From 75809ac5aab94a007e9185a63db2601cfecbc7de Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Thu, 11 Feb 2021 17:57:04 +0530
Subject: [PATCH 01/92] typo correction : make  to manufacturer

as per user report #9103 , so i  changed  **Make**  to **Manufacturer**
---
 .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 5c8972471b..17c923be2d 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -339,7 +339,7 @@ On **MDT01**:
    1.  Preinstall: After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings:
        1.  Name: Set DriverGroup001
        2.  Task Sequence Variable: DriverGroup001
-       3.  Value: Windows 10 x64\\%Make%\\%Model%
+       3.  Value: Windows 10 x64\\%Manufacturer%\\%Model%
    2.  Configure the **Inject Drivers** action with the following settings:
        1.  Choose a selection profile: Nothing
        2.  Install all drivers from the selection profile

From e7fce2daf65480282bb7adea84fb892ccb35093b Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Tue, 9 Mar 2021 23:43:16 +0530
Subject: [PATCH 02/92] Update
 windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md

accepted

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 901e211995..aec9e43f39 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -372,7 +372,6 @@ On **MDT01**:
        1.  Name: Set DriverGroup001
        2.  Task Sequence Variable: DriverGroup001
        3.  Value: Windows 10 x64\\%Manufacturer%\\%Model%
-       
    2.  Configure the **Inject Drivers** action with the following settings:
        - Choose a selection profile: Nothing
        - Install all drivers from the selection profile

From 14a27c2044882159fd35327751247ac9c156330c Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Tue, 9 Mar 2021 23:55:11 +0530
Subject: [PATCH 03/92] Update
 windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md

accepted

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index aec9e43f39..05f4eb980c 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -372,6 +372,7 @@ On **MDT01**:
        1.  Name: Set DriverGroup001
        2.  Task Sequence Variable: DriverGroup001
        3.  Value: Windows 10 x64\\%Manufacturer%\\%Model%
+
    2.  Configure the **Inject Drivers** action with the following settings:
        - Choose a selection profile: Nothing
        - Install all drivers from the selection profile

From c3662db20df84dde7f7b89434c6161c10d7d1378 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 12 Apr 2021 22:01:26 +0500
Subject: [PATCH 04/92] Update deploy-a-windows-10-image-using-mdt.md

---
 .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index ebe98a9061..02c7c46f5e 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -50,7 +50,7 @@ On **DC01**:
 2. Create the **MDT_JD** service account by running the following command from an elevated **Windows PowerShell prompt**:
 
    ```powershell
-   New-ADUser -Name MDT_JD -UserPrincipalName MDT_JD -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT join domain account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true 
+   New-ADUser -Name MDT_JD -UserPrincipalName MDT_JD@contoso.com -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT join domain account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true 
    ```
 
 3. Next, run the Set-OuPermissions script to apply permissions to the **MDT\_JD** service account, enabling it to manage computer accounts in the Contoso / Computers OU. Run the following commands from an elevated Windows PowerShell prompt:
@@ -842,4 +842,4 @@ The partitions when deploying an UEFI-based machine.
 [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
 [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
 [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
-[Configure MDT settings](configure-mdt-settings.md)<br>
\ No newline at end of file
+[Configure MDT settings](configure-mdt-settings.md)<br>

From 03d3eeecd2f6ee5152ea73b87df4460b0733cab0 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sun, 2 May 2021 23:47:44 +0530
Subject: [PATCH 05/92] Delete configmgr-assets.png

---
 windows/deployment/images/configmgr-assets.png | Bin 139547 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 windows/deployment/images/configmgr-assets.png

diff --git a/windows/deployment/images/configmgr-assets.png b/windows/deployment/images/configmgr-assets.png
deleted file mode 100644
index ac315148c5f7fa276cb84521b26d1332adcb144c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 139547
zcmZs?byQnH*Ed=(6f5pfG^Mx{hqOS82MV;fmqH3jfDjzgqQ%`MMGB?3I}|Avthl=-
zI0Pr$KF@pKb=UpY_s3at=B%^U?3ww^o-Mx}q770edBX7I&Ye3Xswzr4ckbNJzjNnq
z0KubwU-}w9wEb)D!gZ7t?vxBNZU5^$uzjuh`p%v5D57i2hyVJ7jw*)mJ9j8t{`1^j
z_{8dd=g#d9Ri)Q@?q)lt55F*vkK;32aRX3UMmP2cB%Ey-><>e$3<7J$5=QV<KMWFd
zU_20Txz2O5+`7hx-|i4PX-({2Tn)MH&3PP~xhlrLO4;9?_S(eMi@^6K&IUCsE{@hc
z2->rr`nAdW-DNp6zjM(fJkIsKP4>C`;O2nv?c;O!2;sLts7Kyr?vJb^DdkRqLGDPr
zTf2KqlKEh7NAGJ<g3$LG(kV!W5rd{~xqP)Vi)RMkR#TPQpa_Xe-G1`hv2m)2WELML
z>IVx|OjNSe51S#<U29r5=Kv?VzFy5r5oPWY36fG{r|n`>jSI9YrQ~!$;3qcb0tAL9
zc2F8B?|pu-+!0L1`k$Bb`%j;?=M?#`ad74h%YD_Meke!cwA^a;{rXP;=ijV|?$<2I
z4>Y|GdqSSyt=SfKECAo|ZM|hTws?1awx^vzEO*?_<T2-|Irzfn-V}#Xa+NVDObBKK
zeL&W<Oc-Tad=0QP&<m9Ces^akVjNd1q^TBWJ<|0h(0#+q{~FE^{w^S&5y_~j3D<r0
z^wa+TC)Ym#qnQ1F&$}%aQ*kB`vBwiVOP_rC+LL~?g40s;b4~&8FVF9>=yg56_6fhX
z?=zM4MKj}?23lYC3>!9|k_MAM3FInSdxn%^%k&5p(of}nPac=0sx_Bl_KcHQZKaN=
zUZcG*(r<fs7|FiU=6Eu~(TLgl8kZ#e@XZ6QNoAa}sNm(=F`xMzw)`fkzj9C4FqIu$
z^G$?l0=Ms&fP~hHLUpSz*qFE+#GJ;{|HN@eg$FZ9y>13iH_?B%%`NlH4Rlp!+g^Wj
z8(pPphW>sT91tMFzd-y{^r_=a(7^itF8_b`L54sLWIK==IH(;F-2-Lg*j@Qm)x{<j
z^f(35%*o53iNtW+RZ*&(E_yl`ttKA#nmdg=n`2G0hm-Ir7suXocmRhKi82!f)?s&i
z&MsM24AI>$x$LK4N3Y*u%$9|Fl*hC8i7Uyn^ZS4>{m-W+-vs6CY9lfB_pr!_=WNVC
zyun0zyda+qQLtf2QM^RHO@1VIB=y(M^-?>qPP=1ag>c4YqMxKNXL5OpiRQfHeG$SR
zY$+6G8vHVGx{m=h$*Hj{qD@_5+%T%>E%gO4juFza44dIg>hexKtoF%wdaW+ang0WH
zOR=NIC?h^4tsbJlTxD5RZ##WwPR_veo@hNMv~f1I-iT@lffKQEyGp(;JD4q2K|^&Z
zpeiu%<YOm)+~9Lzu3ilywrslw4b{=bDbP_o4WV*2fpSiRGf)2nfj&-+!_evn``$ex
zl6Y>lvM+m*8=*z3-xb_QFmJ#2N}keE`SGv!<W)DtsHpV4SRZzdnR}Bi`H(O=K9*`^
z%%q-y$9F6PXvAgnq*jiX$ytr{M`D|7d-jXnlU^y$2BmRKVNie@0k`5hla5*(1y!qs
zd|0#!ABAEc_%VjXrKdFyfJ^%uI3}C@S``Mj7<)Hm`)PjsBdfeCh1FrQ_3?kOJ>Wn1
zSds>V676~-S%Q0leNWH=c3>|U_=;K4w1yvzKmSAD2q$>F5!BS(EO}028HcNuD^Hkq
zDDX`;goujAbWZ$eVRm`(Mm1LESullzO|M&%Rod5xgsGl&pRCQiF-LD#zsw(o4QnSg
z`AJgVLk@>)A7;NlRSylE&O<|roKv{ZEDg+R)5DSullbBd2veR=o9}pgOSVzl{F9T$
z+Y0kf$l`~ait^q~=1)VEn2mW{@8mpJb?$~I7Ngq$`NlyD<NrHIzbGBmJ+>AF^_X7U
z=t1s3iEp1Jlb;o74-{R-eK``K+|RRdHgQr9GdI&$t#9bI74EPS<UIxi{Qp3)Y<;{m
zJ<)j2kS+b%N<|$`RF^M7M~tn^=KP+bp{D;^MOL>!tPjl_5S#i&7YZNvR9`HSYiw$N
zrKjGv!p1q-9n6UTRS=ayf?OZ_r`(K*{-;e-;Ola$aA=yVi$Qn2c75Wh-*Gri=$ZIw
zyCnT6qPQW-tjEqvnIa=Y%B5<3cqU$P^zy+(3ACf3nx9?MpxLwe956hepztDvoPzQ7
zoBF3C-UQ6d^9ly47C!%7ql~DJ?AufSQK|nnmQwdWO4WUTxg>qz`rLW#qRCF^+r=>r
zJ4=DmXoFY~N$FpS`VV>^wkOQhxN9FxD?M1JPI%GgNR_2RRqhVR^g4REBjQ1<vklVw
zkSH^KeqOfHY$V0+Y535*lQSEpm547|QfRr(zUwOzjJorrUeJ5#c>KEmod~umB!x`R
z>z#@x`cS~_yEyg@G3aSfwN0fE%5tQg`qjRfOU<F-;~J>sU2BGgkYwnh+fn(pJu~c+
z{E0P#gMXdN-BgVz@Klq*=C(IM%$J*;_}<aWN;y4=i$l1cHxDi9Ykn(E7l}C&u$ZU*
zdU?2R5o^Ym?1szndWX->8UKphe`IXCu(OrN4m9@Vr4e7q>#KN2&!=`Y;w*)rfBP0l
z`3c*bS9&Sw^JP8XbXEHBdB8;Z*xkjR!AqfidiOKJ#_{nD>thS%)7+sv3q;H?w<+Gk
zg|nzJP!o0G(I)2UH}0lxfqg*}i|29WZu5p*IMAIMH!rAMKvK4cT86MOEwis@`n&R{
zTJo16^>StFwy7Ha3l5AMkmD`tw0C+N`bPRL*1k0wPY72aLps{ZB&^PuSCQ4%P0+)j
zx~Wki+^c3Wb0_tUCy45o7ScbKXdnD{Q@uLOrRH7Z{{t82_;P<!H+_kUZN7<OOtf0k
zUBU6<`>NuUucYbUqEZR6J?LfQz%JEp**W}Q6BDU^+2>4^l^C|?#%Q?qMRQQ1w5hgF
zxx;^kEpIMfNw#>O=y~t;fX~-r8khY_GeYgEG#+gVNsetZ+W0HDWQ173+S?+tUFoM3
zE$Qd1-i_&X9b9*~sm$oUr)j<Tl}fbH^mFlpjX|Q;V*?O@Z1)cjJ58zV3rUZbLdk6-
znd68*R^Pf;za{-agt4t}U%}qZr%Dt}NH8@Xs{P2XVt#kT^(h8#l`nJrvru4C))$|l
zl?8)v{X*w_Q)0)kM!dz<wd5&u%w5)^-|4b7gp`a0BaApHx)XGO-HU~^XiX<<+%EQ-
z09(^+F<N=y#I7W_(R@S<nn&^(O$fX;G~mYSh)=XRiFPeb`6w4M0j>G)r&#s*I_dhe
z&@mq{E6-<IWwqI?ZlMLS^eR&z0RQ#|)Lt%YRI4+2NT5v<BT})jEr4g3+%U|BgIPZ{
zmkF>mV^MW`wX|5_n_@dURSA}$Cmo+>p>O4BR<fb#b+@?5q$Q3~<&~{w<s}ZUs7~Qg
zWlKDI$WEq=NsMu_q*M4Re8f>~S|0mBaI~sGoiAOPlc6oGR5ols!z&f@!$WkDKTzqf
zbb@o7WTn>idT7{7SmC16Riv<lh(m^?O|=zz=hE0MDs9pft1}b9eO$fwA+)_RbGIC@
zI3hc~NC@jNxJpk#wX2FMTisyR1w5?Wi6VF{x4S*%T~U9N&yGeJ@IU2(S9|1w3YeNF
z2_R9^g7W{+YCeL>@z+Eb24h|*G{z#g3yVf4%{*FEP?{lWG*KB<MFo(}6RjGy-l6oQ
z%=Ye2kvee=Q|@Me#fn*v9bHZ@jaxO_f-DW)Gpt$hgSJ`|z7Vu>IbQ$fh`m^U0&qol
zJf6l+5d>A<17oh5;PRikh(nZp3>M#%;j~QG(?3p6LpPCoRK=8es>n3p8}!B&HuP+>
zE};fBW2k?0yfGmAsr4j169CN=_a<wvIEb?$n|I1cJpS1ngcTl=NldV@FdV$y;i<!f
zhKXr5r?7ck{Kt-qB4d?Zi+|?SLr6HlmJt6{_fcM(|0Q}&=o`*HEikucwfF)ZpbdG&
zIUG@8K#_7HU1VN+x4?u^TE_iMtnfj8O@rBr4QGTvK+Ny2URu8w9%ly0m>Y!8W*P<{
zfh}~3`8(`}eLYGqC13S@?^Gpz>`7|0pvtuCO7UuRW*fB3c~-2C>OlD(D#~8>S;?NS
z$V|aehIOmkwdGf4qH}F=mI#X~@Ij?Gh(Y>pzNAMY>6CbjJ{jXABI#uAB+z9v7fS21
zF2?7%3$BKj$zwXTmTCYCoxg*~Q-d`XSJh`~97^P^8ayQN;$)x&#IssBf$hDv2F{IU
zd_{CsK1qtxk!5Q5ZI7vh9i5j+d=!7!nk6<*?=dxDM-_zGqvM?zupuN<EsqHq!5h$#
z_@+Y&?0%z~yWPrD*6%8kv&-#KmMM67Iem^Tj<V<}`}>On;GC{^vvW4NvOt@-w6{sS
z3><2)R;g5~^$;xrWin-#AS@8pa?*GQEyk{K^P>q@OS*hghl{FfkhBrmf)I$MCbP-Y
zkpdLkbDcU-+^%dJq4;L(>H7iWcF`6IAk4F7kY80NV?7!1C*)bjv~+HU<$^cP(B$Bc
zmYs}&j?HnoXW{l*4sMA1dz*{<o})AGDGa~J<?eE-BYTO_F@aCUN#3GuElZw0PYm`s
z)&($qvETQ6a@JbGbk<x)MSF89U1ZF)rso@D@!@zW7cXNjtvi|{&@fX$U1n3&`E^@o
z^R}gl_^i1~@9Gb2E1d8{k;!rpVz%A*Q-SWK2R3m%%T6v#h^&SY8@(0|QARe{r;29=
zlp}WXu(^=Y5zqYA)%-)|3_U@BKq<ltgbEZyA?fk(<7&(x_A9?k;CIH+`jzbCgD{|3
zRP(2usJfGfE4@;@)y)Qgv!0h;XWODx%nl2Q2R~VM%w5hV{B>E3K^Wyu4?gM9c}?`+
z-n>ofw9HVGLA~Ubv1M~4f{>-|n7dYRzk1*I7nWtzmd11+!t^9c9Xpx!80M!9yqxyL
z5PmT4@;RuncRJrANxqs<ht3ok8=nHr@f^G6QOz~PWK9hUSIK6uwW!tc#eH{^c~&Gu
z%5~a?*5o3L$n-{x^{wksF5_smja6%Q%Lm#GEhIG$QJ`gYi`@FeDLkP2%_IQ;qB#_V
zI2rcl<eQBdZm`N6fvFu=yVl&y{Zkf#f>-jHDXovR23~I7!3G8->~^=@VD0xhGbC;l
zhrIF%JVO8L3`UXBigV|C1gCQ!+1W#srN;xcp9O?gFc7oo0QO#wefVHG_w#PDB=lL3
zc)U6tl$p|bCNtrjzB9*ZOm8ylR~|#XH_PJnO1{%HYe|PNAS0-2P)vH%@Zc;1W*+V!
z5J;f&lQb{d-ZX-3oGs>AU(Rdh-#eXQr=iJPY&tv~0L>ttsAR{)XPRj>X)-?>*zYqx
zHUTAzf%<bx!IG|dmdBNGl%(w%=mtYMF%o6>{;y4A^Sqq;=|$SgGYR2RamF%VX2trl
zxtY^gG)Wgu4Y03N2>)Cf`($kUg90Rf&Ju1Hpw2nXypLWFjDl2B1kuO8o87<})5Qs{
ze#;nkoT4ty;)40c!B~6D9P<I&n=<E)doT9~<x3?2xs+M|K9#@)Gj+e2-i!ZL@vY=Y
z=U3kkko7xVUt1AHg-&N@1(!J<TkGNB80of^+|5RFc}D%kQ#$TlDRk2oFQnz~RZ6Lk
zd1EW+#Sb|><hHTdydFT=fl&wsGj^crD&WAD-l)ucMXcwUk36RDn)n(-{*Ge*Dej3B
zH(fV{a-q4_HrPn#w#uF%=I6}xV3EX=<p~titnZL@&Hdds7w(v@jVy3Xc*T7q_o4<a
zv80aSEX9PPmh(>k)FC1**)MTGUz#8i#=O~cx=%BiR~APsmHnJ%jtjQHJg1U6%v-rn
z^5PIo-L&H%iE$SU1*d2^Yz}kU^PmL-m(EhA1tTT#V#M^aN<&0mz7_p5FtD`EM1zfw
zirkjR9(hefCe|50f_k1*R-|r>3NKtvuURkWay3KFesZb2$@w`j&B88wHWh5x6_xJ&
zXs_vl)u7S2KwV)AiiQmlvh0`d^NkNp6hQOifsLkdkUq)NON${JE_qIN5c4|+4~OXj
z!PTc49jC}3-05qt9qPn)qwo<ub`Ga%kb8+5-NfDbpHZ6XtDZQg&WS8)V<fb(Jo5*h
z9<^Nt6%R~8AsO_q*B-kcMI<E4LIi7}#r+<Ks(i_}k6Jw1xVY~Xju#lGqOK+aw}9@+
z6Yv+Torn3TFd00~Edt$=e{f=m`6F#%Sk?T)*8tk=8)qWT8Ha1D&~|9{Ktr&h+@oXm
znVSr4C-jlLBgFYQi^BH5!Nc#JRQ)ds%s{{iZ^KQIjp=LGS%@1~^$eaOaaY-GKzWC+
zqgJ4fs&>)6dINk_{@*yvxnmnwejwYk?}AboJM3HTl!-g_4tIKUiM20;8f2sck&nuU
z<gJCQquwRUI<ZR|NtgQ~7*iQ%UCLC^oTZgHjEt#ihdtI&7AH&6JL1O{9~EqZ(x0RZ
zum=wgKC77K%>GLCtDVQh>F`3*W$5n|>`YkFvh}cGTnk{v4r@M5FQIW-|7whnL`i*!
zLOe^j8|`K>bk$CuEO+&usSYc2y}bz>3!&BL6)!The56KR^2o<!Ly{W0xpsKg>e3+d
z%=|hbYW1-3_Q(A^(o>yGEYgjT<#wo5kF4?YkL_<BZAtQ3mK&`{;Vim>eb%@2??#PV
zKh;BRy?3jpCHKQ@w`c?~f5zD{7LOfEp<`hi<E`}?^HP>e7DMm(pnulHRgE8$;Wt0&
zPcA$<x*?Nix@|c$8khu86^H^r=}(zl`+FH84|(QhY;hJh@5n%s4j0>lHOn7fJ&BSi
zGR^X|n~8mlZHH#uEYN~PDPge&<cZt2EeB4MsKQ#}j-yd6fP}(ja>=~sRqdk5FW#dQ
zFZgLCgB!k3XES@Vy0yNCzcH~b<s0y7EhoABwrwP5-Jqvm?)H)wB#k2`rV}wi0WqM>
z_Z0M7qM!%ZnBBJGoYdO*D8z8xrypQm@{-|Et=eo5t4&Ro8l4PVPVZ5f$(%r+kVY`1
zTe^yJr3;Zq3Sl6dL&SAW5@shC>24?jgO(?LKZZ6x%4hcag7F-Nb|4tPFPucn8Y0E{
zG$*1??UjF$-P9HD6{4gKv7x)L*?B)`f7m9azCY=-Pc92DPju6iTS^PGE#U-zR2ViM
zrSxXBT(zJ&S^%)<Js7Fbp9a+GAZC0C0vw3{G=0CamJuMHL9}d(Y@rWExzvDG=7sK+
zE(Gus%`Q@_e|+<AFsVbE+szU`4$viMMM}}BzmieF&Fc~mZ<@$Msg#!6L1g``FIe8Y
z8wW*N%#TLkZkmUD^{`2sQu^D5f=#OJ_7qMS<<rUCv>E}A5@F4td`J7An)+8?Od7{f
z#@Sp^SNlSf+!2EK6Kmhp{D3SO!q8&$s@4ssna461KKff%zb4X*+!=BHx0||}D9iE!
zkQbV+yMs0<9;=~Ye!fGrb5+D)rd!t>zg}i+Fr73ln4F}U6tLMgTZ*X7ej!D%{Ne9@
zrq{2AcMkJ*7o2h>Rl;%`$f+tePtC^b5uz&SqWdyobBi$3sxYxl2ZkEz9hxbq13Ss-
z6*0X*vo2-LmWmpuoG}FfZ;zBQT5{Dao_DV{p<cUTSLS9=g8awf-698FXeo1i%`EM1
zbqE5Dw?R!-N!)d4Jyp0W>dcWJvtLlxTKy&$wDKF=QFa^uD6Zr>zF$>x11%y-yl#w=
ze;2}szRDQN2)|wM&6)LeU_8~`b#soeK+0ITg#g+wtqfqycIJ)&77H5wALDp?!rjiH
zBn`3s<xw7UK4`@Gj8y*8xW0MY-s+>}$)wCE9{}-hO^NIKz}9mwqoAZrFP+g@$fCcg
z^WMN&^Ox8Se(HP_q+ly~G3-A!KzA^+fYf`*RV$-jaFV<X1BJ4@eX2$ufs*sgbO;ww
z5=V@IKwMY6#>}MEU?JQ_;g$1D$$e|?j5o^4w4V!kJCOx!d4z1$+t4059!?2fOC1rq
zwBmf9E3!`V#{=zmm6?KV&5Q#W_dSV$H}fyg=XioK7GMBpXDRaJrR-53h3xf_)s6^)
zEJF-FjPL0l{JpNf@V)TMoIEb@SdeDKeot0ZU|$H%jzgN?P?faY2+yBh4Wq+cxFVKJ
zt%Fv-^n8t3FN@>O(3W(|DQ3C7MpHN3M8$pT^4Q~v+u$e_Xp6Y@Aa2D^2VU|`9$0oD
zcvq`T-8uwsueIi#H6&yXKDUUJ0i8EVe$6%u3OKE2)NWutM#nwj;?v1AzdcddaT~Tw
z9UQuKXU3l&vu=IVK>a0`o4;#1GXfG<?Wz;OT@pn#-hY8UJE0_79k!PLAjW2OJ^3-V
zM>>0<2;B&6c?%F4`+E3Ii>0;o(h0lR4U(a3Z8(>KHl)kmoSaSCnK~9SjC!9Bwtviw
z8wsHVtYjt8fEgWEG-6-P^L<^<jmP0S8F>#nvAk6R?)UwCYe?!C`XSz%-m8y29onv+
z-(H+mZwcCLDn*MR@!mVlx69JxRf0^*VP^3MD%6h7%FHTFk&>70;}J*4K$GC1beCvQ
zO%-YG5JhXlK_Qe`V+Ns>F*btoiMY7M0DxmP*}yCA*+|GA)n~nX`C5`sCFYL<pjjWK
zkhh~mRZ-6Dy}q|8lw>2~6UBKWtZyTkLaepqi6j>7xt$p{Q;n;moWuBPo17m8Zwt>K
zx4I<eDY9#b{JEayj%PKwRG<Hpzhz0<lc3}!FNeQ$_TFs-j=*232IivS(Z-J83P_1_
zCN&(8Ag-x3<9gKZ+vM<fmQK{NqUP?9sh4hur3)^2TgAXnP|H##=2b(SdoZ!P>Q{)H
z7v3mqL2d9S@ol;zTAxq<Xd@3r?R0s6)W*HbW}2mW-&NO5$1Ib!^>UjmVYsZBr?Xc6
zmhgHp3R!rAn_X<x=#`rdnzgA<h^bp|)w1^)@flRtTG3^dyEBR3<k3vK`8X$_dssY_
z{xi-qPaRo8BT9Pw1J6fU%Fn6mz|ocCXp^!Qx~{JvKqvQEEK$(RVy3gbd?aFhW$+#>
zgQA9|SZL^mR92((;i<IBGRd<N*~-j11+Px!$VuPcqs*g_N*p)a5N+OTZ9xbnW;6cJ
z206UvJHiVWXzMtS%$&eqpEQlD8EtjRD@f$sX0YOwj;)zzMMUJWQ4$Xa<$ZxBZfB#O
znL2fl(=?QHTY5f45IAN{L}0Z3A`^hH=Yg4&vC^38%9Y{XIQRPI2!<VvW${y%O3jfA
z*^gLoS#plU&7!N`C|_w*(pI8;^h&ujx|<E3y{1dN?Dsk3@xCI;FU*vkL}fNIm|ykt
zfP}!J1(TB~q)BOp)_~!USv$inFKDwF+G|W0uoUA3gU?1mj{7O2mVR1m4a<9UDSuj$
zKsFn$%AcfeSCS_)8qj#MNLe(Bk}QZ>Hw-n`gVrUGjfSIEQozeYt>q~F#h<+SCs&w<
zz_!Zc$(1Tm`M_i3xh{Wq$tc-an*QAT*F}acO2<_z|4paJ%RXnzpVI;O+sl7Bod9t*
z#)*iobru^xTBNC}d6`{QLGSbH^TA>o<Ka-DSuEji>2PMzI~m2`DzR#g1Q7b8pudG=
zn72TLex}#G9PZt`HL8LK>`btPbhVjS*2ks5>uoK%+HPOTy)n`98s2Z1yB)$FFe&+U
zho-|7%1;$58a0EhYx>e2YXL`bo4(9Mi|MPRX0AE~FcWGohM>;QkB%F!yjRVA151%-
z>|FLHJl1p|JOZb}&BoM8m?~W#EejU$0g<ZsrO-Ha)h|vo?R;E2Uc|@bwH=UfbYXIR
z{hyL6;9^mj-6@ENWEp(q)yhF7(8M_R)`QkGEABOjL6Y!03#VVB7OH?(O-yx|G4P9l
z9Dj1~cm&vI=L8<lC(J+bP?Z8;$tgo@3sCrXiF~Dekr<57vO<Rdc25mCK)wzhkvE;2
z@g^gv3T(?`t0A8=ICg()71SBZMU?Oj-riGYem?j|x;%&JrhF8k&~>dsy5G2ql0HnA
z$G#dRWk+3%)Vds5hY+=S8<M%=+Wc(FaOjZQhsV1>_c~(<BVe8+L-56-+ZC`HM0Pth
ztzzRZy`3)NgX9v1$=(L2yL{U>yR;ubZF^&g7KdAY#=ZO-;}eRj>6Wk5lSt*`m<^>|
zZM?<NW*A6>GZk(N4|)L4%S)=tv>X$XK3exJT=DX(CXOn~dp@Et1Z%Om1SA@s*!s*J
zY?`l}A)DLAqkN(-;BP_@o`0f{-<5(cD>QC`h(}MV=QE_s{>2AQPg(so?_3S9BO6`=
zVt4Y3uJ%o?d3W>s(>6%~r3<WBKj{kC0e2tokX(c@9>FZ{Ig>w}AzV0l>jO@iIBaW-
z7%r~a$!VbAg(%!qMXaX_j#pF7oW{~#NnJ4x@q4Yl)pJ5vNygT^%Xyn3rv9e=h+e&<
z>rnP0(!}lO{Zd9T!=$rCczywld_@L$PWVWiF57LcU?XpGhFX1$@0WVH$ZhNGwthoI
zc~(|iF8^+O+8vW(Gr(rr?&irPo~PZOeSW|0aNh{2o6q|FCf<3i7d0Z^m8Lz0vbe3C
zRB0X*X1*|#$&zqX6H@OPyQ@pYYxiIX?AIBAQ@5PoX&CyNy0K)LQ#E(m1U!i5K)gwJ
zO{2x>Ff;jVZHB_lrdO@C<cR*AHMdb2+=-SI?&uH0<i7x8<!+%k*}U|Nn_wI|?SUd=
zP^xsSG=9WQ@FlLX-DHR$mK!r5_DId=u*tBweJuwp{mZMZjA{e&gG$zXqu-Ytz$~oT
z`;ricJCn^>i@gcGd0YEOdQyxlA<2hz)6_fAn49R-Jm~f+p|#y(@mBZ|F|#G~=eKK&
z;O)qJgK^!Dr9Nj8A2XbC_eg<zRL%6AvZtB#t%;~f_-qj8P2+&%RB>xi7D+0p>b5Wd
zRRC@N3O>4QryeFk9s*Q{=Dw^{r{OMFDz)s8n|qJ_WImjDa_3Dj!iYVfPYxT}<(r`6
zIwbr5qhY*-D(^mKB0{Y2-d8eK&v)#lvegxFk4~@YTT1BYR2@IxQuVU3Sj2yOGh04+
zA}@JC*+?KYKp?d{Y+G~G)AJkk##UK|{qVUN>bNG?l%uy#Lzph6EsWQJoPH{xzh|k-
z)>t``DNul|W8p4}_e~fL|BKXT{~QbjfK$4I5FcT%g3D$(s3=4KKv{{*?@;QSvpqjR
zJ2g0<9BfC2Pj5^4p5b2<8VBq!IAIjic>IBaIZeJ+%L!-O%A@GQ)zdy6=3lB29sg8P
z)#=CrP?pXq63&%>pP@fD8sG1KSobh?J>SvlZIRP;^CeGsZQKL_^NG37A$>*}{GNJt
zp^YQvOBp3sOS~dlWZD76QN_YU%pz9zJ(v<j$wKi2<i6L8do=Ib)o}iY>(&;d!mU4s
zm^95#5r5jOfgIg}$~m(mj)A3r2`l>6+RisN<;{NT0=zq-AH@ZI!)QN$G*Kjm_;pYR
zAIW+7=kkc4Fp`^)NFQNXJ42eyItmEMG85-(ldiT*1_FGbp7&~~S1TgzDENTr9#t8D
zi>MoYKuTPAS?1Q@`7M63T8)oR3jh<z(k1uOxqO<{nH(6mV<2HJzj=~<G6hv%^ibzM
z2@~^fZR>D3>K2<OgEWE}NVh%(E<3c^JS`EU;H+_}6w&7H>oiI^u%DO2<vjIzWI6Av
zTG1ij)+?p&cSZWy5p}T+&unVz7&q{nrKp$w**Q|6g;^ROx97^;z;)MF&+sqLIrl*h
zCQ7NAT7Fh?)Z9Fmm5?YBxpaJ^j7H<1Z4$$r>vnf@(We!>Wk$As)Vv>lZcn_#PP|J$
zqz{HzUeVupWR{rJ>vTjv&u~8RJ)e(SXNt8a?*-cQrd0}ip4g3QF~=%gO@-)|d0#k>
z_hQB=9Wrztw_|Lv@w_OLVjHir;-8FHq&Sbg^4k{|t1q|_>!7Ef-Za-~CU0WHL+&5`
z8S*w6t-yh^Jf(sYIgiu7_gd$5*b@va-mcx-MY}RSx4g<r9iiFD@zg|E9CHY-;mlyU
zl54@s?yJKsJE0aC+aBvuT8O!r%MbVXZ+-{y2Nu_6`)>bkxVbEq05?#ba!f4m-ZmNa
z3d5A%xi?>**5_l<?e528LAAXVgFk~$Q!F{Ei=}+0?W0IKq*oD%g6%8S7AV4-!^*Ih
zLcE6k@bJ4!2fh%Y<JPOi$>o43q!H|k5O9HtGX=kEvp6a~;(TV}^6+LCx1JLW>V{fB
zwz{nIowD^t&UZCBZ_DKIfn>I;!#9JsAf^1C{IN%Nh8af`&Epr5_Xv+^!b}=#-nutq
zHUE?9TkVKscmCxcO-#_V<q8Ol&eQGb`M$8A7v!Q$j7`iHR#jO`&hmGh66SE4BfPS#
z1;+^^js&*s=D(aqexkSYCxBml;wzy{E~o6Wo({!{Y(%FY?UE>fR5cVo5j_WRK_CzX
zC1u(eT|pP=P2%6u!%{2EJx!L9^vl1Kjx-GTBwy>>8Aeo7F;NxJ27Vl9@OZ2~ppKVh
zd&aYRY!>Xj#yQ{B2T@DEGwnEL3%95h!#(n?95(hP#r&93QGPwb#%Th^cPF$?I6HAg
z@J6}VO6CpJrO!<zP=G)lwWv6r_QaGju;+Z;uYU2HnS8Ck@429`kKQE&My3RyM~1K`
zT8wqjd!SglBwX)q_*_?i@tkydObDqZAmhVh8Tz%u-)uobhHec`Z^mL3V_85e4l?ir
z|2UvuuFm_ztqo4d2)xf~_SJ0Lp)Gwf>lG`&#I=1^*Vt)2p7RUtWNOEzq53$qbrH(_
z`5whHqRO^~_>PSsYkUELB;kguYz^b6b+gamwffvaN08d0Tl?t)2~!wL<aS^!N+;NH
zVeWyBj~W|D!=E=`Omz`|d2Pk@!@Fg4VM*J0<7w66%_>c^lk;XPKI=hSjbhZc*DEBR
zdtZvkO}_HgV!QWbC6UwMBy#C;dx&RoIL3P5b1gh`mQl0@xK+=I<h1x<AszXry3%}x
zS{l|oeck_6s^+<A^~Y8=x*$Z`skPTp-oxHzdEkpna{oX(yLln0JTwXbF^0*t1@XQ}
zll)P4Pnq{P>9kB~w(sPAq$BKmbS{fWzw%3SmfMYd;7FQ^377ZjKy^bxC1C23olXmz
zmfOdZBqxZIGUe$IJ)W@hG?C&e+N&vX-^Gypz+p-3N3#kbZ`(KPKOB3$lH>b2fgipv
z#%!Fc@Ym$#5gAJn!uFU^-m@uB_1++3;N0c)fn4oM+cdAK)yycaJv%=EI`7H5`2=?}
zV))OGyq(K7wylpiy(U8b@~A}W)DZ<r6w{q%HNyTXlO>yrP!1>9n7M5Zq~+g4$OzIw
zb=Pa_R<kw_=Zvv)@2yT}Ipj}OYj=vgjJx|wyIqezT4K@vWsiB+Y17@c(H_ov)vp2K
zj^ts>PoWwSDXWtB6PVsrZgDCdkA9Uv-ulX0>epq@cMjRC2KJyxakl(j1yGL2mePez
znq=Rqk5dmDU}Zaaud6RXtM^N~5)=Cz3nO7xc9TYTw$JI@{isDGS<u;jPF(!2UoSG~
z_{^&4asr6G9=no$KAmE2>KqRFBIj~l1k~(W4xP6jlFRdmR&sKFWmRB#9_Q#y8acfC
z0YnF~AcUndtrce!#(4jYgvKPGVgZNQt@?uP%uCD?LF-SL4v*kk+e*J<U7?m7|BfW*
z-;BDxJNpBRX)Tij<L|jsIPWy>%jxbn!HKv5KfD=v=8H4ag`AGmTLqE(A`#d;W%tpK
zjNe#3(1yL_rLkv0Hi1-VkQ57DmIl7k!N$_l2hvh;?Bz|a4}-xmOf7QzhynjKT|#1%
zS6**arMfi3hwEa{HF=3|B&aY^P)8z2?&{cl6jG3Webf~Ky$b)vvfN$+E{Tpch)b{g
z_~vq@;t$Mv>t}i19EjzO&)>LKT<yi_+FQRC_cm|EJGtQw=KLsvT?hZkOl1F>U;|GI
zjU3+v&JQdiTMH6}<n`{hz7V;s<V+G|E~hleyl=u)Q+8>%Ro)%q;q1lP2C4s*#NqlT
zLE?b}($*dCAfqh^T^z4n4%HTHAU9*T%aR~y`Yxa`sT(Etbx$J+*Tdg&YNJ16D+?Ct
z{|m@0xdGM6!x_s@9#TUO954M%*-Xpl95VD*ICp<TYK!2BLy3w*k5y+w1J9<^@l_ES
z*qA)t?PI2oz72i+H|VaLUBqo$X~`vR$<69eHSrE`NDglf*9~-H_VFlQ8Mq(v<Klp!
z-JW68V%E;{sM6KXhNl=wvcIKvki5Q@^T6bXd9y>z9(1WjEALHq+iupWhuuK8Dw3md
zEN&h;By#LTXm-CYA+d00EYK%`*W0}D)i-J+h+)Bn&mB~@z~>;@wJDlzr0gKGd7XtX
zGG`o|csM)4!poKbe*-i626f=T{J>Qas)Ta$7w|r*HETWSr^MK<wj2-2sA(5a>I<Zt
zCQL3G>IIE>J2cGLX8LF#teb^NWI$yO_ML;&tH3$;(gxwohd9gmWAghY3Zi`a61zE%
z`C513`U{TvP}+@&tpyi0x+vr65F2!2{rbkso|2szWjlk?nv!NuaI>1nbI$3V+XY7W
ze;HJ(9S@Vzoy&$p3W+=K(nn)4S6085j8as(gxvLr{kt9rS?JNh7tMk;%}fLJH@OZ+
z=03;*Yst^#o9<*8JoF<k33pz98K%S@s3#KsH|OlPZOb*i_ikmk<sep&KuVKMz~70F
zsdF88D|PSUPNejX1)ql(3$*pn=-&+O?2Yn=Ue4q8?H#uWZC?m4KU0oh=mqR7*#c;Z
zu{bTqc2w`m_Z-l$t&G(7II3dvY7PCTgk7t@`-?k?IaZrM414wKp7YX0+iIS!>OVA5
zdvg>Btmb6eYyC&alJkDw-S@cK*<J#fkY_u&8J<q}25c=avgtR#z1xDw6NvZjHEVrm
z`1eS0%{1V?lKu4V7r~$gsSBf{e{3wcrmfFup=bZ~Za~1N#n*}m=Q7W2_K4f|(J1Vx
z_Dl*$0h3zRy>L_x<@@U!Ln-ptdOX(6MIC?*<UMNKl~cUgZ(e`orp{=NQPM`%Ft^@C
z6LMl>z{44waWJ1Mi2CqJiHm`q%(sJ2cL58jK}=c;qq5!o36@a$aayrJj>~>3bJ;&a
z!6^5d8VU1f3P&0%ef+}?iya_YG*?tWEvno*U?RBA-X|0)HZK&Jf%EO}1{UHj+eM=a
zWdh?spgh$VLzi><)iCEmKAg4O%^7JW#h<dyBbyEWERDFrm7+~9^`yFOrxi2=F_tm}
zcOFltL{OMQTh}!2F;29z6!r|wiwjzKoF6el(Kgc3VA|tN;Q6B#7yJ(+*9rf;&9Qox
zuripFOj-+xeqX*NJ*a`QcD_PR<v}vbYQ>J|smzpS6wu3;QVcTdHUGSbtR{vU0sxd~
zDi3iSuEH0*oyg6%vSH|W`PbQfweijg8OB&cH{ey<Wc9*xZ<+)r`HPEE+Ox;1lQk~^
z8<@9^Yj5I~DkC2tmf?M}wDq{8O}W6rsQxHkyTX7w&R%)^lYKV(TWgt!Zd0-ypdj!z
zzHsuUHW^at4N5_%G*xafH@9`43o!A{yKAl?LOQz|45RrDrE}L_`<_@E);;l^K5NPD
zL{D&NQUEA~gL1sLMN!(LHIFTKz4`n$B~_mvKYO=Q<LU<iIV;3gt6d6?x-S=WClDJm
zKYtLCnbUAd-n39zTJGxsI@ll_vY8Mp-5pEAp^t~T^0I0FoJy!`Uku)FS)Q2irxgbV
zRqv`x<XNJnj=v~|lg@qSKlHdCi&B$1rK)5M^aY?U3>61EQ5V|rOrk(zan-opL0Ztw
ziq57m;Y8X~&wu_UXW8vxilN^mgr(G^Lc12HBWMh(g4_0SZ6Z}Qv7fHe9!60wl&r=_
zakm}%BL?P$&2LV6G2I7an`FS77O8#N<#}uJ2}ah0vYT)TvN=Xmkw`nU$p1H+PZs*=
zG${Q@z?;qobH!#v%4bmbs9^X7r=mJ}A@=v&L$uRk&avY$a-mDptu-iZ&*QGd^_2%(
z{`$YGnSfw>_1R2@3VRBOJw{`RqdPqSyI;qcgghRVT>o8gKIKd4I1*k?H{KeH{$#hS
zw%ogE-X@6jyc;>=b`K=yE$Ds5Yr9%vOVhy1KQ9vVO!BGoaK1sdl0?RNUv9wtlrzJp
z*rE6Fia^i2*k;8ux<JKKx)8LlV`j@#@Y0<Dv5OIU=&h{7(BBst`*m>xcLsaIHAm%d
zm8WgaQq%%S7kmPI7yKzH^V(F)nVW{r`;!n>okP6QLP9Km69&N-q*8d|n*-o+6)HjU
zpeJf&X;n*NC|iXNV|C1zN(HxCf69LIH@*#pd!_x@IBE>B5<f5ObVl!~F)t<nAd1xj
zvgLC!umbm9F^NGWGu_wja=G+Jb++@j<^)qKV5Ks;hkTL6@<7Dz5=E!Ohl_d&8tj(9
z(ZeP6{jJ)&7e|a6<@>Ldx5e!+5dAB>>uipiwn08;+-ACqP~`Pici2%*0i{}q^3Pr%
z57GSD{Qff^N-k_bcTv=k&#{6JrPyLTx_HW4R1l>(2cNLy4v+sj3#xDLlW%WnPkZDB
zY*o22P=<PN$(<rfL3|un47jrGzaJU3ffF3q=KbG~xZV~4COWdbBHLf;-#m&tP5xmC
zK8ol@U2pxfnYn<|3Xaa*`|K5(=iE9V0z+Hk+x303pvuUM^$B`_?@izXZQDezlXF#!
zvInL-SWFh7bHpt@<H<R-c)@RQYVE7GQ44HV!Ab7~R31d^n-zf%Y@~`fD41#@7L=Sv
z-o?0Dcoc{pTQpX*h=rdUI(qTXCar(;)JU_j#k-EjDP*|c4**xTykArhd6Fh^?D*!$
ztwT6;6^7kyp-uXXT(gxhfbGzlyyyOEnR3C$r_bsEwZBpID&KXThUe9AUCCx`HjdKH
z!K1okAE7~3x5aQ^mQN<GJ&ntoEv+UcSCuW9b+tTWnv6cvm~a1TX!m@5ycW#5>Tww*
zlR1o6Y<_NX*m@1CO}%t}(oahhQ}lwz!bhqM@jF4=7ds`HDzAPpP|=?Rd$5sKx!=6|
zD53)|>rr|WZ*X+IQl6-<(egXuqy0o~+hr3+X)))sQ@Cb8F;QZK;M$6~#RhJbs3p|g
z>_Tgx1B*QRTPfC@&syKj)geB#s&$oHGU0qB2n#C5za%@fW++-Tzuxvt_vqIkfiH<w
z8hvgBt6O?h3#7xp+>D-*V?a8+HG*7uW_I2H=2NXa%WldEYQ$2Sy&)(uX(*xMhNrVv
zIYp!*;)0&$^mPl>;DGMQyL)`nM;r9mK=3<(%LNI?KPcE(lVL4YOA!{knf?pnxb4;&
z4l{R5QU5+oX1Dn=sW7iQ1MjgaprCL*%bKRusEzX4Z_s2FweU!8q4pxByi^b+_uUAI
zLLOXLwAd~Un?7!o(WEnjVbr7y022|g!*vpx8Z>rDu7oo|VsmQn$IbXZx8M=^%|}x$
zidj4bf8rKt()kBfz8d(S?o;KZy~h2)q12Z|x4u?VF4qJbhnKuze;1OKZIwAL&k7Yp
zP*lz_uNM2{3G)4)0USQtzcJ#r;GuV@NFk`$Cisl;d!d`J@fP%`_gnPbcVbDK^}F$5
zF8S!El(ic2U&1*lC`2?~$HI<wl_br+YDkv&>j)){yzVDma{ZpiI=`D?O=@>3YesgT
zzGI8oZoxMZSaRa{KEUnoE@sVC!qh*IXaEjAwRzxDdofLYe`9;VKaR|+|DfR|zd;j8
z<bB}|VOWVn^tCb2TDb6??1rh2F?Xtqb>@OM-_BZ`TPoyYcP-Rk8u3Z`S5hvz*jbz;
z4>EezU^rE5CC+4taKe>&$~^F2x03&yBsmraHrP_~msa;~fKx{s10amri#Pe=OPE;}
z#hc%3Ml{Xu+9B?dB~a6zsO1Y~37P4`#6U1cT(j3-u&W-kNVfe^AD7^sT9OMJ&1=+L
zY!2HeIL>JW4R?Mtoz>#4gK&VI{|wa#VwFh_D+|4dwf>&Q_Ok63i5mL`*|5x*bN-__
z`r&KRQ)zH+EAM{#2PIXI7r~9W{Vu^~;w(rFT}<j`vRixa$+WnvmRKaythb#TcBmJ1
zC`M8fXsZM6@IZ_-(8PV089mF4da#NO_%Jf&%fI|mVuRWF(tEJznNjlsN%($X-k;0Z
z69=h+sEM$A;8PQx_4)xxjjlw)EB`7kTsdMbB4?R-82Sc>(3|i)scQs>sY(<kZD6;4
z96mg$#9=YJ1;#BNo)_5<&*y3d^w{6Fe_9oR$UR;+S(6Z`U(bNyt9@zuwcgBp^_fmg
z*q%KdlXk@PKn3&M(N<`6xr=;Drg?}jv29@4ww=-S^a-aHPOw0R2*zN9WT&Z-g|Zx3
z&+y%!-|?_o*J?e_igjG*9L8^js83zfCvH|UhdtMrjU+0fCCY1)wn&@tCSZ(0K(2u3
zKGsny$=$-HuY9fzU|Bp}<l%a^^m}B!*~w<EBG9)X9L91x%Zdy!zgZ>q!KYo2|Ki2P
z<U&k6(7XJFiKf09lMSPs$*2hPCopO8$j~YPuo^y)p_RS3lr>`xX)%6cEMYdq_*UNA
zJNh;IjHvkD@oac3r`s!1uBis5bo3yot4qyc?WkoKuKQV1Ugq`C2%p@V3w6cUDz(uD
zXu{s$2bT~fbl>}rZ&f~UujvJG(05XTOCq_oX-X9gix_OEJ=n56h*<}z?~uL{IcEm|
zbm{*7Wcxwx)c?^&<e5J$AeW7;uwJiL?VB5jJ+N5W%;~Y*(5oNN8l}v`Fn_MB`z-gh
z$><+Q(XZCXLATfM3^lG?n{7rRuiU~>HBp8a%Sy?I>DLYoAION#lEE^Rd>fXpf&0IA
zG)FPYio3G8sTztS*%?sji{mwPg;0~+L>Z|V5TpSyy7oA(0!u>QY)e~?t)Y_5<Qy`^
zn-q!`Ldt@usn)S|U<QgLXnK*;6(?%f`f4;{w)OlTsjp}v@4Iwj@_*-TdX)1GZiTbw
zZ-?LRZ&ez=0^Hn}f!627;d-wt7*QSKR1~R^He4YUC({n{lzN8%q_H3c=Oii2MyZ6z
zx>siYk*V|2NX+$yViRkJ?2tMyGhFjYiB*94yYD3~gf$9C-$;jvt{NZ}j;&eYBZ!VC
zJGp-``fHnY)Z2fmrrsW{qWmm>Qu5y;LA%J}f5j!`_ONycX_i76(!o;MmQ2%32Fy)m
zV6b6^IKTl9or%ok{N$Mv3@mN^T^PqADhJRCss(!;KXWe%(E5j3)mVd<=2)$dN6y7n
zn{{7&#aX-FOCFwgt+4v+@?GN+l~20Dx#((;<^5Dp<4s%5I%l81u+ok_uc7BJXh$n0
zhUe-)SEEB-d%|+fs@CY|z*<?F$oGg^8`{yJ!=PIH#`mR7T)siw#kVZPpvsXgES)?x
zXtb7qaZxi4SfJbN#JRqfxPUUp!Oq_1NFa&y$qGXO$k|c@L5!g9X%MxgYUabyyhu+0
zVZr=cd!zo~hVsZiE^J^=*sw^tF^r{5R(hik5yKfhTX``>tZ%%lN&S!5R;WUztoK-%
z0JCoJ#D+87`4>nJy$W6CCqi7E+Jf4XL*ktFY6V9wYof3YBqq(W2fYPRw-3+PT&yLN
zax%jIZ{<yifQe^}8lkzv;~-UzZip6po1@92D#_US>r?P!1qJbow+rdSvW79*&-gw*
z3pXHUzk5<pIvS!To|O1HIHgO^FDqAL*IA|4B6)CwbKsj=D(oQ*q59I3kfFOgj89M5
z4@m0*<Z2w}n{zVnGk-q^SV}$z`ku9(_+OeizK<~GtA9UOa{W|%o+b9ZJI=9#qRMk+
z>aOWBVV-0AbZ_@td_X|CP38TP+9DTt6w%-#XpJ0Kld$LbXnUM5*oStVZ6fn%tk>~*
zR2*sYRvn#V7{<2sP?0Nd?sIQ~|H9HlW1Ke_`OJVc)a@Tt%aALeov7j17ANpo_bU$I
zK<A}#qG#3~p&QGR<>|QsHn`zE3C_HxjzmpDI5L=97e+Xm)?Wl-Y)4NXZ1b=dPiDp*
zKHB|*l7__RjTdr8y6Kd7K)Kb>yV<qZ8BO5NCV=$7Nz~Nyn^?u{=VX+{-Hzg>X)toN
zYw<pP3&2%>l;8{Y!-H625)NO6$bi@fs=g<>D{E`7>kvCm9AZs!d6o#C_xVqM5d6U1
zl$5o}dDhwFFZbr_X)$UnhnPRW=C)}z|1>=r^Msc$Lw(|3p;y;dNpf&Sgi@pd5`^9J
z6Uy&=M1g>^+M-k|)tdy&drYa4_RPigP)7Dp4BTF*cE$P4e93U?m#(s57hGv{ORa2)
zS%5TcWHD%=u4J6B5XZ5?wH==ClPHm|)>mEsd<6Yf3*>Vx_#2SVn6u_w8&_6N!C2oU
zcrq8y5IF=It`t)zlQNAm`N>#sAyJXi6g?u#zWno>(4dLlBf?lT)xBk^*xo9FR+|@V
zI-I<nB5A4|Or&b=l|N#QgLPI)GPqf3$SZg{C9(xIR*sQ|s!^yoLiM@uF0w$*l5^PK
zFDC*Cc8`G|ag`4{Gzxwf(FBGHxs;Ol^lL=fTtj)et;6P{eej)yPwufFFKRzIfA>uI
z`Bow?AM!L&+_5GK%-F*jK*_n#X3Mxmaxblzd)%L8U&m#3ZzkwoL@Bb1FVsA?iij~!
