#~0K84&Hiea>Rt2*98=x9e3P#d7e@>uE5 zGk;m9Lq=({K<~kpvCsItZ)cs+o17SmKK<|B) zZ1i|c;X^!>T5?bkf%We$-RakmA|lTfUHnsGf%U@Tu8mdv*rWbv^0dQxXtrvkWT zSHis3-LTBA{K#DyO!~nEyE=2&hh94vfrYCPMAm@*42@#nB#E1o6%`jHt0ryZ;u_R|ltpJB*oxwZoLBI=>Y5@( zOjVMvwAd0b**80=R5d(bEomD!qp8K=Ld^#P9Z+qgkY}u*?z;5##)EtXUFu&njtv; z+MbK6bPIU72gC0qva$hz%B?1;D9PEL^qEL`^*{z)l7AYX4-W!}Pm-;tDgrw!ZGK(S zNq6i-jiirtFuju7_XK|5HbIfCNED#nM#Bl?a)iZh+h$7c(SN}0xOJ?S^SiKV7)1*o z-DQlgS;3I>z6-2UUin6XA{1L@pSBF1BYN%!zzyF^=-kNJ)d=pp1Y4Fe=ofzFCFHE1 z6?1(PdZh)&aUf2vBxrQy$Sx6+aYJ~j|4)3qJq6UB^p|$QnQ@xv?B{nb#8t4kIMnp3 za*{CTU+A*Z<~%C(>RmBtxj?KpN}>ubF{|S{Qpu&EXE0j9Ui53j?1vFjG^!8I{W8+C8wh4=JPC)+FvX+HitjW+4}dbT4`EksqO#$$CUJc3AT^fWi= zS^4I!*~=>}ioq&8%PH3Ty~Enl@z1RdS%L3h2Nx@n;=(m)gj}T05AA%+aq|g-wncFh zuew#|_>$Me+^5Ufn>M&sob1PKME6QIJ_~k_I2T$fCCBliHa=5^i-SN;J>{CpJ3EIh z#H`dx3piYXz{YfEy5xw*9EOMBJ@Q6|WY8D=9#>5rA{*g0tcrrBssa$lS-k(|=kActoT7EKt>{L+wslKjb?YX*a9Gm2&R&gF*J_!#X;@U(0XK4uwFa>@*kgy3q zSf3wCIQ(^Ciy$+_v&_3Wy$(@xIb3)Hs)ftnMvZFL>u$dXJ1M;IBL-9rvQ&TpS z(zML0Gq1MXKPh?s8Re=$25L<4$?E)tVJHd?)wL#Zeq9QO^)6W9 zZo5`3%?%3z29gi+Ggf%Xk_WTJTFP}d%4-qW~vjtck0t>uGQ$B zkJ+oQpqz8@>y_!zrn>yoJO0iZu&TW$bAhjW^XhzfdUwG+yd;;pHD3fo%bD0g3?zmF z4W(sHK@avVR_9G+mRh@@>F$BQnsE{vyhXevyi}mbJZZK^gCA~yh++)hMD+A&F_o?K z8%jv)M4XY}y_E_a6!1l7;>~xC|IHM-qio``Z;FwNAyw+e5hj#IxOj6<*^3A`OwF}Z zQ{ZpM=5s=^V(}fZ?-q-?p?Dk5AI{zhO&8=6i)dK^f_%Uz-VWTZaUqw-tV2qFczAcI z?vi88`SXF?4AlSkKR1+s2O;-=Xv+Xc3wi>e9R~U#PFDN(RcDsJgBw88@<5jw1gd`X z0}nVj-FWjio0_`Y~~NO^sx&z(~A66?h6# MSJqKNC|JDxKRafg;s5{u From b104c0cf6fb8d7a9674286289fcb0bf9b6e0ddd1 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Wed, 30 Aug 2017 22:50:41 +0000 Subject: [PATCH 5/5] Merged PR 2969: fixing admx info automation update: GP path, and e->English name; re-orders a few policies as well, and adjusts white-space; one null SKU deleted --- .../mdm/policy-csp-abovelock.md | 2 +- .../mdm/policy-csp-accounts.md | 2 +- .../mdm/policy-csp-activexcontrols.md | 4 +- .../mdm/policy-csp-applicationdefaults.md | 2 +- .../mdm/policy-csp-applicationmanagement.md | 2 +- .../mdm/policy-csp-appvirtualization.md | 112 ++-- .../mdm/policy-csp-attachmentmanager.md | 8 +- .../mdm/policy-csp-authentication.md | 2 +- .../mdm/policy-csp-autoplay.md | 8 +- .../mdm/policy-csp-bitlocker.md | 6 +- .../mdm/policy-csp-bluetooth.md | 2 +- .../mdm/policy-csp-browser.md | 27 +- .../mdm/policy-csp-camera.md | 2 +- .../mdm/policy-csp-cellular.md | 4 +- .../mdm/policy-csp-connectivity.md | 15 +- .../mdm/policy-csp-credentialproviders.md | 8 +- .../mdm/policy-csp-credentialsui.md | 6 +- .../mdm/policy-csp-cryptography.md | 2 +- .../mdm/policy-csp-dataprotection.md | 2 +- .../mdm/policy-csp-datausage.md | 6 +- .../mdm/policy-csp-defender.md | 138 ++--- .../mdm/policy-csp-deliveryoptimization.md | 2 +- .../mdm/policy-csp-desktop.md | 5 +- .../mdm/policy-csp-deviceguard.md | 2 +- .../mdm/policy-csp-deviceinstallation.md | 6 +- .../mdm/policy-csp-devicelock.md | 4 +- .../mdm/policy-csp-display.md | 2 +- .../mdm/policy-csp-education.md | 2 +- .../mdm/policy-csp-enterprisecloudprint.md | 2 +- .../mdm/policy-csp-errorreporting.md | 13 +- .../mdm/policy-csp-eventlogservice.md | 10 +- .../mdm/policy-csp-experience.md | 2 +- .../mdm/policy-csp-exploitguard.md | 10 +- .../client-management/mdm/policy-csp-games.md | 2 +- .../mdm/policy-csp-internetexplorer.md | 504 +++++++++--------- .../mdm/policy-csp-kerberos.md | 12 +- .../mdm/policy-csp-licensing.md | 2 +- ...policy-csp-localpoliciessecurityoptions.md | 82 +-- .../mdm/policy-csp-location.md | 2 +- .../mdm/policy-csp-lockdown.md | 2 +- .../client-management/mdm/policy-csp-maps.md | 2 +- .../mdm/policy-csp-messaging.md | 2 +- .../mdm/policy-csp-networkisolation.md | 2 +- .../mdm/policy-csp-notifications.md | 2 +- .../client-management/mdm/policy-csp-power.md | 20 +- .../mdm/policy-csp-printers.md | 10 +- .../mdm/policy-csp-privacy.md | 5 +- .../mdm/policy-csp-remoteassistance.md | 10 +- .../mdm/policy-csp-remotedesktopservices.md | 14 +- .../mdm/policy-csp-remotemanagement.md | 32 +- .../mdm/policy-csp-remoteprocedurecall.md | 6 +- .../mdm/policy-csp-remoteshell.md | 16 +- .../mdm/policy-csp-search.md | 2 +- .../mdm/policy-csp-security.md | 2 +- .../mdm/policy-csp-settings.md | 2 +- .../mdm/policy-csp-smartscreen.md | 2 +- .../mdm/policy-csp-speech.md | 2 +- .../client-management/mdm/policy-csp-start.md | 2 +- .../mdm/policy-csp-storage.md | 4 +- .../mdm/policy-csp-system.md | 4 +- .../mdm/policy-csp-textinput.md | 2 +- .../mdm/policy-csp-timelanguagesettings.md | 2 +- .../mdm/policy-csp-update.md | 22 +- .../client-management/mdm/policy-csp-wifi.md | 2 +- ...olicy-csp-windowsdefendersecuritycenter.md | 2 +- .../mdm/policy-csp-windowsinkworkspace.md | 2 +- .../mdm/policy-csp-windowslogon.md | 6 +- .../mdm/policy-csp-wirelessdisplay.md | 2 +- 68 files changed, 590 insertions(+), 617 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index eb8cd4abc7..2268695665 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - AboveLock diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 53ea6582a5..f2e678427b 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Accounts diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index e67542f66b..755aeb5a2e 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ActiveXControls @@ -64,7 +64,7 @@ Note: Wild card characters cannot be used when specifying the host URLs. ADMX Info: -- GP english name: *Approved Installation Sites for ActiveX Controls* +- GP English name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* - GP path: *Windows Components/ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 11297a57df..838ad9fbc8 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ApplicationDefaults diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 5d72ba16b5..db13ecc123 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ApplicationManagement diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 01bd1dd68e..e44fda0b34 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - AppVirtualization @@ -58,9 +58,9 @@ This policy setting allows you to enable or disable Microsoft Application Virtua ADMX Info: -- GP english name: *Enable App-V Client* +- GP English name: *Enable App-V Client* - GP name: *EnableAppV* -- GP path: *Administrative Templates/System/App-V* +- GP path: *System/App-V* - GP ADMX file name: *appv.admx* @@ -104,9 +104,9 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj ADMX Info: -- GP english name: *Enable Dynamic Virtualization* +- GP English name: *Enable Dynamic Virtualization* - GP name: *Virtualization_JITVEnable* -- GP path: *Administrative Templates/System/App-V/Virtualization* +- GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* @@ -150,9 +150,9 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv ADMX Info: -- GP english name: *Enable automatic cleanup of unused appv packages* +- GP English name: *Enable automatic cleanup of unused appv packages* - GP name: *PackageManagement_AutoCleanupEnable* -- GP path: *Administrative Templates/System/App-V/PackageManagement* +- GP path: *System/App-V/PackageManagement* - GP ADMX file name: *appv.admx* @@ -196,9 +196,9 @@ Enables scripts defined in the package manifest of configuration files that shou ADMX Info: -- GP english name: *Enable Package Scripts* +- GP English name: *Enable Package Scripts* - GP name: *Scripting_Enable_Package_Scripts* -- GP path: *Administrative Templates/System/App-V/Scripting* +- GP path: *System/App-V/Scripting* - GP ADMX file name: *appv.admx* @@ -242,9 +242,9 @@ Enables a UX to display to the user when a publishing refresh is performed on th ADMX Info: -- GP english name: *Enable Publishing Refresh UX* +- GP English name: *Enable Publishing Refresh UX* - GP name: *Enable_Publishing_Refresh_UX* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -298,9 +298,9 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t ADMX Info: -- GP english name: *Reporting Server* +- GP English name: *Reporting Server* - GP name: *Reporting_Server_Policy* -- GP path: *Administrative Templates/System/App-V/Reporting* +- GP path: *System/App-V/Reporting* - GP ADMX file name: *appv.admx* @@ -344,9 +344,9 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' ADMX Info: -- GP english name: *Roaming File Exclusions* +- GP English name: *Roaming File Exclusions* - GP name: *Integration_Roaming_File_Exclusions* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -390,9 +390,9 @@ Specifies the registry paths that do not roam with a user profile. Example usage ADMX Info: -- GP