z;&z~|al7{pab<z*!aysPF+-+1tsLPvLb;v$7K$jRp5mLA`1e!6EdLl>cQbXjqj|$P
zHfi>ZnJmx#4-o|oV`3Q|Dml5uznZzcF{>zx-FySa|M-5Jh|zws(J1u~S9*XO_{w1^
z?Tv|pNfrA^o+3EI0on`^aA1tPbChadOLuHk2pg-G5J>lin8|Iw3x)hew`1}V0@|js
zmkuN~!DeZJ#r>buajUyO`QI!||7xBuBYBUhRVJHKqA*UnbR90B;!@rF!lYJ~z_oZ7
z3V9^{!HOg4EHE=o=YQ+<cGmB*e--olS7a6V?a1Cy1pYUREs1u8fDLu=K*U41lHO_a
z86Y1JIO|-eDbD^th%aBV_eX9jxu2zshS|=vEKn#TCfS*9FYv31NoU{dIOv>Om7L{c
zY0}>&^y_dw(}HwfZ^Ph{Wa->*mi$epWE?dG*Wnm)m`oXo!G1<T5!gT8<8LVBeuVXM
z=e&;lan6*r1SIu?XGh}&Ot8tA#rRi;SJrXlZ?E@@&6e<^#n+dRUr~)dwGsx+%$5eT
z`(c;9gku@TCe6#TyaA`RKc+_9#akE3cv=VkBqsg~PGPzxdTX*Jn78(BAh4;+_0OEJ
zdq<b*<;Kn9i*cn=GkDLFM;oxK?`pl0JO7i8HgW9bsYUWg4G>AKzsMH?k!pMQy-?Q)
zeNa))DN<im$Dp9*{A3}5+Uq$JmGg@Sx}2;_uI57%8nN#P(FyOM4?k?3%J#l)KlF7T
zt`CEuUe9Ef`HSi+tNJyqaOKIn^6hX2AWCp3*BLh6&N0LK#FDaki`n^5GFH|nWrbl5
zpheonY{%=1^TqqKiPq_nh^7hYNn<X*{W$SjpW%H!R+ePm!LHUbmVUT;=Rem#hGMT~
zVM2qX!qoI<=z$?4^f7ttPu?728j5@L3ep*4#SKdGFqHj@I%G^$AE-F@OBLyaj{Ww{
zPLd0yV8K<!{3RT`5U;wT=I9kjnmzdHhhqLhJ-1WVygK{9#*>z{=P$DH>}zuu-rD+~
zMN{}LPfA}KCq32emB|s-Xz`wS$r6Qm23euj_FntVlV81s1V~lSs7&N=z5=t1wGnw4
zENu*aqLe<+l6$TLx`3%<R#9X1<}M;;EQYIs33(8OStMg8A60o_Po}&hd^J=>M_v3@
z-cD*aD0cie>heDY_5X;Jkzdq7j53Pu2Z#FQ7T~a_swLqJ6e^#sGRcUyMSm_kDydS0
z<fSSg?|DZCcE%aQ`K53K;Mo6%s&|a8Eb5wtyF2OF>6j<BZQHhOJDpB)VxQQyZQHhO
zJDpCxytwzf&%g6$pE1_hwbz=nR#i<9X&v742rfqJ2!GlYo*qDKNzO^i$SSOCZSkN<
zr>etLr(1xKrmq<V<`h1};cS+fA%`Z&MQ;Rme&4DT==ZmheRgB6<TPHSyh+S3Xt<2w
z3?~Xr&)U*J8&j<ALSAu1IEsjWUrj>oOcc?=YYsJ5VrbuSKm-EOQeoG*!zU{ls1g{_
za<C8|#V*~HIw$`T2I*JiEBj+E4@K&1#Zxfx|E%x7?|v?zS`HqH+K=~E)iDfRozZP+
z#b_jCCd*1Z{o??12%L+H3c^y0bY%Y|Y*;evwiAU(IUyR(k^4vF)h{F>bpVX4c~440
zV+{CCQhBF#)03vi;Vwj&rvlv{kC@zczw*KoU#2klf(;~`U~dn_v3Txg0y%E}{8Lm`
z4zge=+Y1`swxBGLOJs*8E!|?^4RS}JAIm3~&|z;g&h6c)sGFLib8&IoJ1x%cO{v{y
zuy6nal{Ns8<;kno4!fl}788-&U-zG^oBUmuo@O{8Y?O(n!~e^d{eRaOg9o0Rq4(5o
zetR$uTboBo49-k1GPSxj`YFWGNuA%8brg$NA8^)kj;;@lVWa_QU=e=*z^-?Kiovwg
z`5=L<(mJ|iX81*#gYP&(xtW>*C_*qq12C#OouvQ(xrU?d+_TZ&!Ok64_=s;-l@SGa
z@P&BLRgBuY6I%Vcy~5}nS@i2gR}^P^v?@Y+;FZsg#GH0+kH3#=g2USrC5k-;xT?Si
z9}UWf@~;P3cg66$aTHzG)3>$7!}SV8p8}oNV%_>0pkt*-8!uZn*BbI;m7BW?<ucfD
z>L-2wU$h#F_nP8<H<_JVAtk8<Tb03J8YOW$W%<!c^F!zb_z3MkL70s^S`?*AT1g#u
zlwNYQUZNQ`JUworL|G6IElKU~(kDSRs~bxa^db3gigKS}x}!juB#nSy<ZN=i&0IxX
zslk9SrY0fOPKG~wG_Sr;I6I|~KwWkIeW>h2Ls2t#7>l%Dhni)&nJe8pv14|@c-Sr`
z3I{p^dGmLLBd^gW)(~ftWeJox4cC=w$7!4hvwJ;W@(!atxQn|xab{AR0{X<FJR?|#
zpg|KyeQB#0RfqCk=u83&*x7Vtr&*M$dg<T+<7QM|@XXu)n=UaN9Uv_i_#LDSaQSjQ
z6`@G6#i5bqAFzPMrciOx#`b4~kj%+TmI=$%Qvx!DcqA26fed9(l&+f+a-`LfKvkvl
z0rM?AC#tNUqlzK~)L+!8(1wtdT#$)mii&$OXddC~pKW?`6nLQHlj;gYm&3<eK)ig#
zrPR%RBXE?|p&$k8@WP#A(zNT3dlY3SG4`sH!VY`XJ&?xNgVDhmX^9G6H<b}S$tvpV
z&0V;X(1mQ}faKnsSb0G8o&3Dv1I@mq7t3OdWmq?$Ld>Irx-<>+f5H1-KQ1(42NQY}
zknJ)jp%_`p(>EpB=7LQ6B!r+0Kzq2wN<v(s7DX8jr6R>^^F&qMUl|d5$qhuqVqB3f
z&AHlpF2(T@4F9SSB#9|?RG`e5f<!Rx+20C)8+WpOZEsRc<=}Mm2jRHXgug9;{XTk2
zHu{Tqr+y%(sxp|kc!#Aac7zaOLy<nfCO$3-f50azA2cp>I}*?4)ka{;deUn?zMN0r
zmu(3dgx@?j_b_nxF2ng^rn{*{ix7Mj-Y%<Rs5{7l9ux6T9S(K#^_s#;O@Gn<6ZiH%
zKhY2rCo752)v`3@Jn_9`87*X{6b6ukYzPoU63#zbjG~Ap%#j#c1ShEKS4-_#s9|&l
zC<zm3N19e68Q981AsXudW}K-Rhh(_Ha<U#Ize0Z<qm@-1MZK48;FfsMc>GwX(Bi<1
zyFodGP31f?Hh_WDn+4ZX4KM;2loMX+IH1cuCdCrY7c+`xDk+?ONP{dJ@2C=q&mtQg
zX*^Q;#%x+@UnKc!Pm|G3Oy&)Ip8~Vzy_JFQZX0?Ir^6BE6jS}EvWWOUQV?p1cfUle
zAFG9C3<64GL?R#|rvWsfdljRew6;~%Y$Fl95kg7BFO_?Mm73gSSrH%>L6ekGc0EzK
z4QtOT%#vs}m!46oc#U*Y&ZJIP!UT2XpzTnDBwa{v#F8y@R#mA=Pl<q#+9b;U9POD#
zT~1Q&)J_da@<Ic@T}!gAa6@j~Od{t?DwoJl9vSO0+D{r_H1p*cm0w6n)QC5Wi~YuZ
z^)~-dG0Mei7}+hUp)RLc{gBVyUp8|EHNV&}7|6BCAS3jN99{LpeNiQzt|d7@F^Yka
z+!qpiQR6>1o{(GtxqCxGk^>c)e_|ydWfW2rGN&XXqcfBRo>5CN2^}dY<2g;V#sg)M
zu;SYJYKub^b=^+tA|bi<po}7JV5l2mCaNExFx95{MxIZY3b+88|0PMG|BYlp(v@MG
z?vS~BV@diSTxH(Y6q}Yb)M)2GL@-EF9al)w5J?w+=2UiC8VK{RwakjImiU&%Hm2p2
zVmZDgI@5B*Z&KPu%ILIUG>wPFzBYvcdwxat*6y6OEky(l4zjVK!C`}%Wj=tRl}LmC
zzf*Mn4=h*wZz?jhh>TZ5)xjT>9W9V$(TtlJ4#q-3EQp58^eedpo4{}71lxtwDoRiW
zqMld~57!~1#>2)Y-GZ3vn~3cRi$*%K1d(UzA)9VkQEOIqt&=$&6FjI^TNDE>vTqaO
zG(;>>nbsXo&Wvj2L1&b~?{FGT9Vi<KvHB>=C?oTHzp>Hj^(xkb#`hTk3!5z;ZRa<A
z_tRlpN2H<~N9EIPOumy5(*;bh$5=~9>II?%x8@pW{nJ|v{7LyVdStso*z)uFu`Urv
zO>(S?kY&xU&i^jQ${-$7nnJf$V7L;bkiA?U{?BUv+vR-;lboUTCb*|2BJQ=vAaz4A
zWS5I8@v(}=N9<!ZzXl7g6a>zyLRfs7;F<I=uKx~|)$$zTapZr!``SK@df)Ex-g~_(
zj*%6Rc2<Mb2{$%I1O;0<zP`N4W$7*YQOd14LB+`WMtxEUTtea~GJ;K+gyB5AugpUo
zJzZn99@s=0N=jmTD6K^9>=#m!#k`MFtN*u*=4c))vus0|v>}r6U6N9N&P2a#Ael8T
zr;hGIsuJxD^@^&zuVCEIrEn8Pd8u;^@A*e~%&)zJU$44@|9=hewT-%w=s1OcYwk}f
zA2pX8m7t-#{e4s?AQiQ#fh!+^gw-d`B=$p#u&}Cq<#Z}hNQwkSj0Su0SZ#e>%kflH
zeYf<u-DS}EGWbwJvJ5sUdEXmDH|%v>JtuM9t94A`N1132CKr0F3+%vx4PTMh8y32_
zd$6hkfwA&RWslBjq!|2bVHFRVW8|O_MK#5;f^KH!hzZl#^1=epgC^XJv2`<fZg$o`
zCw6XWNsTm;jpjU(-ouE<Q8LC58WjO#uL4bV9_Uy?u&HS;rb+uJAjCzDdwdW1G3No|
z5#(ow^F;I?d(SO?4{7oHlqF_jXs|O<6~(|rhX@6s5Qw-zt~t-Fg;Z4?rj<+LLnuiY
zq^<$4stl}pDz>|WZKW=ah6c5k#MUyYs67e#Zhm8F3Uc@m^&3uet)v(ao>`fTjHqtG
zf=zDDrA`$U>4P9e2qTBi@Z`4FQ^$Cmr&j~QK?svr?v0x(TOPs`B!mEC8e-4l17`JQ
z0VX6ZI+G-&2TfWii)Cd}vy1^HD$ydy0js2*#REzGIf7sgAFs#8J3ZgA-JUnyg<Vw>
zzdDXA@0;fCfAD`Vo3lad<%1t{5%hT-9Wsv|ccbL9vs=+=Y1obN6>2If21^y1a|njI
zsiY~zRpDimjz~5l1etdf1vFO0mX}2dK?0y6<TdF*h`av)Jsxaw#vN_vs{najYEJC*
zpID+pmb+=BaRrJ136gLRnrICjk;%HrSSRrbN0mKMW25FG*@!0#nGt=sxH>8qlfakF
z?Q4O{(B79@d%K<pdm0gOcXZXmL<(asxN`}OhdnlJ!@0cr`VY!CoFA9S%7p(~4`d8l
zFeS?Ye}JA_^WbGDd8;!sf7aHtND~sibSH?VzeXu<{63%k+U`bg&X=o)ON+C@?S0R+
zr83&v+8m}hk9V>^-;3XT|DEd(f0@K8wY{@{zghY`mg|eUy0U)V&G6~CE~=)9F{KVz
z7H0-~Uw5jH4IV4JPHKW~GNh|sl?U-GN;PQ8Dy(oe(Xc-@XOu(TWBxP8Y8^}vG$l|2
z=kGHRJ5Mtji^M~>;;5+z1*6W{j}ko)C&EN0!esY#E>A>}(t#@#%3Khg(HYVLXj7tj
zsmw%3a79V<!sGzO@;uqS?0yd%S-zZq;4d|S#)%~rB_gc_XlO!Z2P|YJYJ0I6PTbXe
zQIY{vG_r&Dc|_qTa^V4P!&C}$!=$Q$yN8mVENpChlkD3n@xvsAelPt53VM1~!!f*1
zn7{ASw@bJ;Tf(LMsuDmMdY*@gn4C@|RMgarwreap9=kzOa(|z%s|Ol7JMrv0ZXxWt
zUd<N$ce|cDuXj_;vlN}I?qtr#8mqFxZ3b`}DWa#eDCXVhXiagA9SblE9<sR6{zsG}
z41x8}_jWLu_Se@DVWSU407x8#k)F)&u=ysm`;92>s|2J+jyi`a2Bf$Z#+R2!De1Zs
zlN3scNy;qJ5nU;^p&=`WRCvv!)>rUE-;Hr-t#RE>INRq`5{IqvHI`6R3&=n*g)ucF
zhV%=iNLrC*NzNA-x~lh4gR>FswhXFEX2!BBn;{OYR*9Y6mpvR)6}C8f)5}(AffSTH
zCb;G*yFqlD5+ag%l4Oz+n)*Cum?&ZaW|m$or)(x8NIFiVq-SEFadS1#iJCVbJBkvr
z7~R}GImw6acjs{PI~NZMc%i&sfx9~T0dbiUIAQ-;d~$$~8s2>s#fCX~75qZT0KM57
z5Fbhh6KNDltlpk^XbzgN9_&*<d+Z!jRSx<F4HoNw%AAvAwJ<PWNN!w0&bXxVoE+GM
z@aPMfTckE(DH^1y2_N*hstS^;%20~blbJ3MH5#kz{zY0Wggu$0OIt(P31US2iRuSW
zJmupFA`J$YEFevAA?GwrYmiT6`l<gmm&{->L+HAXzD4h|3tLiMt-dE2>)<t7N?NpJ
zd$ZHq@-Qd8n7QtS8V1Bk;wlNv%t>FH$fXP_$R9+ZOc;B$?_Y=d&+U>=*zk~L1cNXL
zDH@pQA!@8h8tn)O4;H{iu>fjYW!g5XB@m*^)Xz!vjk1h=0WkNVuB;9QEitj}Ut-?C
zlHEU5#@m;sH3=1{93;~;#;PNb4VPz$#a5oUNMCq&m0203U0KKh?WuE6;($ymPBRs^
ziR>~yytlI_PJa!43LUhmv^4D5*%^y1ib&ghQ~{_Bsr&Qawd*?lxbWV~`t}EUvaVa|
zTbxPV#^mHAouY27Q4rD%6C4g3+?N(P?MV<4519S&P@Kkh9{mx+|Iu<J%%Cf-36|6w
zj?2{>*<Q?WCbMUS=k?v!>-q7&_rK5c*wjDtT`zS(UzV$w%ZQ%N=dI*yK4bg$-RpYC
zWxwQn+6MgEn%DseEFmG6zKx@^Si)LN<&BGC!-vX_HxR!0xaH}R@~~`nqKnMG0$6n-
zOOR?9g{z8Ng1B7Wh*XOYRXzwdEVF|y9xcuoy4q-dWOk}yLL0~ma5UE=*%ZfPfIH4|
z%>l|r_+caR-sorChAB_hG4@Mw^yRvg)&IP&8Fnk2Pm0*7MbphpWLiU01IYyp>%fz8
zHX71kMi0xxxOKgR4#SxnmWkdyE@YpHx^o^S9iH2D{Dj2wNdbn1W@{!cHls<u+WN3Q
zb{G55M6{GLAilM44Jkog`b)~p<X6Yg256_QBW{^F#$Qts%wvFkq^J76#GV`Oww?2m
zK0Lzm?)Y6*#4+~#PbIOE%D_C&16>3Vk;-}TmFFx<r(-G0uFo4=lt%mgF<7OCy(^Wc
zyScEatlN4(RdTzWC~G(9s>T-8U2ipZ*`mW*n0Y0`Pj{LSp{;ZA_Jagja=IezF6DK$
zK+o(jK}a`{#67Pa)Sw`uF32qOA<<1kGg=@`?~M4^TtphhLYv#*29s-|Z4d(;%<P4R
zs@zv3KXV1&Z;WP*F)xRw!;TyPo=M^4Tp%E`SjM%MEm;cARs)7#7T<W{ZzT{BV>^UU
zGM?AObi<YC@fGVMywkaw63-0eXXU+GS3cPGrc0mL{@-<uA_a@~S1^DQoV2S!^RWQ^
zp=m%B0%zmE%$n|((oTr3l~p~ofY07)v;aw_{&HzG@7zY;6}pVHG%XlVJnKX*OCH@`
zxD0LF^pIxT`Cb4wPu|N09z%~mR-WE<nPh*pxCiPf%{6T>nd;;A@cviX`H<qNXwmFQ
z(@Wx^GgJBvXUV$xV4-ckAurb9E(ZV1EL#}OcJUWtOlUe#ouF}z;YZ9Okd<OZs^`UO
zrNP(6&*rm@)z<94sL6DQ>NstpLGzWQaqqiz;M5!S-T%@-Zgej5=6v)A%!CDWgg^#N
zaSj5}ul|WjzBvWCEdmR~ked@LfOhMCNtBC8L^R7F3rIBtWX8b&lF@|7sF55eG%8ST
zEl9`m(5eQA4nw7I&yWzL-UV=xN13r{l$mLU0Y`|V1V1y00H}0CyDI!|)|w^S8ZMx^
zxL@Hjkq)qRk-e=Ip?DFz#&rlY=^R(kgT`L|IyP1n&8Xj*DHW_^PCWZ|4h*5o1)wV^
zs9bcgRiQjX*L@{H0J7|SR~c*f_kJgt+)W@mS+k2Y(z0&9HE!jY-r!_^awSr6RUwgO
z9j#ZqkjA;$I^lI~M7J$FS`iKk<0%fK=ijf_U6t=7_iGdBVMX=iI#KEKIlm))3jcq5
z9%J+V)TFTkHYD`DqgZ8thku5QQQ`^bfC^MTG9ZSe1b^2N2viybB<{ALOmT!2BPsrF
zXE~G5fwD>sM^YgzLkkTFYJr)hK~g5C4e_zsnvf5pyl;5Z@I!Wl4flgWU`!1208+;h
zeb<d6!HTZ~#U49dscA@m(jXS>9s*I;NaJ|J{IOO{E8Goec!TJXlt0{wFpGci7%sYG
zz`nL%QF2r>$O*|6swQS|eKm)PKYD3mK{cqsk4B-<nm^Tk5aW|&L>Y%E2zFR1MtTFL
z=We=ex;)N1Rl@rvd8OAe!jwPBI_9%}LF*6}!x_*0SGUtzWhb(CQM-KUOZV3GGv?t}
zuoCvr|H6M2>iv1k`<~hCDiG(Y1O6~EKNi6S3Jc|JXi+6~0JKu5Ou30}-7B~TXJ+=d
z6l(zn4F57gg^Sd2KGggV6Y@R+N#1vo$DeIv9UxZZ`w0t`QNkE_#{3iv<T#nK%rK7M
z1-5Sxdj5RNRG?|oD29p@f0<?}4nkl$ktx?{0jjAIzKW9>D9$AX3Xz2~z6f1BW1$-S
z>=?MtBJ+c{&`?oA>MKw$_w*>=@4HEm#(kmq`x5o2n6x!FzTdlKLZZ6CWgC2?22rQL
z9IPac)hje(YQ7oyOri!S!xqn7PgKLt8fb5UVtnPb@PlTo&XeX!kL5c_G8=Vv_FHGK
z9<u;sOyXiPoJpVRWaxF5%!b8@)A4GHIellC6n4qKH@Aim+lm4ywL#{v(}>2~=qZl3
z|9&Rbs#MR3%e#>{J#Dr8Zvi2=^Wl9xPSEms)$;l@>@b8?Oqf2&AzTYLPEtIzQ>d&-
zDtdI;NGIqDVIO@cX2EVhz349wv<FVEwbs20p+qYiKAP<{L^x;>`pg|nH#}sALKw-w
z!W$BPd<R&%$*2+(<%VG~BT2!IUZJ-mZD+i`!}crk|K1!ttGtS~gtYxo$8cmX3gswc
zdw1?bw%Y&7dR1bqvBY*aX0J{8qxFlel1P_g&+Z%~MwTha74N98C+akXDTfpfmY*i_
z()}$ys7Iqu&Lcfha^$7#3(I|JFuW8_wWC`37&c?gB%OE&<>TI&)fl9YyCrp$Q5}pd
z8Ce`1j>gm6oPdX;ICzC0j`PgRk|Tba)rbUx4%O=j9m`$>>j<Bq{r{$?y@XC4=BHm~
za{$6OPkrtTu45)9&N_PsHNC6l0MTF)r^h)%pN!EqnV|}+IXiU@OLLxf)7X0xl-1Z5
zg@j@&20$$wy%B;X`<GM9#ySmzz9|bOj?1gV4e)X*vdx4ICZv9qXuT5yD^JJd8fAY)
zo5)M$AFqCe&0s)L?k~{<=X49?LhlP}ru<cC+Mmw9m|XK|%X^NlqYFT_xO;HEh&;#l
z*m+C$GM$4PQbL1tXHk={O&5sf7!K<B$uT9z^4y|vkWI~t*PTrC=_b|1E1CO=R5ay{
z{(7BPLc2gwkRSZqQA6}O@mitwRX9Vrbj;sd4)^KJyOU|iEd~y{E_l+9UHuPJZv&Gn
zpW%2E0|AE{@MV@Xf*CEX%19#^rWMwMV?69B1WSuH6Pqv~6XG9^a%=%v0;wy^3Ku}i
zsL7|d-Wg_pX$PiQ7UX56mGIc(gu0@$(I(fC)Pi%%Z&4+-I3?5V&qV(Wu#}W{`5ei`
zKLxY<!Gx*(*|+$2qJ5z6B=V~dod{ziyw=f1P|-uUz*Zu^8CUXWdpxXQZkbL*t@i2n
z_pZWQwht?g;WM+3$dE@Cx+y=%Gn!8}Qr<j_=d8VJBtyOE3kMG->c!sg-btnI#q#H^
zhF~);zz;bN{QGW4^$35|>2r)7s`mIIPIH-TFMgRM-xm-59zED?ymXwaPM+=(<uHzA
zDC(<5U4crNt-EX94g^g2|1z_Em1jmNrtEmJFKL9oy+mcuQU{b=7K4<{0762vfnVpP
zFUjP=v!bX4Qx~-HX2y$;oC<K=r;>w5so(LiI<^Qk8yw`x`C6*Mk2XC0+Um*W>>1yM
zXCisg2Njejln_J|PYGKRj8_m<BK6}V+1T27gYr$Emh{68n>P$Kc=l!6l_E5FfBO6)
zcri4(9a`F<E}wLk(1kkIy{)~^L9OGekmxgVv}VZ#x3W9b(sIATE%+<!MK(ikFwDH5
zID5Fe_=Q_0C7b*jk1R`H@#Adoog@R*KiF|6+frZs<Otc#+Ie3TSj3U$Vylz(lRMYZ
zGEMlu;1WJ1t)6jTC;@Yv8q~>`oX7r5JJ?=q>|)5E{(>5T)~0cio40fHKk&Jb0l#X!
z?tbljTEju)eIb<Ne*8s(;-+0K;~^~cmt%F2_&cN#<3ck-S!>O1WX%5b_t_O43#ude
zd6fi+xqW<PmKz=tb5+Wc0go)nKu#7%3#JTVP^(i*el0DhhU=!+UEg_uKMW@pJ#*>W
zua{Hgdm+kPT7+Eo(v`5tw-Tg|pxg&B6gmZb_|7;4;4LW(TM)k2ri~9ho72j7irI*h
zUd#4A+N4H_;5CJ(_c~X5HyR2|5#I>K6wLIOU$(G)oX?TvVUvmTI)AtkW%%5*TWqZf
z`1mGH9)kqD=+LH+dDAnTs|DU*j^mPRt}HNhGr;_xb?Er2D|L-H-crkd_;&1W;rz0T
z|L?p;M1r3u%*F8V@EQ+O+$k)cC`_pp`=r7la0a}-W_@@=;ShYBE&*lMyZQhhN-yjl
zQe-?1Q&5kGo79eM7+96(E=qjt4T_p%!_fYjy<9W7@-r0wo~4ncN7cjZS6k(Z*8FR!
z6mqc%npE>K_I^myP70DTgdM(+Bsx$m-Y;DlD8qIsXYk{d=7(neWLkp6DS5MYd=I!#
zk?cTLB15Xn*n%%b#g{GiwKm#&B3Uz3+_BZuWKi5O0;R}49SyrlQ1AtX;e4oR%*mT)
zv;sxmc?x_0AI@Zvzki`Mh?_zj>sGq{^2dnOdf4P8*q6L+rT4bqn{Q_7ejFDwaK|&>
zuLJ#@btW`g7@^~d=mgrTA|0%n553UxIY}K*m7@2ra~IFu`Ow4O;28FQ+dvF|@2gJw
z?q|Ngd%b_J|BG=6xU&1rGz4&xdV?Vj#Tq{#fc#R#{M5x7!8^U^HsT1(lbl-V?1fup
zIba+%7v(iz_?^!}ZW5XeWXx_yjx)gof#ix}rN|V~BLLX@I9{BsNOuEaUEm3nokW?t
zCPGFnp5Csm4{L@eUtZ`$b9=pt?kqC8=vO<5f_5bI0IWTn7-uXXaKStf+2jW@FgCFb
z6s9F{rf{a^90#o5gf>CJ3mq6o4oj5ANtJ(2p<VkKE?PgM94Qt=Y)$QdiHN|~jJy6L
zKmVZMaRk?U))q3aBtweplxXkK;bLht4Qq>LWYm*-fElUaN=WA(01OHW76HB1gf^H<
zOkv$3x<ZPQ$e0RjkitzzWGWmXQlZmo0V$v5-J-pQaKtBiOBC}nhzSV5SEffaVmofz
zM$#R9*nh-yQkMf-?VNaO3mQ&rpQc<Z$bU#Yum#wmpak90P?B}H1-xo9ov}u3;yyRw
zrCQo1>S;qCy>y39c4oP`x#blW{<N*MwYatrS65G-(hV({&>tHgS5(yuI!m)!SX#=<
z%M<#y1;4J<yk6i(Rrq_>!ln51Q?L*AE5l*RCe>L5?#Vwzg0k<GP9~jek@IeM-w*NY
z#kSM)`(|UceB~{;j+W}B9IP3rVZsJFGJ0VSh2ye0I?kU*Bb1BIVBX0~lB>Jc2~h=Q
zV7sT|OO~h7tjL#Age46qF@;H(&Xt4@KFYC=_qKYu6Zv~|z(KcKBqgRs2yh7pP?tLH
zuyJC}oKZB@25ZMuVm(OTH<#JoMc13vza~GyDWxHvO448t%U8XzZ|Swc9Qr~SNMt*y
zfX}ZupMl4Poy7W+lYq(DYW~W+tb`IZQu-wMoWq}!Gqi+!!YIpWq(Z-Tnbrmix?Es^
zT|*!1XeC_{Q$VaX(t9}ST08*=qAO?e{@xoR=F_&dE5!WL2K>nsxQSZU+%nlMD?ys^
zsKFg+lG-eem3<PX$`IsA06oRA!Gso2BTM~^OJa=KCW;<;MfX8$YW}Rw*^@t9vES}Y
z2))r7l<aDaBlqP`5;x_EY`^mQk*R;;WaQ&;8(+LWlQ?F%n#68iQ^Odsc%EKMg9gG<
z!u2nB=##;H%}HRT)2%Usa<W#>t25<<7>>upKkG{fmYUdTL>RtOmpP&LdeXVzf8fAf
zaA?@S+X^hOIh`xis5SaoR$h)Ark-0wR1|OV+dbVFZhY#mC|LlY(8e9K)DX$ua1TK+
zj4LgN_2mPHTiv_ODc+Hrn}}yOcqFTgr|+$st%d?cQ^u?ss=&}2Zq71z+cqJDyqo@*
z;@>Ie@YxW@OMb?fpjhEfOG~RUo5XHtY&0B+1)R(m$DnXNv9Ckebjy(C1FKtGv8dIn
z7WlXvb_5m{7cEn^YG_@hZK6M{m#b9&K_cRJXuefzHA+1aFc|b8EPn<9F@iF-J~n<G
zTioB=_NyC@(d}mv6YzaJ=N!0X`<m}`KckJ5;z74QCW2-8w>&y^GEMP%l*R9F_2(4R
zxwr?c{POVMx6|2;dE=E|7M9U!RT>TxAVFDz28Yxlo6nSjLB14oHT{{!ZqpOMejL#e
zRyeLE!P$q&X!Hw#=fnUG6k*9k8Sezp(rY}>I_o<*`k)SG-|_a}dRT$du2SctNu0p>
zM$~JAJ&w^86=CNCGoELx$m+p@t!y|DkE4*J6I1%{j^lUr?uz-drG$&Sbf+^271W{`
zB@aSHpJm${2tAFkY#eJ(l)bxXJM&`>L#3p$wpVVygt7~ytz^4)EZttpSr$q#AqlV1
zbK3Y#?HIsWx}6dGjr}*EV=4Q6HiDo&xwJHcLzC08KD218#%-~Fgl)_J;;wNdm?{oh
zjR-r|S!@gkhO{6PWrWoSKh97Y8TRYW){aN<ah92?x}xVhbMgLRRWdTHWV&QGnc!|g
zcHMQ4uj4o^V($Ki9QhC=M)79H_hVcJsQr)w$L+pvX4T)(yXJvICcjiw6Hg>eX5*j%
z3!UGuNeVjxLx{JNL~3Y5byVIK?iK|K;83x%hpg4{&kL*^1}cSTo9pPOQe9T%h)X*7
zI=^^%%ryoT`63^xqWIG*7v{A#B?%G~3HRpw`f}kh?Vz(VY~9hFvREmavf*0~ol$(~
z@=HiEFyoe*W2e%;Y=6N2^x-se;Y;}yX!t^1CngwsNswetS#T`*2P~s*9s0)9(3TsA
zyt@)vS-%<BESmUS|H;lTs#v=9^vhxBLJRbbAYo3GG5RV8rIuReR<^dtoU83D;~V(2
z2H9o@zqeM!J}fRR5Rv&tntXA^E5{O6r^~2Kg?3@Iv)$SoT!XZvCami#p$69F!ILAe
zC}q{+G9xZOT`NmGrXRLZZiehAkX&Q~3XiL}o|S#Mk?8q8;q1JOFj&~g8Wyg62GqV!
zOE-m1z@98@B@H2V&qYz94rBR!p&K&yz-1eY*>St`dH0LKHIs&*m%}x9jHf=^8#HV4
zz<U&-)^UJoQkoeSVR7GyJh*52jv+KQJ&l<nnY;B}&5toi=a7k#=WS(Qqr)Uj?}l3h
zo4rC@4PtL;$t?_ZVEXq5EF3P62!wO%%Xsb4(ffXoV7)5~OQ2US;m>tBprWh+Eq-N_
zLazf&C>-Q~3Phr*qX}>Wa-7<6S$KM{tr#P}bGynyUX+m|LnuUsPx#RA!BRI=9*^Z`
zh+KB))DxYEX#hU7^wOLdXBTTK8pUH7xatF7wyq77lZHPCOUtWE@88&h@T1xn@=rlU
zG1vL1EzVBDR&CfRCAxLMLag>8rRpvdVWP15Z`L2Ck9+jHg><gmS>~jwfGaG{2?<g0
zJk!unWtV;!m#znEm!$%vQ*S7xQ}hDmNsANxAXOYCi_@}!mXAw~HVewJVLx==Ge`ht
zblQVY2epLUGq(kO$I??8NV!vv>mcD^XXiKbO>_FyYc^r=mtYQmo5$uGggT_-cKDyF
zJUZ`oJm>*N0|B`6^ulea<4Zfaov&#PnV0k=)vZ5KzV-V2{PL0#uG>=#(fvkp{_UO<
zU-o_Ubd}(h?#lDMnmZ~-%W18+36afagir}@);9DI?J)HIueo6=gPA1HAx}IbF#b+O
zJw0|&juc3OYPN1K=YFV=7f12-cujs>_C8@SN4#bGxDd&E9Suh?h$O`9ex<YFJH5$u
z8zXA$1RYl!1(w!RF3!=DjQ_*Z{G8vg|FI#hjdCJ`6V>~wwYa^ngLEZnu~s-J10jtQ
zDXjSbJ2`Y;9P(4G$}%2zJ2NIr4Id|{g*MJ}bR>>gk-i{Gq_VN`r)(>kOHkSjx=sAN
z*l&MelQe^Nv;<p#M-e(&Da-@(LazOG7j`mras&qbP$)9-L(4C2qr-%^c#Sn4oaGS?
zW^;re)JqR*)2r1LCXmnKiwmVE>>erF7$hy+LZ7n!#x~wXU=do$M!L&fB+il!YN=y|
zu@dg%9;qgTD!_s%V_$|2GYYaNyzWtFPwg8}?0oq(LEzDlUGWkpF@tBSHIP#&{r&tz
zX1DnGkkL|T`rx5l{}tuKX;IaR{~%V_v3cT>y+S`GUY-xyeZvvM%4%Dm-RUWv6^y>~
zC2y_!wbFjSj^I<|l8<jg!HLWGh-Slkx>HK7Jt5=nAQtx5^#&(cbQa6hx1+pf=SG%|
zq8v+(;yl!-Kw9!2vl=2~-b|KiMq@wu_~yT&2nny>os<Md4}M6PgM~VnO3+z%fBYku
z-B>k+xYU6Nn{p%J=AI!tXi$X!`aWj{UH{vDMusv4W`I<0<v-C3#dRaM<U<GhB#P$V
zGNegx1y#tfPNA|@z||_xd-&~J(4QM+65UQhe01n`Z*i%{%V%4fkRcZucS6WzgjGcq
zpll_~xS7ah9UFDY&T?yXwk72>OAB(9lC$1uh)RkcbyuY8-!5+0Vs%RLCmlj^V_UR|
zhWp69>*t1<Un^uVnNO(WccUAdjTi4Akz^kdk#siEP)K|evqhP>tW^Z@O*3TFRf!U1
z#{|*^KI=Hzma7E+?)aZ@?^;V~&~|x?69<ga`S`vuTj;z&5cwjA_J@|vxhz7#&ccLQ
z%q_?cnC+ik9G$oM<QVE5kap9am?!#G^#C9z2F^F>TM825@9PAxz5=gtRk{(YT5jE3
zd_Dr@<zl)$In5BN=h31)&+kgYP2x^0lEQSL0{=cMGNDS1KN8LQ>rZNisC40TR^^xh
zGhu#2Ngh~RG1&FvcHD*#FHG)*t_K@^5=Re@+=!5tn9H^ziNkr>H(M%wHgEk#b@e@S
z?6)nSr89*-q>6<dJix|Ob7F8b!bK$;P*BX8yA#htP7t-p-sLoIdcAw)hJn7w5e)p|
z2MoQ=w3FcM;HBp4_jd?BU&J#U#)e%lNF1Mzb{B>110-8LCm7=i6-m8_Q@Y!)?0gO<
zjM<p3J08h0e4kd^>V^{!XnWb>=DTG@mT%-92v!Kdgu!Z$5?wjmr>}QMZpk?SZgf(k
zn{BS=HC~TaGASH_=f3~EIH#(`lr7M-@~v6nris_hSSW2UtgFXVa=9oE6Su!Uz{bk0
zjL)K{#*cr0t$89YW#u~GBA6_Et|$+ZE1i7cE3VL=Qp|*=Fd_^-dog*O$%LFHHx%EV
zgMpE8_i5Wg%5_+ciM|TjdJ$fLT(n*)O6PBeT`!8Uai05aBE(6ol|5%mk4(ujdHSZj
z2)M1?Z}##X4}Hupk6%annh61z<5`?)j@mL2R8Bc_*tVWVu;l(QmmLHSTg5Qn{PPeZ
z{X6m$*SU?Wc8$UJr7<0YJ|Hy5tMN6xlhkIB-0Dw6z6U6?$u;>+e4m@|ty^*;VD5Df
z0so%T{c-F&EaMG*d~S9@^WHoM3rG;=+SLeZPBtHrzS29q)okD8kUVGigCfCfjrSoc
zG+KqOA%^o3L&eL17Gx@LG92MLhbls?ByVcNwa4EKX1QUJ6QGqC=A)XI!zwO^jGfi<
z+C6E-qEkb+->;}tp2GkGrQGy+O+F3Igv&e}Ipw0e=>3fyF*~#K5qcTAu@YvNO$@0r
zmfj&GNhyw-+M7UoeNTEba)=z#dB}gn$OBXmIn-#vWw)wuWj1|5*&GP_<Ar!sMqbB^
zG$iaayK|`(It!lUdUNsN4d9C>CSjJArd{bn+$hm>(T0y3W)Dgvu1S7vZ8UwBMA<b}
zR=>YnFY)Ib3(Tjbv`FCHT}6T)#k50C6j|ouWurw$5XK5hk9#es4~ZI;*rbG)eTWOc
z6p`Tev`s-({jP;iOeN(g*u@%{i4p^#x$esi_wcm~@q^(yj+BC}MJ&?e{-ft9vXa*3
z+TH$D_MsEjkGQo>TAWZOAkyr%1fHLw$_|U6?}xX>zr8!~vSajVon*W*^BYr1-``Z1
zQYBe@wy_Gj*MhSMu2Mke$cc54GgYJT=FxkJSbGW4zlrTYSvQ60gl<9ob49Y$T!zaA
zz3qN81t~2UBdZIw`1;NlchMnlzkR>=e5)@AR#9I)#u^xUFKzXz179~6&57J(n_b3q
z(Ww117*6iA%+j4GT8FBv{GbC1IlO3KD~zo)kk9qIE;0_QQ^KjTTyvc|Z^T}`&G@eD
zG|v)B&me|=WV{@Y<giFm;6VJ<1U2du#jIJy&=fAjf=Jvo`W%vk73TV9ryDH&D8*nP
zB3~$~Jda{F@y15-rpApUuyW8)NG?7f6biXV5r1zt5WB1KvOt8(bAajNIfRG|YyXat
z`i$Zem-AB{`c>vWfl_&*X=MmaL-QjVMHzO9c9c?32z#tJB9wAHfy|z2q4;c;p7Gay
zaFlR1pR31y6uU{@mO{gi)~^OA;jG(fP)a6?2@7xXeAaV25a;pdb#0?|{6GT>kNx`t
z_q)Tw^JN65{X}nUFkoHvGixU6s>j({PsCG`bm$o?*niePdb-_Ma$bt3`@)pPt+H1z
zA7NnS_uzno_Dx;vd_?tW%##_nUQJbovqHJ-$El}{PCIw|ZF2U4(bxQ`)6>0a^$%#%
z!$Ug8$AE#yUx4D~?wAoubq{&YN0#IiJGv(fr#JcRjE`yI;6{`Y(E&a23(sETeUtZ#
z+oFPByg|D;qXdG=>T3sk<BO3=NoJdOwVxk<4X-<k$Af&+MpWWPS48E;Zuf`J|6s-p
zDky43r}3$ll!h6e%<zqj{4|-+t7ov7;8<8#G!(GK3SI^`=>woft#K?>>P9`eRarUA
z>6gW%<b{-@{ljC-I=lS{ROgTJc)XVMNY*XW;S!RN1pStxSPYXe0%LP=GcYVePxiah
z$k4$M(G>kPZtbj*rS~Vg>NplhDa4idX}I~*m;Xw;@kjZ*nRE+^j<>NeQ=ADay`B~=
z>7kzfzp66g1{_91_h<zSDsuzxUbeu|hu8#H7?@SK!@0IIf_OJ57FyB2ZyaQoPH<2B
zA11gCxQE6ZJ1a3ppT^N>_n5dI8?#3EL159GFw6-2aP0&hNJW=j<ZsUep-(0lT1>hU
zP4q)`tK9>6tLg@`*6M_{FEAOLH(D7pH{fMKBQTkwvPHO=VNT#4sDe}6<y7NW4LZGM
zpQR_;kOWOMMs`&e4VdZ^aEz7EspbfhGUZ@IMph~KdtKW>u5rkHMf8GWq>DO4Kx#Gy
z;2NJmP)hF`A(eIi2%?Rk7?)xRTa*G#w1FsZfRpd!u$4(Lo^XE;tmDE*_E3u?q`_QP
zJ;U#%DoocNx)s|`-`Z(Gal?1Pzay;qSiN_IS=U~;f#$M(@b>!A+*@tJ2`5KBa8Nj)
z5!$kasDem-dM}y~Fcexl&%^qBnq=4cruf@GVNQF~`!d|sK}VdjY3SDKAcx?YW_ePp
zGf0D;9V<9IWU<RXJb9*?i~I^pkg}J-NQ~7=p=zT1!?&A3C%v1p!es$%A^myTG7s*V
zY-sat>A{<B+p^8;SFOkRE4mlB?9Usvb#44OctQLwPrVJkMPb`lRNfc0A;H;fw(2sO
zT&gDFF#A}!n<EFK@uFmg%ewBWXd2aK8|alyB2ByE1Nn@(42A`$oHV*kDEkOs>qAA{
zi+IM3Nwgj3$#w6WrX(JvXs&iT41XG&jHs!xiI$e3{az?($ZxKzH7}*w0^{n>wE%fu
zSpBnxr|Vlay|-@jGn4I6??bcr=Gk;UfAd{*HUs{p?D>r2HCPZ2kI}9xG3Dja5X*2j
z*|_O=)5Y%J*%rgVqDh{n@(<GPBNb|V-COXpGAqXXZG23^fdnnvD!6K#fPHcT|614m
z+wIrSLDYyWr02_fYa2UZZEuuJAuetaE^gG53#W@sB3<Z4_fmcKwn6*FyTYtr6W75w
zRsDjH1Q(8!AIQ)A4*X;L$cg0HOr{>*z3WxlrGFU-IAPTFUd5N~U&9a2h6zRsUAxc9
zs97r>?}u7<0<K%Ho|=F6b4_^e!*?cmY+hEgXG+Ml{`A;LQM7AA<kO&tSBJF6b}8;+
z!#m=4dw^R0T(kb%9bodT;c?-A>G>D&V4kK-F0b<2X!CtL`t>w~TxZ0ecL_FpIX;AR
zSoDLmW~*>iL);me>h@SE60T|EetUK`I6B(Qx8K6o^rsj+W~d=NJSLM72L!xrPfu^)
z%|N{T2_Czh=wdTDDJYg%Q|^IA>0F(7buIj=pyiO6BIbahq5|&pNejF_@huh0#57>g
zrxJmLoa>e`o}kT^hM+)S{>`2y<0k}%X1o{N*K|a1$#|kW*qi|Ht~v<w-*-qdFm%GI
z^HL&ti%^Nl#I*4(O-p7A(JN@(9mZ^1mb+*A-%eeAtX8>|J|z^4%BQ4M#$?!7O-dDs
zamOIwV>UmZk$aBvUtT}0ydocYaEHB9qmKq<%+#KDqQqh7d!y_>@nibmII*zulj*);
zr5bcc+FYp~+||d8(};DoBY%&}ktp-U=Sss*lyo8{yJp1-6uSyg-#+bobe|sV#@F$;
z#<%ZRod$P!q&{qMv*We%qKx9s(ujty%(Q@3Ia~Kt-bn0e)V3v;{w5+qtL`~$rNHqa
z5b<mF0%4U&#9483Oxj3`dX8NkaKI8gR->c+gVzszC-B>o@DgNpp=f9`{Xivm%oQ7>
zG9w8W;jxbbggImSSgm06ay0^Mm?>`)(Q=vy1F668CKvSOm@6O<fh2Il3138OM5I_}
zK0Xe;Ab`@hiEa~5h(sai__!-LOc`;g;|bQ`yv{pzY|J$<yLk?WeM5c6fBw%=2di1B
z#)@slueNxfJ59y4_4Pw8QZjXHus9}m{ORx3M};)9QJgI9V7it76qMwG%+uNI>`f`?