english name: *Roaming Registry Exclusions* +- GP English name: *Roaming Registry Exclusions* - GP name: *Integration_Roaming_Registry_Exclusions* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -436,9 +436,9 @@ Specifies how new packages should be loaded automatically by App-V on a specific ADMX Info: -- GP english name: *Specify what to load in background (aka AutoLoad)* +- GP English name: *Specify what to load in background (aka AutoLoad)* - GP name: *Steaming_Autoload* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -482,9 +482,9 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package ADMX Info: -- GP english name: *Enable Migration Mode* +- GP English name: *Enable Migration Mode* - GP name: *Client_Coexistence_Enable_Migration_mode* -- GP path: *Administrative Templates/System/App-V/Client Coexistence* +- GP path: *System/App-V/Client Coexistence* - GP ADMX file name: *appv.admx* @@ -528,9 +528,9 @@ Specifies the location where symbolic links are created to the current version o ADMX Info: -- GP english name: *Integration Root User* +- GP English name: *Integration Root User* - GP name: *Integration_Root_User* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -574,9 +574,9 @@ Specifies the location where symbolic links are created to the current version o ADMX Info: -- GP english name: *Integration Root Global* +- GP English name: *Integration Root Global* - GP name: *Integration_Root_Global* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -638,9 +638,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 1 Settings* +- GP English name: *Publishing Server 1 Settings* - GP name: *Publishing_Server1_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -704,7 +704,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: - GP English name: *Publishing Server 2 Settings* - GP name: *Publishing_Server2_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -766,9 +766,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 3 Settings* +- GP English name: *Publishing Server 3 Settings* - GP name: *Publishing_Server3_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -830,9 +830,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 4 Settings* +- GP English name: *Publishing Server 4 Settings* - GP name: *Publishing_Server4_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -894,9 +894,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 5 Settings* +- GP English name: *Publishing Server 5 Settings* - GP name: *Publishing_Server5_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -940,9 +940,9 @@ Specifies the path to a valid certificate in the certificate store. ADMX Info: -- GP english name: *Certificate Filter For Client SSL* +- GP English name: *Certificate Filter For Client SSL* - GP name: *Streaming_Certificate_Filter_For_Client_SSL* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -986,9 +986,9 @@ This setting controls whether virtualized applications are launched on Windows 8 ADMX Info: -- GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* +- GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* - GP name: *Streaming_Allow_High_Cost_Launch* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1032,9 +1032,9 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP ADMX Info: -- GP english name: *Location Provider* +- GP English name: *Location Provider* - GP name: *Streaming_Location_Provider* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1078,9 +1078,9 @@ Specifies directory where all new applications and updates will be installed. ADMX Info: -- GP english name: *Package Installation Root* +- GP English name: *Package Installation Root* - GP name: *Streaming_Package_Installation_Root* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1124,9 +1124,9 @@ Overrides source location for downloading package content. ADMX Info: -- GP english name: *Package Source Root* +- GP English name: *Package Source Root* - GP name: *Streaming_Package_Source_Root* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1170,9 +1170,9 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio ADMX Info: -- GP english name: *Reestablishment Interval* +- GP English name: *Reestablishment Interval* - GP name: *Streaming_Reestablishment_Interval* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1216,9 +1216,9 @@ Specifies the number of times to retry a dropped session. ADMX Info: -- GP english name: *Reestablishment Retries* +- GP English name: *Reestablishment Retries* - GP name: *Streaming_Reestablishment_Retries* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1262,9 +1262,9 @@ Specifies that streamed package contents will be not be saved to the local hard ADMX Info: -- GP english name: *Shared Content Store (SCS) mode* +- GP English name: *Shared Content Store (SCS) mode* - GP name: *Streaming_Shared_Content_Store_Mode* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1308,9 +1308,9 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming ADMX Info: -- GP english name: *Enable Support for BranchCache* +- GP English name: *Enable Support for BranchCache* - GP name: *Streaming_Support_Branch_Cache* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1354,9 +1354,9 @@ Verifies Server certificate revocation status before streaming using HTTPS. ADMX Info: -- GP english name: *Verify certificate revocation list* +- GP English name: *Verify certificate revocation list* - GP name: *Streaming_Verify_Certificate_Revocation_List* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1400,9 +1400,9 @@ Specifies a list of process paths (may contain wildcards) which are candidates f ADMX Info: -- GP english name: *Virtual Component Process Allow List* +- GP English name: *Virtual Component Process Allow List* - GP name: *Virtualization_JITVAllowList* -- GP path: *Administrative Templates/System/App-V/Virtualization* +- GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 0d4c2f7055..202f7f324a 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - AttachmentManager @@ -64,7 +64,7 @@ If you do not configure this policy setting, Windows marks file attachments with ADMX Info: -- GP english name: *Do not preserve zone information in file attachments* +- GP English name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -116,7 +116,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb ADMX Info: -- GP english name: *Hide mechanisms to remove zone information* +- GP English name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -168,7 +168,7 @@ If you do not configure this policy setting, Windows does not call the registere ADMX Info: -- GP english name: *Notify antivirus programs when opening attachments* +- GP English name: *Notify antivirus programs when opening attachments* - GP name: *AM_CallIOfficeAntiVirus* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 2b74810ed1..fcc6506c15 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Authentication diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 8198ac815b..daac26b55d 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Autoplay @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for ADMX Info: -- GP english name: *Disallow Autoplay for non-volume devices* +- GP English name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -121,7 +121,7 @@ If you disable or not configure this policy setting, Windows Vista or later will ADMX Info: -- GP english name: *Set the default behavior for AutoRun* +- GP English name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -181,7 +181,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co ADMX Info: -- GP english name: *Turn off Autoplay* +- GP English name: *Turn off Autoplay* - GP name: *Autorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index ea9430a79c..1220f63607 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Bitlocker @@ -85,6 +85,7 @@ ms.date: 08/09/2017 BitLocker/SystemDrivesRequireStartupAuthentication +
    @@ -95,4 +96,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - \ No newline at end of file + + diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 69445abb1a..7bd2ea4992 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Bluetooth diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index edd167f211..82c992e8eb 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/25/2017 +ms.date: 08/30/2017 --- # Policy CSP - Browser @@ -684,29 +684,6 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/AlwaysEnableBooksLibrary** - - - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    - -