z+L7?l=BK3O)Z`9^O4+facd5Qw8msy%BM|Q0q1dU5R7|OIg8h|SkMYwY>n60$Un}A*
zi&et-`;@MUv84E04SX=Q3di~x`6|v=G#NxG1a?@m(n=7Gebr#A6}GUZrp|>TOO^Ft
zXen`!q{+=|d(7bdIQ}`~l{XPWi_w_5OzWWcVDO;^y0<ozc6}Ad=~4Gwcfz17C35Y_
zVErj>d*V#k;o?SFWoW24hj~5hkcn@?*SxBWGTW1Z9)tI^fpqVW<sFvt6G~MIN}=tv
zae4Kl^zr5MH0<xKL<4+r&;9e>zbSu?YIPr<CAiXiVXgJWKGVLhbWT^9o!d!bo~fLv
zQ897%eGoqnMjHOzeMGA^ei~cl4PIB$Y%D^?bNYUHCYL9DR70if(^|}Ux+Tjm{_+St
zbX(MGF6DVyT2?{h^gMQVIDWHsu`1-D+;U&lep{dYF0wfsja6=!uv$Isx=9(s^B$`=
zed0b?{X3BQtLJh3ywCn9$X2Ppm0<buQb!3}+FSQ4%k!NUNm|-j&0?4=E-aw8YM;s$
z4`+K|f3Xl4TUs?x$$D?bJP$o!9v6zK#GHmPoJSfu?vt!q1O%LS4jZ34{bzEUpKr<K
zEbwoWDP8PUAH$7y9o>4as&UcM$uz3Z=^wtZS-x+U4Ng6%&*J!AP}_Xh?|P3<rhlQ?
z!NVpUPrf@*D)O^>PDDgJAM4n7@wP%UF0MzN`v)`IQ3)wX%5ihQFy*TO*f<+l?Rw^3
z?Q=c<K@<%7+0H{u=-;59y)BK45C>Kv@a>btCyT)NBLIqRnO-%TAx4|fU7$JPN5G4D
zGKLonHCf=KbGqnaoUk&$Rzqhayf|vy_OBMA@-x+)m9w6cZQ!`<v|h5;`#1oH>-hb%
zgaH6Rv44#WCRhoa$t)e}7uIwf`tXJ1)Bz}{PFiaI;bT+_%S#55()g<LeBs@jw=FW*
zBsNt3D(3ZF8C1AO(v1^thM7>FzZzM!sPqz&9REhVJ3G-{4i9zJt~jJq-%XDO?)mSV
z_HlrD)BTZbk3v_5ir48G7Ya1lQwmhk22X9mWWqZfaUC1r0t71OK_fX~Pl79AVgIoa
zhbfH~i`=r+zi8X0gnHbBtqm4t^gW_{`5I`mhf4k%dziqL%Wd<VV<DOc^SMheXjPh>
za5hOuYs50T8C_ywMUH6gZ)qL1lbC|)8d`J+<-n38;%%pEbAHgzHEgG`<U@y`gn<Sk
zjoj=Q03)g9q1!Yf)5^O~QTDokF#^`P-7%1vf`m0DdWlAhE8fB;42E;kXfpT@Xh|R^
z(OwMY2dRIct&mLX-fFPjhtXzRW5W9DTrSI+un<h3E|htnh1Mc4QM!--@qED9*>3n`
z_INj`2=;-Q77O{GO$v}Ys3C`OH9Fez68&P(rGA~LGSk$`%5ILfMMkW-SE}7{ZsM}$
z0`<vL1~d;J<%D-3hhs$LI!B3m4%E4jkYSB{f565@$<tLUJXCRykz2ZQU8j*y2yTw|
z!%2?!WnJal)U{%Q>$R@D0R;Md%T>XoUUzyK>>yJaSaX=g|EGW-e_rRD74K7*CB0ZT
zoHS6z#4FI?WRs3Kv|<(4L>ZBMz7J>0D1|jP{wmZ>1A%}QS^GC?$aLBd&(H5rop*S<
zSI9v%ewx6!{Vc7~+J%}vtTee`^;kwa=n_*dq_H}>Dhnv+3t^3OL)IT04KJnTId86O
zLA&LpeI(@Snuc*t;x%U}4cs}_e<3qG>;6b3Ux;e+G>oZ~R2o~HlPS2FV3yT3^Om_e
zLc6r*drUd%?MNZ-MOv5MveYL#HiJ@ri*(GUq#ev~b&j1#yB@cLS#ZDWxlLKIXUfuf
zFo}7!Ew!<*iED~qvauC4m!{^TFhX2p&%dsKKk+lDWx-txI#(NVIFYw=oiDjwm;WoG
z?Jcgjre}%C1-Jb%<-X8$Zr6T#e@k0Q>-FAP{TmC-RPpPM5n4K#PSJgDM;Kuc%RIBv
z(8BL)3X)YeyFK01C!P8)*){!-vE_sA+WG5^X+O0uJI*iA$XZRpm*`vc^_hhCRK&e6
zcz68bx9i}co!<8Q(DKcab{|@rHpA~ek%^4P>|h*bH=3!}i(^dHe{!6U`&9&ofB8F*
zK0B}Z8d0-9`!E)#yfS%A!|gJUZ@>6Ad`NtsP@L&xJo2lGNP7Og2uGK^BRCN+c;s9`
zj^$tb2AB9Fri};YdmL==#+7Gsju{tal%$w&<DxBa`N8r%dq1sj=E{z5>dCu8{CIAZ
zd7gLXOAwOtb>%F6=O@&@g6m1q9c?--e9e%ZDnes&v=U|xE0dwn;%=W=TMDmh8Z0@{
z3Ot=BBUGU~U?D-p_%OLqbNp3Pq%n~B!NOV|pu5Y_B|lJpZWi%=5fM?xDYx;bV(Dl0
z;Ne)1j2_Sg!el369Qc@U+MZMAOv-eam@z3BjGLJf;=E~5jqQ(<tqF9!+>`*8$AVbq
zQakwEt;p3NhFn|~csp{`hBjX=Bx>1=$ul-|y-%lyR&-`R@8rk#Q<^4NI0Z?tX3RT0
z@eerKhT{_VJ=g*%_|r)qF;JkTbkEfF3v};@ykMj`ETMpXjw1Ps9;dCZEyum;ip&Ny
zPrNS{7j4H~C+mLSAP_EM0D*4?%a-lCImFSuA0a+JqVQNfY_HCtq_KVGDVp8tug?=y
zFS6#929vr=s!PY!!rz&n`lk2W`$<QxDevKTc)g!#0<=o4rDY@~C`rn7SY6fSyu<(U
zVK_&pEgj)ld2XqRmd$9A18GRqhnz~Q>!6f+ok;TMWXFY0pdb(1tknn<mmrmKAdDt@
zAV{>v6m+-r`FrP(PX*K~U{~+tTtd=-JFI}TDnS-XR|2^lu9>hj)4zMf%G3S*&pLnT
z;ksc|9i8uEy&Mu3rKc_$3l>N?!kXD}TjoY2ujl3YD^cM<vybP?#;<pWTye+f8wwRd
zBkuUK;Tcs!aR;~c(lX41sA`}Eks{GPSO6MI)<r_w=~(G1<r}k|bMgrZiJD~43<POY
zg&3sX*L?XV&Ace%F;hWzT~{|Ks_g^aZ(()N>#K`FMRtIVUbv5&F{_3OyIys~4b)ec
z=B*XhQg2t(_K#8dyBV+#cNa!CR+yUJE$KMFLr2bKm&b;QiaZ#>LM+g$u&=A%h1(0u
zM&p%M#`6xA#VM7Zr58PL`}<+OWTg<x62wvtXNT6hwEYXmrP+C-ico3n6<f*VvXRcC
zhiuFhUM8N#Os&9Qc6A+Yuqchi#<|G|vr>F*YU|~S!5YK<nFhDQuJ_Pa@7={@LPk<b
z(hBZzO)a$myAI94{eiPZjZUk?qd^|;Ia6&D(QzrbN?hQX!u7P)R{M^g&fm4hlPL%E
z*Q*ph8^l(+rM;zP`>z43v~g{GiyXe6$2Wz_YC93+^y-`s1LzqpXHYtSCsA)sV&n$*
zF*4Oi5W~~^;-^@!mI-`cc8Qva0A3s)Z|Yr<yiY6A>h{Sr+F@NnBU1ed_|v~1RZs1S
zy&v*7K70DpvJ#o6dD<y#w%>lgRmF2wcPk#)nby0ayq}JB|2lLXE#w~pkw(;>SIxuh
zN(E8yl6l?yy-V&c8gSiRhppNEfXp$J5RU7n=N8LAjtcaYfOOP*aM3XS_Iixzgq&Ll
z?y_FMfo}b)0wN2naSS{}p9sJi1sro&#(N%Dt$_3Eyq*pvNC1bZ6y-tfC4T0i2$Y9E
zYiXbxyZfs`nQCxHt(d749bJ_8HO@}bO1c2oX{{(ecB3S)X5ElLxP>O%Af;d-KPG7-
zRJGE)wma+Ht?J=otsM&S(63Us3qDl@WFI~0C@KJf1XAu&p^CLZal-By6_TSiVVFoz
zB_aqTBC%D&f`#^!BII!4$<j>}<-+``TA~sPdfPoUi%w-|WV^`Zjk)OVrq?bRKRq|y
zA~n{B-2OiR*gz-0bKEm*$juS^pKxtr(Y`05cf`4^+LBWa=GizBJQrmG8Oml6mi95^
zG%Ms(G-Dfy@J51?Q{l6G9%c3FW~^G<js6Y0V)*#IkPMY0FGQ-Ns~ZWft|XJ-n-BxB
zN(`Gg6jSy(9!pj&!}4WIk(7x#^`r0xl@e6KI*L%e0z4i)i9Na8cHfk2jGjVmZ{ZCp
zl2hB>oAV=TxrH}Wi9V4sm2x3#aru=8%2Adv_2!N9LHViP(q3HoqnXSGFg6{=$OKT4
zl<}clx~7oTu4otuxkQkl((K}OA{CTtYz&{67{f(Vvlu3XvpzZmQ~T_VgF;8)(C9HZ
zI&>lq%^iya5=USc%s^$gq*InaS)>(5O+E<EJaIX`c<kLcux=kEiPR${{X8LDPq(y+
zPUbpd^ehG4EIFk~vdEh*+%iZ)%5A(%mn)p~<F_UG=@s6@EE7FQZn#=S;up%L^!mlL
zGTrUyS|{}(=MROXl;dTGFmkS_cC^Su+aaga!HlCEUyQz1wiO!@)Vv`BrS7(D=Un?L
z&banX{PMO}@%NY4;)k<_V7ElGDM!G(BcK#sEvd3scVp5~4;AA3-v8u6L~<I73LzCz
zs>C!JM=TN(iRzo@Yr=Kd_u!dmtX+vO{P!5Vxt^;&@6C@Svc0WczXRIR(xT6pa;1<j
zI_l;d(VaHxO;Vwh_S1&iF}kA9T?B07x7WR;yAcSIJEpZEvO)VcZvrt-=3UTa>wZk5
zt-Ve4Z=F3`^S1q<C*f*oI&8MeTOk4U9uwBx5>xBG>h)JNFXp*D^tZo-ZHuKoGZ<0T
z;BnpfM^d`7eI>4Y{W^4Ix;#D`|9BnZ**2yBWUOvkWv)xx@H_kL({b9VC!nEWfXoAc
z*VnY5VZvm5?Wn1!t%_nrYXD1HfCDc4mup6yvDur>m%j2<eBs>B;wk63O8y>v=mGb*
zG`u~2b@r<mIclV9=gX4{VXV#k?D5A>KLb}@`3L7HkKg_7H?H5rNt5uipZ(Z5>iu`Y
z4==<KhaXb(9P6L|{3ku$lull)Mvfkh%P;>KT3U;r0o`@lG~9gCjc(ct7QBtW{`D%g
z*Yv4TKW{x<a`8nt;>aVNqvBGJ9y<mL7cRifH~-5M#{cc;pXYX~>8vG&W3i4BMXV~0
z>${5lvv!4ZVBDRb*aI@j4#*^g!iAx<Oc*QctFhmaGcjY#p;&!a5(9&~Va5^rp>|Nc
zTuitXk$0zMA|i1^G9e5jhR*gZG8KKXwrMe1n^&W|xdmyNwCB<?Ns)o<(1Q=t7YL+<
zFxfZB^0n!FDUI1$>FB2Vm4YrCyS|@bHQZd0E31@MY$A5B;1(}^#wZ}B-Y^IwAOr_|
z1ELK22TmT2GQKp4OhxK6C6l|3SOi@%K(!9&kB8>2LX8YS5e`C<hR{<Xr(B6}UJ&oe
z&pdSLT-@FK#Yunf0gNh+F2=NWdK7dj7Wuc?qH&y`I2bpz3#1Ossx@y4WRc^FOO7vA
z;S0ND@~CN;_Ru!rvBc$xOESwzHnMV*2%x+?f<#vYvtL<_3A;=+&tnO3h?fOXR#hWy
z5k^Z_3hSF&v1-j)ENV=lZ*3*Y2aLeH`EO#~y7kD(WIQjrP@Gm#O$%l*teY$H&lPoZ
z;%(&am6D$X+R{4ST3NAvEz0v{`pv+azf^CQSa9{!yIM-J%1?~6WX%h48g8lIEMeYK
z?DvJ(y0??)aJn7+%d;31Phe_Y1bfAE=qqlGYggl~+3V51DkovHLi!R)&g2q+@(ryh
ze`hvMnf6sY_V^um_L+O}(u)t`rDy+xC!f6;&%SsYUU=~VJoEakGWk9XRqY#a#JE4>
zKmWc6Uz+hZjIEuj6If3A>?)*vhSKV%{lkH^dreO8?J@0qn`ys({nSqKX@vxU&x)qo
z(@HkEQW}b<(V6Si?@f}R2E~oxxavw$s>HNQ2y=&wQxY$e2&1hjjkweo{YWO5x6R)R
z>%KKo1Rjdeoy5TkL1IkdThk98S&2pSUd9EBnsLmydYrRIA1r9kU_o;PzrN&Oxaj*=
z;o=|sMdgwo{uMv@@s;@LPbh!J&whFpe*QDcU+{~c|5ekr5RDw0z*-%h-V-4?Ew505
zsw=25A*M18@f)*|P*k^XvOc1jIHpe74Fh%?fD4}dH12-upFO9yorQ#S@Q}esB~xh1
zHKJL5`dn!b&zE|IE2flSGKhFSj)}FqXnJ`Wr`ZSRHP16`oixI<__piD&JFrPA?C@v
zOZC}OQT+!GMz^FHT)Ecmf3`1DSL@c>^QB&t`di&?U8L5o)x3rb8M0mUx3aFQ5q;vd
zC=ZqQ=wB+U+E(HE*RDr*x_cu(sd4wm_88xHG=kF4?wNPbMq#%^9)0X7{QVy{;_Zb?
z@xn{9v9@kJ&N*Z%Ix=~D<F5~4T}v05Tg_)?HZ-=Y*)HR_!jsOJF=MfK=?Z-2Q)i>9
zJf`yaqmN?d%>7Il!V_L0=J$VaA&xx!P!0dj>#r+brR+sM_qlWN<P%T0`S8U?UcZqe
zN4tKM70Xu?#ity4$YDY}=V0QvLfG=MGF_S6lun=c#2Fgr2N(RGrt!ruegzGK2DoWF
z{p6FnGW+{K{@G3YTi^H^K6B3JG(P?AzUO{7eaboKe75&`5;^d|gYn$6&lJM=vcn~C
z?|t{@_nkQl_y6}k9CpN!h(`Irar3r9-EJs@oLo{gu$rYP+_3E(PP9U7lb(fr=25O(
z;+#iYM+aV?GY3nSF2&hrpT*nqKwApQSXLy5J8!!UeQK()cGYT396t^#maIl7AmoX6
zk@*6Ru6bA?7mR428nIxtt`?<JNp!U}V&a)U#{P#Kj$9}L875>PBe~7$i#K?`JZrxr
zDPq=736HWx=*|6u16u-Ka7|;1P1?bhpTfmCvLUG=t>WeFP592Es}Zd1FVYVwnK-6G
zGFb6Jys|L*Ja#{B{p3fGl*5j2mu^GlYG0Tu;!?lb${eJWlsa%GR>l-p*Tc2!Am~uz
z*jZj<S`_?>u_aoWy0!4y4R|{y$j#|ec1mvkzfnGVG&(jsgvy{?lyhmRE3S~37SUB1
zZsX%QLrDv{r9`{%(1R_=R2+sOdrd)Gdpqjt>xF<;p}nOMsayc5ED0^2UE+H#Wzx@=
zMXZpC`22@3W54||Xy`CK@A(1`o{yU>skbP-26Ni8CzMu&Cm8$4dw~u4P7Dl2Q1zGo
z*nh^}TDO#3RN6#Ll7GJZh@_LB4Iv4wMg%KU@3_QNKPeI@H#Z6d?AsNboXI7L1gJHa
z)CnX%u+J5%mP|t3T7~!wiH^n-ue^Xohp*PSI~}ZcX%|j_`ON6SzkUQ?KjTpBIt+T(
zex4Ar7hYSBHLYb>wQLc_jT(ko`_v-40r<lki)CV6k4wiU(693e3?Fciq}PmSc~0vn
zz>nQaeP|}~_p^nkVYewqBOcxj&(6OL)1zO&-c@@miKJM<#rkwjRZcZ60{tu)R>u<o
z-8re}H}&`(PU=A&IKI(rZf-*Vq2n=sP79X4vldBdN4qKty&)G@qQLOON7P`12x0Z1
zM9QkMa&05_7~QJmh&OzyWqeY9x$b%4?bl4h3vU^`u;JYB5=_(a1m_s~+u!~c-}=@!
zC7f9`rYu>!7;94%IOCs>;x~uvjl=e7z{yW9MQuEfzfT{n*I+MLCtf{l8I4{4yT|+n
z`Q?{ij$@BG76S(jL?vIwvIWTUS%j^`VK<Dz{wE)VOotG<U`ThKkd*Qq<d6MC`--T_
zBIelE=?!@E#ktt0?g)Hg*Y6`9H7~B(5m@l%T-|2N)$4iPbFm?^Pzjr@&z^+Om|8pg
z?C^^5IBfLcNTvCCzW^4keg}6hyHj6QrePccNP9!N0ecUdu3s?Vn|sGjn52GN3s?VD
ztB`#5S#@JRJP)jn7Ir(Y*Ug?^+<8FLo^ynK*3@2W3HH^7qYlG>h7sFEe}aAc-bD{%
z+JId!s&><#9l7Z7iyWK5;HtqmW9k_)ohiKBj{37aR(Sl#q9?JkV;Md_;|orxEyF{P
zJc*ZHcnP~tpN_x$>CYHDZVX<jn1GwkKUK!+9KL(a!}#pMd+Os;-~aa`xah<Kap7%`
z;l?i?i;w^QKe+$=_wKV>o5I5nJ&4C2dlVO6y6I1c?MxhWz${#M!@u-K<(A^AKVOOR
z@-m#k?a4mg6PPQ51ux_@^q;yI!*N%uW4Fid!6w8Q_P{teM=HvGD7*yc<$@)S+``B$
zjg)9KfU>@Elvl=)?C3;}+m9uTGi1v|nomed*nnIF#Uq0{l*=S19jwRt&K9g_YQ#IM
z*P^34g}2{afceWepuCJ*DS5$>gd{KC{pZx*ExU*@T+KaVZT|yc`K8cyz|j>tUAtx}
z%`YdDos85l2a=c&&Z_b%3`#fg1BXI5&BTCaAQwV58A8jzk$7tE5^#58nWQiCAVj5o
z!(uAE(mufYv-#09c^Ms4Gl6T_fncuozcJP3=;#<5i4%OYVA3={6R}uW2V6PTuBbJX
z7WXchy~V^kEyrfUXjV?8zPJi4=LIqnP9`yWLnbKhnG}-UozgDl5+)~;FKLr(0-bG5
zNF_QEm2~?^zwcKa$AG$ORLaFR#~TK*3Y{=CHMi;ofeYfgda6IG<;G$x@=p(3qu{JU
zy&b#pc1>?UxBZ>pdxf&B)RmJRCrERWFX{J7-|U?2%EIIvEbD$7%SF~E-c(}BXH0t{
zrd;V`I_=VK>l5u*+trGut|qMMXu-<XMl9^yfCVB8I~%d0WdrKFhG@L^3%qsDHi>jb
z<or#cM(oeYDgPAThMo?gi`UtB*nFJ7IfX`<=eK6$8m;?&xjnWFzxc~L*!%bwF#Y5e
zIP9zx&iqC>uD*E?R&?~2em4NIngK%iM`6MIAK}OW-^1xMzNF89ZrC79*U6t^?P~Jp
zxR?5QK{q>*=5>q2l<i_C$u@p2o7c%cpFi!8w&UA{xq8a5y0ur@(XQU|1s;6EEng1R
z*_uOFTOP^IpxDg|o49hvxO{1i&4;@cR3H2E=xTMa(i^Ownl@NTa9buF52d`+Kbc61
z8!%x&6t|u<5f!x|ocq!O#PVJE*svjJ&LmvoV8x(7yi4;jFr;s1f`l~A)lwnIlxR3A
z;}GAc>LI2%`Og>2@hyGXASyF;n7Z$tn2#6m{bxUkHSNot)V4o5Iy!VaImu~v$h-u}
zwh>J$JmyL%i7AgsdUyk?Bin(oeaD)1$(X)0d+lu9?#noq=-M<|gRQ#a$ZhG&ds|`k
z=kuTh^PmK(<yzObuPeFw0b<r8RBr^ewfZTkOt@0F|07<DP(?kW)%_9a*AHQdQ!$_(
zRfEJHuXO8y<=n7j#dg!5Xic{3jn)Abb&kvCV^#YqT>tv@8$E-{^U8wtF}ijXy12@^
zm3Z;lr|_}UK8A@C$Kvu|{{mn7$`^6YK~r$ulM7|64&kS#AB2jC%!xTD3qsC}UFWUu
zBV2k3x5Xai9KHWQ^2}}HTSH8_rTACB{5cLh=n%)n$9n<O)#W7X6}%`Ji~bqY*m<})
zV#8AkZXOZv+%v>fgwHQYoFFIPscv+2%LK1|1JZJ#NXY~t%NI8>j$9}xysH$+b5bZ5
zx)8UK3OTKwj&z_N8-$#8%H%y4D@Xl+!7@ot;ohfS!p%2bi}v<bAp|5#X61?|^>I~m
z?8PuHZkP|aXdzvKT9~xSuqU1((lDlWLI}zPJQm5Ls-g-5Q%%U%)X1b<CImuoI58kO
z%_Re99WVlq&3!|6o0dxwF%f?Gk<&E2#xhUlPSc7W>z{%eIIcTf^gsVp7ap3tor4}l
ze+;)7BLAFtCZ<h;!m*Bh&}{3aF9$!8Qz4l`PI;@vv<v&D#9<f?=sIc1$hp9+zcQ&5
zvXIZFkm!<lwIru9>5d3t5~2{1$@k!aebK+R0(HD8lS?2Wgf)|v$t&9~UZJ1)AUWmK
zj(X{;w(7&9f*6=1^DD7AI`#;rr+zjDe>^IM6UGU@Bc&|oZ1)mywUpNr5>Ap$k_^6q
zm)m#wTy<?oOy`&+j4wl?=x0|PaMGw-K+|n#Nwi><oF_|@twLxUu_V=srKvV-NOb5H
zJQ6Wop%e6^+s+W9jGU)5qz~~k6)&#XfWJH!z|GHeqh(<Np?32<M%E9>>7w>-tmmSc
zl2f@31X>WT45PhyJ<!&T<hnc>mqzjOGhsaXMmf5LRJ4WavATUR9-ns;#sz+h3F#B@
z_}%N!mCRx7hE`XX9`*B})U7l;C%z<WY*WInco6i@CL@T-m_c$%Keh*7zQmU_S#lbP
zCN&LCn)&jh*3Kkanj!5A{iF;@D?tLxwr9OCEvB!NSyrZi$JVs=p3q~slHjG2WJ^-a
zm`H!Q?#5#nG;E}<XigqK8i{l*9(f~yNr7@4+fc6k*%AXQCOc35Y8pG;t-tXx&?AO@
z4}~{G%c5}^dm<`)36fbc4XVkvooBLXbfnwSl5E2I#9FLNuG0QmJGdU1K?!{SxwG-&
zs>gave_Ms;H~Rtm19wf>_OYfF5>vW$<-5?HX?LY>tN}wShq=$1u4!E(*O8^#4=pkE
zg1a)<51D7t_d>T)to|9#jUv^3+B8(`w;#%8&P4gFS*Y1>UsTW92eo_8K+RtJqHdpA
zs5@{L1|4w-8je03!;U!;!;d`*Bai<G#(v~@OgQdDOg#Q1>~`wusM~dt)(^|aawXTS
z*>3t%QW<_m5Qqdhj;eKwWTg<)>x7_o$-L9+&Xdd9YvR>1U)}VI_@-pc=+XH14cFuH
z%PzweKlw3!e(5E6@`fw%>;re<vYVg9nhk9jP!q+l`U+hCg<~+HU!|HUemapl^pNIz
zArC$H0IDluu6+74pT&%svw94>vxF<9R=;n5^Xs_gx*K{7w<)>m&ws+G;SKo9)z|2j
z^Pa-^vSY-#592xU#L*ZGVBL%}?XH{a`0gVAT`5?K-PA5&<?^Q!W8N8xM&+VHKWCDZ
zl@pS85&5!%Oj;%xd}dTG6x`AjiUg37i9}1f6CDHhLUQJ5$PS#0x=5`I!s{@+yal<z
zyP|B^o~W$Z1&PRh_{VLt@!C79^=*b}p-+6dOped}*#X2+%vP3LC#tL}{J|Fm@01%G
z4RTePr${{nrS7@<mPRnsg;X|!cF06Ps(tT<F$j{}2>VQjvq<FloxQY>Qz1-3R2wC1
zF588qOd1l>K3&qX32{ryfRU8RLsuw<biip}X6jhnRn_-U)X<XCG(s4nXzGUjktUCg
zIIs~mA!>M!t$6C)^^>|K@kAyi{ahw4Dd~?Kh{TD0++kpNs_3IS@tlz3Q~(J%H_B_v
zkZx{7v@D3I%*VOn6O{7;I#5eH%5gZ57sAR(92Z`Nkaes@Yik?gWo244P8PVGUsoR-
zy<GiN=)SR^`dcgQrQ-M%0&Ohb@ICo&Zwd3IXwFs8e!G+tC6d#MP=#*gt%`?rBG2Qh
zKtxwexmrrX!>}Z3oY-@<qb1pb^_lf(&NpLyUM9wwgmKR%(JDgHLgBeWlh>N}6YO=5
z{hf8eEroC9>M*xnCStXDj3hx9-QydY(KnI7P$BD$Z+7Cj=hh+Ayg}-w3F+>3L{pr!
z3CUym#7st7fy!>IS(A{y7C_(H3=SLkRUA3^8yM5DC!+nMx+=rxKe=M#C0||?UyC;u
z3wzA^Wm+r?S2jsLS@#sKP}L8p5Yi@Ps~Dg+93pc43blohZILmin=5e{1QPsqvxLtE
z^ivlkr%Z<{yd<^V-K)^rxK=0C%u8}E(#L*QhUiJhQn7wsh!6j{@cPs4?MK#&I^Xxw
z65Km`4I10J@Wa2~fhp-qeD$C)+P=I~7~@NXM4}NsugPcK3pyCk?i{Nj|Kv}v4LcF6
z=SV0b*Eb=jfv}89{3^E)HyMZ8Gi_*0uf>McIy4J0ZA<Zc=Q4gJ<(x}p&>|E5L^6l^
zUHan6ITzun756!*Za?r@Q|ice;j_!EQ?KxP!SkQjhE~y!H>%9d0n?Uy)a{|^(2dua
z`K#yY+k2TNUp!O_ex8Zx(Vuy5E7-qP|5ig332xu@!dnj8{}@NNRy)G;&I)hdSh3em
z8;6o@?KJv3H|(|*A?Xhp>8xBm-CEcc)ULF7=994XK{GDrOy1cYu{HSEsVC#R|My+|
z`nSI-lIt)18m0{Gg9~qc5@-JD9-Q%~yNl#gSKaHRuyb(8p@*ThL$2kHoN?w^j?eoC
zk39CItKTcH%`x95-9mi!bLVROnL@mMyti=4sU3J|@T60d|MgEj-IG$?teC@1iub@{
zHLz}8Q~vQ{7b7|4+(rgc6(y)Lxt0qZKRV78Bo31N97Hf2L|JVGYKHVjMcp7oYh>an
zv+q99T9gkOfV#bpMq=9OC?`4XTZ2TO2=aaFao5AoV$mv@Q0c~C^K6lKrOKAQ7{*=o
z{eX)XN|waryhX+wsSD{Ixv*}n4yD_X7LwX315{Y5X0L|P;#NXVIY=c^$jPA8$mf=`
z?MTW5A|ZoAm(*u6CzC=UNeLM?x}|N>`uPJ7$>EXd0DA0NHziKgZ595rX;LRO1T^i+
zraLI<KkB`igPs%CrqB3FeC=_ONWYT0B$<p#J!aX@g`BcGa+{ipgyW*N_EXV|pX=#P
z@r|Y=r*UMOn}nQ(WC9@PfJ096+^U%8vrAbao`#%~erDu+3bwCPa#~g{q(GX4pP}Hy
zffEHs*^R{L%6ekC3T1Qs?T_Vge*9Cz6&t_cX2O{IdM_ZC5;rTBnZoM}x9#?o`tK8t
zqb3-0Uw%XaW4H10TEQ3RaDvIzj*d)+u99?0owo@g(^WO`Cov^S<)n*3cM4ysL&BqQ
z%f6FEz;f{gX0dQyS7bJ{3we?GVs*8YYhXFnkF7*zY!wniYtcNg7L~Df?2~H30mHHw
zJF*HjF-{1D;0N0{YnEAJw=n+=2t~WFZh0DO-Yi4=@({*$oQsi}qY=tgV7(ApPSCmf
z%I}1F`=9oq66p;Z$AJw?H?|kasU@ZvxmJ;!^6kC+6xK;6jl`KBAB}T9ISC&*X%J={
z&<7)i#&l(i6L6iZ3rSty+^#EBI)Rop<r`A_3$d<^)oS|Qd<o{QpOtZ7{k&n`4I0h~
z+EYC1MiR{YXy<sza^60BDbBt14V-rEi+HDgJic*cHELwSok(=!;){NVOD-{T>7~C{
z)4T-fFYZf_D3|}@Zz__D$<O&&xH{2k3q+%Ar4T}M^m-+wMMBQImTaS(XN~Acw;?U<
z!<QiD)1q5SuHSOLrG=PMV(};jj_N0uSo2-jXrRo@Cwj<dt3?ZF&Lz_xX8S6I&oEbI
zsu0V?&_{m#BmMQ|N0#Vu)pSh#SkuQO4Zgj0Vdp|a_N0{+5jj^x?5A4@rfsridx*IW
zqEI`x5X*eadFhclYar?Vc7Z_b=6n}Is*m}EU6Tt5d=8sp-8pAdT?ITh>^ZBZ$->oR
zTcj#hjYLvNrP#Mt`1a@ZUF-46s#j#Jm3rmmh<}cq!rQz(<-e`+(LKiCmaiUz`_4O|
zSLrF9FTVUQNP(OZ*26i}V{3IR*5A6j2b&VF)$1;zh9s&#Yl<5Qf?Tcig2jQB7eaoL
zgck$eA>{;;x>S^x3yH0e3wMQ(od7ygb;yPi=#mRc{fLp+_nW`Rq|>fO^<EcX;PBm0
zRUJZQxe(b1x2T3tKcE3O-1jt^T3Qj8K}+9&s$wTcj$TD#bpKxv-Dc|ri_D34EQ*v6
z{-<7h1&_~b!c)&I!^_Vv#Qc}$;@Q{c;MrAgAeLy70aQqRDlCJ)OyV;9v`GkMEor0z
z!|~`VEAYZI58;jHUd5spm*K@XTQPgd3UscVgL=uQOrNE6@>N}ws;H;~>$;bp3n%Ed
ziAj+{7@dqJYRa+R9C6%THe(}gi4cr0cGsD973;`<Lgu@>5l})Zhq`h~U3g4WbQXp9
z{3%~q#y2O|$NON{(fu*^)qf(@+KfIGaea|bJRFd|E`6G6bAlujpln(uK3O5HiB2qA
z^ftzg9-%K8%Vf<9EI4^EechD5psWZ{a%{p`G43?g>OJ;^Q_xTA)Ug*yZ|>VqbbD0J
zy!66LOi4<)WtS_a`VG@uwGvZv-O1}VJQB~0)FqFTfuz<M$s9>4KQYprO}HzjmK2ec
z(v)CY&wOj;`w1+IZcXMEeYxIpBAsl_p=~L!n{cnMjt9OpA&zg&sKLp*4#r^zHQ<cV
zN&Nosfw<=2ez<&0GbRWLZC@WkcS{`cK2p$p6N1@Jxi+**nvHn#&9zv$CWrOyX{=h8
z$I7)iELjskcUxZH%F78W^&rwR@#|@o&h$+a#tYY7{&@Xno05dmPIue4ZU5#<=)8IJ
z@aikGv2x`qZO@_oD=~d~Kb&yF2z>5KlX2GB4LI?nT1?w3hJNuX{ZtSMYA)4<NTdT3
zYgc2>32$L=c~WoiaP^nZ-Q|L2n=jL}d0HK}20g{2n-y+BrpXr?BGZkEcnIgs=!2to
z8HDGTrE$WDJZ6n9$1ROH{B3an7hd=^{NM*)QThJ&zpUnW&i^dV`_4Hk-#+g%u6*m;
zpEmhBDyV%YL(V9)=i1PkYe9RqO|D(Mrb%6712PuLoFOG-Pb969QF~3_YSay`#hSNQ
zBC#Zm?@aq0ru3Qaq`3W{H`b+&*zY2l!rPnqY$>lBeIkQ!)`ZXFlnH06%o=d0_7&c&
znp{8GnfI72>F+cyL`$GW&ked;)7rDqtP)qQMluiPy{#abRQ;>VT-_<mClKLHOvzj3
z2;4f(J|8cWu|~}DigJ~T$_f?Q>CSKrABjd(m<}bH6*oEGS&ndRrRKrBw+BoeX3;L!
z>aBr&PJL3}Ntiiwrn*r-d+nffrxG$I6i=gl`0%mqaL+0ZHD<VR{`2H>j>M`qYpR9*
z8fG(oPIwisyZpRRUrpB>bJEH;4{{QoNpmI6TokxXgLmQR&ezE+ISp1SIc;~z={l69
zS7PkgAsARS7U^{%)FeAlSrbA<SqSAqOrzlt+PgD|3>b@7X1|U^lHas56Pi%Skkeuf
z3)r|MAIu-?*p$VZGFK-#jfRkvI(Yi^S8#n|2!2+!7k*bc4S%bigzMsC@Ic)pplS$G
zNtp);LCq;S70CzDkxJv`fy43rRSo#YJ5%w+x&82&m(w`+)pA_&VivD1Sb}o2iE!fT
z5D>!l5i9D}vzUHTD91MaiqaL6R>#!(5j)ALadRfh)Z3cxD*9(cj+u_J7awal$wylv
zAmlXBt<PVRpqiCahH=8{F>lt$1V#=>PJ`V6AyZu#JE98@+<80N)~^wA8bn-(DaomD
zR1-%g=zLa{FI8In=3Kn~@{5L?*4D`6UC1d{y)|t|F`K77w5ACE@z}z;yCVNe-7GYo
zh>36NX=Cx$<Mx+Sx)TAucuGJbUmvSLUy*vbrqJF$D3jS>olgABWXEjNvqXc)2>GD!
zB}gQq`gUIV@#Q++71M5hd|xJ@`EI$MNqFI}N|p$>Kfh0e<>N$|&t%5SR-<oi6XH@P
z;h0#xCV{mpfSP9DqtP77=RStT^IpOFHOuhUqSr*0BDpe%RI5x>t7V7@v<gw{LLl8H
z1#ZOr1&gtCZ7bRuQ&_z^q3Nxb^!N;CFlx3Fno41>2q;1A4OZWxKBETDBXcd+RZm{a
zB^>Kp!!wMSH8nLl3FXT&x;neCaKS>%e|rhup1T|i7A?o}Wy^KDZf#{8`%JFE$4{xj
zX&>*8GtV4?Lk}1%<4ZpbO|%2^UqMTAi>~^ToCeCI?nqM8-P+dPeBJU1=;jscR#YD2
z>|&$v{5f`lFJ%fQ+mKGC^u<(X&lro-_a2F}_N>6X^}wGOcVKm5HPV@sjCtKi$^@H2
zyT+Ga5!|GCWh%~#@apqk3DKUHekJ`>SMRvfhvyR?{SgwHmH7ha3~3pQ(p({xYh?dn
z^@x^*vE-F^Ff1_+KichT467Wi?@}O9>M5VC6_PbRFUtNGNmi+zT!rVggV%tS$#=9a
zN%AP;`j3}u_dxv|)r8uK+GlwkX5ZoGWAZTxEB%I&jmY)cc|M*(a>s8h^Eq$k$-H~g
zX-kA#>s9}{I^9N0Aqj4u_coTj{5+Pw{<_Mt*IvVtS6{{AS6;!QmtV#^FTI3?FTRKc
zFT8-apMM^2KKpEsGXI%p(6V^3URO!pS&p*)l9%MkynE7VOC`k52}ytGO7i>NTlOP?
zrcR@4N8{LW$7=s!d+6Bc*lDilSS91CxwiP?i!a+xLZ_c`=8uLB9i|_d9X)!CT&PL<
z3M7!jlnw>Xc;p?HN`|mrQ9P76prcJ(@==JL`DW57G;Uar?(Qy(A2-h2edgBEa2W0F
z9ayz`rA{b1yE-v`{5W)UB;_I}bSIcVvyf9x8<R394VDXdWxw%Qu(S~gemgQI`2=(N
zOa`An>F!RVJ&{AYs}<{)%)_9815jUEE$T?+P#wAWP@kT#xn+O<LrP)`W7|P4ym=WE
zYs(`TJa7=6fAeLehYUopN(Pc{5*HctrCQokL8-qW5{Z-$DH%*NW>S#jBq!O0OqaNe
zbOf_#jRnzf$#Xb3-;B?max6OYVWe^))5n;vr$V*vUGaDjp2HHK?F8oP(MNQ%6Ch4B
z0wNa0dTv@2wtf|~n|$<Slsx3*<MJKy>t8~=PaKKXc0|OD@eLI+@wHDfjvg=puF9m4
zku=izAgTvU!GljM#(=(k(XXx^v3R+VupFWla&Cp1H7tqgyxDVc!#^*_M~*rf{Rh{h
zZ@<2hg$(E-+%IS9-sEXa@3BCvwtT9RI(opimGW@qijxq+hEuUgxo({NTKjt=HMNzP
zvu+;#`sS6`bI&oDSTzwN%En@J`Dip$jlh8DaP%n~gxc6ZR8{svU34(|XNDmjj-x%>
ztlM}~QlEU&Yo{<b64U9?BQY>G0)s2YVN`4!#+FaSn6e3&P%!}$E5%+j8Ivk^#V%F5
zfR7_CX<vvhjQWnWvH7Ub&K8~Y%7i(a3*g!Z7oyLU-Oy)DIbx|e=FG|AieEp82k)JS
z*>l$+UbPPY`Td_TsGm%a6N3<lXVH>sM{BYU4?en32yRkWi;*P3OlhB}D37ClU`U_c
zZ0<}W*-?hoLYnHLt!U`qjOxmA)Yh8kgZQR!HAOFK$5mZ(MtI=ql7x<0bdz8_S6Cih
z>6G)Mv9VDn{OptE<>hD?+TaoaqQ1Ufu3<v%B(LtycC@uLp{a2l)~{Wy-#Kk>YezuB
z@>%5CnlOeAk7NELS7XY4`(fT2uVYYsrJQH{j7(ggxef8A5w9DpQ%ANGS{?!4{Ht{!
zHQ=_FobQ3WA-*pPDVQ~DmYi2|4u>PUa!ZWrAIHprS;R(-#iwpxiTLvQxZ<$skV~>u
zQK2rqx_QSvhVdR-eYlI@86g>C$BxyPE(N3I1-&*ywgorM|070B86kZqtvAsq_MH@#
zn3|Q-G-72@3>@AMiMB2*o4pvv4f-@bG4|_-$vGU7>r&XcHf>LIwzs09qC)GfG1Z9n
zV6zaVfSe0m>ek-fjsfu@s4F*bl4T#^4UCF#1;+K2IggMuZh>9dv=T3Lydd)(nTzlf
zG9tDg*<)Tq>bm=5T%U3Jwp-pz>C?Brrn|N1Xm4@#Ppn+7`SHBzTD%mgrAv`mz6PDE
zm!NCKGITpqWM972Jx(oJiNw<7NG@A}?6M_DFB3OOBht}<VA!lqhGZ^Ky~nPIl~-;T
z{VnFLnS+X0H3nA6*tQ8gzVva&W>$@Zp&-W8j=_oJPt-clIe-Y;h(bHvUt05uo)1%o
zOm$-W@Zn>7AasV1(}tnLv2eixj2b-}eETX-I$gn$F-Qk24)P2w?%NB+DRHnfcb}L?