    @@ -1311,7 +1288,7 @@ Employees cannot remove these search engines, but they can set any one as the de

    If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. -

    Data type is string. +

    Data type is string. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 5235998a62..ca7b98ecc5 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Camera diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 0afb973431..b1c206e118 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Cellular @@ -56,7 +56,7 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Set Per-App Cellular Access UI Visibility* +- GP English name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* - GP path: *Network/WWAN Service/WWAN UI Settings* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index d766ef3c9d..5ffa503ab6 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Connectivity @@ -386,8 +386,9 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Turn off printing over HTTP* +- GP English name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_2* +- GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -429,8 +430,9 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off downloading of print drivers over HTTP* +- GP English name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_2* +- GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -472,8 +474,9 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off Internet download for Web publishing and online ordering wizards* +- GP English name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_2* +- GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -519,7 +522,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths ADMX Info: -- GP english name: *Hardened UNC Paths* +- GP English name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* - GP path: *Network/Network Provider* - GP ADMX file name: *networkprovider.admx* @@ -563,7 +566,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* +- GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* - GP path: *Network/Network Connections* - GP ADMX file name: *NetworkConnections.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index afa69b9477..e253febdf8 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - CredentialProviders @@ -66,8 +66,9 @@ To configure Windows Hello for Business, use the Administrative Template policie ADMX Info: -- GP english name: *Turn on convenience PIN sign-in* +- GP English name: *Turn on convenience PIN sign-in* - GP name: *AllowDomainPINLogon* +- GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* @@ -117,8 +118,9 @@ Note that the user's domain password will be cached in the system vault when usi ADMX Info: -- GP english name: *Turn off picture password sign-in* +- GP English name: *Turn off picture password sign-in* - GP name: *BlockDomainPicturePassword* +- GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 728275e01e..15d68cf69e 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - CredentialsUI @@ -66,7 +66,7 @@ The policy applies to all Windows components and applications that use the Windo ADMX Info: -- GP english name: *Do not display the password reveal button* +- GP English name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* @@ -116,7 +116,7 @@ If you disable this policy setting, users will always be required to type a user ADMX Info: -- GP english name: *Enumerate administrator accounts on elevation* +- GP English name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 5365025f58..eef7cdeba4 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Cryptography diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index ebe61e6295..edba750722 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DataProtection diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 7398cdb094..a8724cc2f6 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DataUsage @@ -68,7 +68,7 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti ADMX Info: -- GP english name: *Set 3G Cost* +- GP English name: *Set 3G Cost* - GP name: *SetCost3G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* @@ -124,7 +124,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti ADMX Info: -- GP english name: *Set 4G Cost* +- GP English name: *Set 4G Cost* - GP name: *SetCost4G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 2ab2afa893..81e87eb957 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Defender @@ -740,6 +740,74 @@ Value type is string. > [!Note] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". + + + +**Defender/ControlledFolderAccessAllowedApplications** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    + + + +> [!NOTE] +> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. + +

    Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode  as the substring separator. + + + + +**Defender/ControlledFolderAccessProtectedFolders** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    + + + +> [!NOTE] +> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. + +

    Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode  as the substring separator. + @@ -974,74 +1042,6 @@ Value type is string.  

    Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - - - -**Defender/ControlledFolderAccessAllowedApplications** - - - - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    - - - -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. - -

    Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode  as the substring separator. - - - - -**Defender/ControlledFolderAccessProtectedFolders** - - - - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    - - - -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. - -

    Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode  as the substring separator. - diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index a80a113695..e352718a5d 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeliveryOptimization diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 2f095c7e16..8a3b89d0f5 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Desktop @@ -62,8 +62,9 @@ If you enable this setting, users are unable to type a new location in the Targe ADMX Info: -- GP english name: *Prohibit User from manually redirecting Profile Folders* +- GP English name: *Prohibit User from manually redirecting Profile Folders* - GP name: *DisablePersonalDirChange* +- GP path: *Desktop* - GP ADMX file name: *desktop.admx* diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index a613939a89..df77a218e7 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeviceGuard diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index b9e3b22182..4b04c4567d 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeviceInstallation @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, devices can be installed ADMX Info: -- GP english name: *Prevent installation of devices that match any of these device IDs* +- GP English name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, Windows can install and ADMX Info: -- GP english name: *Prevent installation of devices using drivers that match these device setup classes* +- GP English name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 3e3e9a0a12..dcfc34f488 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeviceLock @@ -767,7 +767,7 @@ If you enable this setting, users will no longer be able to modify slide show se ADMX Info: -- GP english name: *Prevent enabling lock screen slide show* +- GP English name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* - GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 173a2e7f02..7af8189ba0 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Display diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 8c563ece39..6be666c341 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Education diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index aac0cea10c..c11c6d066d 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - EnterpriseCloudPrint diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 88177e71c6..98c03c6579 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ErrorReporting @@ -72,8 +72,9 @@ If you disable or do not configure this policy setting, then the default consent ADMX Info: -- GP english name: *Customize consent settings* +- GP English name: *Customize consent settings* - GP name: *WerConsentCustomize_2* +- GP path: *Windows Components/Windows Error Reporting/Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -121,7 +122,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err ADMX Info: -- GP english name: *Disable Windows Error Reporting* +- GP English name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -175,7 +176,7 @@ See also the Configure Error Reporting policy setting. ADMX Info: -- GP english name: *Display Error Notification* +- GP English name: *Display Error Notification* - GP name: *PCH_ShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -225,7 +226,7 @@ If you disable or do not configure this policy setting, then consent policy sett ADMX Info: -- GP english name: *Do not send additional data* +- GP English name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -275,7 +276,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP english name: *Prevent display of the user interface for critical errors* +- GP English name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 8ded981267..a73f5c2b18 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - EventLogService @@ -64,7 +64,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: -- GP english name: *Control Event Log behavior when the log file reaches its maximum size* +- GP English name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -114,7 +114,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP english name: *Specify the maximum log file size (KB)* +- GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -164,7 +164,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP english name: *Specify the maximum log file size (KB)* +- GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* - GP path: *Windows Components/Event Log Service/Security* - GP ADMX file name: *eventlog.admx* @@ -214,7 +214,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP english name: *Specify the maximum log file size (KB)* +- GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* - GP path: *Windows Components/Event Log Service/System* - GP ADMX file name: *eventlog.admx* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 82e380c156..b5e7a8bfe2 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Experience diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index d1dc5d3933..292dfa31bc 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/29/2017 +ms.date: 08/30/2017 --- # Policy CSP - ExploitGuard @@ -14,6 +14,11 @@ ms.date: 08/29/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +

    + +## ExploitGuard policies + **ExploitGuard/ExploitProtectionSettings** @@ -80,4 +85,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - \ No newline at end of file + + diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 9e5de02b1b..ed2049f376 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Games diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index cd051e0e91..7be92bcfc1 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - InternetExplorer @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, the user can configure t ADMX Info: -- GP english name: *Add a specific list of search providers to the user's list of search providers* +- GP English name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not ADMX Info: -- GP english name: *Turn on ActiveX Filtering* +- GP English name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -168,7 +168,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u ADMX Info: -- GP english name: *Add-on List* +- GP English name: *Add-on List* - GP name: *AddonManagement_AddOnList* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -212,7 +212,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on the auto-complete feature for user names and passwords on forms* +- GP English name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -256,7 +256,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on certificate address mismatch warning* +- GP English name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -300,7 +300,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow deleting browsing history on exit* +- GP English name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -352,7 +352,7 @@ If you do not configure this policy, users will be able to turn on or turn off E ADMX Info: -- GP english name: *Turn on Enhanced Protected Mode* +- GP English name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -402,7 +402,7 @@ If you disable or don't configure this policy setting, the menu option won't app ADMX Info: -- GP english name: *Let users turn on and use Enterprise Mode from the Tools menu* +- GP English name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -452,7 +452,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a ADMX Info: -- GP english name: *Use the Enterprise Mode IE website list* +- GP English name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -496,7 +496,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)* +- GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* - GP path: *Windows Components/Internet Explorer/Security Features* - GP ADMX file name: *inetres.admx* @@ -546,7 +546,7 @@ If you disable or do not configure this policy setting, the user can add and rem ADMX Info: -- GP english name: *Use Policy List of Internet Explorer 7 sites* +- GP English name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -598,7 +598,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet ADMX Info: -- GP english name: *Turn on Internet Explorer Standards Mode for local intranet* +- GP English name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -654,7 +654,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Internet Zone Template* +- GP English name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -710,7 +710,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Intranet Zone Template* +- GP English name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -766,7 +766,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Local Machine Zone Template* +- GP English name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -822,7 +822,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Internet Zone Template* +- GP English name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -878,7 +878,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Intranet Zone Template* +- GP English name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -934,7 +934,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Local Machine Zone Template* +- GP English name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -990,7 +990,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Restricted Sites Zone Template* +- GP English name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1040,7 +1040,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n ADMX Info: -- GP english name: *Go to an intranet site for a one-word entry in the Address bar* +- GP English name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* - GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* - GP ADMX file name: *inetres.admx* @@ -1096,7 +1096,7 @@ If you disable or do not configure this policy, users may choose their own site- ADMX Info: -- GP english name: *Site to Zone Assignment List* +- GP English name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1140,7 +1140,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow software to run or install even if the signature is invalid* +- GP English name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1192,7 +1192,7 @@ If you do not configure this policy setting, the user can turn on and turn off t ADMX Info: -- GP english name: *Turn on Suggested Sites* +- GP English name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1248,7 +1248,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Trusted Sites Zone Template* +- GP English name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1304,7 +1304,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Trusted Sites Zone Template* +- GP English name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1360,7 +1360,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Restricted Sites Zone Template* +- GP English name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1404,7 +1404,7 @@ ADMX Info: ADMX Info: -- GP english name: *Check for server certificate revocation* +- GP English name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1448,7 +1448,7 @@ ADMX Info: ADMX Info: -- GP english name: *Check for signatures on downloaded programs* +- GP English name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1492,7 +1492,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_2* - GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction* - GP ADMX file name: *inetres.admx* @@ -1544,7 +1544,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny ADMX Info: -- GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* +- GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1588,7 +1588,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* +- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1638,7 +1638,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar ADMX Info: -- GP english name: *Prevent bypassing SmartScreen Filter warnings* +- GP English name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1688,7 +1688,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar ADMX Info: -- GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* +- GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1732,7 +1732,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disable "Configuring History"* +- GP English name: *Disable "Configuring History"* - GP name: *RestrictHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1776,7 +1776,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off Crash Detection* +- GP English name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1828,7 +1828,7 @@ If you do not configure this policy setting, the user can choose to participate ADMX Info: -- GP english name: *Prevent participation in the Customer Experience Improvement Program* +- GP English name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1872,7 +1872,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent deleting websites that the user has visited* +- GP English name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1922,7 +1922,7 @@ If you disable or do not configure this policy setting, the user can set the Fee ADMX Info: -- GP english name: *Prevent downloading of enclosures* +- GP English name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* - GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* @@ -1974,7 +1974,7 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows ADMX Info: -- GP english name: *Turn off encryption support* +- GP English name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2028,7 +2028,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru ADMX Info: -- GP english name: *Prevent running First Run wizard* +- GP English name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2082,7 +2082,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi ADMX Info: -- GP english name: *Turn off the flip ahead with page prediction feature* +- GP English name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2132,7 +2132,7 @@ If you disable or do not configure this policy setting, the Home page box is ena ADMX Info: -- GP english name: *Disable changing home page settings* +- GP English name: *Disable changing home page settings* - GP name: *RestrictHomePage* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2176,7 +2176,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent ignoring certificate errors* +- GP English name: *Prevent ignoring certificate errors* - GP name: *NoCertError* - GP path: *Windows Components/Internet Explorer/Internet Control Panel* - GP ADMX file name: *inetres.admx* @@ -2220,7 +2220,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off InPrivate Browsing* +- GP English name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* - GP path: *Windows Components/Internet Explorer/Privacy* - GP ADMX file name: *inetres.admx* @@ -2264,7 +2264,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* +- GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2314,7 +2314,7 @@ If you disable or do not configure this policy setting, the user can configure p ADMX Info: -- GP english name: *Prevent changing proxy settings* +- GP English name: *Prevent changing proxy settings* - GP name: *RestrictProxy* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2364,7 +2364,7 @@ If you disable or do not configure this policy setting, the user can change the ADMX Info: -- GP english name: *Prevent changing the default search provider* +- GP English name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2416,7 +2416,7 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can ADMX Info: -- GP english name: *Disable changing secondary home page settings* +- GP English name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2460,7 +2460,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off the Security Settings Check feature* +- GP English name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2512,7 +2512,7 @@ This policy is intended to help the administrator maintain version control for I ADMX Info: -- GP english name: *Disable Periodic Check for Internet Explorer software updates* +- GP English name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2556,7 +2556,7 @@ ADMX Info: ADMX Info: -- GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* +- GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2612,7 +2612,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: -- GP english name: *Security Zones: Do not allow users to add/delete sites* +- GP English name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2668,7 +2668,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: -- GP english name: *Security Zones: Do not allow users to change policies* +- GP English name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2720,7 +2720,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* +- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -2776,7 +2776,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* +- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -2828,7 +2828,7 @@ If you do not configure this policy setting, users choose whether to force local ADMX Info: -- GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* +- GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2880,7 +2880,7 @@ If you do not configure this policy setting, users choose whether network paths ADMX Info: -- GP english name: *Intranet Sites: Include all network paths (UNCs)* +- GP English name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2932,7 +2932,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -2984,7 +2984,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3034,7 +3034,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3078,7 +3078,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow cut, copy or paste operations from the clipboard via script* +- GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3122,7 +3122,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow drag and drop or copy and paste files* +- GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3174,7 +3174,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3226,7 +3226,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3270,7 +3270,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow loading of XAML files* +- GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3322,7 +3322,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3366,7 +3366,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use ActiveX controls without prompt* +- GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3410,7 +3410,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use the TDC ActiveX control* +- GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3454,7 +3454,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow script-initiated windows without size or position constraints* +- GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3498,7 +3498,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow scripting of Internet Explorer WebBrowser controls* +- GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3550,7 +3550,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3604,7 +3604,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3648,7 +3648,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow updates to status bar via script* +- GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3700,7 +3700,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3744,7 +3744,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3788,7 +3788,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download signed ActiveX controls* +- GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3832,7 +3832,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download unsigned ActiveX controls* +- GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3876,7 +3876,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Cross-Site Scripting Filter* +- GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3920,7 +3920,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains across windows* +- GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3964,7 +3964,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains within a window* +- GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4008,7 +4008,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable MIME Sniffing* +- GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4052,7 +4052,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Protected Mode* +- GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4096,7 +4096,7 @@ ADMX Info: ADMX Info: -- GP english name: *Include local path when user is uploading files to a server* +- GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4150,7 +4150,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4223,7 +4223,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4267,7 +4267,7 @@ ADMX Info: ADMX Info: -- GP english name: *Launching applications and files in an IFRAME* +- GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4311,7 +4311,7 @@ ADMX Info: ADMX Info: -- GP english name: *Logon options* +- GP English name: *Logon options* - GP name: *IZ_PolicyLogon_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4363,7 +4363,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4407,7 +4407,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4451,7 +4451,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run .NET Framework-reliant components signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4495,7 +4495,7 @@ ADMX Info: ADMX Info: -- GP english name: *Show security warning for potentially unsafe files* +- GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4539,7 +4539,7 @@ ADMX Info: ADMX Info: -- GP