zHk+17#0LE+^SH5N^rD!S$utK;e!FqiDj}z_sFK%-6DOiWCOMI41)61|*x21ii7B`B
zjI6CdIyM+@E?R|1WsQ`U7nHOT)0Bis2uW>Ehfsk|tX;7Lqel)!!$9XE#yX&=X1!qh
zRmV;Q8`)bFX$Pr)q!aong7SC_6Uq~qKX*BDRm1qE2c)HMBxKS^V&Bmz6FniOygO|s
z1{omHg+QWHh-n&KohigKLDXcTI5_+|zVW%k(432)g_Ad#M3w1a>trpU9#$8xed9Lh
zwN<tWnyM&dO~MXLoIp^hl<H-b+bnqWHHoX0aBqSzZ4yJ0)7mn0k(|mgy|{?UI5bSZ
zl=#B#_#@fOWxJ7)iE0K>ELa8%8onpyzWxSox%nm~rWu*kXR;MoyFP%~FTae(9=;u~
zy?h@=$mF_z-(4|y<N);PBNKBzXDky(Zk=Zyn%_o3ckAaVm%tm2yB=6yBnI*FGIcZM
zC}86}ijQ|Rx}^`-l-1x9b*JLHPkkS+E|`xO7QBup-+mR3&3_q>y!8See)D;iN9MkW
zhvq+z2i|!Gr;Irci!<}}+Qb!8u9Dhsmkt&}dd*8WV9v@pn74W!=C7HLx7NLdx7WXo
zg&P)Pank}UYJD3^+7>D?eQ3<nsIJ}e&mHUtuy3)=c&+V{^ZMV9yov0%Ny6Ir#^)fq
z)}-;$b4!51{V*&Y!;vG)F>WHT`hY*6f9rIFqcN$E4y@}c$2||eE;GF_a%q{|btfft
z>06;J!l61LpE5yjPs=1eiSBeQmaSy^jTqLyQ;8|bj(vvGf-kHiyaZ<>qADPXqdUvO
z^OiS8T3cK722*2Gqpr+w#gy)A*RIu<8qtmAwx1f{_aYgFx(pgL5JQI!72?_#Rh3nG
zW0W`OI7TKrl8AN4M7yjCgX_w%Zs9Aas_lmiKcgYwjz3!luB2MM`Tt$v6piI!96i?^
zvaS$+9ieh&Yxzqry@Z)FXXqG?pb##}m%4`XDVd;$aQXf7aQC_{{NodQVNgJ>@j{%b
zo7K--*Mwe^cs{CW;I)^M({MEI`0RL)oDQ2f9EtXnAq&#BB&AABm6V$2OY8dgLH*!5
ztXsSW9g92gm0f;{=>rcH-G!8j{*)botc;U<hMG4!ctfNOO+}9ZuwS;MIxw~Wt{R^D
z_buy(LGeM_uDn^o{`mCzr?5W19{e6V+lOwp&1kpMuWb;fjGe06)VZy<qRM=acWYtw
z?=xr+TIS8sn?kAPE<FcxWzq+wdvUdy^_LIDlw|TTDO;zyBI-yqXkLI+#&;li{B&zC
zZ{A4n<_(qM2OhB9^ta#(jTSd8#<amx9G9M9$*I+AOtlcx35J;3_M%vFO6idHdw%8f
z7+pUGBm0ih_&$92*ggo{ci;W_eP+zWefQmmLk~YfCl|a>a`5FvFQh9dW<c@|Ocuq%
zS<l!wRx!+=Xa+$_I+ehJx8B0CrHgUWM~_EWcehNGx`lv7g_y3w%QCsHs;bn9#&O3T
zi}h=pgdF8?^CS0T@PxyWkO3+o6Y~8VVrYvE$J<L+prWp?OcZ3g6A-^tN~KFKzU@Mu
zs)8xJ^ZE-o;pp9P&|dp#p#nj<Ac^8Vm6<4%dvj{w{R|e?*lbC;s+QwQH3ttFOu9F$
z$Lq@ycq9|XtCjr_kcnKZF@=`yJX*TAtv9XPr*cA0DX~;5;^{V-bcWEK3L)0E0^|FH
z@w2mMpe`a2B9+L8WipeO_TXMD!mUPQv3;&bIAM+9M%+et^W)&J|226|C@6N|Wl+`6
znwtf$w&uS=GUCkuz62@2Nu|^|=3a?DBWtl?*-BK%BvS`RA+W;c-E+mJLo+LcD4S2B
zdf=|O{l3{KuN{pAOFHn%Gq+*?y@#QrD}gz4-$XQCfzIv>MhxwT;Uc5QRO6ku*P>yM
z&tvqc;i#$WhrBbX)$~mfHxr(a&N*WyP64#EwCW^Z2l%4%$<{-0F4lERa^G6ya$%I0
zM}?$r{<rFOd1MeS-|t&^y89ko6|^g+Z9-BzlUW?n?<2VBg_|(%VDpW@4-(kd_-UM2
zD5rh>iI*4P#jas^ZD|_<eF9jzE{GMczk#XMS?n^X49DzKhsCeYN9CXp;?0AQtLwyq
z<r}be-4OiwH!q;6QTncsvS7Xfxv-q;l76^$AV!TVLwR+b62Mrf2FurMzzIj@aM+&h
z7%^f5YHH0ho9shIG5$IIfd)HCFWrON97$~X3}z}HL|jg(Wy_c8gtDozNz>sZm@B6J
z`}fy!_U+qO2`b$Z-TY2#+;v~|{4IzIvB)NcTy)5FF=n=F+UJLBL){oKVINe~)NB4P
z&7O-1)Am8U-$-;x*_bc4aPzr3UQ>zEafLdQ07M|BQ0r3DUW<A{Fq_hI>yLl@1I|DH
ze7$Bf{gtg*{OyVP*wC59UJZS5(bYHO)YFg0S7r`IWjKwWUv{0oftp}=N(Q}uWAdBd
z`jo3TO>P;!{PN3j)KN!a;J|^1S8n;+Ft-*TyK`6Ub?kI>H6@hD@v#fDVk*~azT8NT
zhmLNLYia=Ry!ti<q=(^i6D~wuyr0$&Nyv@_SN|5we*^pMvyVR0JSY1G*5;OKz3J+|
zjEfvo&X{y22G<QX+x<mnwj<q%w)QsMxb~k2M9eeO+|Jt*YPxDLrhAH9>-WbCFT8*;
z6DI4ffNcTwU-;%6OrJg-^X|SIsa4C6YE9`2m`p!0eaylVX7*#(o-uFa4NDKUZasnS
z$-#p$?ZgxD{PWLm7yT`$<3C>hI}RRmD8~2ioj_jn_(j?$cz%wo8i|u9o~&_8NvWL+
z(Ej-Hr?9kTF}||@*PT>+`0%m4;H;bu!-9niF>3S}@OxoADJdKf^@1YTAont)mcm78
z^U?E#DX-4*Px8@=f##b>TWc%UtzCmDQzq+{US1IRY)ETc8&<94w%!Pm$pj`%+C{fD
zWz*g0+fRt-+Y7|bxA?{|wr@3-HU-eemAvwh5GNr}&Wb6?X_9Z7OLn6w9>eODt1)6&
z5Mvs4p;n>~3vH%DtcM=4HP!HbgOCS>w=Bxax#$r=oG(TwkD+#842|<&Mtiyexta>(
zThc;2We`hqI~8BB!@Jc&QWGhZrP@%LYT*)xBooB=STjC*z%UG{t3tVu{&+Zqiija)
z>9kC&oO))<Yd<hr7>J)j+<R$-?GASkbxb=z8M4KjH3mlKcNg{`3oWAyW4Gs<BralB
zPRsg~p|hnOVO=>j=Y>g6{_~`fNw@h1N>GM=z8nO&@5yB{Q`sA}bwhCL&Hu(R2am#D
z6Z4p{`$&;d*mKelOrJailScJLL%%W%tf@n?r4zNg9D=@;GO-q78qk+funkJu!GY1C
zXEFZ@&<TnB63L`a_DwmBpBBN%!<gPWvhx4zT?Jqj$JRb^SCSACB)EGig;ENoP<MBC
zeQjS~->chScW<dHbpeVLsZpd*+}$DWp8V%KGqZQ^%?$)?DDx%f?(EDN-QAh_c4UqF
zzLOe!qYfiaa@H`svgR2Yn%0jNS1y)mt7gO$#1zwf+eLJe5z`x5-=TdRIKcG^3#<?+
zWAYW3m_&y(52X{k$5Im}S79|dbaB5Vy6Dgp8q%{BrL}5F>o%^UnDltcFUpqAT}VI;
zb?O*LM-ED$^Um)@9a~3IbZjYwg@jXi36oSN^Vys8X-i%iZOtm9f|3f#-<(aodWBNQ
zRy8teDLa4Ss$eF88?MV#-!;Q1BW@>*^2oEp=LNYr^68h%%uFGnXisoYwr|&7rn6(@
z5Akl;utEIdWe`S=K)7<3|4!-cd&zFRQJlZ9geDXnpF{~wk}08S3yNvdj62{}R9ad}
z#iiwx8W~Mn7ydy}$xVr3nh7z@ui#EPCkrEBZor=zMa2=Fen9fzI{HFtLmd>_Kh#fi
zr~gF*ju;^AWF_Z4E{tf*?{nz2iEC;8+EPkOZAnib*Njr*<EbpTjD{Z8kNO?fnfedt
zLWi>SAJ~-+AJmry9^Qur4D3w<wG0^0OU@0XuHwi+-v6$V({ES3O-<W2rLw|uHDjj=
zFA5Yn#SXFUy0)frzJBZeSVM=!9z$1jx|^ayV`U2Oz9yys;wWKqiF*w9O-_C`Wz#mQ
ztq7xlYIR?N;NVkDol-i<{ip^7)GQjbGYc~3(>f-!K@ohX>*>6(mwMG@PRviEo@qVh
zytJg0QktddRO~*G{^9~`5*aS*PO}%xBfdGQhU<X(h$#dkp&+F}Ou&&I5L16?_LYQT
z!{oTP(r<t;*XFFD&G}oooZCAu08BZXeEh!gcfL1*g_xev@eHvydJscQam0C1WikD}
z?l<bd*RFkXdkMqB!eZ}1$Z2|WtT|<J+6HS*(OFXutyCOZQMv;19D8>Nyqntku_Irm
zf)X=JNpUf)U%!?zw{NE&J-Q25lC^#Tfs~V*OWT;VVk0Dw*6!VV$oj}yCZ36jO(>&z
zI&ECDk_xl8QV`ZJL^qX@rQn(}t~fCg7=hN6D^JcJcPtBQ<EW}QkHRZ*>B>vbWAcg-
zDn!T$@lG_uT^<J>+}ZKXhnpOrQ&+`O9e^$5xsj=<q=?!|8qld1ZT)K{ZO`9KYok+W
zJ9k0@OSn<3Ea67Ckjt)^$$p`{=`RY1W`deSUBh$f_&%-JZwrcziJ@v@@)Ly7xgfqS
z`elTS2;%yh`#`6(PWc1uu9NDU2f%po=e8?w-;-#NAZS=UBOmfxPa6Hf_ug@zq4Y7e
zi90Q9UA1L8g~V|AFsTc~v&b4KA8y+D7|cg>Xv^828%}mCs^SKCLjvV+$G_(xgXqI|
zpQ5%IL_IpCP)aOzvySAn2T>G1Gx70p6dN1E63rctP};IRmjavhp`_RZ3gFJBjNY2O
zK{%sw+90UANO|WDmM+6mbn=Cq!p(%H^KXg))@;T*Asxbg0XC!xRFO6qudIEB`nTvy
zt4kJBL2ZTX$ZLoxMnKwzccf+8meCCv2Oc?<dS5OCKK8Gslj548O-PTap}uL6)V5hH
z#W#tk;Bc-Vs%vT8+Esji1<=-wTP2K*8#mI*70al+JdZl`NTxQeL#f|@Bs%7}1UmQp
zMC#l#m{L*$C?%drYeh6w=2X!3b-8p{&sgf#El5TyO()h&WA%M{yzWZh%jZ^Qb3}Lq
zMMTF?a%wYbk<pr3wQfsk+~&2+XhSi4-v@@MZ(Ij(y@dRrgDoRjTowuOF;uvECO;p|
zC;;RqSk0g?^#F(=J}DDaiWi?X6u{3c)~rTG$I`;(ODUBZVrW9TyokeywDD&k(<Hf!
zjTj)m$fG;oUU}BmQcvkMr!(iwlr^XLtOxFCT$7fe#dO5bBk0cs>uC5PP3XkFZKb}&
zOF<9_6NWh&vjM_&pp7a`_zrG}BBxC7!=mGMd6!t<%eE`{Zq3`2)GCEa3o4j2fSlsx
zXcfgL#8O7bmb7*K7TWaJM!Kl&ope<C=@iV@Hi*+JQ=az&P(pYav2oKzYTddu73LOF
zVY%8Q4P|P|HHX{C4v`%wJWPE`MrOz`uqOJCyvbA%p}w7Ko(ErYhf&j3Rqd!-r*5=t
z*)nRH(v-r&qxPt50l5pfthQ|2K<(PMqwLLFsjM)|A*K+-FS<G{7&VnPQWMjV0BkVn
zoo?vh`7(ksD(7dhUB7;`eA#kJY?>y|>z=0HjZP_@>Gw51Q+{a?wTx@-5KiR599QP8
zq;_%b=!CW>IPRw1_Z8@mUpbNcNHug`-wSjsdya(*7SQ%>+Z!w?e61}k{;BY^h61h<
zOs&8Vpoo|~Mh7_8_6-rEuTaMVHJk`YDBf7-<m6IOaS2xj++=gdI*coC9C4106B<T*
zG(0RUf-CkgiU<p(!mKTny>2PZob)X%nLdtw9s2=op7cCr&!0%^moBDttJl)HjoWB5
zccQkf-^3lFH59sZ0(FQgrGMXiHI)~kyN_urGUTV=PAZGPywxjpz5hMJKM=R2NgoWT
zY}FA5CZ*gofs~e32T~yuAGV;FnrbR2$*1FvX-C~FvMDK-J5^P+YDyJ%&Zr9CG|VO9
z#<s8~fHnuEP?MMtI<-SEopMM9#RRF*)#{K)stOEe0?Qp=CaAdHUc^+jcMgz7Z$To}
ziN}rw=PnC#E~oBuw|LaO#K4%{jhI*Z+{!xzQm#DU7hyR98_qk9)qL;ad$JYf*rFbz
zrfMprM2zwRISs(ffKs+EWBm#$sR*D|>yv5l;B)D#FTSMgtfkbmdl0oukD}<vCj5}|
zbHe40PHR;aMytyu{F)lR3ZdK~XFF^FA)O3~i#s0bfd2+SE1O>lL)*fv&&5X0wOP)!
z5nwkdi~R_cy6F(^3h>Do5Yy}mwIeS&otP4esh;S-9LT`4Us4?=9Z`@eTtnO=urCV_
z7kiwS^7D@)?wiVjD!%WssiYuB$Pb9orcIk@)uPojZ{A#*`Nz++WWgL-w`wW1ORb>G
z&u&VO-JMRKeAtX$emS0Ada@Ore0-8xBgt_}T>v<@iJ$vIyBVmvN0gOt5V+^jp2&U3
zKqndJrt=9ijv$;M1PKWVGSX!_sQg4wC|+1rm2$4DBz?@ug=peDq@4YhRmrsvD9a-%
z&84kdxg%dh)W2;@S~ufc=B`B)&7>C7dK(IpU&#@k3qN9j>*4`6uEF|$P80S42#%!=
z)eGpqgG1<wfmmZ*O2x%R&L@l%k%eG$I`iTU;j5z*qP8<r@;x#CeZX~*(Ne4}E$6m{
z$!U7)bV_Z}l$QOum`Ybx(SLfpO1+Z@slEbVQ{NW@`x-F`$+Ec))|__A=tM25T2ff8
z=iUOU_&WWyWsXDMa4j%uxvpRxWm2Ko8#nCGi`}d-tsH`|60(|6&yGE1x;o-QoO=ri
z@d=U^%s6N_e7M?uTJ8;fALt_>Z3hcJl_N)P;f);xq}2Th90>ANQ4>gQh8-<+2jW7U
z`vL<q2GNpji|FT7zd6r7%HGH+ZBL;g&4<WKDV&?5Ti^$Ne_ubHGK;s<@m){Uq3=Cp
zv}seXlvW4Ju@KAmEiC@waHjQQL!{O+avDr#w_d44q;c|8LazEq!&vCf#BM+;JjAKb
zQ3>E}<DA*EY1F7uH0Q6mv~2lu+O&BK6%-c98dR)5UAS-|_3qn;)~;PgzfYS%Uwruu
zefrrbnmu<e<rd^pQfe~&-;<9~yUwYU-Xefn$5m2`z+7sXT1_om2h*XwI?`FEo=k1q
zWl&U97&i>08Vx7k^`Wj?onom6yI)GX57*VxM?j?nL<hh-dLwYdTZ_QJTA5lWYo)kw
zYSB<~*|cllmZnepm9}ipq=4Xfswu(Fye#ER?JJ4mnDF!t-bk$jvgq>DkKqO<o;!Y3
z+-b!|CEN*OG9V)k5U?O=tdI)+Q3iqEGKHnqQC|3$?fmL8pi`e4VBFPF<zB*+a8*N$
zMiiU+;G1pk23bsXABcJ&A$!4i#qQ7$=Jb++(sjR5bdwnFbyibt1&9tSN;&Z}5{Ngq
z-09@|v?4H(wikubPrq%XvoE`vCQtr~#{cj>U2xi9%4iZ!v0)K%9o6P7s$s<lm<-Qy
zJowwNEsuiJ`cZs%6ki{{HbEgerAV9>9Nd6{ubnU0T`m*<V0v8`lNuG2@u*@khq~aB
z*jXHV1^V8rHyw5H>e^?hYkF5&P`r=|YAU27V+7w#?HJjSR%WlH>s#NheH>Uoy>B3O
zvlcuDp?pWdjOQ1Ek-zn8R|~;kvt|vIF<FR?iI$Cpu%5I}pFT2;79CFzK$H>4+j6eY
zF~W*zwET2YTAOn202a!q2}Vvq5J7^?i-R52$DVsi!An;g#SZ_RH!s1TPky7Zn{bmR
zGTIM9Q?zCQC8oAwJ$4UJ*BH}xG37WUNPYGK<$!g1K}_n?l2Rx#C6Sh_+CZs2j-b%w
zw(>&Ggby)hFYMrcuaifeb_0w;VJ`-ZoT^N7y&V=R-!5*Nl1{B!Wl(HFqD(1OQ2AD2
zu<$?PFljPc?lgLeN!gi^({}CJ$w)DX`>tRI+1)8Htv9h{G8JVPbDhO)QrEWJMiH(4
zeI>P_o^)g9N4ZXGBI`>rUGwikXhbBf0L4H$zge|Hri{l%#!_i6UTPJ{4&NwST!ZYI
zY$`7<myN>;N(yL2-f~)0v5?9`^5y=+TGL>R*vmUybrFKgqA5Nzl@4v$pJHNSxPP>a
znrF0g^13Hw>ju)lcJ)e0e|Sa)<t$$8xkqsSXaR5!@*_*(I$x+S0P|ADtshby!eqCa
zB2PY5+STPNmQ#90+r6HCgXHLBs;I7@`5WibwxTR*mCzD5x706a7lX0s7$4F1#0z(b
zeDfP-kW$uz|4FNVruF%2>8Oq)sC~+wPv<S=_I+DkDaAyF(Dv=ys6)HflvmByoZDd|
zsqv9iT2f5usfkn?97#Rfr%PWrrK$fNjo<(9bNc+t?`hJMUup5u<#cGj-jv1U|ILvf
zQs++X<(sp66RTFQqo<#JRpNup{PQpB-mTMKj|V_Lo_*nUYTGtL_MO>Xj2<(Q)-Z2C
zIBxjn#grfL?DKDM9T!Z^nyC?McUl%MTuQIK`MzI&21bAUgei{RHts`r<FeWl{PD-1
z^y}|4_Bfoz22D;|sA;|Ulni%JQTd<~t11$ChBbVv4Ao>x)l{c8aauBO__3BsfdxRE
zFTVH!z52?l+<{pp8z6z0&iZpU{qpN?G-c|~w1_Ln1q&BR<u`8JcpCfTc>3t$Pigv$
znM_`b>6Ft?rCV;lm9D=28Y-<Wr>O8~YL?KPQc}~YY3r8Ms(EW_ozjMqxIwK6EThV*
zGAb%6;0g#IvqtA!C9<9zFhJs5s8`XgRexyv1D<QB!O202R8CadWLhbA6+zOmG%A=I
z8*CtjQIJ}0BykL9!dg~RNWELd(z=a#w7D{ts)|dfvba=;X;pO~r9}kLh@km&+hyml
zA8haoVv2PrffU5o8Dq0pO(kjIFmcV*2~wes?&ONuC;iHgnDo))QRT;R-XWB(Z{X^_
z=RD&%U_r+^FE39z+g03986ChUS@l9`Yd^*l!si2m!UkL@e-PBdRZ}UUX(H8fxlwr~
z+p`v4A_VX`3#LO?u_B1+j77P0_C*iTH<Lf1@uT0T;R8BQMq&gvoES0X#+S>w1`RF?
z`uY4+^AGND9EsL#$)$)^hf#Dew$BHFz<MmC$|TYsRJsjRu6zLvbsc2w9upK(p5jCO
zE3;rn@$Flf6f_hdr=6R2r+Fpwyof2j3yN=;wvFvdYjal84H*X}IrW9QW~!4Z9b~R2
zQD<Ys4sPhY;yjZZT1*+QtgMpHt`rm$3em*#gAK8or#GjzZQ4>=vosNWs~S4nxKp-#
z<zm{pnLCYbJ5f?fDn*8?skXRp1^zBleYcF(m3v$n)HBU>4MwKS^KG7C1Cvio@5Roe
z*o73+d<!?v=eDDbOz91*QR}DiUDSY(2(HFdXBuTvm|e=9$q4ygZtnWkl+tqu<;S(9
zioi%&Hz>N;0FI6F1ev1?PMTft)d56L{#8Cel;_M=(|Q5(U1of*Tg>bpgm;0^We12m
z{|LwA-=xbqM?@MPI~O_Se#7pN(>=krtKX*h=1qjmwCmi4^0V`3^|V!VVzW!>)Ql@B
zG&oGshkNYrfGIJoe+}m}u3fX1T4l7NxUe{?&ISppqT+yJxd!Ed<+Pz}11&9HN~=m1
z(faDuR1r`@fuZVN4PkPMqml5UcuLvWQiv%wqFTIYF{P)cQ*_MU+mOngemo0Ef19>#
zD6Ca0+P-+XJey{%v`JT372jiACxE0HJNE`j!ByC#EQrGR9xCUXG4#Y!si{eS+TKmS
zKeUK%$s{n2=5Lxy%d=K-UnYVQ!sDdwlC`MSo}*d+YupxXT}o5e{z65S1vI?lanw1r
zvkrC75W>%AEVeObV5)9<S~FUjT}}n%HI6io389jbQh8Cax{&02(<UaTKGS-I{Ji)E
zb!^v`uD<dj8aDI@YSJW;)~s1a@o}*<f58&!-Lsp_G~AoW&CRE+oc90Td9%csmtR1O
z7A>RhUH48Ixq*$c1`irQv3o#Ff#oY!QxJDf+qG@2Z4`X-vOP14X3v=~c}Yo0rXR*k
z5Hrf~i?2pg$M$WhcdzcWapPvG|8BYID)Hw_OaWZOrAt@Rjn`dH#~*jJ=*{_S0sY3r
z^3X%->NgaK8)d#P%6o6%*%#iRmMxm^@-++i@yBts{RbS*1n);WdiXIE6cVZ*OeQ6m
z?xWv+DX4}?emy@81gbmedm1`pl*W=P0j|NM5}Pt*GIw~^aK|NIq^PKf3R&=QVohvG
zNwIt|JvTRpAH3Bno!s~i959du4jf1~-h2~f=4Ml3QX&-;7jiVHNV%)ddBT)ke1HId
zsB{8DYN?{4iYmBs8Nwa(U>1OzYJJ=hl&hx{>M0MeK-9^O!rhfpZ4e|tbT_n_BRBB}
zVl<A=KuXmSrG;PUKp8I3Q|Ay&3$3aur>vNCx@Y7>TAD+&ttOrVBI7AFsEFE?FQrG$
z>rd_4w4tKHVku{^F1b#KN5~eZ2S)=$=sFefxun`<52H#u?iF<uEzwbVH16($1Fh#k
z0^xK1cU0Mc5n{P7Sy1WVB}rOZnwq|+?^AJihgC0JiEyc_G$RQp8>~Nr)Y8JqPg73O
zG77BX&Iyx!l$BZst&V}!QQS$6qD9Lq>Fo3WNBI@C^!&RIQ$Xe->XQ~sVKLlMh~a?I
zF$=~TAr%)s`Gar#vXP<k790^z?FU{>-P#S5k(MwPxO;L2&ti~lm^AxBa%i&2N>DRv
zPV@5fW%OJcd#?b@HLMTyM7B4<oh-o))8UP7Q`70}?q}1tIiCqB#fCQ^rBzi`Vm>SV
zESj?MM_M>!llF1o08c;QzOT)5VD5YAu<7fF^JkuTl)7~3LQ9q`k)3W41g6L0^D7YO
zf}DcXg@=d9^x3kqa=tZ#rEXundKJrRI`q)~)TiG-83{sJn$BT;aHrA0q~9D29D5hw
z-{ivpdT8??h#Mm(Tc>?OVWlNZGWprBE*H1Z8Ya(7oM9K8TS$?82T@>2IR#Y~(&E*d
zsn6gOsHRC%Dx_#3NHsyKUBM2*CfQE<O%hBJea{VG?_|&8C`&6it&8T(rm0h>O1WY~
zDRaG$N9+TDBc>wb2!Wdc!o%|qJG8T?vt<+sFSVQm)dkj@w(ihbM%H$9hgH?e>>e(g
zIDk4G*^Lqs6KMV7HB_>$oUZEd0A<8>;`FOs)xG;Je=o8!GbwBPR_feYZGN<9<pSDR
zw1IL0wozel9@o=cuXA-BfbAIgDCQt#mLp3<aV$mUB~l7Cr=IQl$ah+oELkcqbCQzx
z-gI7n$kyra#Obf)HgMsD2~@InEfY~}f`n<jOhma63x-*r2lM5H8`=R}3E1O`7d2}}
zDMN=+AlC;=b^4p^<MjLD%lV@yuQZ<`17fIoTskF0#8Gr;Bt?dVQ&mkBl~j~bc3BQ>
zE6k*A1zV}IrjlADwxE-HoT@|EJJ^y_Lfdjns8`!0TC`vRlbSv><}dGE-cRV=jB@kx
z<R#yf#d&m6zjT^8YYuho?)`b3F=HpneSge|q1wg+5Z8}C`HC*R<XnnlqPjPM(Z+G(
zC(#W|y8N9tM$}hUJIl)lAAZhtT{5+6*T&0!`t(0(?Ya$g?m4H)xj)o*4G?D6t{tgw
zAN5(OT}4CU{yXs;lhd=$I)&2HQngLP;6qMFaDNtSA~4#5wVoh-AT6%O3AKxy*3)EZ
zOTW!d9ZO|_kff6!|F!Z)0}UiLZK&eTAJ%N(voTw?Y-QOZq!iz#%g@iFe12#<bnL`8
z*)d%4ccF;zNGj!urL4S6ri(;GM^def8sQC?K1v!nZtj={hXiswSbv~KO+6z=z|NXa
zUsvO=Az;6I;$7hOu;Y|U`Qm8uq#Fto25gl{+2RZ)R@2u;3CvN!l@u9NMcI`hG-u@|
zdTmBNjolVcE#iXd_@F=OU&nN$kR}<j0R_mubTYBg2&Rp)AU4GbI7}Q7v5HnfB}75Y
zNVPFDSl6W9biM#{6u5M};nML7&Ns>i;mW<@BB$x;4mov`*M`9-E$q$s4B(yzns0oY
zx0=hTsx*hHOR?s<hKh^u(uOrzI7&H&a`}g`{QTQYTDx%@1xCcuy6w3%c+er#vPBYM
zI|;t)DJV38g1E6YNtEx7vfz3k-O};rPH0p@GDXIxP-qC=(jyXG-WuL#^+V+lcMj`w
z_)<>%EMwF;K0ZOFM#)PkQ8VSC;xlLa8!Bi1@09w`?dNnlz4PhxP4=fkMnO<PPBC&y
z%+1bdeFpu!c|0vV@&F{KxUc2<xvsl&PzH0)o9E=W-+rU%zfGl<EnA9U)D+WVd-dui
z*M8NiRYG!_Hcb%{gU-2-9u8;q>NT3ImeG)5$4ZC6{Y)WzWl)Em!MT!deGbm+9`-Wg
z-c!mZE+<X~%z-udR0~Fc0;xP8LI|EAd3c7(et4S#m{f;V=F--ce^F|$<ESd3gR=n=
z?hoV{Be6ljdflTd4gO%#Tj$R7IR(tfJp`LGp)8B|#;o_QW^1G$Ku$!D|7Fw&(<^oX
zsMGN>0VBz~KCQQ&^fdsN{WO639XEj1&ss}Os?+I`cK@T;uy`S+=)^Zh<Z>To)5i6(
zWC<f$o40MGb(_~ycFA@s49cg{&?2e`EurdAZey5~hEOPl)r3=6c@%{gM^j=*GG(N-
zrWQ>zxKD%^^J@s3StcZ^PZ;fMApM&+ZIDkrC2{(<@^ig$)-0;xK3NDq8)!Nla_SO&
z$5R<U`%%67P?I*TCH-re+@__s*l+3g1)kquR!^nO!fYxoFQ!uNGgdJPMOz#ej2RGo
zKL=DZDQ!uE+YQma_8k^2ROIxBS>Eji$f&`WzpSP+2e(n=w3|0M-4O{8V)Q8!ql*<W
z0-+iG<3w@8G}Rlf)#U4=&uRIJRbqDABkYbH+S0V?v*@%_j`t!`Lf|GaQPa9(I9wrq
z!xizXFE03d_x(@A4EvbqXzJRfBeiPT+$*i_w4;tQ=B(^oi5LF1Y~4oJUUiAsnJ_W!
z7j`C$H{Sk$N=wSb9-q!by=Bs9;F}lUbCVXlXg#EFPp2FjOio?-GVt|_vd(6H1DLWl
zWx9Cra&dF#&DX!bYY3g$bLV^I1Lbk)Md#6^$-hvmRxRkaY15^A5GO{D|6o7Bb=O?x
z+*3%0vG3NUlf-HA)xBF6nmqMaaWm<5=LPyl4;$=U2f!V+FTBX<u%nrrIwPk{PSKgg
zkd7Zn<0=29iP^=5W(VqMEV)i|-rPbL>e6Z8e={N@ootpWPH#+1tTakRm|n^q0c;8p
z5`y(6nrw1K<fK`r8^>VIpX?gT0^(%Ilh)v)0^%2VtTf<K$5O%Z<R8k}TdAIq{J@`P
zJrPRY#h|>2nkr*hh?{l-V6BVV0o<@z5{`KL4+)Hjp~CVSnzUd8O`5-fiZ?B#r!O5u
z8BG&uTXhUyCsm%(iDQq>uDk-aKw$V$38@SA2NzMpQS0OWfFJP%zdC<jom%;kUl%;?
z{=x42FC9_|mcwPKcjOd4TyZu8NVTsQlOJ>r;Z{>sDw|AIRMb*MrBcS4R5^02*sV8!
zDydm|OZxnauV~iX1vF^LQPi#tIt_8M%Wq9Z8J9PAJk7K=zIN*Qk&H>YA=m&ZBs_{G
zl5p!|-IhVUIddGe0b$}GzX)Dk54>aoIo-N#8#PN!)z33F#ZY<zuao@`la*abMfabZ
z(<vQJp;4Km6d~Yx)(}(V@thXt(A4a4wBX2%+Q)$dxj#**@WC;=Aomdi?E{`^d_o25
zEirNiff;K?o5V#4QN<clJU1Yr`1}_}O<~4!1zoI9O>LebqpgJnh0eW+d&k7JL$HcG
zLw?{+Kf-jwomZIMaXDr_sPBkkc|(wF3S*`!!VToEXy*GA)ucJiTeOUN96FeSliO2O
zNDKvWM;G-Z+M_aV#^mLk`vKckxRdWms-zwHKs>nrP}VT}=E;G!0zs{+#n7A%gUiPu
z&kY2w5vG2^AI!S~({tDzT>jHQiVBUPBb%O1$G5mpUILgA)5Z)uE8DhgqN>UY?htYZ
znMr+7aUpHZ+Cq5+x!h?hrz+emTslGFffODUM)7g+)GRTLVxr>s`6!@u>(+6<CX|{s
zOPBTB`x7Sp)tvs8I{hX2`IN&%vuNW+s$$X^P+Uy1EQm=%P+}rQ@bewdy5Vsu{p&gX
z=x6>N>2GY<l3Pmaw&v4eol}{dE);SK0_q0HC|>dfRCAqJ6F|{TVrkawxlB&GX$_E#
z98G-A@ghD3ZucciR`5Nvp3c!^28098@QC5w1pLE~zMw8$Ita;lo=HZt)D*{$8>@w6
zeyY!iju>>96V~+Uv;D@^r*{u}lSvB5A;LFdoO;S}Oio*P<;9(LEEzH8Y$2k`j|pSk
zgvoUMwU<d;?zoZuE=+upE`*1;59!mZPM&?kKp9}9)UAg+6crSCl?CF0y+JpQ%eSoR
zyGFk0JWIb|aO?jzZHDMwd(EZd=1zm#Khhh@yvM}t)^msL>j&iinyW5$%G6v#w||)3
z_ldbbaJ^8TZ8KVl9>Si(MA(#}J6_)~c7&h{FTBw6ozpgLr2&@C0h2z}u%X$Kg9B+J
z`NzAd*WgaDFMR!bLE9rP2pTx_A<TCj*-}WS*+CJVK@c3ZmIlPMN*X2Z^KwTXod(rN
zVk#BhfYoBIq@;;EI)vR}x$zZ(q^7YVG6|3E;TH)~@p|V^%x()teOUs0RFRE(u%l4w
zgKy|=)D6#Qqg)MCdiaM8%ASAp(Fp<0{0AGZ7G*;utX(Rvs-@xzjJ|Q>85%;JlR~Lm
zWF8%Rcy9_x%Ait;pb*wY`KxenZP|>tI7~!?I8C(50H~Oq_{F5ooV4SJ@L-RBglX(?
z!1dH__+e*P_zLb*aR*$5BX&Am>9BFf2h+;sQ#joDGxw^>giqjpVIpzE+fH`i#pq}d
zrgsHXP#BkCR0KuDaECtzpTgiHBr1|ZBEl#zG@J=hHMQ^5iTd^HONm_B#c@X=GCZ2X
zBBIz&JcUKYP-tWng|URoF;d*ZqLf5LMN@b*6Vot!VgYH89Bc6$8Vr<+HlkcG1s`RH
znGYZyC`&xEfRtY&0PaVm#Fg@$;<a_p%4Y{Uhj*s-;oYfyWM}FY){Qzxcc$)qj&BmK
zD_up`XWXWJ96;b}?hrcn^>-By>Q@o2gAF0U5%n~#HvsZkR8l5uHlt$VD7i_3OzlmG
zPo(tb>D<<|k@a#Qrub$k{FgIn1<ZY7+Jl`!uAxq#E1i-LcYYY&^@D=%wRi4KsKJcy
z;MS`2$a*>^<VY8YP+)K<WoFK#!nLcZZQrA*JgzNOhb2%jX1Fr(!!%&Tk2QKKS{1gx
z^!kN!DO6tk0qZW&J|aC3kbay;MyQtsAOMa;dd#Q`yzE(U4dK6`Vy^k_J<q%2N8!8G
zZ`1AFU!+5lhiY=%_=zci@`_JLlrr1AWecrYy;^qJO-@XqmgyPPrd1nRm))jyTgqtO
zno^sjQ3T&idAa#AZN8+mjFMBDQfgYdgtfonq@T-r%jV58dW+2|6VlQswM!Rj)~64p
z_CJ(T4n35b^z2Eo{G10eNzGvbyJYE7Cbwmj)HIb+nV9|^>2GX^i3p+Q$!aYgKAo7J
z-i*4mO7N1(Qm#uk=TK=@AypNXQ})Jf6vlnos3!4T7peL&lAm3Sj<s*!*6-Rrtan_n
za0&J5*^QR1SSf2Ar%c5jF2B*njaw*|`vKj$bry2=?DMaSeRfVRB_}7zhCkD1%%<ax
zJKAs9Sf`1Neg5<Bo4C%2phZiTQ9r$ga^8YPe&b3?YC`y??Ql&}5)$HN9c^-Q6N-<E
zbJB`sAnvrIT`*?cONjTBla7@zmMvSwam{z)TCsAq+^4OXG_7GGcGejuiyq3Vps-N-
z{Jt9^AuqrFHr)vWg#46~kJGM-yw098kMi>i_`VOJv}S755BUn?^P6tGijEpONXpU|
z?tCC$2JnlvR7OE(&6ewkxM$3qEq;3R=qe+b$Vcy9>V-ri_ox2gYl01~Kw|Ux`9hpC
z*zVL*j(5U$>lK%j2>C>wr%e5wI(BL&>7PG;G4(&R54CRHN(K*BtzJtf9zR^d$jQ!g
zg*}J<n(Mii=KjFw?9yc`>C7`u5<eJKo;z=m#EEm<J6*eWl6wc?{WSR(&TEWQcJ(39
z-C+dK{-Gh1qth@dvvN}>%88F+;HFjxpYG7Z%7N+R%M3zC#7^5QQDLc#92{3I@Pkf4
z5H~;}(&?3{kbE8}i!(rIl|R{iO^)ikj_B|q2wSEaA_6q7{Le08@8t)&>R%ul{Nt4$
zh;f6G9JOCL@~?650^Bg|RjnIx^c>;x({_?}5q%DKs2Fz<6{p({;m8s2I^x>Hz@05F
zL)F3H_)MPx{%~N=Ql_kn5d_$xa|U~mHSFk@(XIm}CML<$9+~p0!;vE!aEBocUTK%`
zm97-N{F=z&=E;i(2oLv(Dl1by>b`OLSCOmua4KTrQc&UZk$*foun=cBNU~sud_!;d
zphETp47lx7I>f9Jq~emYVl$2`QvRZdmosX!4|H;3qGM!pglHz4nCXD)sLIVdJSA$j
z0SBg!+8+0TxEn8QMv{C0I}t}uoeSW{Ibp~-ER>}(E7TYMeg`MQNn!(KeCuCm%<3^T
zcFkCtw0;at-87CSXO5N8(kVqh($6{LS?6aC7x!qx#a~?eTjUxUv;Gt41D-Frb}VWn
zTs;@2KB%fvYejKx1i&XFuz?cpO&l@Oj8Qv`M8eKj+=Ry*8v>*ckaX)j$iGgrW9I_S
z-FBiU1|=$uoIn0UK9E1;Gq0#jK7kPw-kl;^52UJyWU2`a6+((pbm&yns(fR#6_EBu
zr$yq_aTu8N8+*}m>8tk56$T5g0bbggYhfVzoYn>jW=r7>uSw5-5F~YX<*lK=QAP~b
zmvTMG<W9X*_pjR+B{n{h+P3dR?K^hGrtGwO%{rPna~4gSG?{)JJ5~f{*uf1t(1joP
z^%v&;l-RfgYJ>E5=;EY*mP!AQKZ?K%J170D3qSDdFU*5cO3JHg%{I&y@jMr6)-ma4
zsVpg{b@Nuzwk7K+gzJ#Fm{^Joi=g<(Sc(mfq^!kjyuwOsl1K{|E%mZ<go75qz%ppi
zVf4@gcR6zQ*{8`A)-S*Qf$sR%^<sBe|GrAy@vOu06_<T~_7fc)Ed&nd^~JS)dzP0!
z5kvqxeT2bnFX!55%x?bxrUkp>!nD!+f<h`Q!|vEFT^w<6*@>`SYHCxjw7T8D|6!aE
zxs#X>PiL}b>;W9yx^+aUiNS3@ea4^EqzOM0?1XR8oANgzBo4aps{Oz$&<5isfV&ZG
z1;e5J`qG9Cn<$gXEN0jA>D|*y$5-Ekhl6p$D78Cn!;c<P$B*y10nE5R;BV35<#g};
zkJF~jTa_O_BIHy$sjyH%7=s2*w73oc0szo?kWL669XE7hAY!NNMGznUa5MohU^I5h
zUFmz=ICzc&({%B<8;(%ODW)!(c*QU0MFeID?A?E+Vdp>mqoIcZZ^N-ckNb}mMOTdY
zQJVTF&gk2#qdu3sYC9;&L5?t~b6<dTV7FpJ5X7G-x;rXJ3*s|r5`{W2PF`ZtEM^#7
zN5siM=gW+4s(4*xia#9DiNU?XFl#Q+Au8nupMt{Vr2#fUz?4`Mh7tw`hNvX{Y>>2Q
zQSMq-$1m1!mp`qibrG*2qvD5;k}h+u{j2byXLLP~bGWNhWe^YA&gH@69Y+JC$`kg^
zL<I-&oJb%Zk??TPN68->^wGSOKsIrm6fwodC&AnauA$PB5;c_%*HHzh!*csq&xRAW
z+g$`!_;LG}gUd~eM@i1bO5h34xGSSlz(E_upfvtIF+fTh`q!*QYnnfJ!w#ici#8mp
zx)&QN?l}IoKU@<nd@2HaK!_8P3Ol}s@XX=+k^tU91GonPkV_+g=&?VLHyjO-GGx>(
zXiMDW6mXjjB)tes!}vE4SGmWKV6jkU<tX{_(l_}wX8ngeR|kg36kfC!<y8SxQLU!4
zq9c~rnmc5z52b*}L`gfyDZXur^`9m@_{B6@O!IZp<OgnhV-{_lHeZ2?o1EgBz#jR+
zQHUpm(=B4oU1C0+A=hNT{z>w8OQbIl8Y=w(f9?m0ghxhF(`ISZwnHcC(fbhUKkx_|
zG~{Rzm|+Ju=s?$B7=Nd@)8E~s|Hxq?FvG4fr~mJk@X#P?l@jBe&zLobwr|@?mD}@Z
z)8e%hhx#QsNxsu-bPCH#D6gcD$>b`>4l;1yq4e8t(`oi!OboRhMy<>_fMa4}BF&w*
zP)7fZ9t4CjDk_R%;$r0-JK6$no%#eYW~Ae%$-heY^~KeuU29ssb{%cn!sLX{SFKq`
zD^{rdU_CbKr4_50eDnFrm20T195Ybr#swI2Qc4n&o@Gv$Mld1>GG@vlGdo8{bOE=X
z5x}24$}%-Ig?cloLzr0iIpL?NjyvGi_a}h+{P`E(aKbeCp3e7xTL%K59L)L5nX{=W
z=hs{-07rZk;m7fl{OTcm%yPhb<>oEY9UZ`!cXZw)F<udJeeM=uN9VqB;RR>O%MW>(
z;>R5lbioA|JdoDB1+84QTBcgz4WuDJXt(`!3IJ&sab%G<<lLE19bmQ*FZe;@uXF(T
z(cZL<hB0e5b>Lt1?}R7*<;eE@gQ&z^h>bEU9dqUlW8-nDm1)5;Jq_uX0Pv3={PG_x
zb^OQ-{$%Z?Qc>;#xZ|JQ<Q$IrDE@FzVQ2*h(n-KuYv_R>A{2O#qZlL}BMJ!9=qWf(
z0*`~Yy@C#&J0uwO;7(+4Fei%@{pd<Lb0Frvz~~&NP+?7>WQXmr?za|cXFCa)9fTCa
zoqv!9gpZ>K$btGrILNCiBc+62=tIZz8zAWbIh9=iIX-N*1aj{XZ0PFvBoOUSj&Ra;
zI4D~{Tk;V)@}vGG9!zb(rXR?wxVwDr8tVG<*r+t9UsYyuZ^M9pEr2-jiLyfptI;O;
z><{e3gDA;S&H*{VLZ54Ub!zMYbxj%$rR?^CYl*VU%U2sBDMG_>XeCcMy5s#jVD1hJ
zfpdLu52#rc^74`4ex}^_lw)Q{d!Y5*Fn-M^U3?4OkSC`e@B!{~zZZ(F)k{VN#4ThQ
z(dql#oj$qRIvnHfz?_PTQPN`Ic4J6-)f+kD+DMMRfKH7pCBgi8?MDUV1=!VBu7L8T
zJ-Pg%+}v>Tt;-DY!EEf!xdUx<!rl*X#cpA7&?7k|#gVG)LgxitP%!sv_+i1zqx`}G
z$}h;Lwd>YURD2wzX0*`0i4yp{d-pE%#aG|a#EDaB>eSyTG&F>c9(JTm4_$~Ur9HaJ
zw9W!1i(h>Cz34#VVq>V^A-!nYA2aF4AAb_NRxO&#6xg<HGGvM=MkTTNkS}s`vFY7f
z>esiIoFg4;R<D!qh+;Qfe{ms9yxjY2)YoFSZCfTaOKqyAiSiM((C9G}#0@Xr&~HH6
z(a$saC@C$i6ECI}n=m2RP!(~dFhLvj`L|-Xc*!zq-?lY{F;Rn?8@_ol!07*%Uwu!f
zpLU{C2GP+`^urJ1WTPnLaoQiVoOu77J(s$3d0}~l0j|M}nSatRzy9IqVXf@RdRj8j
zj!FBNu@ju@w{+<WNz2NWt5KOt8eot9Ha1oQHf`K2<iBf|PSk_1Kc>x^Yv|SkFqInX
zl}|bG7$<G>=Pz=~-F=_H-5qxOc5P_cvK92z*FQMvN8WLty8ZZuk(--K-+lL^d}?m}
z`i=C_$6q*UJLjzWcfSr8GiGdUzy1Sg{Dg@#?C9aLhDMPkYyeSDCqr5l-E8uS+LaX}
zIM|2?Z_?2k>W0oVf-Ev>$$z-<@X!JJpaDJk*Dxjy35qQEGq!Ssz6l?Hd^ABiL5n}v
zkzvB9s4C+JIE+F<JiE%`Po-Cf2Y*`7{V?_-ic@NLbwucJlUQ&RH&+-Ex%>#KDyyiH
z%MPPq5Yb0U^%3QU&X<Z)ciyCfr;f^Ag=LQHSsxA9!NiN8#f~`MYFYb%^+WPW0{!+}
z=_`{VrHT}iRCo}zahBTY7!@Zf8`*$L`;#DWaQVkk^2U(dNj5!sfmw}ivw+MXzoG{}
zVv-jM7>P0Qq5QA`maIF%O9uQ&Tq<t%qRLDk)qMyzRhBB1>;_$inHnqhY=>uH{rdH?
z6R9CrNQdOfr&Cx55{`KBfy+k6t89>Z4qMFnh-AnSZd#9jBxoG*$0y33f1xJ=BYcQ&
zFaIik`ouV^gFrd+kIQ{WQ0nrl;^DGIrG<ud9XC=L8Lj!c@qOZ|9{}U!?}E8{e{(V#
z5A+S9?<ToVAb19FucM9-)N@bZ4l^77$UVr<i`;ecua0J|s(F4)9Jn{|Y@6xoJAAfW
z7fikM@JuC!U$jS+TqnqeRc>(n=HAEAO=?Y^0i$EA)N=%bIymkO#EH5KY4A-m!t~0&
zhQ#FwqRzROzH{(CH!y93$-AT#|0sX{GcOm+CugLb*be6~J3zSZH0)!5tXo)E)J67R
z%lTPkVj9l<EUw?AKI6J<-THOh`7fq~rpeUlutT_gRWnom3HX>v3pOq4-Mfdju`u{?