english name: *Use Pop-up Blocker* +- GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4583,7 +4583,7 @@ ADMX Info: ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4635,7 +4635,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4687,7 +4687,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4737,7 +4737,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4789,7 +4789,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4841,7 +4841,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4893,7 +4893,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4945,7 +4945,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4999,7 +4999,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5051,7 +5051,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5095,7 +5095,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5149,7 +5149,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5193,7 +5193,7 @@ ADMX Info: ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5237,7 +5237,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5289,7 +5289,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5341,7 +5341,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5393,7 +5393,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5443,7 +5443,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5495,7 +5495,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5547,7 +5547,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5599,7 +5599,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5651,7 +5651,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5705,7 +5705,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5757,7 +5757,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5801,7 +5801,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5855,7 +5855,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5899,7 +5899,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5951,7 +5951,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -6003,7 +6003,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6055,7 +6055,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6105,7 +6105,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6157,7 +6157,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6209,7 +6209,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6261,7 +6261,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6313,7 +6313,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6367,7 +6367,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6419,7 +6419,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6473,7 +6473,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6517,7 +6517,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6569,7 +6569,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6621,7 +6621,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6673,7 +6673,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6723,7 +6723,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6775,7 +6775,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6827,7 +6827,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6879,7 +6879,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6931,7 +6931,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6985,7 +6985,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7037,7 +7037,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7091,7 +7091,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7143,7 +7143,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7195,7 +7195,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7247,7 +7247,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7297,7 +7297,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7349,7 +7349,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7401,7 +7401,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7453,7 +7453,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7505,7 +7505,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7559,7 +7559,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7611,7 +7611,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7665,7 +7665,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7709,7 +7709,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7761,7 +7761,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7813,7 +7813,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7865,7 +7865,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7915,7 +7915,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7967,7 +7967,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8019,7 +8019,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8071,7 +8071,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8123,7 +8123,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8177,7 +8177,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8229,7 +8229,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8283,7 +8283,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8327,7 +8327,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8379,7 +8379,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8431,7 +8431,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8483,7 +8483,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8533,7 +8533,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8585,7 +8585,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8637,7 +8637,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8689,7 +8689,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8741,7 +8741,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8795,7 +8795,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8847,7 +8847,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8901,7 +8901,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8945,7 +8945,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8997,7 +8997,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9041,7 +9041,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* - GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* - GP ADMX file name: *inetres.admx* @@ -9085,7 +9085,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* - GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* - GP ADMX file name: *inetres.admx* @@ -9129,7 +9129,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* - GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* - GP ADMX file name: *inetres.admx* @@ -9173,7 +9173,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent managing SmartScreen Filter* +- GP English name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9217,7 +9217,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent per-user installation of ActiveX controls* +- GP English name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9261,7 +9261,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_9* - GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* - GP ADMX file name: *inetres.admx* @@ -9305,7 +9305,7 @@ ADMX Info: ADMX Info: -- GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * +- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -9349,7 +9349,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_11* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* - GP ADMX file name: *inetres.admx* @@ -9393,7 +9393,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_12* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* - GP ADMX file name: *inetres.admx* @@ -9445,7 +9445,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9489,7 +9489,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow active scripting* +- GP English name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9541,7 +9541,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9591,7 +9591,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9635,7 +9635,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow binary and script behaviors* +- GP English name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9679,7 +9679,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow cut, copy or paste operations from the clipboard via script* +- GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9723,7 +9723,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow drag and drop or copy and paste files* +- GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9767,7 +9767,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow file downloads* +- GP English name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9819,7 +9819,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9871,7 +9871,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9915,7 +9915,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow loading of XAML files* +- GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9959,7 +9959,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow META REFRESH* +- GP English name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10011,7 +10011,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10055,7 +10055,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use ActiveX controls without prompt* +- GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10099,7 +10099,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use the TDC ActiveX control* +- GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10143,7 +10143,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow script-initiated windows without size or position constraints* +- GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10187,7 +10187,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow scripting of Internet Explorer WebBrowser controls* +- GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10239,7 +10239,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10293,7 +10293,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10337,7 +10337,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow updates to status bar via script* +- GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10389,7 +10389,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10433,7 +10433,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10477,7 +10477,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download signed ActiveX controls* +- GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10521,7 +10521,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download unsigned ActiveX controls* +- GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10565,7 +10565,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Cross-Site Scripting Filter* +- GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10609,7 +10609,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains across windows* +- GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10653,7 +10653,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains within a window* +- GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10697,7 +10697,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable MIME Sniffing* +- GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10741,7 +10741,7 @@ ADMX Info: ADMX Info: -- GP english name: *Include local path when user is uploading files to a server* +- GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10795,7 +10795,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10839,7 +10839,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10883,7 +10883,7 @@ ADMX Info: ADMX Info: -- GP english name: *Launching applications and files in an IFRAME* +- GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10927,7 +10927,7 @@ ADMX Info: ADMX Info: -- GP english name: *Logon options* +- GP English name: *Logon options* - GP name: *IZ_PolicyLogon_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10979,7 +10979,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11023,7 +11023,7 @@ ADMX Info: ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11067,7 +11067,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run ActiveX controls and plugins* +- GP English name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11111,7 +11111,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run .NET Framework-reliant components signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11155,7 +11155,7 @@ ADMX Info: ADMX Info: -- GP english name: *Script ActiveX controls marked safe for scripting* +- GP English name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11199,7 +11199,7 @@ ADMX Info: ADMX Info: -- GP english name: *Scripting of Java applets* +- GP English name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11243,7 +11243,7 @@ ADMX Info: ADMX Info: -- GP english name: *Show security warning for potentially unsafe files* +- GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11287,7 +11287,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Cross-Site Scripting Filter* +- GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11331,7 +11331,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Protected Mode* +- GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11375,7 +11375,7 @@ ADMX Info: ADMX Info: -- GP english name: *Use Pop-up Blocker* +- GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11419,7 +11419,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_8* - GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* - GP ADMX file name: *inetres.admx* @@ -11469,7 +11469,7 @@ If you disable or do not configure this policy setting, the user can configure h ADMX Info: -- GP english name: *Restrict search providers to a specific list* +- GP English name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11513,7 +11513,7 @@ ADMX Info: ADMX Info: -- GP english name: *Security Zones: Use only machine settings * +- GP English name: *Security Zones: Use only machine settings * - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11557,7 +11557,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* +- GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11609,7 +11609,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11661,7 +11661,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11711,7 +11711,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11763,7 +11763,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11815,7 +11815,7 @@ If you do not configure this policy setting, a warning is issued to the user tha ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11867,7 +11867,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11919,7 +11919,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11973,7 +11973,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12025,7 +12025,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12069,7 +12069,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12113,7 +12113,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12167,7 +12167,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12211,7 +12211,7 @@ ADMX Info: ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12255,7 +12255,7 @@ ADMX Info: ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12299,7 +12299,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12351,7 +12351,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index f415128684..d4683f4ded 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Kerberos @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, the Kerberos client does ADMX Info: -- GP english name: *Use forest search order* +- GP English name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -111,7 +111,7 @@ If you disable or do not configure this policy setting, the client devices will ADMX Info: -- GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring* +- GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -165,7 +165,7 @@ If you disable or do not configure this policy setting, the client computers in ADMX Info: -- GP english name: *Fail authentication requests when Kerberos armoring is not available* +- GP English name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -215,7 +215,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ ADMX Info: -- GP english name: *Require strict KDC validation* +- GP English name: *Require strict KDC validation* - GP name: *ValidateKDC* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -269,7 +269,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in ADMX Info: -- GP english name: *Set maximum Kerberos SSPI context token buffer size* +- GP English name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index e0cc238f3e..a8f855bc5e 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Licensing diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 627363f336..5eb02ceae2 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -672,46 +672,6 @@ Valid values: - 0 - disabled - 1 - enabled (allow system to be shut down without having to log on) -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - - -**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** - - - - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    - - - -User Account Control: Turn on Admin Approval Mode - -This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. - -The options are: -- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. -- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. - - Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -931,6 +891,46 @@ The options are: - 0 - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + + + + +**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3cross markcross mark
    + + + +User Account Control: Turn on Admin Approval Mode + +This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. + +The options are: +- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. +- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. + + Value type is integer. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 2b3d3a2b35..130111a793 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Location diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index c207e57f39..ff2b494dee 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - LockDown diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 9e719e5b3b..40abac41bc 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Maps diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 1734984fd4..edaff6765e 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Messaging diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index fba5342cac..3196840a3b 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - NetworkIsolation diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index a1c092d0df..2a291f8ba6 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Notifications diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 24bb80fa7e..17298b3cdf 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Power @@ -62,7 +62,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. ADMX Info: -- GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)* +- GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -114,7 +114,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off the display (on battery)* +- GP English name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -166,7 +166,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off the display (plugged in)* +- GP English name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -219,7 +219,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system hibernate timeout (on battery)* +- GP English name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -271,7 +271,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system hibernate timeout (plugged in)* +- GP English name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -321,7 +321,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: -- GP english name: *Require a password when a computer wakes (on battery)* +- GP English name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -371,7 +371,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: -- GP english name: *Require a password when a computer wakes (plugged in)* +- GP English name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -423,7 +423,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system sleep timeout (on battery)* +- GP English name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -475,7 +475,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system sleep timeout (plugged in)* +- GP English name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 7d17fff50b..ffd1d93c3c 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Printers @@ -75,8 +75,9 @@ If you disable this policy setting: ADMX Info: -- GP english name: *Point and Print Restrictions* +- GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions_Win7* +- GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -137,7 +138,7 @@ If you disable this policy setting: ADMX Info: -- GP english name: *Point and Print Restrictions* +- GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* - GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* @@ -189,8 +190,9 @@ Note: This settings takes priority over the setting "Automatically publish new p ADMX Info: -- GP english name: *Allow printers to be published* +- GP English name: *Allow printers to be published* - GP name: *PublishPrinters* +- GP path: *Printers* - GP ADMX file name: *Printing2.admx* diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 8f5423f922..fae39d1341 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/21/2017 +ms.date: 08/30/2017 --- # Policy CSP - Privacy @@ -2593,7 +2593,7 @@ Footnote: ## Privacy policies supported by Windows Holographic for Business -- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) - [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) - [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) - [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) @@ -2630,6 +2630,5 @@ Footnote: - [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) - [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) - [Privacy/PublishUserActivities](#privacy-publishuseractivities) - diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index b8964b01a1..61751bca3b 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteAssistance @@ -68,7 +68,7 @@ If you do not configure this policy setting, the user sees the default warning m ADMX Info: -- GP english name: *Customize warning messages* +- GP English name: *Customize warning messages* - GP name: *RA_Options* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -120,7 +120,7 @@ If you do not configure this setting, application-based settings are used. ADMX Info: -- GP english name: *Turn on session logging* +- GP English name: *Turn on session logging* - GP name: *RA_Logging* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -180,7 +180,7 @@ If you enable this policy setting you should also enable appropriate firewall ex ADMX Info: -- GP english name: *Configure Solicited Remote Assistance* +- GP English name: *Configure Solicited Remote Assistance* - GP name: *RA_Solicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -263,7 +263,7 @@ Allow Remote Desktop Exception ADMX Info: -- GP english name: *Configure Offer Remote Assistance* +- GP English name: *Configure Offer Remote Assistance* - GP name: *RA_Unsolicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index fc802cbca7..411214069f 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteDesktopServices @@ -68,7 +68,7 @@ You can limit the number of users who can connect simultaneously by configuring ADMX Info: -- GP english name: *Allow users to connect remotely by using Remote Desktop Services* +- GP English name: *Allow users to connect remotely by using Remote Desktop Services* - GP name: *TS_DISABLE_CONNECTIONS* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections* - GP ADMX file name: *terminalserver.admx* @@ -128,7 +128,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp ADMX Info: -- GP english name: *Set client connection encryption level* +- GP English name: *Set client connection encryption level* - GP name: *TS_ENCRYPTION_POLICY* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* @@ -182,7 +182,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo ADMX Info: -- GP english name: *Do not allow drive redirection* +- GP English name: *Do not allow drive redirection* - GP name: *TS_CLIENT_DRIVE_M* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* - GP ADMX file name: *terminalserver.admx* @@ -232,7 +232,7 @@ If you disable this setting or leave it not configured, the user will be able to ADMX Info: -- GP english name: *Do not allow passwords to be saved* +- GP English name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client* - GP ADMX file name: *terminalserver.admx* @@ -288,7 +288,7 @@ If you do not configure this policy setting, automatic logon is not specified at ADMX Info: -- GP english name: *Always prompt for password upon connection* +- GP English name: *Always prompt for password upon connection* - GP name: *TS_PASSWORD* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* @@ -344,7 +344,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop ADMX Info: -- GP english name: *Require secure RPC communication* +- GP English name: *Require secure RPC communication* - GP name: *TS_RPC_ENCRYPTION* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index b1cd0e9207..d084b5d609 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteManagement @@ -56,7 +56,7 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Allow Basic authentication* +- GP English name: *Allow Basic authentication* - GP name: *AllowBasic_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -100,7 +100,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow Basic authentication* +- GP English name: *Allow Basic authentication* - GP name: *AllowBasic_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -144,7 +144,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow CredSSP authentication* +- GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -188,7 +188,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow CredSSP authentication* +- GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -232,7 +232,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow remote server management through WinRM* +- GP English name: *Allow remote server management through WinRM* - GP name: *AllowAutoConfig* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -276,7 +276,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow unencrypted traffic* +- GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -320,7 +320,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow unencrypted traffic* +- GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -364,7 +364,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow Digest authentication* +- GP English name: *Disallow Digest authentication* - GP name: *DisallowDigest* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -408,7 +408,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow Negotiate authentication* +- GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -452,7 +452,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow Negotiate authentication* +- GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -496,7 +496,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow WinRM from storing RunAs credentials* +- GP English name: *Disallow WinRM from storing RunAs credentials* - GP name: *DisableRunAs* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -540,7 +540,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify channel binding token hardening level* +- GP English name: *Specify channel binding token hardening level* - GP name: *CBTHardeningLevel_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -584,7 +584,7 @@ ADMX Info: ADMX Info: -- GP english name: *Trusted Hosts* +- GP English name: *Trusted Hosts* - GP name: *TrustedHosts* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -628,7 +628,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn On Compatibility HTTP Listener* +- GP English name: *Turn On Compatibility HTTP Listener* - GP name: *HttpCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -672,7 +672,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn On Compatibility HTTPS Listener* +- GP English name: *Turn On Compatibility HTTPS Listener* - GP name: *HttpsCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 00dd1a5001..dc1dab2c86 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteProcedureCall @@ -66,7 +66,7 @@ Note: This policy will not be applied until the system is rebooted. ADMX Info: -- GP english name: *Enable RPC Endpoint Mapper Client Authentication* +- GP English name: *Enable RPC Endpoint Mapper Client Authentication* - GP name: *RpcEnableAuthEpResolution* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* @@ -128,7 +128,7 @@ Note: This policy setting will not be applied until the system is rebooted. ADMX Info: -- GP english name: *Restrict Unauthenticated RPC clients* +- GP English name: *Restrict Unauthenticated RPC clients* - GP name: *RpcRestrictRemoteClients* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index ddc13e6c8e..32309bdf9d 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteShell @@ -56,7 +56,7 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Allow Remote Shell Access* +- GP English name: *Allow Remote Shell Access* - GP name: *AllowRemoteShellAccess* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -100,7 +100,7 @@ ADMX Info: ADMX Info: -- GP english name: *MaxConcurrentUsers* +- GP English name: *MaxConcurrentUsers* - GP name: *MaxConcurrentUsers* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -144,7 +144,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify idle Timeout* +- GP English name: *Specify idle Timeout* - GP name: *IdleTimeout* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -188,7 +188,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify maximum amount of memory in MB per Shell* +- GP English name: *Specify maximum amount of memory in MB per Shell* - GP name: *MaxMemoryPerShellMB* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -232,7 +232,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify maximum number of processes per Shell* +- GP English name: *Specify maximum number of processes per Shell* - GP name: *MaxProcessesPerShell* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -276,7 +276,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify maximum number of remote shells per user* +- GP English name: *Specify maximum number of remote shells per user* - GP name: *MaxShellsPerUser* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -320,7 +320,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify Shell Timeout* +- GP English name: *Specify Shell Timeout* - GP name: *ShellTimeOut* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index d5f5c4ad2d..8c510ae5c1 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Search diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 0472962b49..229903014f 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Security diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 66b1036ad7..50a3295347 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Settings diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index f9c43718a4..adc515f986 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - SmartScreen diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index a8f70bedb6..833057f11a 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Speech diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index c33b8625ee..75e90f86a0 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Start diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index b0dcf3a30b..e73be79d8b 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Storage @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, Windows will activate un ADMX Info: -- GP english name: *Do not allow Windows to activate Enhanced Storage devices* +- GP English name: *Do not allow Windows to activate Enhanced Storage devices* - GP name: *TCGSecurityActivationDisabled* - GP path: *System/Enhanced Storage Access* - GP ADMX file name: *enhancedstorage.admx* diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index bd2ca894b5..53b9ec2f30 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - System @@ -546,7 +546,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu ADMX Info: -- GP english name: *Turn off System Restore* +- GP English name: *Turn off System Restore* - GP name: *SR_DisableSR* - GP path: *System/System Restore* - GP ADMX file name: *systemrestore.admx* diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 8f0523789d..08041394b9 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - TextInput diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 2ccd9541ad..5eba1aac1c 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - TimeLanguageSettings diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 5d60f237a4..cbf9af3172 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/25/2017 +ms.date: 08/30/2017 --- # Policy CSP - Update @@ -46,8 +46,6 @@ ms.date: 08/25/2017 - -

    Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] @@ -86,8 +84,6 @@ ms.date: 08/25/2017 - -

    Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.

    Supported values are 8-18. @@ -123,8 +119,6 @@ ms.date: 08/25/2017 - -

    Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] @@ -163,7 +157,6 @@ ms.date: 08/25/2017 -

    Enables the IT admin to manage automatic update behavior to scan, download, and install updates.

    Supported operations are Get and Replace. @@ -212,7 +205,6 @@ ms.date: 08/25/2017 -

    Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.

    The following list shows the supported values: @@ -249,7 +241,6 @@ ms.date: 08/25/2017 -

    Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.

    Supported operations are Get and Replace. @@ -290,7 +281,6 @@ ms.date: 08/25/2017 -

    Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store.

    Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store @@ -369,7 +359,6 @@ ms.date: 08/25/2017 -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.

    Supported values are 15, 30, 60, 120, and 240 (minutes). @@ -405,7 +394,6 @@ ms.date: 08/25/2017 -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.

    The following list shows the supported values: @@ -442,7 +430,6 @@ ms.date: 08/25/2017 -

    Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.

    The following list shows the supported values: @@ -479,7 +466,6 @@ ms.date: 08/25/2017 -

    Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.

    Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. @@ -518,7 +504,6 @@ ms.date: 08/25/2017 -

    Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.

    Supported values are 0-30. @@ -763,7 +748,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).

    Supported values are 2-30 days. @@ -799,7 +783,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.

    Supported values are 1-3 days. @@ -835,7 +818,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.

    Supported values are 2-30 days. @@ -1161,7 +1143,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.

    The following list shows the supported values: @@ -1313,7 +1294,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.

    Supported values are 15, 30, or 60 (minutes). diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 20616a5dfd..7d019f9c35 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Wifi diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index b7a99ac6a7..ba85960f84 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WindowsDefenderSecurityCenter diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index d196f035a8..32d34d88ec 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WindowsInkWorkspace diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index cab3989529..22b96181e5 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WindowsLogon @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, users can choose which a ADMX Info: -- GP english name: *Turn off app notifications on the lock screen* +- GP English name: *Turn off app notifications on the lock screen* - GP name: *DisableLockScreenAppNotifications* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* @@ -112,7 +112,7 @@ If you disable or don't configure this policy setting, any user can disconnect t ADMX Info: -- GP english name: *Do not display network selection UI* +- GP English name: *Do not display network selection UI* - GP name: *DontDisplayNetworkSelectionUI* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 3086c439d8..ea09c4b3c7 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WirelessDisplay