z+)r{3U>fb7VCIb3d=G7)vvxoV8w*tHpc`J#ugk<g-l7^jkC_QxMFkZX7t6zgwhisJ
zkPQh$b+yq3N_)=dXh1=Ta0Jj`g4n8#zv}ekBh_-wzR{V%g+YUg7!@I^luyJ6xN(-X
zkbLAmg2ab-%pae~AJT+}8668nOw<B@=vHzbK+K@afk}9x!#1#2?karf!w$xvAavX~
zuQ(AW)lqQZIKYil!C@;MM1y>y6CW&_S4dh|9q!1#<VUWM$}`T9c5DU}!sP*=+z>A8
z;D+eLe+?5j7V(F?OTlnB5{8;~2Ov)9mzH6dW7UyU@pDH8iDX@LU_knmfJh=KDj%w|
z6Cmk9xSnZ#oN)GEjqAi|U?=e>e#Ia3Ove<Cd?xWS(G*ef%Sb3INZA>GVvq9U`+)Dc
z+FH}eQk`e$s*w!Obwt?-5I<Zv-ReHz6D{h1KLvyXJ=}Y^$8p3t?2Y?Q0UZ{Vew-Uo
z_R12_@p76x&jao^b<bk4y<9U12cq&L&lyDfb&gyfcy7#f#`T1~JV&r&MJXf1ug&c2
zKqU+5lT!_x_!IrBPbGc)hwzZT@(T5BNTd$oN={V->bzbtdEIxS5@E#=9JpM}eeOOA
zk#p(!1FkXjaR1_-GtZ*|m%0<4)G-KG3+_V@Q{2x6(5)k`1Q=bhWjCzvMBLa_6fdp(
z!T5KFDd+A#9go|cPt}3XkzU82>)eQenDr^j#{3CjuLW_{IS2FsaQu0SNAx5_E(cYg
zX)>x`00<m!x~$Od@O5#QvlEYw--;D0f1}{p#B*9wLA7O-RK>D<#R@9nes)q?GwL#+
zpY9L%@q3_(fj>7Z3jXYOL8i}~E#GMM=hoOnS}&N*FW_oV88D#<G=Ff{W<G*IIOLR%
zc%}>q0T~M5j*2?hO(PmlZZt7cr{1nBqJYsigl8I9a}EeOLZ@0f)2z>g4jm8pV{Oqh
zqy<};BO<mDdrx}Vn*D<a;%LGS4fc>z>A*YTc{(3x$SarxAr5KKIZujk)lx7>0EY)_
z<JX8ANP(HwXhskb2jUE7@`33S`1FnFiak13id4d{8PP=isFVzmHRMz}|0o|MkIxmk
z=guJ$Hx-WRsHidnNl~OFG*qplDg!wM(L-FCGz&RpT~q$Se7zu21SkV7=nP4ESXauB
z{ehgqO_5U&L3E;6Lkfz+=Jat)95&lY`Efp3Pdc@H?IFmAxUmmF$_#PxAM{lx7z^D&
z@S&yhjqq{5sl2G2HerUlM9<-<G@(q4i|cwxzS#!xv7Uc&s`O#@D~^U6us44m7(WW0
z&OOqNeBxSpo)=XHCLL-jGiORNrhs$YH}bt;TxUL)>n>qoRLZ=_z;l56!91UAawS|P
zNu^DRvhx+=$CC$!HX<Dr<?8c04xlSXm%ae!ZrKmmPthDOz-8hxk^4;FV>pVL>jlrf
z;1YKs;ueznL(Qge{J3;*Zo+hji+coho2jb+Ck`X-xZKdz(7{VmyllhBsT+=e`Bxrb
zXO3QiKi9cdckW|JH`}Xc$WvB;u`_<W;Pn`I{^XzixX;x=pKEw(L**u5E7ZY&#LMSG
z@^!r`e%$fu^qRc<UC>#yV#SJ&By?*-k?AQE7#=F;HQXNnl3O;X4*mO}VXfoG%0E{O
z{JAwmu#4{l4?RJhJ9nU7y?Xf7X>8)@1!(B@mB9vmBENFV&7lZCEcysR#~F)*@wtej
zhaXK-r%vGx0!A7Y!2+=Y@eu-vb3V#B6Ci|*uoUUwHWZC1I@R1sk;aq%K~zi2%B0f)
zzv%E{S}8{I(7f^~lhOdn&e|^D_(@MzbI+lp!cd)sv(7q;R<2wjA1RlSN4ER#fA6B-
zfBQ|sk!hVQ=&(!LaLx{x@*5QyDGffz4~U!)QsjnpQHUU^a?XuD!r&jt4+4-g1kHcQ
zD}1UQhuH_8C&h=;%{SjnW5<qV|JBl|!e|o+k&I??93UBL<T6k?efU10BDU(I^`gt=
z15$&8fGmQ{AXd%|#|yFtBBJtVNMux0sJxBC_T5-?k4_8xVXinji5S7er$A8dmt1l&
zHER+}sR=Q3^G!F(COj&CxTYqz0ZjBOsko?!2_~lK;q6|HBLAEh+!M${L`1lRkG#U(
zkZD7_kUqI5IF05H<pn>uwh0ONW?DWaHA#@U{~&NuKEWs-T%!^RFE|8K3~^7XbRt~5
zY(UsBt7{_{N5!R#8f=nFg#4M#r&3TR{MG{r2;q6eTV37rl15H@ITN^z8#hu)QXF;Y
z(2+7)wv<l|AP!v9vhp&~#WY!vOVfdua?)v&`&O47z6T~mpUt>0@jR)p)I9?Gm8(|L
zi6<V<&u)|}e;V58wyF;Z*Fdr<o|L%FfD;}cwT(;uCP-TR|6#qvp?!PMFTeicvaS0E
z_j~{MZ<med4^y#DJ?U7NP2>HOnGbx!pkBG}{`+X$xN(%3m8q^H+v7RHeT#btN4dFB
zgzS#z3ii?57U2F$O^R1K3_QEg!F^`#HPkC_zWF9i{Ar@pw|D>VZrSCtu&_}4se8u<
zY$f+NUSM$?h;QP=iS*=?Ptq%|yh0B=@BqE{(PtD99wD1?APfly$w&QxQAK`sup|IL
zJ`J&xdKvC`;e(99oA&EY3(QEvyYIeBbLY;b?c2AjaP%{YG@(9*4(y<hwBjgXqu$r$
zhOpH^{mDP;Ip-Q48*PUmI2=<aqRx)vIy@&QhuXJqFW;EOXL_D~`e{ka^y$;->Z`Bj
zIx?8XjUOlN4bq1;Rno=&<r?kBKb84ilar1+ire=Xkx`$1=vU|O5ZtrRKKBa!F@2U_
z_XAb7Z_lL1pM0Jk<c=-mt+(HI-2V7uCVl<&_g?zDA}_q~nuPDqts#Ow5YpzhL%;Kt
zS4YyO&0D<eeZ`+&BMl9sJ{dh`ysWA7=hjdO;O8+sC63}dx1zWX%_%G~mYQZTG40or
zpHo)x<L5w^3(h~2diUz?*X>}JV~-ssYlr>0HAD{W--qtM@6J66V}FZkO&!2e9l5=7
z)bQgpCulgequ8-ok<%E;&(9Omm(eOilTQ#J?u;;5K&M!pbLWCPB3NUI&Wwb@VSwBq
zSd0Xz#+J#OH1+|~*n?0CIpr|mj>XK1z`~Cjp^1))q7fs8)9*9pP()<75HxhA6l%G$
z*(_n;J3O+>A4gbGR<87n8bhT=Phn$(vU^k%lT#)Uh`+3~R7R!Hlp}xeD};fMAPA;>
zM0B`PR_+mkKt)cWx-Gky%P&^SQFZ((se;K!Wo5aT;TyyY1Qi1ERa(mAi_1}wQ+(sK
zLJ>W7LwZ6&F+zsO5vL+SNCVPi@`qzqR<0}-zvb3jxMMh$<7WcIafOA4N%^Df(XndT
zvISjo@x`<yGlw>3X46S0ok&}@Y}Vzb;y~~y161zC#UQ7Zd_O31ijR(a$f+7BM*5&D
zYe-pCnz-Z1X+@ms9O*?Ip6gt}#2p(HB_<}&?RVTkKTVp**AU;i!|tG18;6$}rF`VL
zV2Arj@(tpq;(@3RqY4`bWpw{4pxmUh3|q;sSc;$wy+k|tgSa9>5&q}<!A$GMcOi!z
zeKh?s^Dic)n`!0h)!g_`lQ3~zasLZB#eIN#O`Z)ks&C3ojmoP$;=0KiPZp#Z>u~{P
zuZ7KcX0o%g<i19Fyb|v=?*zW8$fANO7g5l5jvK6ZD6VqdXTtGFLR5NuWx;|4G<^7Q
zdiKfx^Xu*<fIoW(;LpC13GNFJGkiM}Ypn571Uu6Dl1$u_xbFZdNB+Y(?kSMYNs}hg
z9e3U1+*8J%=ee$>7A;yxeVoPjAMWF{^fZ}{+oVYor>^t|_1q|83W<u2qAp##&{bDm
zMUOssFGYj|(2N-~WHyico<_c;?v-aq)xRLAc$SQtR`i(R9r@E~G4?n=_0&_TXV0FL
zmX;=@&$uCNm@R-K?4XNu;)rt*{U<=sTI62b5wx@T)?p$2XivWT?mOzyqX&%{Gln*9
z%c7MlS5o)x-D!K~c4_nQT|TrQ#~pVZJ^SplsvPwU71JJ>bnHm7GPCHYBL@0)+n4g+
zf8RzIUUV64+Fl@1&UK=3JBd4Qn>TLs(r<{o|IS-9>XVQBy6uYK`-f?%sj@q!KlcM!
zumQ~Nx7|SZ-+L#8hlbIVDNMYKJK)mYB?0`|H&hJ#+56i0ih(~j2;k4Yp#u1`-wg@o
zzEX6{rqsGe7r*XSto##&d$?#IbtCD(_uLyGe9|Ct0}oPw&Tvstk!s}GD>~00bRbx8
zOG-+hN+uK-Sq+Z}<4!{%n<Ir_V(V(Wbp%-{XF^d@%0!Jj8$pPJ!@_jX(vo8CAVmt1
ziDZ&k!o&xtsz#^1l=AcPxN~17Z_3fxK_iO~^se8qK|1U>M_MsjX9x;NAM%0D7&_+Y
zFku8Pg42iiuzOWeQ6YDfVufg-(-adEA)|H8nx#^1PLAXqY0AyXmN=xNAV(Au(k{vL
zK%b*CU^;tvV~tJ>@_}?Aj212Mk?LmB0mO%Su>c<HN0Z_sB;Dw2;DhNHMT4KFDX|i?
ze0Z0`4hswAjz<l}$?me4vRlUC2Fk8mAe_yTW2uy{0Z1O+s^jClAblu1bh6O7M1Jv>
zADyZfUU;59{^(;GI8b#+WQ3fFRO{BQB_H@U6UZ_IaU(DIuzSmNRff1Wv9U3d52PtR
zK9UN!9E<q6qYTA8CWgyAUK&DN-`Ln_F6#mc=kVZ;(Nfsq-a`8Df*>I=R>~ju9?Bt`
zuLB4iKIjZm+`L(mTzBkl7Z)EbqY5BwcnN@uBiBr>g3m9Pq0_0BbN+XqvjNvov`si#
z#7=(w1HP0<U~&&)2fhN9K7D&rn>MX!Bj2~^NS=TG`7&}B9~;N<SIg*g8J96eq?>Tw
zQBF}@E_hBrZgaA;Bn`M`D7XClT=r8&$$SsvIm*q=kr@sc)kZnvnL}D+rh+r_v!m4S
zB2Y$%07iB2#$JqSx3QBnOqwu;uDbRnDVufc)@j>+F7Tob_a^EE)JwR}lai9;{%Xqi
z5wLCBHpdQtA3X1PVH6n|NiEY-#4q$fauEi|T5>`RVL1kLQNLh@1?pXla;mmNJwtf0
zWS%cy81e=^(*^-}K0&~$D45!J?k*dcVFyKAU!)Vy8OSQks5|kD0Hu}uToiJ<Q&B@n
z3DII-RLIX2w@WAkgbDHtNH{uPycERl-LS)pJk+tMm*5_Y?-6o2AZ-XQmFqQxgZSYN
z$jdIyW1T<q%=pW`+YZ5KJ%m}rb-`P2y+z-D_dRv#(uM2JLdnBXM;%42TD6jN;F_Sk
zQT7S(Xp6(S4o#5yvxMsvHPfc?V&Q^$bi`oKh9DPTdZjk~{aCqj6&=#AH(&Q~TDfYC
zw*BX!UE4O&CRtcmSnNyqv_{<G>CT#NL;XS;Xl}?rWY9>X;RAsKaey}*F>-g_dFRrk
zpC(c`cV61HPN(_v=hAi8UP~R?wPOO2B2z1}GBfFi@4u%nJ|9KrvVLps*fej^T*5F@
zXYai8-_$fdirTkIqZ3Xzo|03NIT5w=6NmkuyZ%F$UUrH2MdyCSiWPKt|337e|NMvA
zwr#5#drmJ#r_d=v<1FNqi5Q5a>@>?Ae~`GRo_dlJqQa?T#}0Jozwh7<SQGB3l#01o
zN(w~;2hjIFd@pZo(a|3<d^p{6_ucZg8Uz95;)p58I#3-DkPQGG9i*qMyi|xX@_f@x
zx6%0V<LJZ_PoP*Pr_-iQqqpB4DdDC!PZyFB$sLPdF_rM%d*~YOJZEHNP-<cftzElD
zh#Sc1yYIXs(?i?0Y$ik!9khUeAo^>;QabnSGwDgr?|=aV>FTSlrVro$fNr?qdLf-4
zir8`*X#o+MH+LSjYu{cvYv@3s(`QBs5YL-$y-97Fr%>CLDN=Umh#`G*=P#i%&p3ld
zjrxp<bqrm7^;MLUo6XlgnVP30(!-BDEYog5_D?$bL>e>ZM`{uiMcq5LqnmHONk&Gu
zY}rERo_nrLoy*D1qYX^lF1q+aA;6bkb_I>(xUahM3huNVA)~UZR;?29+>Y<D^p<U<
zlbXoqx88aOef`Zh)Vf6rdiAx}r0kJ?{#9li^|g~epY9wh9rw9<WN^QrEPPSlRrf%L
zCq|BsuRrbqd_cQ^$@oJLJs|fTUhZUOZf7DNN8fz&HFq#uGTBdKNulhlOqxG$f!u%F
znE(_pDZq=Mi!Qo|)~#JDFL#bPb_8|l(1!I>>61@Kajdn}s$~nlw{D`2?fLm*qCa86
z1Y|_wcTY=na<TKwIPj+`<*1Ci2@VzIzb{2c<4^MP@@Vts&D1KR6`gtJne_WFlf2x|
zIQ0as7ve?Mu3E~L9=8YXy~}a?dGdHKx5g}LCWeQch6Gg8){SfF_19mg7hZXjjy&>6
z>f5u6lt((>kHDjkK1vBO;dE%99x}rG%rno>RhM2wUyb^hI=5?01-aX4()claPlr<5
zR_WBTS&9%O%=R#((wR=n*QBfzvjh}*GtZwF*b4UIN8hv1$5I5Och1adQupI!CG^IR
zA5RZI^f0~p>Z@Yjnwdvs%uSzu{$;wG>+hFddP$yz?4oKRsULp$A=iaB$W&pBz+!~=
z{rBIe#~*)OrVao4>#st{G5QEnT3%L8OP4O?I{IyXejlQDxZWMb?b-bK^QCRP=l(||
zoR?pInI3%TL7FmkisakWDGu}l<F8&Z_HH*h)6Xvm=E@Z-sdt~=a_x|J96^wwBjl9Z
zI?T4g)amD6cwW+uI_Hi%?vQJe#BJ>O34E_|`Ocm_n{K)B8hYl*N97*w-le^~6wS)c
zVskrMvUIW78~yzuXP$j7oq5^`@?z6%f70>8XwK|e)US6JdicS69J}<CSP^5Fos&hU
zoG_f8eflx6zvq8<(Et8(JKc86^)&F%o^`@)s1$P9=jP?hXCT_PX+z8TIvBUfQ+}nf
z<0i^<*ashelAe6}MJ~f^aho@P5q<RW=k(Rr--{bWh^@;F{$6<L4ad&t8C}Hv?DMZW
z{vZhNj~Rc88Sxu^glBYiNdRr0Icqiz8Z^MK+n66GI&nSs!fRAiQta35>u-Lj<M)LZ
zU#GX;`M^1EkQn&0=ObS3zw+AKG=1iuPTW&}{@tU)z^7B{xVgfBEMKw8(SgigxY)1T
z<4?Wd*bDeLdh7&x^#7ifZ*MwoR;*arsWk9asZV3cjh&D@CRpge$fzVb7~DvLV8I>4
z57Q}Mdg(=4ylfeb`tmy=jpv?w4%Jqb&<V#MPj9~YhK$}|1n+<U`yajj+N+eAUqn}4
zafLMU$qCVP%{5m`r+US@O|){|MjAf+Xm)#0$Q?$=Mt$@lJ^%dk^wpPN(%ir1as$zp
zrq7;74{|4B$&w|KPQXkD#fYqGtSe<S5+qyJb8@HbQ4V)YR*sDDf%Kt6e+3ht%PzZ&
zR;^i0>o#p?68$-MM3%^i-<&_ENqR6X5~IHu9Y$wJ`cn|~QwQi&sC1$8<sk<$RhT_j
zRFu)b{&g!&o;*o9O&6Vip1h&oo?A$dFroYK!}o<~f&jk#`b%`wQA3%ut)p>2{Y*FB
zaHHh&v(G-2&eNt%8>ytKmfn5uT{`vD(}WD=F|nTg=L{Nr<X~BggihNPS6)f4z4p4S
z-$JJx`9tR>j~iWdB(a{!bRtcM5u?-JeEki*_`(ace9cBGuBfHAM~<YEPdZVEB1W_q
zEnGmc(b2SS!zM~kOQRzP52l4|H*d)@CRlT68F%Um3kyX5i6<VX)l5Efi%V!Gcjo^3
zYmU660C|_uW4>mx$q&kj^AA#d`4yMb8*jW$Q>ILod+++|uah-?=tv<g&pr1X;oDUx
zYjhA-Gg*ZWfH0In2?(m#pd*NpQdsM}nvSG7mo>KhFX!5Br(nHWRz*lga2Mbn3=IpV
zAAa~=-b&*I#HW1yl9H08yz!C(B&o2tkluOk1A5{4=cr}+-soEZ0RQw!L_t)G=5*o-
z$I<jZrZItyrL9cjQ&N(tJrmEtOw{o#6?3O~-h%n`(u*(1DC*NsKgG|)V(v7Q@V&fA
zI@FR5&Wj-fssI=b&6B{tF3LupJHB^ukDIdFVbE}MiO=a?7xm*GKaT!}h73_7HHRNL
zjK28d3o!!^+;bOo?b?;LFwud0`|Y>dh3L}{-=%r;<~eS7VRE3reV;=x5*ZX0CHA*6
zSpo4XEUl84MWaWLk^A+BAAX><8@JKcty}5ZYp<0TAgFIHz2s8Kdur2EI_<R6Xyw|C
zQnw(CH{N(d2$jqr;cFlyivOhjVBncR{3bmHctQ;+g&({mLmHN^ST1eG6Hh!refsp_
z4)h@LKX%Mmd07P#iZ%vm+_p)LfdA`X|Kj@e5xVD|d*u0Av}h66O$(`MdMmpB;m7E{
z`|hIw0|rPPiMsFMhaaZ<@4ug)ufdAAGeN~{lf{b{)3@J!%XQn4bl<)AiTj#0Yoy-9
z=qg5(@lp*hOwT{>e5qqW7BM?Q@+XfS7lLzB`hhsBKR4hXWs1)=_3YJ?f@{_68<Y*o
z2mlEMP~S<p@*kdev^iH?asl0X>#ejcC!f}>TTidN@Qhqr;BzL}-Fh7&_wc2cUP|A7
z`I(HEFIcjYI(P0O_QxD^jOgwUTyptU^w^WnQRj9o=-e|;(Y8cC{5XmF9MX?w&0S3Q
zKJbWRw<)tgWaf-NXfwBiz?LoC4mEEf_K!UFH2vQb&(O0kzDm<(&7)Xu<8}wLX8lEJ
zX{loF+N~q4Sg~5n25=ubWU#FHI;3xJ8aHl|b|G4|daX=nhuf*AoFLygG=LlY-E#9a
zT%RnW@e?M|4cA{Gy4PNNsgOMM3wrhJt_U%su&{`>Zp)<hOq3^2{#B;sLmz^fV}DF%
z(z=TP0e<G0SLnfqo}?Bn(q$QtFUE|WD0?KBxDM-o2)AKhiQ6B4%<^(O{q&Q>-r&QJ
zMp2I*-RP<-F4i`C4|q-&FquTW=bd|o5LE-bRNA_2o4Eb^j+^NB-)GRK%}gR)SiXD}
z*Zbeml~-Qu=>72hIMKuR9Nlhr-Fb`lr7&&UOxnWr&E0q3#(f`ke^^*pGz>c+r~X<=
z)loo$h!Hb9_-JI&2!=;s4IvW=KF6pMI;D`8UVKqD6Kax}KtqNdO9Ku&j5ch^l8znh
zF`B8!>3^wd)21@z@QyofX9D&CZQ7bCjmgco+(g(_7NfCOU3H~QGexHcYg{j3@|cm)
zN;cuh;|{pfD02gynwqLe1Op9rWjWp?vm5&bImL8dthGT02V|^gpWbxJ$tQ6~Ws?vh
z<agtS^>qC3A=I{2OZh1ApR;Cg2WN|HyfkR=Fd4nd%F2`}svvWS$8;gs=)hf?C_gi;
z3y@K0tc~QfqXU65d4UN9J~)igi9;lv17lom*M*bDwrw@GZ8vFy#<p!66ST3NHfoZ_
zw%ORWjmdYO@10*Tb7r3#d#`mZI8=b^CaP6R6zXS+NdHTnKV|7xbyqZ?x739HK9oRW
zZgX?9KV}W<S<bc-!QFkj=$KEHNGx%^Cf~=K!1lFSwuwc;Wcs+5OH1iAj9?MV=g7-g
zSKH68J?_iF!JdNo#Tn`tJQ`9FzY=-Z2Uu`M7VbET3U*{(ojU|brE@ma$%~n&fOQdJ
zX?dcQ$BJU?72l0+Fcn~tvyhWR$Euq6uZhWa{hnE)3<7-tX%tVyl}mE8V1>J;;^EOw
z<i68QWC^FNG+0Z@JFB}<4!tfK2CD1%Wv{gya*hneM!9sVG?UYk<uXNJxw{F(U${nG
z@{{wdbfOwLO7%VUV{C7=?tX9M6PfDAsz(rcz0>g7|B<#IAl8{kz@BYVNO?5M#Imch
zM@VrSiAFrU_>2Zkd8$#<^1`^%UyP+OiFUe~SJ>Nk1d@E2RazJs8~fp8XgV9y*xP&n
zyaDkFaIc=j6?i8jDQH5vDhwR+<#<uhqeP2Hhk{5L7Y@s;<#dItU2k9H7=rH8%C*Ml
z4M5p}>(_?tP)!@oX*?Lr-~Yzt20pv{%eX!NTeO{ngz!fiZk!GAfqWcVy$qz(kYe}0
z55rPHcR{#;Nrw8usA2J}6DC+K=r;BXsyx3q<j-yFak;VVh|jF+q;S?ZW__uNWK3d?
zZ~=6&tdLi9a};0JqbvzI+_pZnT+4PoMODSJRfo2Cc@0a75b}5ki$f!3TKIB`vL!EM
zs^6j?Z}sStzLy<Zfc|ZrmX2;rcLH#k{Scy3oyg?I3MAjI<(xu15faMs`pKq@d#bt}
z;S2N1l8y!nB}OCSQM#)Y;T9Iwm*bO3HiyOuPw;C2Um3#Deym_vcaxnQ#Vrv0;m10Y
zfU=?gJggBh40UEK;|q5wM^{ZIcXvf0t7e0R8agLryP(t(&<!Mp?}Aht*2ymec@v0z
zQqjkD6GUfX^Ivuj8B!R8`M;S>=G8Z&XinMJTO6M)W)Yt=00LiSl9eVb*SS<|?nciN
zOB=_ofDUubf9bbKh%Hn3qs{hN$QM{7ln1%OZ9dQ8S=VVfIeqr0Vi{kd$Vr=PjP!Xa
z23Hn=#W{xbLKxi?q%hnotvKMIMPaMr*d-2+Z^7Sj{{Xi#0QEV8f4_M5o?s>j^1Zyc
zJPc@I7Xp(5jgJ7vL}0TVyDaAyMFRlLvpl|dRvL+-4q@r)EW@!B`RNIPFV-gp-Q@C9
z2J2QZDeAmVIjExTU6L&8KCXu>`IGu9uQa)_xU40BCi?=b*WTEfjeOeCQ?t>Z^hhPd
zvB)|OUmS*=$@C^fg~y|qnSr^8@^{_#C`B02{#BIROv=4|t*J|7F1i55QEh&bEFBaH
zni2!d$bg($fI;wY4MY@#qPux)2eUdsC;U^>dIY~-YRz#k)2NCz^fOIHswBHX3>3~Y
zSSQPXky-OU7woBm+<%@iJ)P!N%DK5L?(lt1D$2_Bf8pMBzoR)x=faUH0xa5ml&q%d
zRum#@6fB@X1mXqPeysJBm)f8bW$}iGZEKLdXt3SHHi1p1_XoQ^<EzW~Od~)+4r0Kg
ze#_!5s1KPato8l1qK*ljAWyM<D`=dI=Elaz7x4SO|ITa=W7}v^-wt3#FG;y$*4M%&
zndvgYlMBSbqZt?3+1Oqm<DIouM2B_q$Wh%nDc2@&b2nzhnH6$Is0UqL!OvJq^IN#W
zkP_gspqOwY#+{3KIHPGg;b*gV!qsB2d1g2FMY!&<gKmTGEuw(;UCbfraDjk;*s~<A
z-K3RIz#T-ZJb#fjFhG;cv!*3SC+7!~rl@2mr0;oa-(WL<I6A>pjB>g-x5uE-jP>pF
zBOMFe1zrp9v^-XN8@^HfX>j*_-@RC7tq7`Ydn)^)d)bzYQzYsZ@jg?IEeo6;9&~!&
zA|neAEXL?ql4Y*9uE5lh9&i@ime9TS@Y@c7!9=}T`=|x~zKv}MFtB}z<=-DkT@tCw
zxb_qFFh@-#YK_+|SYl0Va({{&`rmWI87fyb-;U!+8ce49YLtve!8LaZrug(cCntD9
z1sQo@&v%AM9n(dpql(zCT)Hh$2v_L1w8KvZet2W<J9j{EXpq%L&jus57(5L%LOGjk
z|N1-?`&<6da;Uw(H;On{U+IVcRSz5k4ZpO7@m4N<RVB_BL{1*flg%#C4&fVn-Fjmr
zU<bCUP-Htty|1BAJrE%GgE|EFya$V-qP3RS?C;ZyK0++~HL-b%!k{wSL(93!>{g@5
z#vd7g2k_q_<bvpAF2fXeaGon#oE2Ud$3sWJ0lN&9L;&6yx~^Z2a`;a2<B?i9i$4-T
z>ZGWv{-)|U&4sf9@9dxWR`%aJh(&>T(6!Osg%-=Hl4RP~Bt;-o@y^tSsLsn1i-q^z
zqRNqd`r#D%O5g;~@fM{|hL-4GOkc>pl(u-cV3U!sIMC`xkrm_10^%}lR1VVvWbbW+
zKQS|E=x>9lafOBUY*d8~LFt_jqev1a6nKVzFBeK3c75${5A5%*=?wX((GM-CT?4z7
zqbw(1<|szHqcCI<D!5$UockKbE(+{d7c|uk82sBJDCq>#UeOs|ezSN)vOyh5wvHTt
zVSf_P&{Ch&w+<ip0Xm&C()m*xRxe!{QTyUDXRcl`I>>ltk;hNTrNh<?I3d|CWwiKv
zTpS_yHc!N1YRW~@O;Bykh3eUNbE+Hyk*Kd_c>xMQQ<%bjTcOjlX5(%li>hR<LzpRV
z!}n2G;PrQXOC4N=MjNwFk_IXs38bVFMHGCzTfK$#-OH)t@bDM>6b(19=*tz9z{ApR
zanE3s!6J*k_1FWk&t=CWy$FlJ23YiMno6QFY}z?Hi^rUUziMX^XW^F%BVQu9;V|Bf
zSw9K`iyN(&SVj=NOC>zxnfgq~=b|$Z8Tzmh?UySca#z4xVpLp(pM<<DW3}FDr$5hX
zPA2Yd!KszURT4yH*5z8J;&v(gsL+1&`Tb^$)n$CxN;wHbU81<;ji2Q>$mNM#0lz|O
zC|tFKxG%%aB<IR~QJ?PGC=7xqr~MK9$`O+~Q_8*WdD($IK#fHdtz^QHuB9eszuH)&
zc3~F6RXDCD@{io7U^{tgRN<@@*@cinw%GK2rICX&-r9z0lTf}a*P}AdEI$;EBj{e;
zb^-8Gi-X+ag!27Bo_d>r0cOUQ6$l>Y7*jypzZD^-p>f8iXNAb&Tf;i)9^p>*)!rQb
zlt@5g>b4aU%KndV5h`!S=sRu`TK6L{n}>k|F~bd6adbsHn^D`@*=L`JWy>YKv7C4_
z@4BGIV)8O=(>PxYDmMHMNb8{vtii>DKVvodKo2*%x_L)o`I?}JyFhQybSQ3@V_U^a
zjQ$6Xmikv|h;_eR=DQ0)N6wbf123DSoFu9weEGcMq`>~OzqatHbmlx;Lh{dqUO8Um
z&fI*39cWVLWtiBQFF=b+K*N=S(_$*kdZ!tjE)Zkg1v@4B-prHqd&uuKUh9rvM$oad
zQaPS%m`JLcjLi81%F96QF~4&FiKbntcSQ}fFdQYPGnZhF2i(y!(Rt=c(idV*W0UyO
zO-)S0##KICSr(xbWDS&l;Ap7DzYKER)u|`8Liu-pGnumP8^;oYB5$shY`yw|<qpFG
z-OF`4+pDJ_=O82Myc%LjYD^_MJu<OI$tqdz5*tQbqykwH?rUOKtRx9LGci7%>Qi6a
zkc>*gm(J35B(w|#(S2lVWrT8nx~M8MX5OEkXFVTl+rq-ca>&D|jbT5pO0Oz(8P#V8
zOXJ-OWt0#=?j4bWAttJN73w0@;c-oaH^;rGCrQL>m)dSW#XxSC42|h9%rJ@^;JhxT
zn*^)G2^-BiNZ2F%3A2&uk8Sf|m#0-qC2N!YK$*yi$$942`9>lU`GPxIWn#Jm|6pmP
zv=OWFEC`d)^WJd9>>2e(F2gvp9hzbS$n|#fUqz7>Z8S9IlU5Z(UhJ=@HFL!JAQPq6
zfjj-J>43=Tyg)F`ROxl%gM<g#Myz(D4a#G<gjt#=Z|&f78`<CqC-)Ct4uLPF5KXq5
z3u6=U^^-!<JZ5h%r(_MveZhzL^$ix|-G{!|gR1G2$F{><y5rDUT}E~3?9!eaYvJ>q
zlHd7xyWL$>AKg#gxBQ;75Ru)^XQTgP<p6|=kiX0PSAQI5-dgUKWiMyz6GbIhML(#S
z4PPFozSY(~3Fi9@5`wd2VCI4(+67T<d^DuYs7rVhfk-|=hjizSc4<YAeSp=XLa@98
zixp4J_zgN~rJ=&17OGjoUbZT$Or!1Z`O*91hGnm-=z!D^8@qpO=j(%@H&fov+0?-}
z0wy9SBSsd+w9mAr6LT7S%-rznbwk98blFan!dKm)mFx$DcwzWbmq4CWK>~^3Sn804
za>{YYEo(l%>*2^CCwZxIN-}*k5u{z|^-Lt0b1qa1=Le~$1FgEQuIoimV}VMJfChG1
zED1wGG+_d{PfRvruNK@F2R$2lK`<mFG(q@Qe4tAT{>pGank_4&8@X8V%(G;(GXJJk
z14oOof}C8cAC(&VbpnaNhzuXVzbQ#k6$uC0_IjfSn3Jc*k@scAVO}T8MR59V+tLzd
z;(uymoi)uG;(|=VxI+ZfhDdxVb6g*y-9{NKrx&VhCX!l58{N*Fhi0af9O`aOIj{`f
z2B(+f5~2&nYMMjFZrNh?Wj<Z&`7D>*%@xaQPUf&j(=ldZVrC7m#NvC0l2M-usj1=b
z!&pm|VdiKqw?~a}aWe!*pz<eA3ctE7{3`hF(4tfNy~$=HWMl6Ya?YbJ0fVXz*e+o8
zU1kQ{F1!z2C6kqko(zsxn^?IO6^pn!$?D`0c2ZQ~oE-p;zyCG?|9$t`zviy>K!`VT
zh?dma?twK7zqS4GHDY31fp8nm7&3`Y(be1cF0&bv0NO8Mpv{0+`#<c8m}$HQ$bgF{
zG`Xcf@2_8ml5B4|`$ZE~Bys`ThHn}yDj{_bRUVn&6{+y!o5pW4Wn~T1<1<$kV@fh=
zjmkPOqBEDGy#iqG+j>g+^fPC_3=%}Hx4mUB#JSgYph-R`oam}bA^&h|S$fxcuG?rw
zLuHH4(02dOb`*|h;3V@^wa>@l-4iUG_G^agJVHQu;NR1SjZKUE)+-}DwGz)YJW^uu
zQy3p3Q%&JjIX>VCE@(XERo9lnmLBL=cL;ziaeDuejIX-xdsnR5`4(}5gm{#0npl){
z*)D0%clm4acS+l2OXSPrIR$Ig0*Cjna@5oum)Oxt`p*Ihqqd){p%#NNlGGc7nIajV
zm&+?r@@*UnQ`w^T8>0Eiqimd5Fy%02>aa(Tmvd8OxgmSFoUYVX+L>czKKPPO8|s&s
zGr_)7?`~86Xfyt3LK4PF?DMZ6uo8Wmi=eZp^1%z@7_v*c-eewcVs+;Qt<S}><?-uf
zXVJDS8FM`jsn3<T&-DP_5z&R2X;)a-lNAfn1$m^b27TmWUi7JCqKLTX<_9{nF-P(|
zS596RHH&&-$c{^NeexVx_r9*0rc5x!ww|mD2|9kS^~2s!`ug*)J(u#|#+ajETYBw;
zvmaxjW05pb(fk&)Iest8cguK&8eNc~<??d}sT*8Lf-^aLf*mv^`<h=T?v;($!d(dt
zak0P1>%a(q-2A#b$#T@tsK(N5a8Q+mLrZN|=WLnV5m8mLQDD|JAMOwic!QROvtGqv
zS2dJ0e~Q}8sc01zXe_`pB$2m1X6`>9ub(Um=xCkpLt9g%%XJZWzgp)lj8q-JJ6c}F
zLES>QjiO2{Ty^Nog?%`!@bL5ibU(n2u}GFt*u$!(t{6tc0kYkWtEf`@!)rVI&`KZF
z3jMOxrw%klO7OA+f9@Wj)>}?F{4u!yp|y#-4zwXuON&iV*w$7XM$ija|LPMBO{vSG
z9CWH@V)05T6Fh{iqC3~{=ZNg83S6#nHWKB#sqh7awGZ=LH{biMcY=Ky9^jyzHuv;s
z%S+ZQI%K2=PF9amaDG#*H#^5-JpfnF|9W7~$N2NYvVt)cEmx28bF4G+bYx@qVw}#L
zN7Ds4O8lh!H=zPPoenWkK5wYRONQ`_YuE@p)>o`ZADQB!sxL`@?R8mMzv6z@mP-`9
z37S^~-&JWp(<yczv76eyk_ZIRvOy9B+&LXfnY3bf+;iIc7MoU6m?fV}CCXz9ER&ac
zxyCm2dBxh^DMw-pOmkCZ4CW;zih{MzSX=fmk84B4$cf|PDD==7+t(uqKJmhD8~`j;
zlynT1jiW3TwuE$_fr%Eap{0H#iLfbLcyZIh2rm%alH`>Ksc=9s+yka)8G^+bS2P<1
zZ4T`^?9thCXhtRN{&0@xURAq<zax&x&d{oRKh^#qiHxhh(o5j$JMYVR)211m{IPcH
z4Gow-=i&`Gjfr??pktEfNcw#f_sHJkA}5U#lM|4T)NIuT$+Y0zVR$@oLA!xG>jQAD
zK^!&T7U7&Tg?dRB;h(#?Y{HCZ!>#?E9!Ncg`pe;Ng09HfitLhT_ei|E-9yq}#V;UH
zWvh`^+s5#&Gi&2WgIvo;tWZAA;hkrUxjf#?1i<M<^j&iPB7KF%wdS5d`M6WjLYOzR
zW8-2y$Z&2uy?v6+)%~;aUo7XzWVr={^E94!sm8qm_FKN*LzN!=@_|=mo*$Gw$dJlD
zVMq-X=silm{&nj5PUUbCsegaV<X%_ls{WCm+l?gK{<|lt=5r*xj6c@zyT<u1FcLqk
zs71i+$6;i}MDFn9vbgO^;mc9;ZP~abB^KH3+%D8P{tG&($;pK$vI{-2{M?@=_Iu1t
zI`!l4%4@$8SAsR%Thd#yTOM2zPSQ@j?MjC%J|hH^8+_)j*s+Z;$10x^*Q*mDv5#y=
z|AApUzGUnZ)hePkA+T+uFOJw_;%K~+YFJVwc)e8A7!T)q!1@!VnMLHo&fe6SjmonJ
zzp#+`rq|)V^55NZ!+nFx1nu!=MhDvG&kwZe($*Tgp~ZHQ=SgE2@#R2!%IF-0P>su}
zQvK@#U*;fAkZ5-{74nk!S}R-Vc#u<O1feVl%N12lU^>&)Z6}ZDd%Cg^EUhr@#9$W%
zLllySoamY|F(2HFbP;M!?KImAoQ{+w6iSzT=nSth(Gg1;uM%Alq`zCC5*S3AqO#Q2
zMX-%kI1a%dMtTSNECdlrmBaO5dxIvJo#jTUM6AqjQiKUXLfG9O?`3odj%t^$cZ1<4
zE=DMxE>;%Ms*WpY7n3OQ(*rNJrP8@!<h5%Wk)-CdkPf5W#TmjIXs7$_5Vv9ixO#5s
z%y_{a&sRLb6kH@Eq>t&uNblUMHDfBKc_^AS<I3^_OJ+7r8J1s91XUrVQL4-*j6$n?
zT114#e-Yu)dHOz$^rZ$gGu@2#k}d&0H&p%GWF*kx&qSBX04c5aqv9CUtobe|?~NAJ
zpth&|P`hFChV*$DHijaI>M`}Ig+E9q$nYt$#gNaDp6GT<8ByXpMu}JRH^_cNf-$uk
zf;{e_@3ZEL`&er3J>DRAj09A<vXS{Jde^UI6e9DcO7#5TD5JvKZe2tKqvWyvR2-ei
zT}$EAmIf{OtPTnk@`FF#*($$uR#}K}|A_FWQ~o&%xlOE9TK@0$YB;Z%s%CGEO2ca_
zeyzTpN=hbGq5jqm8!_B1Ey?CRYNnu^;JUX~ukw#&BWR-tZT&R;bj}qj4|FnD53GOP
zV1KigP*Ee!agvrxw6*)o@7611HqYTbuRt#@&+jE#q~7Xm>t}OBucRiF^%mF8+P8uk
zE(>i%I>WZm^iSjhR^v0#kV=x4&|;C|+^v<)KPTakdZD%!*To3`d=flrk;k3fc7Ts`
zY}USo?%oKqyi+3F-VBRJg`7=vb?aob`IPe}CI){!Nbo#pMcW%32>({35zf1f`In_y
zKrE>xHse0bE%-NuADN5I&F*ATwksT><0{HXDhdl9aWTpvdbhsAAgb){RB9+lJR$|}
zA+o(lB6Y^~FP8JW_##NMd&U@24cypc+)DLp6y<}S&O5pr^u)J$6*{AW5L<6GOG6^f
ze9*cL@4q(^m!A1Y0w|=j?WtnfNq7EFrJs{%fpXGn3_nagrH;E8sXl!h4|+>Y{h>iK
zY^@fh#9fu#s+go96lg`a$KUTd+Oy>i<&5bP)0(;-7Pd1yMV2d$MK>AWRtHmn8O4%t
zf{l)+f|uY`s{CGPH;)0nhU+q!o$9)Qnw_{;B0p5$G4q}0{-Ro*q`!ysQklE!1B(Dr
zu@8aH(|=^Yl+KXX==0EGxyNbwBy$hUj40cN74@mCwcML4e9`md6CoDV%snYCdpVOF
zKy&2JgC6u+Nj*wx?7=)iHSse8a#k?I6{#IQ2+{kLHp*=ZHD_O@9Ga_}JFOnYRjzj+
z)U#gx0eK`JQ14=AEq|QP6;}TG6Pe?DRWB>nJ;~LSXI^!i))gF5=3Q6%&Uq^>^4fdr
zUH{@VKV3vD3>qcD_<F|CX}9l#@R~G~S87|`e|Oy4{ioTQ^I*8uGj<T=1Brz&lHNia
zO{p)j$nD}8E#5moTqJx~*}<NH`#+taJ_XA6fLtGqPld+A)LW}Z6hcj}19*m?PigB&
z_yzcC;i5S%I>o%e&;b-P*?e}nSVVYZ8Jfk?0&0HH=sfTkK@7I&N|!K@C`i>MvxR!z
z-yMdr-bRNRKMH1sbeDDtO%!4hzgh1Y6;M^R&#hiTuEpWkvW(6n4XzWPA|<lB9jW;M
z(=+P#BWnAV_K}ey$K~B9jv;IVNwtDdAxK)1+DP?D<+b0RKF~E1X!W}7VMCzUGFGT8
z8t{w@F=5d?ZN9XFzBb3d*kO~f*XH#zP%pT5AfLpNf!x{>R8|Na^jQNp#I?1F+l_Wg
zz-!$)%s2=8YV@LW1N`3^8vcMJY{%$RNA$m>;8)PaDk_GBMTCW4yT+%fC|t!MA<P}<
z3ayeG5PybFEEGy8k9G48V`#*T@NR+jeA_zm@woQtTgO<0syUlBfW!=59Akvm(4Vl^
z;r0;LVtqtsh37btJsXX!7@lGG`~5ACIFt^HPC@>kY0U4xHc3jn>t0an-iJAVBJP3i
zPfEO|7&1zKl--dKd=IxZuJ67@R0X;_3tMTX=2rt1bLnSn%`xbP_OR7Fcohwr?bV%|
z8w~TY0OcjQqPSGboHdsGTIDZJ&~+$Va-aCnyuL<FfQ$WznPWS`w<Qy=1WWLa=89r-
zW^F0p;S=(E3niYBabJ3lx^}!(FWulvxD~N-l37KIacYEAy>-C6pH}mZW{M*13LiWZ
z5_I3{xAWfFl_V32;*8`?%Lu3U!te=s&gi{4iLr>3tG;s;6(tf=Z+=gSNE(5K2cct%
z@ESv2CD!_lFo}$V*XnKPl$MA-_&j4p@p;kl;05q+52wnG*!)-qc45hxmz-epP`Y_H
zYLV<xn&ki{O)72Ndu{@O2Q{}n=3y~O_jhxhvEgm<b>0m(s&}>*xKUOXyd4<1H7}y7
zf>y=Rc#W<5$UreJH4$A^e(xKrvmdY@6v8((XA|zrf6S3cxV`e*_hktoi<rEJzI%X~
z7+DHw6w~CuaAe%QBY6-fa<RB1;dn|qFEOl2FVJUkS7wN8-;1cCsAm1oQJQ9ln`9Mq
zOd}_Mw^LrnvduiF+=P+6QLq4fS#fu0QqQo~kqt|)`vJ?GV>T^)kEFlrp3U1UOna~O
zAK1-hSn(vMfs3-d`H3XmK>xgJ&ri46szBs+>sL)z;i7?$N*=e1moUd$(AM*gWv#p)
zay&jqRI4W-)6b-v`86dxY1Wt-@V;-^`W7>mu@*M_gs}Uc9l_$ysFbF`*)yVrj?qs9
z(I$!ZC;p$>=nSG&zp2`qi9X6h`$?=p9|GukH@|)9NIYi$USa5nsquOC{@!+D<FBef
zE#=+Bm!A@O6%u~CqT=$NHDf&dYdUbV&*icwr`zK41Ed+pr68~*sMP{5z9^oqBaxb-
zMY*{=h;0P&vvUc3t;x?<b5lOSfGxeJ#EJO)3!A-I&#4<@yYDkluj(rM(%$pb>`A)C
z+$GKB@VXr~G(UEUW^M}At6qO-Kb0H6R{q85Un!m=!J{PN@Ir42w%t!Lytt{WtzGI8
z>*C-lz_H(K&jla^D&gVbsTyh$Wx2i??Vq!Ft%<*yo2$>i>^Gd$CpOeX>^5Ua=J2@9
z=}tB2O<)_wWs(MHlVu9H#~eMWM6Y8g;YUGH)m&g`??zbvg<tG9pWVr|I8`ai@IdYc
z_jzt&zNRFQUF`pD(}-HPc6uF}H{9ehQsCV2f2jDt@;y6qxPhwE2!BM;L^=p*3r-$P
zfk7$tT}jln)K%<ye-H$w<C5R&Z;sw#S<4zq5oV7He{k7CqZH5l3sILllZvfKhZr9D
zr=`!lSr|$Hu8j_I_UtR}fjG2^n<)r3N)VC32qb=_(sw$>x!ZWXjBW$Tfrsc!(5DWV
zv-WS{mYi>kraF^VrHT2^@Cn~{RW-j=4ATa^Q7J!3!4WzYBak@^sdTXwNxCiuUM7#i
zK##lex@q<BBQ72N2q>r2p|?C&&Hvi|W@C9oVIM_gY<%*0Ho_4hMwmeYwchR1^OT+}
zI@mJrO*E6s8dFO`<Ew6ap_)%;AR{)|)L-^456>+ibtZ+3;_(O0-N2#YG?8N`#i3Kz
zYi`^A99)o2J=3DPXDT@?Ceh764kH#X7+7N;y<ClEnGG761i+7wKzmCv@cllG^WVWd
z=hP40B3u+GxlO7>;qz3(hrh}z=9@-_SgT#3e7w*R)Hjkt?j=6n=^!Ap<AT^GGg)k^
z>nT}C)Rxz-6g8)HnB{oMoG8%>i`Eq2FUnAD`lOtS{Wa>ap>-!0>k)5--4-C&T-uM!
zexLs%EV}EJt5Z{181mO)S)wn2kg-kk=S~W(*EbsJN>VW)HYP!uPgQXEzJ}^oLQh{*
zzb#B_8T!jY!J!s2RX2xRbiO)7!?|0xJ)9ri08Qxy0(-tEi2sIz`!M9C-J@5mk%$ub
z_(2%P_XMBEi+kwusQEGD1@&p)KM#^$9l<wfII;ayHab8*@u{AX>^)k-QYqUE%<0Kl
zVAO53W3JM#5B_Vn!Dx<18l&n2Q*=hK1c8ue)pjz<)Qt5vWG?LG@6YPi69wH)KZeDE
z?A$G<%(qjnlZD3EC-)OsB&66bm<iuR(3GhC)Y|0K11{spQ~{t<o{3Asn^DcO(0Kc|
zsNwc{k(wSslJUL^C~tmCR*MzGq7d#i6o7}ZOLxE`{-`Jf9GY&hsQBgjZ>Hl-hBL;I
zBnL|C((P26@57gxCe6ll&S9}ALYJMV9_&<|X?cMw6cM5-={v<3KIFl$r@ZCI{g(kx
z49a;T>({rd^La;u-!GT;8TuVNz?lB;?}?bD86n6fgqQ@o#gMG<$nvtfU$QKtgkig`
zD%grV!QO|l2?HC_Brb?M5W`uP5g_6`8Ki!!FqAx~ZVaj8QKp(=x;(EK5wAn#Ybfzm
zCKS$(5&AsbY@$M=we_H^F0XfSLSN``41VxX3_Ym-+0|n9eo<d_)9<=sH^J-5ULeZb
zHNFCCseOo-<Y4VB<7yi%iwc2XDxDa%(;aBVzPe}aC$7imMuBfX4H<9kqxw>dr$t9A
zmQL&>PN`cA6Kx$Gi}uI51Pi-utFHOaZO3eO&jeLtydT2k$Ux0Zw<ddlC12Dw<d{Zh
zQkkTzFIIq;g^v=sDfij6FK>Ngu<|R@ahS#w$lV8Is>&C=gPD?j>rathmDskPw+jAA
z*m=qJEv!iNF=xck^>B7OG?MS|(9k13txdFN|Iu<2eOVs}_3Gk)tCaJ{g#JTky_yzM
z26;S$;Vyb||Mo`dbJ1dHy%tt6-==CfI(~pEu0|iv_W&L9)A1xCcB=R7lMY_=eH{Mt
zUSwwFavYV%t#q|`p;S73uw-z*i4Q|*j*PTP(;eH&FbTR}GNY13P&tN-r$1DA5yv80
zQBnUYTody@FL7N(ejOOVg`)x_+nHI6g9;?gV{9?7l;?lULYh#f<!)rpVYB270BG7$
zrd?^m#bPC0_5tP261$bpWvDmZysSaru%zqEJ?}ZNi6#ryD@sv_n$)~BDcz5jG={Cs
zq=-@YZ>$vTGZ`<^F;POIXTIo3FKz2$<KT?K$~o875j!#ez{YbX9AltmF(}3OcH0=2
zfM{x>PrpcP4R{8he9^PgB`DUXe)J@Ttes;M5Xvzl(oK)hk;-Thi>6-q-;3xjG$3#b
zmV$G9*KJiUJ1>pv`kFEw+Xrsrw*o&FId7VoAjD6Xs!Pxfk-_O#ko~dT6<`QnNe|zL
zGkM-kkFxaLo!z~xH&}dg?tVg6>BTC;GW{r)jvZZoT5kEmYW=p^!hw_5nmj<no<QtZ
zobCyeBj{c_rz$cT3t{?g+n(3(uz0)UaRUbvk=&7vI4~qV>0*B@%{P8a_soBuqRcl$
zTr!~)Sm*Tel90o*km8dBl#0TaQI5Jv`ySAt47(r_22n5WA$=_K-2cYKeS#+wd-~|S
zMa6g;lI@U9@Qa-kKE-D5%X^+~VwY6PhLyql)CCW9A+y<S81Tr=#u(ae{8A+U7>0n=
zf1Zpql{6s`K|Eu)K@6!X@&GFGoKMPaGOxFoC=9#~MHH<aqVy;3db&Z9#dAgxc~j$$
ztPbvC+rBJ4tu6*+Gm$=S=j7YsQ^gY`xc$XwVuWf7;59<Q2vot$>W&-C%vY`T#DZO_
zn{`18H6NEaxoT4Ncjs}mgq)gpS5;A!P`JB-U#xA@b(}tfsKaZW>j*>vz&ZW)2VS1*
z+1d-N*Q?DM1t25L^;mA=y9|jvj!Q}Wq0-0-C~A@Dgn11EfBd~4T;s1N$uUhJ+{2lq
z5EkTjh{a<D-7;sjKsv0)8TcQ2&s0oxt#)=c`){+pz1%>o8<whgtX=u#j~jcGnOd4p
zU!B656iOMOe$$$}F;}#{?hWU1+S-;Fy~>$kv<n#uL*9&s<%f!fK7Kwfi@v*(L}Q;p
zE*rgZX$7>h49xtwvzgo_*K0`#mNzXf&m65!g-FNCWqE~rPgXWFh5T6kN-M4AocHH*
zS%`m{V)Cr#0v6}g`M)WrBiG&Li%{-Q8AMWaHDcq3bwJrv=)dCLjnL(dzOal#+hmUK
zrQFtA+!N|pe9C>k@V%U={QB#7f>(AH(Bd+11^_NQiKb1Dw)Qyx?Pt6vUCl4>X_4Lq
zv0iItXk88xjE4uBOBIFfK>{WVNHT)gE%=2O!mVm^cNT6v1BdKdgM*qSn%@kh5D=XI
zC;~rggLM<xF%w^TO86By<w#E8ajpJ%N{7>W3Dn~@J3==bu6GeQks~=oBCOfzsrS`D
zp)AJ>c~S9}FITt1x9j<Vs4T%<Rh@TkncPaU0LkpoOz>e{psA?pds9pY(Z#VN`gj-+
z6fL;ZP`iX>^mlWw#I}6I7*Acyin^qP`pZ-&Nx5v|&+%d(^?#X{6}u0j73)Fb0JFBn
z|C~5Ixi#nYlP}Z-N)q9p<=JY8{<{e+L$|1VU?VHlKiR3Ybu47S3QVnN!N+)zjS&a@
zzju*})y*<HEy=G+7uFpXT>qlF)YZ}V_-}FNf~e-X%mk}EH;rnNHF(8927dd>hm@iH
z!JiGh_rFSTK}Zs!L~}v(K(%lML?RPV1_Tg_uGEFLWsSF9kEbLes>9|-76fh;j#U?y
z<@)LFMb=@Nx027^F5_)RFXNHt$db7h_QMHpK7m-C!in6_Vc+n{4f-3qj0D8IrfCyi
z#b>!*hUD*_iqN9oU&-PNO%wQkmVyN&Nw3OCeYHz}WpH#nmu8V9M<@I%dz*fL%!RYQ
znVO?M1BANj1`FS2gfEtM_X@x_Su;1x)ywskbF(Fi1D81;9a9KcKIHk9Io`N{be`zX
zUt4hD{!M{Pih*1EHOaW|MPUDRq%}!I^Cz_R57D~3E-RRhyIDows^0a*qm@R%_eLXr
zeYXn&3Dlc(WXi?W3~B@aXKAk6nt=xXdQd>7Ks?y>bz;Zk4S_D2Wbgb@q~LMGTjPvE
zRrH$PU-W>^=X5>M3IVIKEYB<KTlFe!Ypn*2g3AO3&rZN$)gsNt%TCyPn6qiNlSA7s
z3!Mm6;!THtf0E>KzxT;PsDY2W83{??PQ-uPABiV8vAXLT*Cr>IdT(qgaH!aBtW;Tr
z-`uRB^x9N5mMDk{eov6f(9;cla@Db&)`8r5IK{coJyY0`0hr#E?c4sHM&Vu8t@&Wi
z;+bu+%%$FkdmXE3|2cTv>`C3Zefb&9FaTV!)b%nbC}E|J%jdXJ2%~Jw0pB4@+OE|b
z`mR{hxsO9uT(CG12QMKuTFZ~#`LR~BNx?CJTy%~8%tDwlmyg~Ujao0DAg}T>X||YF
zncmeGcirjz-mTAlQQbmCgxNIYwI3^ShKDwv{EG(v`g)st5%cPwqXQzx{F=_U<S!Z;
zRsen~b*7riej``;9Zgu1m8u8ZNLnFh-nt&j@(AOqneWBHe%T(+mk<P+Gwy?%0|Z1z
zKp&>ibJIVK$B`Lbf|v-8&WxLfB^QvEbI{II9fcsVfHL@isEwk5SX@_<I}WTXqH?X8
z4KCY-JYv$)?aB-W;%M43S_2wd*3lk5AC4_PXZ)D#oqGMXp7Dtitxdn2*1IF6s+HoI
z;U>ePd5aOHO4s8m-i`c?4xgD>nplRK+EifS<Ehf?%pQDyq9O@+63gWC=J0?2r*+5E
zq$uqBkRL7jp>)|PoLo6JMh}vA(9`?8@A@>B##&TGG_Tp1<k+F?*nSgIY<<^cI16z7
zPv^%nbTUi;($1RTWgz1NQrhpm)AUMxA+ap4y(G#0wW{x)EwYc?-~>MA&kxXw3!e+#
zK-JiwuAkL@SN11s%#u;ogERit=TCK9+mSjABD)ra`S9mO#%xsaOR57~09R|KG@@_5
z=u6-^MRu*8v4eI;NUP^1%i;3!^6cX;Ruv_20DZyTlvi|AzCC37-Lb)H&Y%=|cYq3l
z@-?sR;y34LOhtbv9NIzWxd}xBtH^7y$8~<En^Bpmk}?=<I~9~Yu+e8gSBC!=&SD}{
z9t!n*zr6!mOh)`ci~|zXw0hb8ecT~vD_E|z&UgaRG7K|hX3Bgm|D`wW>Luae0#Qsr
zTnw^!)zGigDaEnhR_+E2eJ~ZO`6)-hy|BETzRL{t_9>p!>8_4$cJv1m$@=Z2py3;l
z+wtsIIp*n3f8W;Q(yTqITkXq}fF6jC0|DXNv$+O``-HKo;^MHEhjS(p>Ch~Pciwlt
z7b1U|S#daY!^@2hv~u?>WsR(vUUS><akuj&1sSHgzZbxg56B%$QwNLhk0_wb{qaXX
z@tKH`)phO6-e!dP$gp2LO|7Sb(&-NvQUVIUJANeErEkSr8hU*_!+1=RjGSq8w>^pH
zq~%F)adkcVNmRYidHTr~ebeVvlF;i3<F02YZ%nwc%jx9Ul7H`<R#>3fW*^aKufUgv
z3}l(>qr?;KY`VVk@9rO79>2h%p(}q%taL-hi1{}QS`v4+_j=Z#mp8}Nzwr*wi#hY*
z2+TnYHAAF<g}^aOaIDW%wK6^xNQf%noD^7$Mw42}r%NfCJ0;M8B@9?cmj80v%6?9o
z7oKr{Xh&;lt@N{YVRcSy>``DjE<T}FqlQrWYg?a5{Jk?(LgB&0ceSi<6V?oyT`eu%
z*aP?d%ZIr`#m7#7ngEHVUF}3OPRK-<4xXa*)6)PZ1iKZzATBy@-3;41OdXdlX-e8(
ze0F=DbcqZ-QyT~00Mg60OBS2W0+f{bL-@AHu?7?HFM8HAhQIW&F3%UP@opZq2gm;z
zHM9)8r57%D&5f+0o*RC$kUg8Hhs_7q(7e?-Whn5wWH0T(AIdq(S>dlc4|P5BZ-^<T
zF_&59`Ks{f>9(6ix4&Pml^_iaNlm9RXjmWo*7+0q$B$Mf1VU$l=*!3#Y=<ZI*Ua@R
zVOza4Kw>!S&ik(Tg~RDe9f&j)VrMn1%f4v+-mwNfekYJG`HJfHOmjF>C~XsyBRc&4
zI2q|T0e9ZyvwIme*K49$OZzKM;ikTVjWy+GoWCZ#w#)~Y?(3Z0i^ZKABJo`y_K$^l
zkynrGhi$S8?lOEKG5`C^wu=(r-x{wIO*}OU6w98DoFof;E3kh=QxUpX0=$7W)DFmY
z1&K{m$RZ|e6WJrgrri+syC~>Gw$+^x0uA;Q#wPV;j-6zOaerDZwfg(}<@oTGCx(Ze
z&L}Pb@z%veD*6TIR9B%sFmZce<oAD_&?=|mb%8yw|Am2$4-)2Vg%7bF&Vw8_?+UP4
z0kN_n9-~feTG7F?M%A@=i-DXS<W4&WakMtc_lT~8%U=@^Kjt7!eD0>jIeMdQ!)Cr9
z!GL1hF8!kd-oJLV^KJKQgt-x9yp17Kq>`6<t)dB{ue{WHT}uEQi60`i_`q3qQS@NC
z>*6U9RBZXKbPB^(c(>nVYJPWl*?kV|a;5L!UvUjk_>Ino`!87zIKI3WEtkfuB&kfp
z=1jD$1#8=z1aHr9*6ZJ`<VZcBp8_xYrp)N{CD;6Cu1-tgv4%0=b%409ux6#qyLw6m
z<lm0a*{-x^5-J%-J&3Ou4L1K`epcxX?fK&D@8Qg4x)YVK^skHqiAynYF}OEBGBRk2
zSvfdHpK&Y0Mny?6D|db&?VofjqBuBs+W%~@b&0wElYIc1CakPxF2YbM#lqUL{s-i%
z>FP2XTvZ)z8F9N4?2)xS;Ns#ApQQj7f<*B9rQp8T%W>K1WkCqUCq{NgoEO#6F=mI_
zPK8WjwZ9iA@EFx$Q^iR8ev5$@g@EDj+k)+n)YRF2hAzd9Hg2Z8)ttuvxSBD-o&Jmz
z@chymH8KMj(RP3PE%XG>^3=%0gq(%nAxRYGuhSpCZ#Ec^^YHxaeDR1o19f#>dG=cy
z*R>5#eEuQ8TO4=Ve<F3_vqaHgruP?p?g(Q_!&xq79*U^R+*Q9=B=iUgox}43pXhyy
zUradIx_ponO4Oo*{;hd2A%R3x$IVZkthd`vGVBm(lTFNJqQTIxX(-QU17Ve<R4`ud
zarM&w?1(}cTzZk~{6es@M`m$Sjp3OKLN&e25@{mqKh5&oo6;IGxiqaw(oh;0SpCMi
zgAk&#+3+2tbo82aV>6sxvx!@^ij=WVz^3~=G~Qysi?##lyg?@RqK-;Ff^Tm>Zna!U
zBm6M@{t|ao=3G<(FuFMeTH3U`0)%O3X!wndNaiLXT*9n-F09*Gg+H)KJa?>L&bnb1
zTr%BrAmC}Hi{&xj+0UB<Y}M;%v0timD-I!wite}jQ&dV;9a=UB?AHlSV&@?C2<C#y
zRKOKI#uv70=em9I7*mwAaAK<-=iyR|ye9BQ{TNg!5#xkL#aPsMKuB5G%NyBBAVkO2
zT1vvZp{vCu*XKZ>KnX({?hYF4?k!k%I$zcDZa!fs$SLK+k$MFsh+06~PmLFkD#ZPf
z9xW&F;DD}EzmrcQJ!_6%cSuRmI0D?qm^X<@EycxV&b&-a7$P!FY=v-?-^L#ahppY*
z;?De#IGBl0>)H-dSjc5?ei03R3kyu8|6+CaPc<km=v%7REM1<T3`Nh3rolJG<>luF
z^HUG`?>hX|aId?Qlya0jxC)B4v{O<5h{3$l#lWCikJk+!Bh7bjF}VLQxL7``Bfn!<
z{Kl>nrXJ;^NX7rTB#nR4kM^pu!TXelpo+PseDAKIBvAycJ&Nu?p=46u0v1~?nhWD=
zsulTUv+$eX19tdu?&|$pKTKhQ`sIt$N=4bsX-)b4Ot-INSG6)}K9%?Le%f3%|3~(e
zmX7wBDm5I=%mec&!yhw}dmCNJB3af#8Xa$Jo;Mnb((*{kqN{iF`yUaZ1nCd2y@0b3
z87)>gRHu3l-#l@+;<7=%U7sz8z-+d;jhC%gQ!6fafp`DkB5Uc0Nf-|G+!BE=uV2|6
zVfxbp%(xuetm)2>fELJXQ+<07_G~5MxUN*l(C=8<=VD;7;q+n~B#D}Yfrmvq4qL7?
z9wB#OJ(!Lg*Z2$1(COzc8q)guoFAHIw)aEJB(^?0{K!aIHp`s7=*J73KtMnG5Q-Gc
z!{WMAtkOsL`T_HOpum1JmP#S#q|jnUsqYV4N$S9IRu%Le2NKS`cF#xDyXhj;VWiN(
zpn&%mL2Kb+Ez6gK$ZMA_qsmM6AyQR>WBCL@9&Q&XYV5fl!3KweBYe!~zNI|iEKyUv
z`}l^$g6nUmt(g}H>Y>XG=&2iOosUpCb&uQx37sMP`+B&%nfNn|T0CwYU*X?qt7%Kg
zq7o=*1ia?>c%DmCWt>q<Nsr0tnxxQTV+8y5EA@Td!!ADhk!DzcCi)hY$+Q2;!5qJG
zE6hs57~OjY`&$m<cU^{>E6W_v*->YzX5H|9)K?zovYlhQZiZo#HRKb}?E#qrHZB|u
z9WwttYoD9z!zX^P-~{0VFIr!FKEv(bwxzsU8k>Nh>OWKgz$C+XoXioNyPXnMRTa7}
z_WNlESlec;`-dYH>gm>12=%W1%z398njREUy+y8v)rC4;ZumEg*vlVgyR!Jdo<Dv8
zqY1yE+pjezWxDF@np6G!ZUjx(hKeTShfd;qhwk&nJ{|_2--k*hHbm@>E&Q<b!Os7+
zi1jAf2yPF%sEB;O)Idc=VS#0Xh^F9N5bX7F+V%PKXAfi{L3=Ca3Ee+QrFM$N(#DZ9
z3#5sd15KrsD@M;8gM%gY<%Wj`H=nMIU=~_D&*viyyx;8wO`g$YyMeKwtvGbR(={Do
zX9~AAE=nlD{k=Y~t+Np&i-1z;Poufgw?ciQ{a&K{Py%OmJ&#@5nd>1`fS)T&MA5M1
ziT(%LL32!WiBInHzhP4k57b7h<u9F=-*gRB>Xd@&>;KSmH!}SA@l%Z=MLUihfK-(J
z{!KYLGFiHmj?c)-S~MI59}|<1%+S8X24`%y))1YXoU->?4ii3*nwBO@Kych(J?DXl
zfKm_^20c2(YUFb8(vCo<79Z>*nfyBr3@J+zhEI$(%E3n;H=>7wwZOQn-u$~gb!XR<
zPdR)(72#vS{#jz9)&h$fWzIHSZ;Vg{c9xEcK#qiLV2w=<Q3=ciG6d<tk4OE|Nugi)
zsip9p$FVduwG^9qKZ7BQz_`KV6(IUD+JLgs6tA6~fo^8cB2{FKWJ|kUuK_guX=SBC
z%r+Z!LcW@gB`yJOrT-;9K8e5Qo~=g;1yZbkm`)%w2*t-GR$-rpkeY)sSw$2~Z!>aV
z8$PfhVS170lQOscGy4Lin08=>tp0%1?Ns@rA}ZD;Y0gAZ#S=#2426GP+QhN$W2;p2
z>48m-!3%349r6Ct<*ck<8FoK{ExU0rAh&}GK~&$X)J@@=dUxFErl*3|h@7}Hz(L!Q
z25H~MJpDT=c)ES_%3mTuI(vqnLV*~j?G0}N2p|-tAc#r)8(d6G%1>V+x$BZqJs@;=
zY#rS91bhlg*p9gHNxIEFzS}<4B`2x+DZuSVHuUOE>_;o7No2HVx%6m?!VA<qRa<L&
zHOE!vzs=u=l8$EGH@AmMs%;EwW!ODn_Z}7)C!KYL*fMnfMCry!(-X7Ib`2(>X{@cS
z<?EhFe=URaobqOcqADdX&GUcGp(zDUByi|L{itDsAa<Upa7qXK5siMiGqyh?dk94_
z;yvOf-&*a4sBwmLMQVcCQ2M++LkqsavdeP_4u2Y#md37g`7K=0+fq|bHl<$ntJ+Hw
zom7r{A;o0H!QLLH&G`i6<}pAPWn})fq?m>c-dp|oAdmz%vNu2qJtC|!s#Sq?tss&k
zIaG@y4kDS9ESP2I>!O%){UDc>S8uA>Ss`+7bQ;98EdP!Mj~Z?-BP(330dDIsooyY_
z_h?aQ?BRV?iE(EGQMNBJJQMIg?X^v8jDb%btMSOO0W<)(8R{SGT$u0e?JZ>C5;ma>
z&9M_tF#0xUi-K_vqUE=tBplvD2vZ<7n)3KPUU1EiWPudB6?e`a0~a`*rX8Lt@dPcf
zgEnoA390F&Amp^_gAmYfmcOIkkG+Sw_ZwE;oVz)A{_BVpr7b%HG`m!1l2%wGhCEI}
z7)%JF31a<UPBr!08mhrBJ?3V$qGq`;dt_l6)xqgWu+n?t*(l;)iP#u!VldQG35My{
z>iCmq|FwZ#w8<;3B5gy`pdf>L3U}q5^#O{W><Smvfh#BQX91sA#Gl!^fLmFc-l~*R
zN^$(jITk6Qkpn-(`fN|{1L0}win9(=+J1ozF`<ws=Ff}948=d3x2WizQI3CK38bkz
z2%Xe5jN^ZWn8`~Wj$A`2+M9J}g<W{L3)!fDbD;lfe;l1$ps4Jt(RCoT4Bw#MQfZiY
z1~DADa2>M%JjveP9mfcoGT?haqa2azYID)1ul`H(JJtZ<^Im?LMwC&-VyAF2D12|t
zKwpi9AIJX{_~fYpc~qyB_%v9x9Y(P?hqk0E!?ZsI0d8!LlM(V^tMmHY5c8OqW+}@R
zH&f?wj88=_Ylwu)pI(F;p^|~=iK(-gqXDRzfcf1ZL}a#!@oyZaZ*TCW{myhMBt(qj
zlt2+fb0s-%fdnR8h&`n#aZ*cWufQ6pSC&GI%)!t`lll*YP7gRRO$Pd+x%qM8u^=`W
z%e{GRIl}F{k1g8X2XrlT%(zok9mXg_enL+0R*%+v4_<=d8@|}oQ7oCM+KxJotp8T(
zaZ#NoT=W%9$w}VV2E+e-BN=Exm;bN2o+}VxH^IAE`HZ}>&0hI^Tmsp)A+Gtu(`^_<
zP&JZ`LRDatA^7?i<u<<hRc^>>wAQnh<;79B<_UaQe@p)8Cs-PXz)#n(A1`a&it64T
zWg~c)9fFjyerj~cB6xzHPoyL%EI1<hZo-HED};Ec{}lr99)!3v7Ki%<k~H6XF`R<T
zqL$$@!FN348`<CZg(D6d+fPTmj=}<rB526hUp%Uv`pbLE6(`X<Ia<#B@7v$m^m>SR
z`Fo3Cm1HytnuVe>q|@TRFJ2dI^DrIVY&A=1F_niVNJgF#qxelR13Td7&tMDf|NUkP
zh>mMY(F?3?_P3(vIF}tm{Dxfiml!D4F29}qBc!VFr2@jOFG1=EA1%WL-H~zf4*$AB
zn(BuPvaY`8RfjQqkir#RKCxf@ae~>?(&-tKN8X^;AD2+0(Lxoncy|#`3wE6Ouhao=
zKCD-gM#EPCn{tiI`_}Tk!f@^C(4oY6IAJTp;)EaHD}2|z*Cc;pQq#!Oi?CBeN4V8}
zeNDijBd70t6D3EC*1mVuPc!@MX)Iq+iv$@mH6_PnarP2z1MFVum+$Vx)~^}+*R1}%
zKJZ}*yxbLfIyHyO#ZyNG6gp5{{M~JDF&<iKQiI>yA^l~y$O@-$gaYC^h9-yvU0nMR
zA_GrwX6_&kN0qs!NuLfTc2BO0q*lAP_NDC_RXPgqAxs}I!OI0!!eZlt8(OJ|eL1XJ
zCjWbugan^t5=r$1t)|IeE`~<9OrD(V?dzHV9c0bjE$bZMt<wMK%%G&Cy2}^{4q7^5
zBNTMNBndoYW29$X{Oe2BrJ5y<MXQ423M>fkm(~8SJ+EXkiDl*GasoC-7%LW+rhz|l
z269a-%?2c02@{~AA-K5$tA(B|96e*Kx(Yh`E0mU+=5gZ*{+mey^r~-p7z6$N)9zaO
zgXdbQf0w!6IP7Ve^;=V`JKs#~O^uzeAPozwe%IR1iu40$DpevLhf=u9k3=esz<cz6
z!UG?|VB#M?Q%^W!p$Nu))+DFlABgbp-lbTB-=tUm^_mz$#m^`7i=KEw`t@0j?~u9c
z>jn5lGORnqtDN*rt}%ZmgqsvNr}nwp_=q9)IV!l@t7rY<;qljFog10dtNgz$D;^)%
z#i@d{!@?uyXz+51?6DIBEz)^(w7oz-en<mO?>S2;62XQNQsLGUPGHS|ava_5aM;g-
zxO{t3c@@6e&Jjh5g+e1w>x)1sV(0=F*#B44^6&xx8;1-)>(elQZ;AMiFjmF<fDOb{
zh3Ymcl>vd>wnUCbn(n^ecmS>t9yTE%rBCf^z@1m-%k5<XiQEMsOJec>H8fbH&Qq()
zD36UX0nwP8<>lq+BT9l95^o!DdC?m$C|TuNQw{<=vBKioR%}&UheiHvJemgTRrZf8
z$yr<lHC-giPcp^;qOYM!!rYvu<84&##d(do<*za(R=M>Y_Wx1!j`4MUQMYiD#%a{p
zwrw@GZQFL6#&*)!YHVALZ8Wy6lXv(3Joo<YyFVl!&N=(+z4kh5jXCF-V_@6)9q%`1
z`t;j<+;a*}_lb>Jp2eabhY5e~aQ#RVkU2}K*Hbk76ivV?+^1jbj1JV)WQN;3Y6Jl>
zrl~v*3Crai%ubY$UG5Lcx7J%yXpqx~*ZO<!`NhM6C+Mx@QYbyp&Z)-e;w?C7vx2&)
zu+S1WKdc7%#bk)?WU&bKG4-3-$z}6aY;jrln>ag~<V^hb-P>5T%F-l0H4BUKn-C=#
z)%TPtU733G4>3I+H^;LL|25Nwy$2`m&Zm<MW6sxVulaf(jqu^VogDDX_f1?(I_?dL
zr}M|-`CwW(WT}8Oev9n5F&&4lA>v{Q0`9O$zFjgL9@DtEMUgZrHivAAL*%$vL5nH$
zSy*SVgzL*S``ju$URY*&28KK!0Ve9IadSUDG4?wZPlpZf^`~KQP|$R4|LYu<92&w5
z1T!FG_IUiIi&0+SSd-^$y6di2qG0c3ca!B2N?-d;z^*NB?CeZ8ox_d-fAGN~+o?|W
z-QQ*})O9}@QyS|E{(B~f+lN5UvG<qjdTswvtf0A)sc6tZd$Zx6;~#-TYm)5pXHnz$
zn)_CN%EU}U1f8{Yb!Fi(8H)ruy{Cr@y7K)y+vm6~vV=uq`2xE@4?eYw^wovyZ{LVB
z)|wqkfYvmZcCNH0+cC5cqLQr`0?PACgeAc76@fYHWzDs1cM*56syxIJ@MJ^$)mZaH
znaiB00+i_piJ6&|imfkTLhl7dGs5cXT#gbIx(i<keZN5rxV;Ze>_F|nwO4mx%XzhW
zsj8__KiKc>?ZG;+gD~lI>D)1(5vPSV0Wp_4D~u|3@rmCwzn=s~4}AW9Zmo(HyeCm}
zk!iKM#kjr&g%%7DJj$!9$1H;#AD2xw7_yE0Q^j_rsOjQ*yAl~BaB8+nB!0{b4jx4O
zK2`gD>|F6lBA{syVCrst!X-6QA*<kj-^n060)-NyQq$2D0$LY}sfc!#fJt$F<jgD(
zKrXI`TJ4V}v)#em_bnRQs1w+&HvEBgm@SlA&#AL32p$9ll9#-~goj@@I44_pw1#{t
z9O(4=x`-c`W^9UfsA1rR0tp2Pcw%EQ`-Y`{B+B!Nw`<}__SjFhq>O1)qySa()2^z=
zO_z3LY2-PKiMav9M|r;<8MyUW42=7}xH7#I{%aqiu$;GZINx^;^;!TuGua*B5tl##
z)%3=CqpyWJ&Gz$oBG5EcRLD0xE(fwF3zdnB>OGb;#U~-5p*FZkK;`5DJ$pmw4?s}v
zO_=k8@Xa;>{HJbO5kF^|Amj=fMjR+42FzFx7?ROaQ%j9&a%!ra2UwGh4Ce$)-t(4Q
z&piE@8fo!3WG~q4CGJH7WWDE_HhNqQqVhAWcCqj)k??sM3bq1rj-#5iHJ`xmOdlZv
zKxZG+HwsfZUxD=vHZ39&WokDBDfyN{E`7e8`>Xo{{^OkL=*S2%KPQtM7R2LlxJpCx
zH)~}+dd(WcW{=NJ0ELkCse*gZKF_)Ug4TyYbM5hVs(bEHH{O^O&^ub3^E%9y|M5e(
z?tqQ7fIJaiH3e)Q(0qP5IlVkCk?Ia(2pc7~)zH(EDHtx5OJKUM>&Op$!JpOXTW+FP
z;h5<SksKyqjpDFhmo@Oc?>zc8e;`HUOWV$9lqX!}2B>AZJ*cJ^aTGCjy-lv%Q4ukH
zXK1^^gM))hh{h5C-N_ubRcW@SBc3m%UPfE5jKjDS_Yx<i=1e`V3)w5WSZ=f-c)JvQ
zBChG}6}|&JjKZr{k*#up+tD#;1XB^py6q%>EjX(<YlVQ&<SrdlR*e+@Qo)_Y;a6-c
z4<X#{Ip?Oqjf-}Fv63|ulOeQA>HJ#8$#k+%ka72`#%Xr1ta}>e^9#3)`jXx9UIq94
zeI!Es%l)~WFtO3y%HjIO3D<<U6b8lz+WhEK;fFx)7Cjgsa#e-TW{K?gxNC~TYz(0T
z0QVLYT=dcCB{Ck+vXQEyZk`=I4!DjxG?b9S8(33H)7veIkb6DLKd}1~)^mGS)2QVB
zAKb^=E3K^TRlx5piS|7wnr^<CLiry6Is`5w{|`zax?}Z8bp;9%^2T8k)>-d=!u(%=
z3SMp1`5$70CVW#k*}$eNdoJmz;{GovY?)3gx#!t)1%17zr~3E)$e-|PYHF*dPD~_Z
zEg*%Yf6||tZ?}r=8P!FP(0I;m)>-f4K>)FIur~}Rrz{K1f0d5+^)@GxC;)T)zvzH4
za%jDfchA+v{YO(B5O~&brG1|Y_v|Ossy(|SgnvEg{TD;z_JIk@!^@mEF#PwWC=2bi
zMzl@R*2pI+CZOM4HLW=rk{+(^J&MS9mhk`1+n4XuLtG+;?!K%4Kc5i(!CU>&No9&J
z(8>#;vTXIa^Fsa!13^rv@_n-GzY7dH`Mk|r(wjL>^m_9z2;9m2`J69lXZIb$P5*P5
z5{W?^^Ue|O^~0fptmcXC=?lVG&KcjEUScQq;t$6E#n_MxtK-p)0Jiw|2>3oZxuQ1V
za4gMVaf`08%buLTQwM9IDiOD@+AT?u+<7d->Tns5(8Pk=5Cs4}E^t`VIgU`TQm#q<
zI|E+OCn=}*V+`T3$?b>J>tnxzu<_|1D}Hx91+4|$A^oV?aC5KYpzW#ux#8L#R%e{t
zO%kAK2KcNg%oT;5<rnvTg<i@p2H%s~!pffJ4llaB-+fwJ{m!1ImU2j&dI56Rzi)MQ
z<PfDPD=kXbJ}8$}rlqAhu3ovd1VDxH=F-t(Njt|mF9Z~%vZ*LU5e21+qGL_d#%s&d
zjZMR!f8*36B$>N{EaAXcBhxXV;U$sn_VlTloy(=6v*Vl&?Cb*0I`j%o+KWXUj5qr5
z@26s}|G7fG(qbYzYu~H5xf>k&T&}zyU~D!+w$@9<kZ#BGLsO5J4-9}7SaEKgp|sW4
z61xWkYa1It$}S0`T2p~Oy~Jj%Gj^=HD_-E$u~6XOeOSINXDR%d59XXvDM$%HJaHFA
zyx<s2(^^7OU{m*(D)hWJF@UZpT{yAk9QY6<%zIE_`46q5TX(GP3_(t%t57(Egqqt=
z6;9&oMC!>QBrf`q!4R_k4h#(3Yhi@MPf9D5q@kuy=DVN`VwwR~zZ$MMWGpnHAF_(z
zLdrp7KPt;Pz#f1sh^_*39rv`C5v*P<>W_f^s-TT07+6E$v>FLLq{~L#50mxzqcBG<
z3PjS;2})bklC>%U*q-=z8^K;W3V{}0C&E4Be~AgB8O^_`nd%xEG8XwE=MRmBm5C9U
zUz`I*y2K<U!~UCOcvwIr5~Hh-&oAT`-i94C6UXCZA+rp96PxkZ3w4Od&6KyOx(~xS
z0*lKx$OxtkPA7a={`oqntnW6{rybHM6M0xZtjuYy?^+}(i?|ZH{omXH!Y2&RM(Ig5
zx(oJP2W6Fhh&r%3D;J6lrzO_Ap)~_#d;K2<_yNY^@(8LPmWRqpYH~8_4tY5i3`Lo5
z#@#$1(*Pn*!YYe@OU5#$V!c-R{ves8wWVYYa?9!}Q1vPYY_+9lz~<3(Fv_}<1%JU7
z^dpxAmtwPcKEjZ|%sW0=FGgWp_vcTDcbr94#m0P<|A}#3|2h6a+|?*VuQB!Gr`Er?
zl8z1s9?v<Vc{!vPa+GbY&2%=$)Z%c?M4?M=t?6*uq5DH@D;l&?t?#$9KzAZAHEFt=
zVyoTEoG3j;WBJg>uBxbcqEQ`l27P9`*U&<g*i@x+lmOXab`HMUVa{L|SOJRUsLB?>
zRi7wEp#3Pkw@I<i`8Q);p%BYVf#{P?p=X4g6|>yDy_|-kgs7^GAo-v#PRtJt{OGI7
zFezV@Iyg~xBT?`-G_7GdE@3QUXGH#~)&Surw{x|1={R>vUkuQ-bTvBp|5-e$;#Dr}
zbBB8s9mYKbDmgj3<Fb7(^hOz}R0*)*F&G|ypDH}%Y<Gk@)R-P(+*W^cb3>TWYDj^T
z8GS!_8SNUH6qkp0X`ZQAxyAp*Z$Ug^(2}HHp{?+H$u|EUw`ul(UMuO>ud&s}2Ddq$
z{Tbk=YfK2HVkb;;o$}SRsJuL)u8xJ8hvr-How~ZZvaK!E{{EqouWL=5OsR=AJ&ii?
z57`&fMTCz(v&f6R^9Hb~N{Wg^_a?Ho5W&GA(!8WWsaZdN-n;6~gleei?BZ>Yg#E@?
zroPej;GvmUvrk$<-kqLC4kaSx3u07B%Ci6<9&qH(^w{jFvM+>WI)@4Ygg45fqW!zR
zF~YgUO06B}9-h281^(6QE`xYPm`H)#xoKppH5RQM7OLSA2aL+Rn;Yrw7lIjr2V$JI
zgS!M7<D-O()futoFS%QbSqe_)Q@J;LD%64?)77v3;1jes3{p_fn|fqJLDnj}{o}_0
ziX~0-mTOIws|P(p+!op2WK!uCE!@C7bdg4)m-Nc)9{Jag1HIOlXN(0juX1?p-A3_m
z#->yn#=81X)M(2znh}A_K&2hxCz#*;FN#&KzcK@(%mXvUhZU6*DU!0Y#fia)?>3sZ
zl=Y3sm*iySpONe!Y1HGyRW-lKKU0wwzUaarf3Qi(<^qMf^e)he4;;Kn9gOp6A;yJy
zR#}|V1`$=j+t@Y?vzZ>U#d2^^X=6gZ34|cvRk(~1KvYCbY<)`}1PK<O(vp;p{%=Eu
zj}!+F-EQ^5-J~i&c$A^iqM`kL{G2LK=yu9sMF?k+$r0%Nc($_?D;VF%z+;SuL*rDd
zG~ejwvH_;lgSI7zSrva@3VIWIfDXiM(Qz>3Lp`20Hjg7uYOKv%CHs0WNy^i}K2uXA
z8tS2#)pf$3=IjR4$7c4VQ17*N`vzclkM>j)N~#4uWY^B{4P6h?3ZOZ0X4~CPF^I)d
z_59KI(bU6qegB~IlGVM!6?DDD#PEYe{T`;E!>GkiWLrf*m+{a?KOZ+2abBV9R+|c1
z;Zs#e65BpQe%oyk2sYG`U=qg_`Bth@5~HfFE~?XPn>U{6`*JeI2#|H`P3ttt3*xPD
zYH*$hwADl;H|9Krsf=>65=9dI(<K32tUB*wsDO&l_{H*38sc200(EGoAna?Rb>tZM
zHWuZv2iwZkSo}}NfkX)C`|J&VuN)B(U-B~7@uYG{mLoFo&;IYS9H-*(nVhub2+MKz
zoHkh&wCQ~)18AUkE~<0gMwwV1#ew|a=V`;tICX}KrJUwFP2i7Vu+dVJX4VH!A1oW3
z6i~kEdhEHL7T>dZEIN=JY3BW0XoGZ_`wpI82cBNv@*M+Eot0Y)SGOnAo~Se8t@^}c
zbg=u>9%ED0?o=I>wBa$Ox7y(G3B1*E2E6Tj%VWkO$G_0-<Co{_#L{u1l7UZrp9m7J
zP!<pH3I>$Vtw08k*;k-jB#yxE&C0Ie>e|9!W|*)uz%bhS0^Gg(i{4(+=?4+TJvsRx
z8Uca0S<yZkMu=4l*xkN{!7RX#6^)3DMCUf!`i57;piY{>mC7n2|4VXcXkgTJduIoZ
zII0x>Ivl41b}(I?6&<TrvUAd07E`>1g+6tTtPtG}x?Uy9pXWQFn_{20cwETMjkC1P
zVp3H%2*Y}z?pM?-i9ewMbnX9cK8Rd<XhH=@rB<CF33)+$_7K2goB!lz%vi^>%<&55
z=5G!EcRTm2nnH&>1AkHhgFoZc`77}1OSH>a)DT&?m^W|{R-oB?8s9CZMtQ$9HYYrO
z(9yfw-deTb5)N-@_hqL2Mo0FaHyrQnK@Dz%^8Tbnx-^o0nJ{S<tF;5U22(9CGkeB@
zi3}Rcu><WC8lWeYv;+`)D)G7n<*U(ZSY~YWk1_Jer0TmeB&Q}@W$^dU4n|r|=k_M0
zuSTU875PMy2)s<cPoj-$7<lWS34ENP4o~uvFY>Elkl_`23``3HNXPYLy{hObbi>Hc
zhszrzPPgHNNZ=XPq_%Ccx6<<K?o(Qd?b&HYab!!tvl-m|#VPC@=7l2>g&&ran6~Vu
zk^A9bGv4}f1tWi#itqdJCDoKU8rDvB!ue(TIpV{CUz7Pg4bN%j?cFbExpcBWx6S_V
zJSQ_n_?0^C;_apJ>a6FFz`Epm<NB!Q5r$uUn(ewilOJl;es!5m@kJ0TncW)-)aN|B
z&x?Td($4$t`8YPMA{98Urmi{?$uU2Zc0!wD3ASP~aXZDE3bf5(mRD5dLf#&#0Q%|F
z+}yvunwU`Y(M1V>u0*{5{(vSM4+@ght~KV4#`14C`{X+whQj7{f>v%=*Wx@V9T6E*
zg!ZsT#-P5~qOO`WM~Wo)4Hi#5v4slf{+Mb$t-?SUkZRfSRBplRZxPTFYi(`)mKGdT
zj^}ye^$a$TvuaIIpTS{Q+}vtA#eE1qIyHvsb3PUUp!(ooG14Ca&NzjOnSofX`;pZ{
zbC+`mVKKP->rR@r#v6!cXDtRNL6p4g(l8g|v!u8j7NaG`?qul6L{6I{qx6N4W1KaA
z3|j6@j%rZm+vIp@sHvUExLc{SJa4SDO%7om>JQMix&HEnhJ+|%dra;a*IbkZjl$nr
z9Y^r3wzMX3*wUEH>WR}Xp<l6=#>=l{{}ue`)DVw<Km)wE*t6VkoRYH6wM;tNJr9nD
zk4p<A!k(j8r}F*?$|19kOg#a_Uh1@^E!W@3b<Gl8@-pgGnC+<sxYTV#N=O24Y0H%x
zNn!xCoGdvdWjctuTd5lq8ZPkmvq9hYcwasZm{mY4hVbxvnu)>{j-CHsAW8ae+!boz
z3&JKgl{~ENk1e!fJ&eFDK9<M(D0tWg6VH}@Ugfk)FSqLe2wK;W7Q9{}cqQ4MQ6euG
z3~35lzt*x`@mJev{W#qN_a3Kyv37<vNl}uqvbvOz9;EG@E<R$W@J_WLmSj6dB_0<2
z=8)_Xl6@tZoq|2Jpil$pe_})PITaAWVbN}$vDiFXspmYT%mKN*X5HP+|1l1II+)B7
z*=V~*b`G=3p-{j&XEnWk-15&umFE#FKJR)O#bpBxGaDmCy_}iwIFBg3$mVs`I1*Or
z)oZ)Pg%p>SH8^hja!YVkYMX_5dDKvvh5czrt5nibDl`A#$ouI8+BxF5(Gj|KV8rC$
z;oKEapB@{lPT28%xjC)=Cn#M6xL^ft23+bbl2iO32k5=BI0C+0cAFhq;zBwun?nB3
z_yS?(Q@`XgezDn4j29mqPaFq)yfflEOB#$C=j&@KOXc`IU{7Rl#%}uV%C$YD+myDn
z#N9;Dl!@J9pkZQCGAawpo886!_OR-o?_QRQu;EgWl}}8_V7jg<Bpi;(o0I2HcCL33
z9s3U)_2pmph{#_*XyJHaEsT^^4-ANgzh2}f@S1`8<~w1yU)t2pd+*k#4bP~K@v~7i
z_=O}6=jWzU<T;Bg#KeZDTQPNId;N<~7DJI^mN3PD3aslS37nURn`tfc@M5K`=4U3e
z$|zoI$Od0Cj!Jz4$x}{@ne_Xj23t9d60K;aOV}73j!Xf<`*49ZR@skTkG8Y?wgRPg
zaO8IS3{Gw`r>nTU$@$HZ5h~){i};S^WzC3Kh1`1iTiHlRCGBQ&1O&c@)F^SYLdrju
zR`&86ljh>$Hf?}T|3zFys{}-j*9kNB9~RHsbELg6rOoWlS4q6nrK%zc(4`b5Qd%+Z
zTiWix8Pp9b3bxke%TlAw()2B3=RustfYS_l>YPFSN7AkRh7U|H)T+mkB<GfQ`%%8E
zcB4K00~AFTzyw?uD+qW}&v_2@8Ne7=MJDet$Yx&k8_5e@Bz^??qKj^)xH~s%+@XDT
z1zZvZ13o=}j(;<rFLCZN1o5@~?UOOhq6#~&<kUOd1IXI?Zhbty(}sYCydty5<xC>z
z&80ZXb0-@Rw<2uZd7X%U0hY`6+oV6P8~2=%{4hYfkCj{BirSeqc6qviS^^fan4YGV
z)}UK*`4rPWhUnCp_-3aLCt%^h@Xr0t3G9R9!Awq_e*<rU29bKMFdUxuyE)6naqKg}
z@7X>F*lnOT8*2W}U%ss9PIS68-{twXA%I{RUra*m51V1fh*p;^c9svI(vp-W$s8~I
z&%B~6Fx)ou0spA?6(oW>^dZWuM1uf?m6;6eFIKAze}0smnoYngPD7mlO(BNA%aX$H
z&VB_<o2BYaUi?o;f)Nc{#a=?-ti3gIJe?P+1Tf@8hY?&gzoPEAQ~iX#|Bae0+qq!$
zB;svN5*!+Qp}5}ufWsygmWNpR9;<%-<>*S+^*DLHLyQ*as<xq~q0w$<`*Lp=HgB|P
z<+^vM;M}?>`E0M5B6X_1r;P3)Zo|Ubn%JF8A*UrH_|X>PpWcvw!3dED8#lAh4=En;
zFf=4dBstan)+VsV{{}cwM8Tv_dZ#{A?%`#5##J5HAC5_qt&gKAMcw#;?vacw!fbTE
zb+GPO4y1B{5yd!WydTnCU-Fhi8}sa4iDcF22b}VsD+>zI;DU=(AgtKZePZt1ZOX`W
zZhznUSYWvS>~%3)lp$~%f-T2hSCYYS9{pP3meGU=bRI^<4Gj#84v8hJC9^a>UVr$E
z*v#Lq&FpsGxLy}&SYjeEiM41{3$W}w57{uzF%M_u>UC^0(xE;AMhc3}1pG%~q@mME
ze*|Hr2)vUlq^~ZFm&W2?vnkvxp#gfr%v>%})l}Nv57m6P9+n7R`}Sbt`~vD9IlYms
zfbhg>W(SFOt#2!zg(dGK*SYJ<&h3=h%jMr*2}K}9V`jHCxveVA1&_&4DEt%Z507$3
zizsg3K5^P&yW_R-C@ocPeuDKsX)=a4-B>K<z+I}6>s?AkMIkJMdN+WDI%F5NioX2A
zMAZ&EW<&;NX>7b1Jq@P$bUIw$cN@~~ztqHk$%%=xFWmd;>rt!EqrWWhB<$9j(D*+i
zSD`BKM1UT<PfwGL`k@vP6uNgfy2Iw^%cPvxY7}0*i)`9m!?&VK!<bGMyIRxy`d!?N
z+{2caxn7peKl1jH(Cp?MpVp9Jop5{RtL)&lnLMy2a@-&$GI)b{O95xB!`i#!NU*zS
znT5M!_@cXW8DFaw-3@;aOdk`I!hR?`c@s+6JdX9_EmYt8{ZbxNsGzHT%$x<B2t{M*
zGM{>~s2w97+Qn+47Y50#s<XSuvi7iHSz?YJDog3P;>jcO*=AP5h9y}KNTG)}Ie=Rn
z5gsqbNj=1)oN1zpSzt|phrExp6<`r+qk8(2*C36<Z%3*G5L^8;b2d|-n#K(G4m7)m
zc}WOmGlQSYT=?7_?Yo^n{M+_$SzOcN1nY-TKQZHb4;W3tP&+Pt{Ntv3Z`#bGGID2o
zzbP?ae(`K#a>L~9O-E7VbVpm{KGYY=@x2qkUk&(<yaBME?v@LX7JuP%{9f*4*=sYn
z<&I*4f`nEyb>%`w+gFy<L{8R7VI@XLULj-bexOKfN1V?yp~M-4xO=n;P$WuR#yFPK
zs*Ye`tv|XFmY6PQw>et7>^gk;AV6dc>W|F(v<MFaS6C2&kmqyp&PcD%66@^DO3g->
z*5rike!7{Z?|BUgB*Dy`(-ndTpOezi#=^_<bEmbv&#ps{0P(+E!XaOYaHs7_c(qUF
znKVk3a2%F_VuprH1|NKIh_ShV{B}6S8(X+`^S$8t+W+iwJC{E#_Ed4)7pCF4_f4`k
z+_Y*gj{4vgiuU$IXCRpxt>;T;*0ERqE-CoshozRd)Y4KhROSNE?8HhB?&(f=YO?Yz
zruc&K>2;ENl%0<+6VSCUZ7EE+fv?eTimR);X;sOPz~wZXD__X?<!P5+lvzSP#xcD!
zcxt)5a}Q{{b|RWR)|TLsZYMHs`F<3*<~~Ansdys@`TD0b>5E6Nla{CHpKL<F%z1pc
ztz~^9+wwjXdHLJvf#+8rk0MSBjYM!_8@9J83rjXCo5=nNWvEzIyoA{1T_}mr`wlkz
zv%i4nhh6uaH<(Dn1ez(#VtoFWzXyoWUPDwF#G}A&Dvt_^mrZbI^M>WD&<bW)tbI7!
z&}pAX+Vff;$jS0eLx>l8sWo31=%n1L+R%CY1vVSWo=stQ&N`c>*}2aS2gthZ`s3}g
zpLngHYpA4FZQunUKMqOR8$!5_rA*w%xL;7w#ZANR1|+#v^*B*x4!B`${q$if@|YS`
zWN!aXL{S3db}q&&XZl*vFbHHPW>ty^aPJ3GT_?Q`m6%FcgD>Z%#Ql07LCk1`1z|fG
z4$*~di<K2s#s3s44<<7dP?VJFXdO&d$(reffwWrBKn=TKzrz*lbOsB{EHw*Vkn&vm
zjEaJwj7uwlq>Nnge3GcW#SV2hRmSFrBN;jQFpy`0@VmdKYTJzoP%?sD+%0&&Y9KDh
zXEhg7Gz#@JG2S^|Hc=?#+{BYQ&J_1$8U9~<<V0+EcQn(Ormv<B%Yqa32yjRjZE>7M
z14d~p0)~gj$ML-Hlab2i8)?aS2$%GHeqcInp!D?znrZwgEp?2Dj!BxC5BZcqG@;cZ
z-eqU~>DxwRxRtJLVN+S8Aw^~Pc$x(MTJs!-4`Gh~GlJfB{i4mzvP0TkL%u=4yIOIb
z(a+d=M#a;t^4~N^OVlPnQL-^9DM?lWkvC=s^#SyV!d!{To2Kuy(6~ATl&|Z#le(=Y
zFfiJomd3t0stJtnib4qte<eU6#;~S<<Go^Lqf3&Ok#5zm+H2!eE}l+7OND#xfAM~b
zGz{1oh8Xg%rN%p}wP7G5;fr#k#pjRuo3GDUJ?*`~UiY9zWTj#S`OGGi9@Pn!uexn?
zOIBDCb&E3Tq&{XYg;52tHvS#Zkk-DdqeBo18D#k2>~P`D<CfE>vi)v=+a#>(c5um`
z7pb2KJ6~Te+F||g-(mBA4;G^z5uOEBXtqy8rh((Hu@$snQ55^%bq+uujd+4oEyh3Z
z!}<}19n<}xL?@D#x-tIiAVQW~QxoTXe?p!?ijB5suJq6pJ<rFV1z4sE*VZb@st(V+
zxcM~YMF|?3kjcmb^(gl*8fMgXfrofD-)zjHDOX|Rgv7qoa-iFY*H)pKRtLgTOipl0
z)$(#n7WrPPhK3vVf9nr&BzY1dj!wqQheN%mvo@KpB<{^qRfGK~jYRJ?MQ{owq9fHL
zJO$WLmd6d><BZ+m-O1D^vfy?NF<q4_fbef{w3jp*8?ipgT@Sm+gb3kTzEJJ-!1YFI
zb8bahIpO_ekuq%IjpL4yc+$s}t-y<gT`t1KYX0L8{<4MNEH@X&UW%gsSW{Rg2JV9M
z5hOr9S0;l5h)J}P>a~^K``f6~=hEve0=-+fmK!e!0BLrriJi^i!PTi5$c+D=gG=+T
z>}h31Y5wRcQ8_G3zSk|L@<$gxHSgBF-z2`_PLRRzqg6eS@p6|{4^=T$4RT*$Cg~R`
zt*cAOFX*F6d2f**@_;}dF#F9p_mKHbS~@I`!Jk9?CiL%Lp%=G<H$R?AkMW?KqY9M=
z+h*l|DZ>9fB7Y)ebGLqBPnM2`D5q9LNHmf_%749h#mw@1kn*OF4d4&h!46O@NI^i6
zCvvmRke9eS70vpU_A+-(`TDv2Mo#troaw*+kO0+geqL5#u$jkfls@N0zJDVlAEtn$
z?*q+{75V>tYoy*!)=JC_&3T9rWi`7`m0LCO3F%~twytbY)Q{8=($dsPuzJ$QUvkdZ
zMn-9AEI|qENi*faO)IZY_p!fR$CZBG|N1Ys|KC4iB7eo?e}Dc~T1TPSMIY`kv(3u5
zd|_~&UFuQlR;y+qU4^%-pYu)Z_%|t(__ivkMALjbM_nQuYSoqg*aQ2**H7*ys!GRY
zLpNjJ!G2gpT0i`pLWh8as55x7P?85<`Jy?Di;643%v_6xfl=&{y@yvykBd#yS(Qc>
zecwA{{JEHtG^d9!U^2eo|GBI|K?L?>>(F<6;^`@hT7(}W@-m~fasi(bJBcWqiR=iR
zdfwpCzFfQ*OwRY_*?=SS$I0Ub$Bq7Sj$`UoZG`tnV}@|`936DK6MCKP2^k?uu`Q9R
z?tvJA*6fXi<%ZeX>W5y|d$FIb<g+3b!ES`S)6!^ohL%VsNQM4?20Jo<2>kTfwHTKj
zDAP9B0L3;q#fneBJj(;v(J3@=2ng{G^MAr9To~OTjDj`tN+T*@gQ~1zLI}?%yCa?;
z;mT0snU>XJWEq4X@RYi;E*E+$wmC=zGJy*8ADFZ2pPr7>66a)uMo6XrY*jw0r=JBw
z2ZL!k!o_uQJxqo?Hbo5#1uN)apM<IS{|ydmU!*&Df4)1q+lZB&A<TlRh6=lY`eX$b
zp$ew;(17f<pxq*v<js6{V70I^6jbQ+!i<P)p2-MpCL1@qk&qnZ-ySY(LypR2sWjuB
z*nxtW6QWiVR)N3vJHw?mS)V$0646dwaXkA%Ga|&nF)+~^C>>4=@EfIuKM4+<iR)#&
z5dXM<fSD@5{KE3VnYUX1u_y?2qiif8Mzf@;r{a>6@!E4cS7TG<$Gr{PpfpU>Egc!K
z&~36v5$nLrW$~qw>}uI({_gf~PzeVIs?M{9gaQ-AAe<vhcbB3!g>Fcx*Zw?i{^65y
z>97O7M-QdpeV7g8xxx3JYdM*oe9*_oZ_u>mHogX<3)D5<xz$J?Eo1uQwud_9ll4Cf
zZgNjGAuoAW3t}}Jns|VPfB((<)$Oy4`2SSB=pG31oVB&{>;k{F<W<Mtr%m2zu${^8
zBGq%8h;M8#GMSeUB8FiL(#ae21Qi@p`Z&(JVqG|*i;5U#f|HZD9V`etfva30j_wVI
zE#BT-T-y+B;DS63Cw|XC2>K?uRpa?bv)XAsqkb?@<y7^&_3d9^@h5Gd7JG1kz6F~T
z!L%~EB46BbKR;qlGmtO|xm|(6_t+$h**y(3Ak`f82Pr9^oZvbbbSDu4H6Vn5zR2Fz
z&sDp%h#hR1sQ6v5xR1>(&pyTv2xJtu>+SWb(3{k&dF9o=ch!aqz!G`q%b_Y-pD0O3
zEcnBzaZ3i?(A(6VQ%&&wno0Xz;1VennV)YfK%IZD_kW<KgL;LZRlrmU_m-Ca2N4ji
z>y`?%Sglk6<$oKF!*DS>xgruZx-=;Go07f*gK9}WO5?8<m87r-426k~8i)-=nDM6b
ze+ruGIdw-vp17PMe{IiRBaTvG(;T?p9~=7k+`%W~H#4T8aQI++oRkJSf4Tqp`A+&L
zVzvKMo7L8ZkS@)Eb(@iNUo?+u|6xP#-`vk4q>WA<pRGDd%hVm*PA0TWMw~asXdQJf
z?O!HLIuvd%ll|vumvf_Yd=9Z6K07hRFa6%{k=e)<wi+I5|B1cuGP3N&d?|P~>NkAM
zanBy3{P;)EAMxST=D*NO33CB`a8*?>@LNHH)zaU%xtbcs+EQ4=T|`d8Uzy&kkN7~F
z>E1#MEv?8meidx=6LP9ErB)({sXRpAjxmPL)h}4}!;>YSX>C-U?ph?{^rhk4RJ50d
z2t^|UWGRPHn__hO<)%Bw{+Osg_<ud@S(?C?@BgdvEs$q#9+Oul1^!24M9({_g#2fB
z7fP1Mwkx0E+9E!R7ybTSMO|HD8N?)ik&6$g%~Ejua?~$h?q87*9pmeNBC9oie7Pwu
zH?D$xE-g3ifT;bykF4A#Ge)@+25vnWlnR~AUb0W~eWwl%4jv&nI_`U$(rW?B>f(71
zL9)Rma!{tX)^&JfA?(w-#^C2ASlrL|t&|XEH?T8|Z;32DOPhjfw{lH4B|Plk@f`Ef
zJLgv>GkLv@7qjtOCOb159AI^LpS;~f=38~&k3Gr1luWNF8McRv!m+bo<VecXo@P8W
zKSnrQ_8#(FA|uEJ_!(W?>AUvMs6iQ2dxn4R<%gwaq%ATpE2}sxqx22D0wcLQCAvz5
zq}<EmgWjwjLKGOGl`VncGrRUkig-+BSyI4vhd3lBCM>-8NqNp#3I_Tg8ZRP8TCt17
zvL206Xr}r?`DL&%Q1WQezm5#%ti0txEhw2Q{c<tiN|BPTY9k1)p?GgTYIa%F=O676
zYmg)4cyiRr2g66XBjayqK}Gt(14=e%<uXS2`C}F;la6Py%M9ACs1PP^xH@PG8Z`t@
zck*ir;`rDq0#{4b(nq}q!FMOsB^;1P<8Sj7z<Ll;cDR@m8k`IQ92WVTBse4Fx62=B
z2|@%?lEkr_QsBf5pYpIId-8B)SvNX4|Iny2>NI#C3bJ~zYfClR>XJSCKCJv|^}D#x
z-3YkI;>|jjZASTnZ(alTR?$+5aU8zWa307+Z!4c{N6+(E*<8%JzoppL`-D3th_CLU
z{qaIY;7Spy3*$SUTVDQk7ii={D)W)QMP6s$A+HIyINf=fS@vdsg@w|tQ*XFz+pXj7
zuCA1`=q9Ca--^3o#aHnE{J@VJVuU5G!^0Yeo=MzB-GEXe7v>q>n3|g;qBl783{{k(
zAv?5y-+TT<8Fz6N|2^Xr>q+N69!W4Lbf_pG^7kQ$y*?WuV^qkEp!VPuiI<Wmfxe@g
zE$mW4ZkrX`RH^~gSeZC<_qg2^sq=0y%%Z9|o75aUgN}emhWuLODP>Wam0OWY0)6NL
z`zNOhVLs0HBv;bo8nD&KMg5jfbTX%`Cu!LoM6*LDWvF0HU|Fx(s}?5vTbip;IVcpY
z5$4+lpGDo*Q3Sm{f8R;!OPWegsi5tvQlThlEtA^H8?^a0;~BH~tA+HX*<i;|_Tu*O
zT+4=KZsKmM7I3D(D-=tdyY^Sud~7QS=mrKNWQO5*atZ24lGHAUV}}j>rua6&u!(-k
z@EVEZ)@63!)%N-UJ|FVyt~mcQamr>1X6zsveaQVToa-WDIc5WWm&U1uiH@X){rjkl
zhabD3`M#SdpZ3i@YZ?8q*9E=VwX#u1gOFQzgQzuTst6I~iicCbw){J#PHG{oi4177
z>+*Qeq4+O+VL9kxnHQ6P_DX21dF@*p9vF{{L}9(-zD1o$_#C}PfKE))mdmhf(;I#f
zHZT&!om4pM?Oh%GA1a_*90%(iaJy_SdOZ!g9oGa#AVg;GwUHo&ykfD=(#sIC`>Te^
zHv9FroAqRXL{UlD+?`enl*Zq~7|=ToFa|?S#nIY|c_aa`&yT-eePc~nAv5sm6Gtr0
z(i5as91=ctF{z^L%Q?)eu|ZN+JW1r}#9~0ByMY?`+#R`S@&hH;+2sf?pkvYHM1DpX
z5Q(mCWI##ENNZ&*hbQ|{l8Maz*;k!&R1c|{8(FVIJxi643~zBR;MBH#mK-+5LRi9f
z$wA!83YSVBXQa(6auaUZ_j&LvygxOoI=FdMwk(5Wzjht^tN*gozuO}iI+WVcq3Sz(
z-Sqw5QhUL-r;X%1xt{ct?tHKa@(-Uq^m|srn`Q_9^PYoVzyP0f;LL4_9hVvGZ;ypQ
zj5pVAuPHN;hP@S@5Bw}cJy#1AR|$XkE|Jv@rZ4?WQFh{Md2}C)ERc9ed^5+eB?ku-
zC_W_e83`}CG`ulYI>U%$?C2$qvlHRHuEVoi-Y6}M6jtqbYMDF^_8W?o5j5AggUL8X
zY|NOO=T^v079g}Dsag!9KYZkjD84lEI-NpW<aE^G_43vGF+HByJw=)hq^IC!mN|w`
zxs7jg##Z?Cwlq=L-<q^Yay#1|PiB9K8)mAPdA(jF3U|QGh^$2T6yu^;M4yYPc&6x_
z<QTb%{x%2&G3@t$*p&oy(`PJhOTBPrY@>#qp5Hcaz0h1Y{qVyaZjS2z-pVB&`@_I?
zjH1Q_>%V7S_#Uq!3>kmd%jLY9l;0y$?n9PP6iCfqSNhHtPRcKJ!PA?Hq10B58(iQO
zaf>-qdcD_=J`{Y-lK=+3Q%>$Dm_!)rNfNt1u8cBj7e?B~M|oYMSTu65*dICW@(6k!
zL45obZK0o?&d48TK8a-EkH@~4cX`odOpkB6#a2^DyOV0XfjVnkCwEyAZS)!A`{B8A
zNltSzzF-9b^wml1#m=tJNf)7iq!tpz?^df&j?2dd?8H%LjNAza7Q0Qs=fTrUo<0r<
z@Y`Qj_MM)a6C|BhWGS+vZdrytU&Y<s(To@xSI6BWJ!;9=!_yMn^R#67?hj(q^)m=I
z*$=jYZsyE%5)yYCDZS+)i^!1JJ5eaEEtMT{`pqmXr1)NZmTL5eyO@!uh-C!wGdqdn
z6T@5V@A(>KZDsn?)#c=(mqNlx$BK_-ymVh`J@MS!+`<Npy-}mL1E1SDXf^Lw)x%nu
zu0=_*IGUZL=8DkC(n6r$eZF7wz4JJ|p4k8Q3^<A^xy&v_J~(cXSb44Rn9-bQ@X^~W
ziUz4CUT-HZaCq5*E<|~wjk8^HWp)qJ%WHSZvZPiXi|-@4F?&xjMygu8CE6}qA>}sS
z6yY|=h*L;uX#*|E%JCWGx8-sYGiCbZ<Q9Y0Oa5LK#`<}lp|9~$-ly)dS;#H*CmwZi
zA7WgxMIC~u{a5uV7wxnJ<v{A68`4N>e?>d|vaFFk{jP3?vYfo3{PD#^CQoqp?lPxa
zhq+12xzgfVJJ$TSWmLGLopnkIHJ-4`h(SU6_4+Q1t<PSYar@BS-OJ3WWED6{Xr_F%
zT^LsX;I961oNla<RX@qskh0lQ#(Gg06~{Vy)7NkD<DRZIcG(^K_Y>Ioum@AFuEI8x
z(~di8;4;|Hvggyn!7neFFKycB4PWN4Zf6a-oyEd1??y4fvha~p_1m`z;HO<u@6w<X
z-C5O^LCRlFeM|=B#^{`!ot^K7^kwA!ZFeC?wtlN&D(?Eru#tl%tAE0!Evl=U5I;j>
z<QKQ$yu-a7`6zD8>$^AT4u{fO44E*WzwJp&gyR#qk9eN_qTHaeFHi~)RpDb33{Tw~
z%{U?a*7U@BZu)JM*vl#Bx|6zEKYNp^a%pAmZa?RA9&#*|+#bc9!>n72r=;^0L+GXI
zXrsNEQgKDt#J4)`XszUv+#ibLPaM|J(WI!sey`StvH0Jhc443+ds*sPM{mOF-3i#~
z={0guOG%lWH)nr5h`V%_AGZ3CvbL@gS5!L)RqJ;uYH5}2M-F$QM2F3ztC)Fa71QCX
z9u&>RLWUS=1r|_7p+<{iBS@7YVaoFk(be}{erIBk7*Ru$Nvi}?Iky@T%XT+iJE)oU
z^VGW*5hGi}(Po3EZl&146Wf<wRQ2<Y9uXMCw)p<US+wrfW0R;+=27ImMCV|BEXTz>
zNgy@iCYE>9h~7a!Ex&@HDA}a@sE?a?C;p9`u&w@mn}}fz;UKr!))Rk}Jrix0^}XXu
z>pr`rASIfL^M<;r>TVUU{jg5G{*tTag}4<aSNWLp-hpUb4lYVO&3VK;<Su#PgfSO-
z$=6U4Re=uNAKo!^k*dYnu}cKE9qcigF7h!Rpf6v8_CGpA_fqE;D(Y>mJ^O(r{3yJp
zx{i5Gw@#k-yy3S*EJ1Y8$D?{1&8(5hAq{a>B21lF*rwak2EZV&a2!wVjv5+DlYh=f
zHnSLV3*l4hpHxkZnAJtmK6{(qIBj^&k9I1g#6XE33Ose?3-6yq;}tlwG?(#}A2Y$;
zAwj18)>u$#CFze7tMXTLT{>Gf(P;&?U`An#(#mRBZHJ{I=2PVB`ZN4>39fx#P4CYc
zg&?ZAFTW*kziR5J1_kgvA-%mm2kcI0IT-Ippr>&;<)?(!yrKD>EthAA&LLJNB|b}m
zHAd0j@8U~vCD0n@T)audODUz%=W{YLVm3CqJpsORPD@!H#<K%bVUh%_2EIzSxO|q5
zJbZH|1S_(%aRwyuNtYDG_HT$>qxkXil)G2FV+k?5yyI1%z{B3)Dl&9_!D^g66ZmbO
z_YSq`xg#%&`N4R&Lztbv!k_m%E@2t;5#?^KyO%(Ko|**n=|uAtz*#eTj!4F$TH<ne
z@!Xlgy(aTUkTQOW>UjN1P7hM=T$3hFs;=&Fnc`<O`kp5e0?ZVR&9j>>kIkc5Tzl^`
zyGDdK(u>>G60fC_$I~Sy+y1obr)zDqsAltkAYA)r+M#IdXt2*OKF8MS6TlA#(|ya1
zGYU^Yw`vJS;LVf)^gN(~#cc}%IQ~=~lBCv0SO)Re{;|n8|8g3()b629m#V>m-t9fP
z8QL_b>^@}jWSU^_?^6>TU;p^nhWOULgsr>6i@W)6!*^HZ(2!|(#au*n&HRenYmws@
zvc8VDcX(*BSfRDrYZNLo80%iqfg&3tdm@?DQqL+8KRSuaD{;nM=9s*zs`4#J5sw)q
z>vXAlc<Te?G5(8H;$~z4MXb7DkG^Ao;d_i?jmWV4kK$ewAvk^~qt#U{!{JD#D8U3`
zkZXbCqK3TVomyYLOS){t_sPk7ah<nGoVm%dvHtR8TBq|5{oe(Hf-f_%SIO1Bkf*dX
ziaIK!`>3^)ha<kKNz(dCZM6hs2owbrgcYbEx8mk2f0EJ@=p{^7j(2Mp>jx~f0b5RQ
zx=wXLbi<;gVB^NZLeZ%N+Glf#IyJ?*Dk>W8!C3#y2uaSE9%n(~dkNvuc-3>yIsq~T
zcY&;0KJNly-eP@;Urnuo6#dIz>Cyy|_V>*|N>H2o7rXEBUi{ZXvSMoNF>kY}P8ZLI
zyL~bYVtyuH9zo~+<5|20RRJiWUt^a9C6HDGm^rFHgEqYoEbGz>DHpL00O`^GHn-Eb
zEc_Xc(A3h=HgkuF>NSl#npYlW8as@B@4#iupSGU|auBMPI2z0s&mQ0T31O!UZFRmn
z6J)ln(F!W8u`~%s*Fr!c;)TWStqs`dt*SIt=EXfpd>i?5z<!aH+9Y@rd+fD;A61l#
zyQZ|+u**!Tt+?mS%G9xfQI(DGZ>?Zz;y91Wl;#xorbEkKS>g5s^j2m{6bQfI^FRRH
z*1-lV6}6t}t<y6_uDZnCpjb+{qOpQ3-fGm+4T1AJPw-^?atf4=PNv-z3nfj>Fn;$f
zy<H{Qy4}J)l_-2(Mn<VYkEI(a{nc$#>^%`kbY4C1x$V-RC6t25(<m?eu7y+STEjom
zvKuZQcbAEmgXjh^vI6hp^;iIlW|IF>_il7-xCaa%og8K<>8V76y+d1e;guPNDvGs+
zd8SBwSaGK%EK%P>a6_`iYRR}JDqNf3*IADLQt`mW!BNe{#6&l`-WgoBYu;dTyX<6g
zJ7J58zYLx8u+kpZ9T$6WJ7KvseR-2#CdT+N%17<lx?mOQy_qeDY3OucWc+I@_Ka1J
zQofmuj&R%Icgf7{q~+_)%WuZ*ttr8u=wm6yQ=Kb|o^zA<H!_dn^3cwENlWZv<cw`h
z=F&Rs#`Bg|GVc8~#6KMeFcAlQTm;0lte6qk0|fW>%nPc7gEAX%JH35WUR|6?sc5U`
zeZA4co@@{cltt}hbYFwt;T%VdBn;2euAS+fUTih1RKf=Ly~9TvF~lURK2%*KXRXEc
zvOGr{2UaM;O<Ao^Pux^f>%V%sFw%f?Qj?@FRZt@EXL~(#AI-I6E@C7bp6ItrWy~q~
zbt+D1wt6Gjx4t9Zoh~6cO!>n<@?XW3F4~TNoSBfBxMA_Ra;aA^3{_XRf-wqwfPro=
zF&%q;yh>-cdhSMRdA?l_*Bb9j^W9zbd)_ZB)c|Jq+r7|)eLs=-qm~8(EUdP?WpJl>
z-hPKYuQ{~qiFwgs3>QizHe@+U&IodHI9vaNeH(c0FdVbgxn0Y6049;=ye)1Et}&m$
z8Bf25df2pKM2|z0L$lu<LQF-}25;W<rp@-fk)qRVK^7Z4WwKxQM9%;u3)=^LP@`vC
zSFB31;%u#lNMremAN~yA&NM3o++pTD9twWs#E1i_T$4Wu<f~HNw?NJAwu-k%<vt|l
zgjt~dvoFW*x;nU9Ou9Z`(IU^WxEjiEC?CP+vLreffBwV>@+eN({Q(X7(QH12A<Qq!
z>zY~oI=Oaf=_UB`M0z|Pjpo#b=X2f#|MEDwB#&KL*zg7L+-7l4=fmC|j$Mi&hP0Ho
zM+AibBFoEZIsmmmPpLk>>w!c~@~olNHlFikwWax;fRD$3c-pL03Bq?u(Ce(sNX&uZ
z=G*fstS{i0#%w;$b*|8Tm4kUbQV<*7BEOUEb2*eR7U`<(lG7DjT2Xp4czgl)GO}NE
z+%j;#B8$gjM_Oe6`Y}x41CAtk6Be=}(}f8)X#l#>pkl1<dA;mr^b(Bna>0}=ai)wS
z;MXnTnDlijPI)dX$?p9wEHcx)^{GN%Cu;4Y1^%*wQ{vGjUki)HG)x}M-Pl>iXlH&I
zt79?8^Nbk9z@Z%Lr4L2IXkcWf%K`q4zNqBh847%`Ot*a^kFJC3mi$X1mx_COP+$jL
zn1HAVU3l}BH|j9qBl$ch#r1jsC^A3*1Oa+p?yj-dgB6d#`B{?fuf3YpEZQKqfHDhB
z=#Tc{ePe~vw(GPj$0?Fd5QWE#AtsjWc}4g!z{;B44>0c{h($sTm&1BVA`JRBJhmcJ
z2ko|Z$Vr@Eb8{LT6y8py);&J9iY7cUi;5DKMwEEyHQ3qL@QjXcl0EMmSDrxFC4aja
zr=%lQVDq}^Bl5t0LK`ifale!fEX4>S0;G_kIyD<7(29l8Vfe1nbjhbBy#V;G_YKtR
zpY`&h_Wl?I-bYHZYZii8>2EU<guB!I#k)RRA5{(PGHPiT?Lfo(Hc|l9c|RPTejS=h
ziF~q)zjBUO_euG0#{m=x!|7b%k%@`9x+`8M&PF`jRL;Xkhn@L<YjPXs+iSJorw4eJ
z2@97&tBmfNs?U8WY!S>(y#zjI;V7iy`9M(=V#QijjZ<3U41IoKVYfuE9nRwY$TkyD
z3D#_JL=gbIBi?Q_G<M4k-o66bU&tggwkXaDQj{e~RUdP5T-T>1+uNZzJ+tJ$uUNy!
zW>z|jOzt-36ovyK;qT->ru-jVbOB>$uA{#{Q6?rAS;$0#lsjtYJO<(o20lOs+IU3A
z-ESwqv6u{z>s(xFZCBv@C?4`<7<%P-6?zLk(7>qt!WV27cOX$hw?2B2oHknz%Z>_Q
zc44Z19-h%3psB}K%sCawlcG4xrxe7Er7$kZA1~MLI^MG{8NLO<dcH?<*6Kr$2irBd
z?x{x_@?XB)G8^@g@qOfc95t*Femo7&GUG>ofF8*K0TYecgfA+-P#8~xj8$K|<2@fY
z9&5UM`DGHC07X%m_q|aMVtj2_Ui&wQOs@m2meUI#MXLN)LB<ZEtRXaUsgh<>J?vun
zj1Y%_S2p0-NsK*|wrIoqK+BU=3K-?=3U}FGf6j7Fzxs^CM`Y9;EyLKU8vN+O*b%h4
zs?9(3S2Enl7M{TOZ}pSm<SUJGx9hmZesf38Wxdmr&wj<1$&|nKXPNjjbW8XaMRgm7
zIw@h~qM}`a+&Sa@gQ*`7AFpd$CJU>^<K8YDA+cD&5u?`V&b6ZT`cpm%YZ7ZQp7~PM
zjh2X4?OPvEt&k|XuGi08Cr6C=4HaJ)J8uv-eNXXq9cPMKUY5Fr)ybf%C%oaSJFhV|
zy<hot@5g>S{V_}3O;YI&2fe@6)%ch3U$ndul5lkwvSJ28Xq-n6?x&AOoLDlHFmX!q
z?wfPhY<S<*S}=)DZuj^-h*vO^pYITVrOe};Ow+3l1h+!+fO1Len4836H>Z2pa0s}g
z9*J+V$JA@>km^IgW5Y6YmamX#A|?%aSgK<pOo{cv{xA6C(pHVMfP00{DVUnB;#!!@
z4ol+P@>MCR0X+?C{LS{cP-AYhU2(23FeoGW-MozY@q)SOf2fBN&yB_A2~+3d?DTr>
zVF(Hg#$s~J4f!}KKoXm0NR(d{^Sn8hK$)~oh*3eO`Au{8tUwvYb#M1KSGeW8Y0Y)7
zKA;=)az>^Q2M?>1$-y?HhGp;=y0smx<sfarro(HTsjV^Hj#PZsma)eRQy?B4?`ecy
zyl-~O>@;htH(&bk9js1J36pr1y3OArUTs9pnVUQoobPG8)Pj0`Y02a+jd|H*ivRx2
zBfBn=L3=>nE+)(*;tw;4E_~7Y?oe#%<dM*^>E-W0@3R&soRC(rqLPf%CEUb9+1bl}
z&Tg-WLZvE_gsGPs8!0J=_?I;BCWkHmw#v$~{{C3L2%GBnXt@2+6YJwIp=v!y*gW8g
z6!Iy)!+E*6%}MMG-x|clo&X8?qR#@~PE6T`B%dQABkz3<U><Woca$CP4{Mt3?(`vu
zxFlZi86Q3@Q4>3biQU1yA|WUBF;jf^To??Qm#?M?*SksZ5ver{o1~bi4k5Mtw(>)6
z=HP?W)h@-a7nw-4UBzG;20r-y?-{3xI$L22Hjy=BRqdy@<&mij{eWR)jq3_rr~OLt
zz@642&3O7dhw}|7*THhZbcq2N0FI5Yn61fD=nR6{2a8%jAsK3!RoW_a=Mv0A3ae6m
zkA3_Btw@A^H@_y?$|`Twg&wu>{yGGFP{zF8pe$S6cy1Lz`laah-SF&>cI0wRpgYmn
zcSs$<swm`|n;jZo^pSI&_T_As2)+j|tMQOG7dH{i+LrcA{(nrpWmKHY)-}2#BtZhf
z2^!qJ2@WB+H5yz31b25xg1ftG<L(-yad($S8+VuQ**WJu_l^Pl>M`i5TD5A)oO6xz
z3rmW&=0-uX-Nz!I3JQXX*BBWYXYV#l_R5+M!=;%Ul^6Z12Hb`-^2-PG46wV?0{<<N
z;Q9a2S=fm~KMYjzQpDrPlHjolkj*F~_g=jnakd$tT~)5^N1ZqV{P0GEppYm&6fXF5
z`sqyw7yrJvVCU0Y!ocT;9fT#1!O{h8x&z%n^0pfUt@C}|HJJ1$wEX!xVa|B9RY7fT
zmY^f|EINE7R@<oq5SuS?zBCTuYCX+QxhNAr7Cn_#cz9@k_5n2Z*AMKye90qtG&1h9
zxeVXNDS6)#n#)=eMMoRa3{9I=E2!v{Y5H$<3cnI<vFlb5r=NRqA(sk^{c3$#^i4-x
z=Ha4IT_MN=$EkGc?P%IgOItQZmw!YgsQO!K)p>6?i_!+W`8&g`q9(EKlP}9>#b&Xn
zZ1qur)L?44<V+$#0pkU6Uk(U^ST5$k&Yl|O0SnKs0R=rUHQ#okf$jX3;EZV-;kX{8
zvaL*qr^FU};NgkphF}kq3~cV`{WJF0XzkTe8Uz-L+;Z~Z1vom`!}(}0FfJW(PYD!5
zK*pxrC<dCHg{M2I&a6(Wp3Fqc&-b3!1J(&4*|qti3$7=Dv$k~)SGNQ4MobM<?T$?T
z-Ly^T0{5@ok1Cs2@HBK){7v1DgBG7}kRR^$bl0n-nLE@49|WjEKbDLZGHEpY10c7d
zQ-$t&Q+*wGJoHRXQxso0bzwVOo7t6FK#IM&S8&i!X@G8B(xu~m;J>PUZ@%;ZDLyUM
zeIlIIdQ?K$oy8SwJwpm5=6Ffsbs_+~?ACX5OiUU*#UYcff+@`(<oNH&nC|;)%{-p&
z%i8$@XLWE%4_5gM+`Fa+Q(#&rG=+z$ZKz_n1{g2sGio`$-JB_iui>g{2N66U^E|*K
zTGG9Jw5cNE?Wi2bKlg0iR`8$KmDE?nwhQgi79n$8?x%(2gx|e9YPcM|>-!VNxm0k7
zxR~X_SGaY4viR1V3J4icx=aE_Cq+%j!SgTHVSK<G^rFCumj`u&SU}vQ#bZv+;xhK7
zzvSa!0wZ?ijIWTL$3dlT#~7(krQ0Q)vT~W~uj|Wll7N0*Sus;n+B+#o%xJN|<<uly
zAPs7U>-I-aM`>;CG^Ur`PzkqdcxjHamIvHimsdxeSXxSYDuRfu4H9!qWGK!^XItHg
zUJ}JeYcapRL9aZQloz>4m*jy<|5k9GmH^Nwkeb2X0LY6I&haB|j~qnm<Hl0liv2t7
z6c##O0&Onc=q}HXXeTGa&)p^J$KSVt9TPd7gHoma1bn_ReZB5N6a3Jj9)u>4NPZbN
z=C(%HNn5s1IEl<XL2tMj`<-gonx-2);?4Xzy_Sgl%<THS@pGx6Zk<Qcl%~KL6gGkQ
z-Y+Fjr)oS_N&^3jp<&~@0}K=r0TG^33@<ntdM-ynIW{XTk*yO`7irrfOFlAaYf~gj
zVrt{hE9Xft0PdE~EmJX=A+VNC5**{%zJ361ZlHH~*}Df|E=~bWpP{!_^Mik-<+}B$
zx0el0`0aqI?Mwtyq&fNC{p<De$$LLHoQb%C>T1J%-D8h7`;`ZTn`P^A;T$dMNi<#*
zt<c>uVYChiiT6)${^#IsDZR@9>^lpOZ?Z$U5M);G6+Rg}POyk}wZNhj_N->vpmzR2
zXrfm8v)2=MiI&oD$`IU*jR=A6lPsSKeYk!L_rBv4D7V6*U!U)?9KxDu{n`IL-5>a>
z06I``{SFP@x(miz`9cQtP<u$cukE$Gm%o|j;PLO@L)I&Vuf?rUaTCs=g*B9>wndeB
zVNrGdClA+2JlNHg-b@e5+Nz9)-?jG0ktq$Q?T9A?3h-pf0!Evqc%hbb{c&SmYejHw
zI<T;b1V!G+uc`sMR@*+OK}?7&&vKJ!s#}FR`(Lx2i>^`sKsz2AJtBiu-hP$*E|>72
z{<v+T@>C4f{hDcPHbs6nHZB3yxRb7gK4@wr?hTio;HHCmUN2K0J<ouLFS_#g9cBdD
zPCQgPy;+P={ofOW)AGuVue?VXrzY`c_<bx)6t!7w*l>a-t_+Ba+JxeBNFk8m3c$?G
zip+~dWIVHxfzfUPQjh{-+wS$I%n9I>D}kgoyWHVTaS>gm%PARL8Qf9UeDvF_e}}x^
zr&vDxBd-ds`+|AI@_2bgM4%8|Uqv|66?_plM?4G)$r!>$Z$PqNxmOdHyk2p)J^%#8
z>7<NDy);KtVE36msNFB#9z~p0vB68cd`~fZ^m5<bo?Y(e$%NSMk_JfJrU212TWS3(
zRK9<TRZFo2;U%aCA>z-snKQ$cy~F{uiYiX}swHZ_Jg?KJE;S+$kar9cv?05}9fb3)
z_lNT|bUGowCdTvLWpL^J4&1rDOOs6np}M+qlko^nhHu^=##CHSwVnWO3|3md(oI%~
zHnWrU_9#Tcsf_9AV#3^79}e@wqj#)2@2<QfSnGqwKkQT>M1_v9n4XQ?5ju!Z^+w}O
z&1x0|u%qSLPN<gfvD@RQl<9=bAA9=xg(T=N`St_3)hhIlS8MGf9=WB0t!)rf_*JKL
z`5=d8FyO3zWxYaX^_crG<nd_PolE*KQ@HxYN`;+HB-ir_ZfqA8mhf2*iz<`^VmU2H
ze8a0USlg0N!y)dm{wX#-Zm^b{<ofZ@T1{7n$`Yz$7Zwi-ruU+no!eJzqr&bXG&R%|
z6OtU<geI(*sDF@DHep97uxRWfz?CIncZ(Is5CD$|moFzV7km;t`Qw>eI?}6M&;JuQ
zBZK^KjG8QcNALO7mAIj(--^h6=lbNO7>@P3s#5;13o0uN#ehOe0EtH+TsJX%C&QDd
ze&r;x2K#tzBVx5H!|S;{(Ec0kudhj*xQp)ZNAmTN$^J&Z<LFr**^NLXWG{;ZwjamC
zAV1fIkt?mVDWzshC#PMxdHNB={n6k7j)v1s+2rEfH^HyNW9=3!fY|`!<=$C=e>Bp9
zHRa_qkBM{pHqX=EUtTt?7H1}ag|{x$gJ&+cu<7Kvn|RFBNaIV?AVecik9Tkhnn{}r
z^l^0sg*@l`^D}!&LR@$sMm-XC?jsU%g~zR#=d-T1CF2_uyr18SRV91va>HHhL=v~Q
zt1HcCa18p^giK1x<21ep(3g})uMa+O?+xroSLe)=1?Jr0Cjn_hmiH=+N||;!c>|#K
z)U@_ab(N6Mr2<K21{;?E|FcH{lf3e$odHoLnkIUY62*Vc8Ygg{&x0Kz1v}-uy;$we
zzuvXYuC(4uxgv`;#DCu%>zE*A6l?eLqpL!8!<Ntn!GDYLae9h|;o(a64-Ut1nRk0u
zOv!~$iH61IsSSXzd;%_d7P9R;jp;MCO0lAr>wl)*&HU&{5uiQOt=A0sfp#$F`Bc_a
zSr{9ys-Ivh{FqZJt+w!+%Jlcm0#%*#L))ciFZw5R^RIjz&>)e9AQvTF#I7CDd857k
zl8Z+9#-48N3~gNW(qq;56D??}C72FdT*;m=s)UfklbPN4r-WV03#hROx4SRr7#Dq4
z2Z8@kKm_}Vkut@=&ZwwBp2$Of3p85GB%EWP?x5|@4>pVa8p|COwl!Ww(s-#;NA(t!
z*7Gcu%ax=7yNXZI$xn?ZPevAW=%%Jk_>$U8W*ZGv&YxTUhNCHB1hxYNTUxIr1#)vJ
z(kd9*<f<ik*ix(Z9KmE{eOyG-`%@Csp=qDsHzr(g8cN5(gbs1h7SUSr9%uVK{ZIN#
z{D%#aT4}k|&#hog(d^kE@{4mG@h6z5*GCh8Z%m$b#Al={#iM|ckj8toe=qt-oILA#
zagC=6Gr64x273}*Lw5J1FQ6?CT&=@{i&;ecg(T^(#IaM+Mk5Tz-1J6cPvPrtUCwkz
zH*(N+){}Lgm8(L6nsKBeOAp+0=u1>bgB*L|O*)UkLGoMiqoIbzqLjI+Ow599<#A7B
zI+WJL&8n{|$?@ZB>T#*SVZ(l^kxy+<7k0CWf>L_0W_LgWq)w@YX>ztbkpFbUac@D0
z`bmqhiJcE>0mAso*8lMnq9q!w39Zbn*OYu8`|+Le{l>7e-hG$(5@xf<>tBbNHO&kG
zH|~~58+Wty50m36I>r;>ftb>rUr=b@u0+i;*^G14#ehYmJ%R>rJRs)P-PdAL{DR4|
zs7-Z4(>{Msp(j2kOe3-^9Er)3(#JujMc^GThmN>kc5E8UsJ6hSATOA3-u|T|6swE1
z?TtY|&+(i@Z*UsDQ!uFhr;C2_g@G3jMn^dC4jp;Dl@-U|{p8~O_>Fb1(&^}i_S69+
zJVao6B14&xo8=;e;KbtTATE&0KxYQ04oGfyBAc&_LCsDj$RNu3Zp3ymYj;bIM|U(W
zE)$dU^KvB0MkKa8jz&i{_lfT<61Y?_K4JWat}HkrZPJA-OY<_;p`|9bi{7eiMVoKC
z7bsOOlQ&r7iS4W%e9%!^$${(G13Tyu`|D6XzUEa+eK&Lr!|hz6Ora6ywuQUi0=L0X
zxhJ7m309ewleu*%s~~-v%qZZ|iUrNu=`Bv9f5Xm)>vEoqT`p^P_-S%uxN}JhX|`bV
zm@&VHt$wqMaq*)m1RB$02NcJtf{Nau`nhyPalV+3WTB5=to8A7rx0HW_`AbmZzV|d
z?M>P3l0UHGMWIUK@KPS3wyvV<i$lY{yAfeq&BIT54AW^Y5DFbk_-H__7d1J#MC9R5
zl;75Df5hpJNKayF$oTYt_|c_XS{kOKUZQKZoR5xt6z7<W%1+_L82qk7E78=_c1l>2
z`s7L*I?85VsjX$DZWKhFzjd}Tk;-L+!DPvdI@op7y}yRg70{)n4$|bwunmfl*Bj;0
z(>{sgE+Jt0XKP}t=J7$@$v^MI_U&iR%8j9@Z?`%R6)V@DF3DXhF$cLo0)Y07F7x=|
z&#+Ydln|{KD;!L9jN;&C7}ivoudFo(5cz}>eF#RKC?Y=~dVM*#J*L7Kcw(UFcC8~y
zes0W^zI*;Ueh2*aGK!1th6aD~nGj1QUE<6)H346gc)ZZCjm9uKIpTl?jsJ`{H~mvy
zZKyvFx|lcB0LTF(G`MrPUztyFW9sUqNW40qMG9qZJ(a~Y=9@QYq)Fx%g71BOWxAjN
zju#(|?g6PKtZ=*aVw5L!PGQzzO_d135UrfLlfsQlREZGc87GxFOReP`&gKXV^<<8h
zmimG>x2M~4&HpCKz`30^o=|}Q*;#{=L0mrvIQdt#nEsHZ%jB!fDZ|ooz!lnNoA!Wy
zjSl4uo53`~S3yX2Gw0!1*m<3N!^)5qI5Do?#9r}dxuyVXJr2i|POQ~)=9m3OmN2wB
zep#B@vTTCFI)7h;@|wSe-z)$6CPQh7g6Wx+DE~O@!7V3&$8R=d%}-zb(OW}8Hm8<r
zYcH)(`76xrca$v`cJg|y0EL<xC=p(1Mf-J2E9p0K`DF*ZnU6X>WSf%8&~7y5bZ)x+
zuk8U@f6q?WEG^u-$gS=jkogZ}#J{hGm9f)G4tlvQp23%}Y4hkUD*l*q-pZ5idrT6$
zZEh%HpJQ61SEci!X_6zpo-~VF@i#@Jb6@d}xWN5VA1~jbjaJUmAt%n_2l9&i4EZt@
zMWX-IV~>0=(0>p9SkvGCZ>jg+pAGv;R?jHn$VC*O6;ig1kCAhsSJfmgv=E;6JD-)$
zJcyCYkAkXWYQidf$N+a%j`dM)ATKA3AtSlL5GBgZ)g~3x<sd3^S6dt3((2K0Df1oA
zdLsaL9HO}jicH`fglt6`Ft5h5z->&;!;mL2W~hny@amx&1N5g9*{TA@D>UqebkF~(
z(gEk{A+SIb52EuEcnfp}t;~5`-=y)6kE)Ye&P~Ao_aO(R7I7Nr4OgD^in;i5=Grz|
zu;UBc1!4k0QnMaZ$BlT5SfbpGvlYd8JpW2PhfQ53t~A>J?zIKyM7DA_&Fo+n%hsZ%
z15V+eTKmrljLcx}v{-^CX*uR^#;bgsWmSW}>#g}{kGm&KZNBNyme$9yw7FU(>(M_u
zw2T@sm7>_Yy5H7+{?8r)7b;!K$w`^9Xwkwtqr5v*1U*RP&o#uF$#TVh;llN@D3GUq
ztHNsVCVNp)^vwH9A4hYJ(UB8M%*i81?VsH3p9!$771%0{|4QU@k4bx`w&#!D75gT`
z`LWUIIUZ$|Z*^{?@Pqm4$5ux1nCGVv2KQ0;8{5kt|6YV1RNpp3Uqu-QIs1W0tu`k6
zqVQLqDP1b)5L4G4*IrU$ZUfuAObwOxwL4n*I5Rc=lX@#=q5<kI-Lv)2L{fg0;vrs^
z*uRAq@+ez+^JmQM%`nL=3}jNR)SIsAm)T9_Qi*N;ym%UqCxwTU1qMyNhwc3}o=~EI
zA8hM~1#d7<b6*BGjcSI*l^=u}8N2I!jw<~G?ot$>&8N@R>{a!HU_#RKY75r-C7Hw1
zb4ga%VRhXh1zAZEPsTbjvwjZi>NwsBHK%A8D7z-isb6-keselozA%D03{G^Ecg+Pm
zP=E&q2R#!;<&^A2>eaJyt-`MUZ}H*6Gza@ZHGO9nnp~-Q@iHgdPurLG^$lEG^hN;w
zXl!h(0AXfFzj1mqk6uops4L2=US~;@=SJsavQH5QQMj$6I2s~-$NjOTrhi0IfJG|F
zdXFn|I-V6NkrjFFM&s_sakBA|yy{jK+a^QPM|!q81Og05mpIC~_J3N~p@%{Y>0iND
zfB&n-yC9@6&d+4hZinjYAIQ)vP4E<Gzk_&vO_X12<*GAmse}AVYB-8T$xt>zd-Y+*
z(9;NLHf;2wDu?vPy{Y>)OagBw{_ue>M|bSE7eSQ+p=$USe9-^T%IxW;7jBjc)!62J
zUHE7hEY2y7MhOPk{(G5$jylrO{KUng>_bxJdWHS<E2}qD;QxHlf8G9w&}m`(ih}*i
z%k%F*w<nZ%SeA3y7n!+*#ZogSPdWjn+I|=3{nxDgD|1e7iS0qQW_V%|Tk8QNGmHpy
zhd}-~u~7;IBz9Q7|M};+@2?9n=>3H}<h6qBQdi7nS->PF3&*J4i-s03=mb`AoL5?H
zLDZTL3`(>>Z>4uyLz<G21Oc-Z+o7eU?Eot8aFQ30bho1RdPf>My3Vx@pGWe)>kTDB
z(2e&3J2q{t+Bdy0GcRJbUV+@~`k*POG@-^&g?0!>p!D9K`+xFNm^-e>y6H%2#1r6q
z-9`*46YvuVLSwbH@W#5R91mpt)hcB)*!l6Qr_NAGhq5bb()E0MJ=whMR9oX6_>>=>
z8^hvx=dg^{1Ylw0Hrjv@R5!pVnkh@5dC!A1ShMPJF6)>AK!bX6c%dgi_r*6jIJl<y
zKXHTHucAszl7^48Q6E8VrH1zN7PTKjpbxDh<FPW|r(tsPplALc93{fqhKT8IZg0%=
zNys7Al!~|CXtZ@h<bC?41V|6~K)%}I{!tle(J>D#ue$y94gzg*V<#=x5wbC(K}br}
zeDD#2CS9N>3#V-&M9-tiJ8|fY&7RF$pD<4BCGjRSPPO&#fqeh`*9vw`<<n|uY8WBY
zpQTe36Ia}KhMyF6-a(@0^1LxtxxRC?*^kK|2(lrc`nzq4ghXc4qOOb3&fs7hj8IP}
zHq-oa4N**N&;9sqTGqtM>e&~UF*O1+f|t!w@cvY^ZFFYqZdEq~5LuZLWJAfJ-*^qd
zj3h*$<jYq`w3F`WH&$GJx5s<j5|f@i2=5RQL{dT;`=o^uBwrFvBB*oyA5(N=D;3?_
zF^+*2V&)GfFkNZ$h_k7LG&N~}Kt1Dla^JrQy~BL_(&zsAYlhBnVCKup1$_o}jo(n|
z;z|$0oCD6xCZ6zZCowRsjJFq*vSEFu`LsJU$xQbSD0nUO_ui7$5hrN7VuQI(u>cbd
zEkhNhgzPGQvBQe}%5Fau^U`6iBHpwEEAuFkJQGk=$vDCU&kti|0$+2|g@`Ym%`o`C
zcVL{|#ML#lI+9xcwr%ocTMkZ{LILJfO^jBi39V8@PY>BKfbP|r1W)TJKNEtcHghT!
zz>r4NLN&^GX8JB_``L}^+iy26ULWa-2qFjYxMlMc8y>d>H_kG&{KgG>Zp$WK@IOdk
zhkY(G#e3ri@yQ0!(9rTN`gF$GV8yL3OPIRrPld(uu;B{B0xjeZ{)LMB>s=_*$loqZ
zj@~9uj)Y8(lFLX^)c?~j&oqM_7l<uwT#n(>drbP({-3>>S#oNHU%#i^l;h&{j+Sa~
z*1E9O8oo1{iKH5V_hs{v<+W;X?ul$Fjwd?D^tvhm4JN*`wa13T{C!VV>)dJCds!+>
zc;O$2$01&cR;A1`xAt|VIEnK0ATv+%G)S+<Hm3^ZdgMU8X;nv~qea37pQX#X7~bn&
zNiLkVn}4)o)Ajxig~pctibs%IKZ5s&OM9&^ESHDtJr@_56qjtG>6;CulQ-h3+zUKr
zQ#AkeCOOpOPDaH9l8<~2X0<EfzHkz&hOX6p!Y$E3mi=Gm3bj^wo6%oOM!96TH@Q&o
zK*}PT6ZKRSDam88by!Zz_PQv9OKdNNPOoR1t$VGXU2={mexKi89zXd`%02QBdsz54
zDV1z*Z^Py`+E)hn6LCa;xT+T(**jbXOOHVP5_Af4s>|E>Ff%;Q&_`NN*xozuUUacK
zW;`y)(kF64cjcIx{{gT{$yO|Bhrdc^nhkGTa5F3676WFje~$;RC!UH%CXaKdi*btf
zC{`nrCJp3jOnAAqp)sG2K}#6EJuaRt@KID-lvS}+{JYTOhgeD^)*qW9SXU%J)%g6q
zUIpmYx1x0l>2kf9jNoaDW1-yWk^2M8C4R`M3nk>hkCMQeyaKdyxM)E;E!W}TTkSdr
zM0^5*$(%GmoWZNOrp+n(n!%Kdu&3>w#20PFTQ%b2Gcb*5%2Qn26yZGm@~)U`H<Gzv
zjEeAd*|`0c!|MOVf;qh7ON2;xf3|+zASGq~Sk~g91Un~JnG@(W6~X}RcgAhi7q>BJ
z9f`E=26I`fU2DQ4-GR%f&@&go78Y~VU_g^O%qYiX*p4Cfnsv|2>|w4HF`(Mvt}I1^
zz?aOfTf&--NOaBpc&KN;yv>)@Kr>x-S$(9JF<Zo*JR`~G$Hig25j@buw7*GZw4R4Y
zYH+KytU==HdbVaI`LZd#ycOQ}pDhOdY7=4S9DZE2r&}BqhU8ybAsTsI5#uZI8px{<
zp)NRn+MdD5ZXgR!&Bs^fq^kU}{!)e@CW4<TVjNyi;4^7p-FoWw0Pk6x$c|ESzO{g0
z1`@J9!U18hNPc*%wJ8_4daF81uyHT>GugQ8?E9wYRTA&wMIW@ZbSE_M{vi$HcGt9T
z(vB;xcK*xj5l!nqKxMOTF;+)^(ygB1bE)%Ub(U$XW^n#?pjGu($z}Y*jsHbWCUvtA
zIcDU|<8Dku3K-(%)>a7WB41q7a5r4o+AC1mghgzVg2it4ONm9GRPUQUtMIJs{1=pl
zaed{Q;pA7V@4Euft_>{lkOaVajy72A=iJIjGZ6wV?Q!l#E#wgb`P0?8LRpgNG729F
zwcq>i(=c}0U{cG@z`L;qw0^*+tTV>N`mCh?jqre9cODFgW^}F=Ed?24_Bd-<`rk)n
z&ekS^J|DMqT9%zGDiHs^7g2C1zY6$<mZL2ZI*<O}Co<c3mNaJ)zjD!sDzo|bxL`P5
z+JbPseREJ3Fb#S_uM9qF;$uQIaR9y8^s8=oe11Q!wmKD<Gq9NY@AK|NNH$*3zOxZB
zB~KG-!{w`HU{TH6zbNysg6zg+M7*A*ErQ#7U@q-b*N5Q|VLoDEZSD61@t*$60XyqI
zO`CJ%R@=N745STUH5^fvY9!jH56w9ZBUlj4R|M#wzl$)*pc2s9lNdd`6jy|P&H7M9
zmU6v2`WX`vp4`Oa@c`Fi&}n*Edl?o;ogA4$)RFa8rVAX?v;SM7XQr#$)LbUjNl+&B
zKR(w&kOnO3ZAWEIzXZ~C^Q-<`&RjbTEv)opwOs&~xr~Mh`Hy8TMkur2j~-r=rO}Ja
zalTc`{-42$K?239B1>_s3=~#B;}UQ$cT_}8&dl|hUi*+kD9u%F#sBlsp3iyQ^AkZs
zi3=%IQ?lvY9Cgf8U`=3|_d>S#;3@qCZKqT1CTjbgk!ee3L9`rmcJC(-6hbcfVU{{7
zUX2tZ%bU86J=ewRdB=2|!l#k=^ciXNYHpR)55h4Q*W}}bKSZn0QO~tGqr=+WFgZQq
zP;gyg?qH>1($&sio}(WIzN)BTWwB&DBlQ=$9fc;u-X!&Sq$ploclEd3ahz)N4(l_O
z?DX2m4yg`^=deHs9w$xB5`UT!6KSf7kJ{4X`OWr}&`+#1T7=g+w<Q@_e2kVf{RgFM
zj^?=iSs>j7hPVU(lhqpS@{a$4@ibqUDR7uI3}fd12)Rx?&n6WSmc6r^v7uwqj}0Ey
zR7^y8AD@yG@b%)HL5A~<flJVAYP3T%Vs3IY+yNAt-{EOYmJeku*>0=_PoiP+8L4@%
zN=sj{Pgv}4H#YNFo6ng38yD3HKHrXdpL8NKe~Oa$gcGuU?ETCu@OYuLI{UBpYoeNR
z)r<{%2B*j?$sm~7ONrzQ>hF2iyi>l#jrV@o6!7FON=`|kCu5<|SDe7?z_qsc0dlm)
zxsId(M4Y5wo2qq6SRe`K9}-+A2_TrqyBPJOGBP0Yj7xe`(*<F+`&waDfvD{!#ZC!8
zwmGg(_?`hG`_%*s@!7340EgCpygIOV<EB^e=@&4}d%ul5Nd|V>OVV3h-nQ5LZ;~fA
zYY-Bm1dB)A{+wj-a@B96^;*o=P{OyMVSh$7=t43`u&W2d7Ql9rV+<>f&!$R|p<92c
zBfK6MjbBTD2Z%{e^s@-+-UZO=R8yqY1UkAlSF8xWPtjwDq5g(Yzd`7;O%9BI{r6(d
z>Db&I0Yj#NkodwW%o~7ogglP@YnkJ<yEZ};0)kDHYv(Dx`eRw#hQ!ENm4(WHhhR}D
z*YI=A@ccb*-S!Kp&>Jk&n9g}d@GFcpGoPKE0}=70zPw-g({&wID>zUwaUug&uRbwT
z0WW#1f<qeKM&g~#D~jPHDDZ=*e@&=xJ_R&<uJ2|=F&I=*(fM_--DK6y^_%hRJD!+a
zCyoeP-5ZtB#q>k%9ZkbcP#_qB{cE?IRx}MCnvEHD@xdEB`(E-UZ%|c#d$3$z)|NH7
z``HI=8$flm;*t!x>UNuBR^=#oqH@Hgvn?$slbdA=B$Ezbk6|a7kbUv&C|XZzC;s4g
z;WXJ$vC`JX%Zr)+zdH=1)wmFFdr<CqO-f?BLW?JQQWiy3cU2c+=(|$rsX@_67$U2O
z`;O6pAjoeoo03Mm8Q>+=nwXe;;Ttj5h{4Z*aWZ6oj>Z<Ez#kV;D$Er~7%;ZNc*>R{
z<<`7YomDnZ1oT_clVy{|LIUHzz%t3|g?Fj9-;SRu1)Cp_{ogy?H78Qn#Pv;KPdW7q
zBE+X)%6>&mDhk6K!!}XgRzp)a%%<F969*^TW=uYmh~wpBb&SN6YF0d~rcwvMNp?_D
z{V^7C94AN588=ZDH-#r)2NeX$26I_T1--+*E@+qz<TCtd_boNwVU<5+fVKl{#KyM_
zKbA#w8XZBZ%F+cY9cVE@B5Mr)Ut%e%M-Vvq6O=cQa}-nBerotBB+9R+={4Q#bY@!%
zQvU!_EOtU>O%+c60vif3H>$9B=-0MDm0&R>>F`iC0R$E(Ipo$(^ed7?@DPW&%0@V^
z)vRfULU@5xgA19z^GbS{II$O=G!FC3OPeAavX0pm5INcJn873V5^6VE@a>ASZemeT
z{THEBqG1*9?P9P0omdZ5H56KiBnnvx#I$JpkQZs*n&*x;ob}Ew2Z3gY<mW+bU~3Ul
zY?)@j1RXkrgA6Pl_RV&IJ_Cl;*WW*`AfMmCM?=ibQ&e6aWsomuGWG@3gWp|_s6e!C
zp@NPd(i@qO;Iq<-3=)7AhI>fy1uK9Nw$ICDVvev{fg-1RSQ1-0wSSV}MiPi4^l%VB
zDu+T_;8Vlvu39!72u}*g4x9jGCcMJZ3NG$<0t;a-0`ig7GO@X%#>XR+QAU@ta7IV3
zB)Ij+YU}q_XXB=U<AFE>`}<D>A%o`&3U~i#T5e7SP1SslA>xO<qj*NB%Zd$b7O4gr
znDP_^g)IyWWoqHDD(nKCdJNAqd)u{N0eTm6LGN|~xrPVg6O}_&?6ZA~A10Ey9#z6G
z=M@lhIytvmH^QFoHn2(j@%i2GkdWL+am=USfA(jv%^O$^#C8j4y8!T2D#lPOp6dBI
zezLNX)Pra$5}|FL1P6-2{h#6prCV}4MqZaLNn^g(Q3l#FVKXBfg9KV(VPPu<uRdA?
z(WjcS=w5?&zY8$nM$ChU0n)}Z9=G>hW$Om(^(7(O!0OTMn-iV=twZ}R&<#?#2w9fp
z$7>&(4j$7t^?j}c{*@bF^;k?Navcan&CAKX&WAZSQtd}hBR&(=B^@r$Eyka;gbUp5
zUbr%8)X*>{{@$r?G&D>FylK-n?WPN7P}9V5u-=H^v&RwuDsLO~*K_MQ4l~REa(r(9
z5E{;dRBbdo;hDZs_o3)vv7O(dIB4?Inf<t2p=+s!)iP^+78N=q`?Rx95rBC7(UCAB
z3iS6ED4<mjqD0;{==hzdrmG%Oa=-`wB^EW|7t*2%{V=OOIqjXq;Fs&0RcI0iPPq1<
z6=kfp6mxZ@1W>gZTssHVd8FJ(?az<Lc`@-KqN4Agyq+JqZgVlA;7$^+=eJlmSHd}g
zbI0Dt4oi-+X<U*^`+Iw~TXCweKJtj}SvfxR2!XqTcql-j6_zQRO$;n*&|0-cS37M8
zWU$T2JX3kO6YFtIG*CQSGM%DoK@g4QQk7x>3q@X`IS2fch^OZ(pkC(qStRBLQ($9+
zFFChVDo~S8a>G4|*FdqS!8lA&AfD2bU3Q?uW4Gr_>C;(5rn9w{)BIKgcp(?&xL<=}
zvG2mffZ4UjerCtCFC{hAUQ;3yQCk9&qoXT!kOmQPD~zy=Kfr8dh0SSG^Vk*C&=Btm
zgKXl?4T&6|w1z+bkh~ok9&*bzjD~w3HSU-#esthH7dPIYX-1skdDzBZbh%wETaB-g
z`Rx?~utOSm(lP{ydA(kuKEt9)JI6jlO3rbaI`8eb*QRGzO}38q?365|XYOaJWY`{?
zCyw`y(fEEoH=j~1*$pxt-Wex9%sMQd?}t`8E!aP|;N-Tp8!UF#wQ*hg)4rl2(RT~z
zdhRVF)%}PWAvUHK8Riw^Ec(>I{{gcSznDRcMkS<YkFEt^O|_iQ5YR9(jx)y+joQqS
zK$UIjOoJ-VXS&1V917+XhDS%mg$;6ikw}@Db;SV^59CJRdI?4Ad1v47p5dtJ92~Uj
z+YUeqCWKHnl8n>QQ%FzU*9)mLCJO)1t1t<BmGkjEUZB7a%7lCzei#qA;K=b`VzoIg
zm}=kvVa@xNGTI)lGjTn9%nnh#_|4+{P5ja5t6$alH$&Xzs=*VyM=i+Q^YeE@ZgmYx
zsa3-_7uAh(&h3vji-+~()SRl;7K}PouQ_Tj3reqX^<qG@Gc;u1EP@w%7)i60>-1UY
zjkO+g;H&cFVU>x@B`NZnsu95GaGA8v@0Icoev1>kDvKJW)o}Q388+7~9yJ5;M^A-b
z*Qwy@y#Nvtl6+g+%U+KydKcSm@4Pg+FV9|nH@h2hCq5+UL3+Xgd)(}DOc>&}O{-6D
zGp$#@qUWo-90Ym87t=PPomvAg@ccmM6Hc+Pq@5w2?c1A~qg$)rx0h8y=FB>rwQp{p
z{#pyhh5J?G&S_5dsO1(8=-5at<|u<XJA6G&SNTqVL?DG%ciAd_MDQ@u2TjG<3O?e}
z>v1dHa5$r>;kSw(FFAI+*4372`2C~L5y;t#C~i6plTi(AB>nli{WQ!veW8cnqyv<w
zJ2u)l`TG)VptdusGhZKIh;d=?=n%Jxy?ixiz`Sgn#Ma(CbR4&(=O#0|B`jF~ejEK^
z*e1gZAR&a-uXreRRShwfvF9hL`;TaRcv@a1uA7F^^70O6lcYFyNB8hvl5!w9z<1z8
z_baZh6X=DV0~6322TMHjvwKoDo?tJZUecP;=giTk)$RgYrOFmBj1|of;tC&e83shF
z+B7C5wl0LYqJ2^;8aO$FxWdfe*62PzO^j<sET!`Gr;o-^ReE{Gfu9X}o$8mJp=jPW
zudo7tYO5;yE-}Enfj1(-xXm}G&E<7C|CRJjxx>Xwf~o;D*bt9}h6F$()y1Z#b)u`a
z*a$pbCAdctA^L2fPF%9HFX~yi3%}?mki|-CxyIgpm#K9f7RE~Gb%XA*8|7W(J>H~9
zSh3nh#&`Tjb|P{%aI83P|CtosD}b0s8^OTv8@2%EFCLq*PbE67Z#b7+Fs&Na#gu2K
z3f@iajM37#dWTu!EwcBQd&cB*m`q$%9Bv4R({_<1CJ_(HIEV%179P7@J>oLz{9b*y
zs&BYUHdm$qBHkFA74GWCyK4Zz3MjV|!5`PU&?-HkQa>c`MYG%=FTHyPfb#W5qqjjh
z|Mef%Ucww#`P>!H*=09kU7kG}zMD0lo6Q(Gg}OEjNXC<3w2ogqJ3YoU&_dm6PiKx0
zR%A*i8SLALKOe67(^y=KD<-pVNIs*(R}0=A_X}P9m835BuZxn-dt5NxNz(+#;RIi;
zTn_4kmyTmHd;p|tEt<d+iXhMVTlfhe%1(OJuuptR&iv?1g(?UOaXCveww;;ZDY$Pq
z-I#Q>Fdd|r%(xXi8xwXzWzbw06>Ps6aGOHcmB_$6G}q;?`<7gDd%msraD!;Ml*S4e
z>|Ln?J}lV%s0q+a-yyJ)y01i4C%n`4f<pmNw85ko1269T_xY{-3^AFys(0GUPW!_e
z-b*`xY`k&qqgs8(u`m2l=t+#7KmWedTX)9BSJO+pV|6Iac`4s^O81G?JKp{I73$Q5
z*GX43h!IyD*Bu+LH?NX*20OBSR}&XLanmPxo|1rRoWUf`gGtyiG_%w7HINcB@P}w+
zn*%=`{XY80k&lmD!|Ta%PaGxi4dR>7k6{l_2=5H3#}W&KL`9Q=2e&J_6KY(@WD=GQ
z1?=Og_3NvuUUCCz@i>O==>`^0IL^NmL4fhUJ6(+1cHK&{Hm#})O?N-^<2`B+<^?8U
zKJFe=pSCzWrF%cE0(lkjpCD>)Z35qlP1V)0PigabZr4X)090CV4#-7Mq0C<B-T<%`
zpdYi;q4O|)OU4fOup7K4vTu59xkVP?^*hDBC9lkHc<uLimzCXwYQHnwJ2^Te|EnLp
z0~36c94-O`8fuWE<LXr}E<pFfguuoZbb#ggc#rl)S#=9lTFu%?EZBKzZcje5)|^ai
zf~prwt}P>2PR!V6t1C*mj-P=Y;j`stUsUq(>XQ=*@cQW}tISp*#Ib0J^8KE#UKP_@
z73dor?&(z=iK7=ym1?9NDt|uD$Xj}3`OzmYBlr+<Qx!NlP-J$%;N8bPAY*$sb1)AO
zCBOiu`Q;m_IsYcJ*mB)+!(5=hL=Gt_js;~7E7r+#k%?t(rM>N{vF<ou{lYaf*i+K#
zVwN_PL!YE~@G~@n<pqFWK9Ase>-QGENUv&n%<lwUtX@^*>_p|8q&&E3KG8-DMh$)&
zJd~h&SAM*}$|sl(;WdtS)!{wnGtAk!^I;!7yZ&iE!cP*x_YmnlwGiRBdn57WUy;gW
z9d8JLK-;WmbLk(;j+!>EYJP6U_o5!X-S;$LX}ce}0W=-uh)&}SB9w$=@B$2vM=Yw_
z<LP>!K>1q>i#Kk?ftSguJIeqaGErGX!zljk8&Or2yTO;0Pq7>n3gdIg921hk#vG)v
zF<)%^fyqrB?lc<psKaC?^QI^PiAa-ZuCUk~6gxiGvma^C!&cvK@9Y?~8a|-$U$9)w
z1H3By-jTJlE&3Cn_ocV;8=<P5@YP$?P5=X3GMd2w>UN;W%g>h*m+#D?!QUguGa#6q
z_A)m&2SAeUYfY=#5VY1~6B{EJ=ekj8cT*?ojm@B|C0_GI0-cQ(|Jzh5D6uFVR6R^9
zVWTHZ^%+n;-Up#K85{5HvL|C1y9LO@e(Y@S_R(AO1o_la1GM&U7Zcy0e(ylUG)wah
zw&8(dXXI|qRE`PUaKYt-3tBhYMA~=Uo{8B>Tgi2!0&1TQXF`oLrm@V;%ubiiM>n3W
z8eUw6*-lMyticAE#2p>ObgiseIl<K1?<{;$IU!^_+gt814r0|P*%vKV+CkguDhfe&
zE*QX&x0%9rk2D;Jn0wy&h#!Jn`@Z_M=XLlH+Ux+MrNE)9p+>S3A7`StDyVDj6p!7=
zqIks3*p^&aXg}P>VF)oGEXuVFOvCL$h?SC-$4(ZKW82Y^Hn&#<Jf3mQr)#g7!^YAs
zM;<;ST&J-g9edeZLfYQ?ufKoOx!Ri_xL(%x`A}Oi(ajTa-tOX;^A<OeoZA;tIB0sd
zSD~)#B{ozVz09h6VJlCq!h(O#VEP@0pMuiz&!#uv)ewDc1#Yu_eY-bg;Jlc;v@gS5
zng_n4*C>Rb50em*e5HkOzCDSDwfoiH=~=BXpdjR)_}MbqX^E+ElP&c!r`q<wwin(h
zMlK%Kc}=ktnbl=8(NDb*%KjwI6EK;(p%Fm{pPQNOb*RJ;h#63rwD#B_-~v?8Pn-9>
z0su1CqQ;x9U9g2!LL<FH?R@%)7=W6LGtc;KwOgS#XS^WL@ceXtdNx>|S=R;@N47sd
zyD*v_^}4giwzlxmalQPOhBLUI-Wg{q;q%)jP>DrT><707-1i5)8lq0lOr_}uxuIL}
zmH7UkwQ24Cm?x~@p-Fz;(K?GiKVLMQk2Kp1me!l8Aq~0O@8})ORnn2smRYym;#iI<
ziy&KQ()KteTN~ueNQ0e3_Jb^QC?X2)4?+S+Twfb*ZP73s<cJ#b1?%Q7#$Kq9Iq&Q)
zSZY6|{(`UH*P5prn{%!f#(5hvu$NV<JRPb_M>6U8SH9{T`3xZ<euQ>;;zp3@It8`Q
z;`FQssu+tAHsdqcS1hFwdFBK*ULQ3-<XqW)rK~>s-P-}OYCpsw61D$LtyU(@+%~rA
zGeZ1h?np%SR{InfZ2RRklqrIiLA%xZz<qcVBG@j~j^@S86c*NToOH_qb~auNRC>%A
z8VU1y<6B4#o|oRJmf@avrRk#=u{UT8oW$EJf(3G1i-DMZD*`7q&`Yo&p7*F<b*!vK
zvR!%X_8h5_P?WCo_fNI+Yil_s5T)Vl+15jDujB;JYnYt6;~as@<B+?aPhbs9r{VVn
zE;gay!+H{r#vkxXoa)nSw1>wR50~ZMUBRLmdVP^XJXL2)_AB-}>QNusJcbfZM!lbu
zHh_fAyB9z>4`KqzF#*h%@K{ALl~Jok0%0kD#51(q`_R1U``Dk(6<|sw>C;Z=@%lgT
ze^6)`x_^2-+Ai7Ze*48!;Y}(fB|VRoC09;pDXvnYMQbVay48+cg6f8@=ns1x_`yUX
zfcI*sS&u4zy+My)w^o68;^-C@OTRmj_O-d<lj^y4qZvn4C%T9z2#r8M3xQLduTgCR
zNT33GGj4G2`nfknI=RkE*d6a|MGYzM`s1s`i$s4^=@EX`_YI!HE)Jo1{?HRnP=0tQ
zO}50$cT5-xGbxPS0O$hK4~;I$W$$!Gew<3}Wcb9d5^(1gYOYzdc&_qKPOLAr9j~Y(
z_b7Q>qjqusw$koEG3ecln0?N0O83c;PPJ<y<%-5lHESXrU(a;eFv0I~R>86|ReOVk
zscIGe<Me^OpMf6oLW!lxB`JHb!=~FWr}2V)@{<)-*r?*0eReMG*i-Ja?FX%;GO+56
z_W1HL$mS%GtfBRI8qoj@HRN8nPuKQBnIr~RyqPp01Q5pO$EdzWLy6-aeWU@I03v$b
zLFw|db7jo;*^u32X;bR?sON*oO1XRk^r}e;Kz-%`>Hb>S(2+yO^U#n%w-Kf5Evm5P
z3dQF34tcpMagq7H{5REz7Lix@(!mwaUhdx^{RR};?Ohb6AWrvVxB(<s>5)u*Wgl1h
z!@XXEo3&OqJ>(E*KJJ<u-SC-t=?FBCQA27CgQllv$$5E;M&siX5=;|UJdqrVtgWnw
zqx-R{wl0)SLL9l8CVb#XO1y$-8O{nBM_x}y6HBSOj2l)Fy6)<(2vsTj6@yI8nN>5I
zCqj$ZI^GlMC)*eqraNZKZq<^ni^FNy5|iHvHR^P!r+eg*s6NgxE|NEn+_r51Vnr{*
z?vulFCC{tQpH98a`2xPTj)|VfF}@`}x2uYxf8X2b7ZMf7seirfB<yM!_D<~B6<jCi
zvDwl5YbVYx|45PeuF^C6`}S8bAFg(i+LG&0hrVsGVbuA=Rn%eZ!Q`CLS(1lmZz0~k
z%zilh^`2agbq{ChC3#KIy{i}KsM~{QC?|w$+6s>!gNcpZ84%_(UewYinS4wi2zP2*
zL@wSL5hnGxQWun2ZJE>h?I>Vpu_I<#57KNk9&U#|_>}Z`uY@0OTyiK*ypW<GkpK3L
zOrIs_5keGb|Gc9gn$be?^?jaN>xpp7<*ISznoqraod@xo>tX0D_=Zg^0>7;I%<k^v
zWMsOkw9Z*pnk4)rFZt#n?je(sy{$cRG`Xr;A__kWm1gh{m{?q_)`$MoM2jV8v>Oo7
zDKIhY4f`EyTG2Ha&Vc(}Pat&XItC?Yv9eHbx$I172QwbM@hV#j7y_KlN&5bGa2p_4
z^5|;1mux}`7MBfvXTbX*icy!He3nU(>;h&Ie{z=f<N*zBlD_}SItZF;%T=`CrI{01
zVzWft|EQ}eyrFLm2ulYI8pBN0^~t<zAAjXi`o$8}`O{v8oV=zGWQ@3B2a6z;E7?s)
z92;U+7KPwbqDLD9&nzuj@Z;XGx7Ej8MdsgDX=zCWQNz*#(sff0^<!{VM*<FMO4SFp
z;v``~jb{)>7cZj3ZR-5qj)o^^*wEJc9(dRp*&ow*{>{XA#V@|5U;je!dS?E}t{)*<
zoC+q;eR=h)5$TC;?>4*QY#smp*kj*BNG04MSA>SD>H{`9o?JJJ-jKY<R><3p3#B%o
z(f&lDb>cH=a|E#9GfkVbRIPCAvL|S>zWnHgO6w?rA)|0FGOBsB%?qx(laEZ{5;kst
zq%jwzysjWASuFV*tUN-$wOz!FNm%@oM_I^M6=-dD4$0tA{ykiMe3Ye$wgsG8EAIXz
zR4>zR`Ae%bu+K1oF_=m!i!3`Y2?oMZih@=uV25Wr;MH+M(Z3>Q5PehVa`sV3<&bpG
z;cTGk+a=jLPibk}*puT7=E#?=EXs~Bz5iMm7MU$c*drZ+DOiFeuAAtuoT|9%1_KTF
zQat9y_F_WhIk6#je_GVR!A3|jl3$?aWdL}lPA21JBHU~N#vq##?|1pfuGwBzLI6e1
zcJ$m5<JVD;(x{;JmCX65pSsl$sH6umxtMoe4nn)WCA@KCrQ?x|n=V@tk^{HjzhW<;
zj3_hsx42zNxgJOhxsE<+`w%VsRAP<H*I2M1i=AsNpyfe<F%ple`?}D#KG>Q}C&Z@c
z#jQHxMbPIgT`TsxJ};dj;@c>SGy5(waF>p;*ig_^{3fkHEAF-u!g&(C(|Z~fM^>zP
z)l)h#+tjpS)e#X8vF9yH3bi~fn6f-o3;x;;<ahnpYHW1bNZ+;lYxgorPdoa9uJc4F
z9wdK&W6)Nz?~*WF%Dqz^bD|E^e@TMdo~u>vp^aRRuLF~`|71lbLau;FfKeaoA7;<P
zD5tTI9lO~9Uz924W;lE|8S6o_ikA`p4sWBd(O|e2Fc8Hn$rPHc!DzcGStR>60h?V9
zmmC}u+Z9U;1}%~UgJ;qjD=zu$QW`<zUSUC0?|ZpWx=N9IJvK1rd6`XTyTcs28-}a4
zSO@#hFZN{ilwr;G-#y~VP12iFGo}pPdw8yf@;aJ62pTJ@sB!`T3bnA~PG0-<Mr@%{
z+m;sX1x8!XNswnd(~tk|`#D6*x3G05xtV_PORAJOP1u2SZx*yWs0VH3TfSe4W08dl
zsE8=f=m(tSvcaJ(*E{=b^zZ2M^mUqodai(sy43JKc~&b=p`oLsTxomfrEe`wL)^in
z+j$#Fs#N~#f-2~PhX|J{w^-EN`OLhfyj70Q3%n57%A;`Su$tPVmwse^vJC05rSEv-
zbzU2)P-xbX-Q>1r+DM*=#aN{Mlb2}U8IaAwu-+&u^$Do~FQXpoml&&*!hpkVx*WC2
zw~9O1IObRIch}zZ6QtxFIl*`zvg8nqQ_pNHEiKX6tx?udobf&`vOW)mc$|!f$J?#I
z5O-m|D4cXt?|H?aXAj>JrMR#wU?Uf;=idc%@V1Yqlbna_>IHC}(?^yUtw&p$;yeq{
zO1%X==wqsC2-(v!h`ZQz7DmsFZ<lRZN{n?99X?L13eU3r#Q}UC!qNRei>duVQogWH
zr`!P_=!YzLq!&AwhiEbdf*P20iC$?J&JYNpz}eS5pfNaYaksps3&iLqQ<a48w}xq-
zFujvg(vK~D?geB9<jNg`Ki;4o`6uL$db_bR_$@SPhycyLD}GW~bj15HP|0=2bLsbJ
z2V|VyEWNFqZ|bh;UUWK7I{2xkos7l_E*)EQt5RPCOC4k$9SFj9J#R9;7N^auYvV_2
z5iG4D3@<KD6ZucCJq6&_Q@%*g@xMe$`$Yo&%*fjGrt-(Nhg{CT2rUbGpgm_9J)%qh
zl0UZTPAoQ7C6g3q*0ct&AYZZ=`hHaWF<eiiGf!2t;K|nf(2k-BjR$vA3~ZnZTVi?Q
z8?2_599>bvzA_WCL4i{5U{@NMl3)Ikt@Sec%miKNDIL~Xn>)p-BfkwJ60x_Rg2~#V
z(<7qK&G&7+GczDWG)4X>FMNN>N8w!lN#9H35QBjdF;M9_=7~vJdQU*-OiKDA&zH{p
z4TLK`3MU>bX)*_M#&rIvez{TPL&T|?kRx~F=<ve;v<8Qt3Hk}2ijm`>f1Bi=7G(iM
zVHq7AbkmmnvegY(j!;9<)daREo&5b3e5=_F=J4mw3zxG;48qoD7c8S!e%!R(FvQ9R
z>TkJ8h?1H)a>#vINMyRW@-Ul(jI8aST+@MP9lifFNP91z#lXfE&AxhR{32RD?|iF`
zu(NLM=$laf`!vIJ6zRS^+*FD*Zu1^YnF+L!!Le@hg8{K|l6hTRf|RWr>#pwWh^<>c
z3FPXGd?64L@p^*Jh&{`fZy7RrF6&L1y&?Ql(o#8#nJkXBY)BgjCy}3YXuPS(P3|4&
z#&D=pXYa&9{yjOo()l}pEgo1wzJ9GZM@lxBJIU=dWTVY7$%2x@-#|0p;zwUG=^ND+
zLJbyV3R&A-ew%GwgLu0ALBFtq$t3^y7K_U;;id0$=L2=`!fVOuc#PAer-U<2ic^R3
zD1APBXz5XizTIfLJDEwB2?%<4lO5z<Mrd{xg$fJEDr6U&NKdav-Virvma-?0(%@Nb
ze-A4gL4n=d?@!09HJi5mwzrZtClTBS@y$$5RE<OB)L^c9yb|ij(-@!GwTwz;Ohej>
zeE<MhrxSX#me}CG=N1}1w+9135kwVrsDt@Ym>s{DIdEOiIcEQhavT>R@o4$bEcbDT
z#1(b{rIh8`w?QwNC<6smhOL_!V<lLa@kLR-4}Ta95koIF7t!|QsIqU&)Ogvy{klr{
zmdvP?MVZ4RfmK}R+|K@kd4c%)PrYcJ@NLPZ>TJ`8f^Ktu&x_2sko*jP9WZO-cUWn2
za()7ffxLsQp^c|@+`)cxifj7bN^XQO7bk9baj?CHgHlX=5m%Qj!FJI$tnAoi`>TS7
zV9gZ423yN4c#xYdJT}6LaN6-@{F4Ui@mK&X(bR3DLgRWRzzdgwI^v_M)8$;6cu_w+
zu6WcfK684AstPj+k)9F0zD$PI$_B~GDrQ3XOiHnM-n0;YQ`N!Yy%oVtk@jC_#6z`T
zGYM{X1BSFn*aS%kJ#FsKJjXmYuA3#VXgid}4}Npt50<85aX9&lea`U=mL6dJAuss+
zuE5%)+nAE}K(GxBHoP)~!W2ZoOIMOi>qet5vN?7pS~6W)-cyx#uAo?ju^*g}(_lht
zCT%YNO(AsP3`4n$SxDOvLI08?kSwUE%5hhfOSxN4c_LCKDK?+r`Ycl-t|l$f-0-lG
z)q;T2I9<a2)P*?KjjoMip9(z+5q&tl+1V!|J51@PQok?ZxuXV_yCh<Yyh8tVjoY#7
z)zZz1a$8E=p<8?|K@<yOnG12k4F=~|bh@V%?%>@x7g&iYt6XxMhIHtbW&GWi3Q`&Q
zkk)%`2<1MnB7c;mP`@4gwy;?_+t;!DIa~Ap@%C0xajahy=S>2^A-F>V!9BPKhu{vu
zA-HSfB)B%g9fE6cOXJdbAh^@GL*p(}x%WRaYu1{19Ul6T>Z<;#zEk_`^V@1eoeaNK
zu}c&<2Q}v#TAks)Oa|xV>E0i&)2(TCe&VlZy;<8&-m;u;&aw9QTD)8g?VH~I*D0`@
z`cu>;9slw;T;4JePO>$OF+g{oZ11+oMO-db(WoFmGr^%gNBrek`sq(y6Ft)1n5$$h
zKdFTD(P0=jdOjTx0~@s%ohc$L8d2B5M^gH|o}n~2{o(;CITN9SP5wjtE#8p0p$96B
zZOU5yt^CQ9*(LH84fc?tX{^C(v!UP@R-c?TFvB-D^BP4$BOXa>+H)~|j{UyBkEiSV
zBDE_=Dt)>^eh}8A*?Ki;&l4VMl2IrV*=Pxw-h8ZgmmzE80ee~d3na>&OTLql+++Qn
z7qF7;e4&2%BfL|Ck>Mp571bCe3jQQWsJtF9*!X((s>+QKfvpDvxbM{QY+A~Rz1M`l
zlt15gDfeAVvdGBrlk9KxHye7p6^CyLmS)6{$n5JXEJIrhS|8fR4YZZmu!@Q(KRcyE
zzWf2}`E)gYAT$5h;+=2ScsF2;3nv&(2JLtuEnOmi8e-(|R0&vyBco2<p6{6K)h6la
z)niIQ3xUq0jJZ1oW4Vp0x_a0G<TXGTq9XY%Zm)=Ohe2`F&jVan6*Wlv?}5F*TD&Xb
zS#3i7jc_~}iqe6(TV?L3h*k6mC&b6`ueFipsU3Of9rxxeA_nZ}Xvv3xs<>Cs7f2Wq
z??K4o^Ag`-j_hT)kL>gsp#b&};PYgLmj(Bx@W?N)qPF2BWo_od5el6>RULP4x0j|{
zt8Kd2e|Fm((DT>Zr6Gk7!NSTWO{7%znJnJ7wxemfc?xYS_Qy!xvRWm}i>yWo@n7pu
zv0BTfGyakKQYHnZVtly~j|`*EB99p0KNFsyGN!?x#U;3wO@td<23vnf6Bm!(s8onm
z4_rq6F$E!%Mjfs_xA^BV^>qi%7#ofGnKXu1P<#L`pE#=I`=2HL+H&L=N#_Z0rD1t&
zCi5+yO5*JG<V)OblGpxzwXFh(I-?2hP<Z-QzUc7isaxpA%(NrZ<Q=T92$t~gzCr#j
zfTf95V1GVSToQhK4;DEbwcE|Pm-pX@@#5RaRONf@F7;e3tjf(jA?-Y=$}f6Gp&t~*
zJl`-9H#e>JFbzCC%6Y5{SbjE=`4jsxL|o|_8iPYCFRAFjhcu}3s*GvY^m0fl+(MOT
z%48s1|BDpqcdN4gb@NLq$XCO*9{OFqFcH6R;`3LdvDB*C--;yj!!wzcA4-tVKEL1Y
zVUd9gIVW0EZB9LGjIe(`{z#O(a-Hy;XY!c<l=owJ5L+xQ++;8wO2imK#?KyD)00Oe
z-2MjMde4fA+TDE89mQUvjQr{@gxyUR4}c0ZC8klgb#BB8gL6Y}iG(ZPyt)fLDTnDt
zY|B=n-b4Cq9uCWx*lkoCqsjgdQr}^9a?d_|9zF#q73<;DMbvDfGE#J7Y1Sf7HybzS
zIaRYR!jDtxM4aAS1Z;-E?;c&GghH!5ev>SD^^>P^A7K1s5K&K0NXXCsQ4tk+iSM~?
z^xR$TuNqB6+Wozo-JyNU;^IK2D-AC<UD8^&wAs>RF7-_)zVvBrB26a#G%0TD3+J)6
z>(yY~_M(?rR^-Ej-tP3YJIiXthHYo}wj5)Q8KlED78apZ{(I~XhmlbW?qhD8Ky$Ok
zt~_#5hdI;-{)_a|9q2%onm?UX#LnjK&dm{1<r*p?Z*l+Qx36lj9R8%saQFdl&XSAW
z&vNxoRu7TN+r65)l(;_X=VmNAav#YBrN@PoYTx+@o;3kmwC%B;CS`#}15r-SIu=Lr
z+%ac0tCBfe>#17F*3B<3wrHeoHuH6FF7mIx{~S}A0Wfz$*zz&51(KPpRXur9z+L@%
zNb6GU*5-$)yCc`MIklm(Gf6^Xn<_8cV=@l|z3-A1CGU?KeKEA)^96dN#Md#_ch7t-
zsraV^ET|Dbm_F-8KeyjFlGR^3=xC~b(>zeuF<6Q2Sh^36Y_7eGp{lrF{nl^TTgEM?
zp+)C>$rca_AR=h&js3j%0SuF<@m}|bL@nM8ZS7}b202lhTi=ZgI^*7wE}dWP=(bEu
z)s;mgNlBV&4#rD!HEPKgi4{x<EJoK`isLLsM&K1c@BA7LfP8;v0tj)<`#YjCs$N-<
zP_ZDST-Ajq0BZKLN>)oUgn3LxNpt8k{mTX%Z6lB%fj@zSsuV6D-hI124$yzVZN6r^
zHvTJ0>H2YQ2dKrGACLg-ici>0olC#Yr4X>*aI_-es}Zj34?T!vvM0gilopO!Ada>d
zi&uRah!z$WtybTZMIQdCdH`9FUa!`qrOksa_5N14E3P{%IuK9n*BE49H9nN0B_UW>
zO;)#m!O&uP!js==54+n(%>whd{cy87+s9VYFx!i?@oi=Qwq^U(-1b}HM6SN-QpMPa
zix~K7;$if9v^!sUOrvER^c*%k`uuLi>mbIX$6<t4X#wS0^iHA0ANVeMD*{xbphO!Y
z>ygb=@n{x>{Cds?6yxQI4|pk-YmEWRU`e6K6-2*3P0C=RSCtZj3xyLRG&L@Y7&8^}
zHW{^6Nyv4Fc-?Vi*rAyV`-+rX0}SVD3iAYOJ<=Lig*2L7a;lQJv5hlS`is}aUe>O!
zWvRxaC2QsE59e}kj(I!4+*@iq*x?iLd8*w<HP?oG>rpa4s*Ni9)=1S7)Y|tU(wSbz
zu_t$=RZ%Ux1|d;6^2b(*k)I-+r|0hB5DcTc2^2nftNi8{D%nqded+1WM~(sToE%@-
zvhl-`CKc>O?Q7*>Ca*{x;q76gzTODjlbnEOy@PM-0wgi}$@VTnaUUfl#9?~F=Lx$j
zc-jo=^qJkA-N4M{K5xyJJ*raB>OK=|SLAfL3eyhu;Ar=sF8-V2Jxk-QGSkDRXN?hq
zS_FXqi^cA?t1>utpCP`+L|k+LW1?(Y@p8jA!$?m{8@zlwdj!>fdKvKaShd)U6#IK*
z#6xJ2ah;1rA%!(=H0c7Tkg(e_bx9DJ{HzHQqnV6vvNeS7c@x)PSXZkrNcMPdDHrwu
zT(Rk`kxXE68h@!%S41Ht#Zh6f7)(_oz2{zImY9~EqB?vUEGM|Z8_<fV{CqI3wKg&`
z0x7ab_V&pe#Vx`sjVVR2iFXg5W|bKIj-wz_n-V^WoGzK9Sz*NVf(aUl?O4)T3q`5W
zHvn@(QJD2e`@1!#Ww*GfnbMiMBjCma&Sli06UH{WLN&!0C3uz8wluOIDyVt6<@BHo
z+Pjy~y@Y3P0z!Sy8szHlBJyd8P8`_gZTI+*sZl>_8H=n>k^~ghTAjGiK+m_{nHMn$
zy#_dV!|OJX^&EoY+UE;VO29(;S&K!iwpTd1`9`YNwSdKZxlTxN0Bj-8PcNz4(krha
z<)w~uF!QqqE8s*T^ES(|RA&=IDpDPsSF5=FsYjpi>$-+ad?6-3w{~F7Tb;H_tp)h&
zi(~b#vqk}k#lG<Sl>?_dZ2aPbp@eweKUL2kxu%LQXkS6CoKFQ5b37+~_`835U-)BH
zW_v9y>^8PB*D+gI2o}Y~<@cL5319WW;B9qDEsI8tUpV?M#*`Lq*~S#^)6&u|^%vLI
zx#$(-;<4O;obU9kpHU_Vr_!XK_5A$WI&KiHla(Uf(l_~d^#tVNh;T5bbsB1MhP9_n
zrqiV>3>U-AfhtLl^7?qhvS3F5QLL$EgU*Iun^`Zf|Jip}#P>XydiuEe*4ytHhEJGP
zm|xC{*(3DWOAX9avHCl2N&Q?3a^CB!&sqd2iO^<^m9urEdSDfqSXj)|xFb~A`t>th
zOYJ$m_(7{`i6^3~t2%{QD%q8N!0s{f&jqnYRHp0;#>fp>EpBSI?3lv^qGVR)t|hE;
zj-BPgo0Fq09gz;419>STo~=(U8$aKc=jSu}(vv~I4Ev!{jx9MyaR5o|F{jW}aB9)c
z)gIf<kG0fx-|F8Rx2hd&*H1`9AAIq=@i)sB+X9}9$b<w4aqnbK&*a(iE9&uT`n-Lg
zNsYSOC8&u2FgL&*8fQ{o(34Aiu7up#L{ntOT1!whpI>)KGGh0%)WN#LP0ZLmS3llL
zyy?1mF;DVb-3AhuSR(x;HRMB%Zlu`r^Ziy*%HGfn=?jc}*w=5($3=^OJuOrn+L-AX
zH$#LdfKumc5L5s7h_smpDI)mwOO=bp%q5TG0-nWWZrxcG;DXrhy`)_O&|(f7?~kpb
zr^`#W2Fghz3U@E}X-m=gPJb;GB*r<|cZ4Nxtb*2vJEDwrfX&q2K6uf{0Q9Qz?i5jn
zQJiacbc5}%1<lagk~KLQI^FIwp*`{UhV-rkz(DB?3UW#gtU&x~y?PQ#)`yrehC)o8
z&|ODEaan=n!|xheeGNglsL=19W=t>BQJHlOL-5OOr3!eA$InowW}xreXH9I(jy4N#
zqlB+cU~yRqQAjzSVlki-SOACzEWAdVdcLwqk~}#N3}Lby)?ACQIGf+!F+D^3DM#h{
zh0mAd3nY>{b&GQ{J?^0mvm4oh4ijA2K6lO!PoaX-kNdDEBM7kaEy(p`>T!z6))K3;
zlefyM=Vdi8q18!9W&>qx5v$Cdt1t4aXEj#;NVuFNQQxo1hlQ|PsBwozhv&mr8+HY)
zSo)N#B;n$3<8YkQhb9h^t<`S4(WvEo-byzaOF;OyvvSzfUImuQ;o(UUA`*nmJNO(%
z+(sqmRkTV|6`bS`SM_DO%jvuJ7;W(d2L`_EUB_rXdI~VP+J9ek7{Hh9bH$&StZ_dX
z{>@0=4}$=IcI~I8+{5a6PCkEJXMO2pwNsbN)U4c52$haja_3?>Nt~c(X82@k^1JtY
z2R`a`)U{h9gxHgnn7zt$u;5xZjq?IWUtHTL`IBQoO3zqlCz87G$%Cg8I)zkrY`?m@
z^*!RTAI&91zX$m$pP<T`nMy?5c*>&BLf(WIeRIyZCo4X1IYH)iuC)mDc1l5#QwISj
zMvf3c%T1L`wU4fa#>xE+&*aPO$RvpSSJhWTrWTFV=?~f)Pq3$3vM29Z7Hg1$HeiXf
zeRATIj?G8~_n2L^ECJ<#?pQqwqf!d1LF8Zp-Nvwy2(7V^bd@2Zq09)@&Yw~F&^YX2
ztj?#gN4!@v3S#tR;<pPn75X~hg>@IMq$Jb%Zg)?!nNO`}`yU>zx1g!#Pc~Cip6ZJW
zMg7r>kh*+smnotO-8LMo6%enI;HgzZ(~2h|)K=T<`4!f<U#J1Z^F?1wPRSZnY_i}!
z^P1jN`BSl+Ub|fls(#7}TUF~DrWCd$Fh0B69P-0H9bpryqlHDI$pLa?TtU4lo}ArK
zre`#rdPyvuq-4nVjHIA1W@Nb<IIr$_H)?Z^!=n5JUhh0|A?-Z952+hdTFo#rjHzqa
z52YkC2z=&u`B@(g9T-KS9z~3M?^kt%WAe^gP<3B=tsr>e*o`?n^Te({wJ32(&>^Cy
z)or0Xo2K9>?JGe3MaG|YkEb)jmpDaroKhK0n)Lg%s=|dspt}+sAo76h06DeL(A2W_
zDeM*|OZwULR+W>GH{N^RJxAiC3#m?JR)xVdQ{6IS(^u+yC{31?MhK<M58Za6bG4-7
z6oa8oR|`K&sk+N;6AuT9zlO8|rLpn2NfE!h@BrkL=NnY)*(lZQl5TCVFlNwAh1Gkc
zl*b1fW*yz=_;dtXrFjXQA%a|%msh9#s(%EH&XlRD-Xh^AO@CiEo-RxJOi7gj?R{4+
zHblJx)kZ2jfGwU0wQbC}x3no9z(z(CobQp8MR9Wc9$u_?np-R^uXVd^0(a}oxm{G`
zB!ha<Y6)9FLlU|3rs}S`P6>HTvSqT+0@HWUwVuZ=8;{-Y$0eWZr<<EcfSokz=6lnX
zoqD<SR>;{B4=`<Z_we?e+$jE@bL5paw&Y1ocDz6(>$treUK!rqd#CRLWjpOOdsbT1
z28$Bw#?fD;H&U+n+$#!QkKoSP?)&fED14`8gxby;pL}1l23aP6778`JuZ2$7+(n<`
zbJoEfB9V?c7v}osb@Gb<(VElNmK@u0bVBOuTv@Yqn?7aOdi}R`4X|tXylkH-GB;g~
zi!<@-i=(LSrEm1eSQ7g6dgJ}(I_(7nHA|``V-(<p0TpI?INj`tCy?E6Yko3Ow1=FE
zT&a~Oai*QnDWo-CrWbnMQ=qtBMsH5y4<VVo-gpsrzE;8zlONyFdIjR!xVNMlblsNC
zMO8P-{FIuRNuQ@nwOD`=&C6rDu%dpt&s1g8jaU3T*KUwAZ}0q)?>7}fz*9#+cM@Sv
zh^}K>WbhPL4&jz-LF+rB(NS^nh31mTg*WSpc*URDf8s`}Q*gFb$nuz;zTYP`omioa
z0bt7i{PkSUq*TqG7kh4TEyYi~-n`xqS$KWxAW0^3c2AX@6n1%uB6)r<+errOLWX=>
zf-tCazaQc)Vp~mR1-2jB{rU){VfYge3^08%rX@RywDy`IgHEaKL&JlGP9=fK{<Qn>
z=@sWp7*L#mvR=mqfF|3TPqCgeJScf=nEl<Mh&m8AX94tBEWX32Ju_ef%eL0j$ZSM{
zDQW}ww6P$yKZwraTvmqwx5`p}j&=%gJsC`XjV$||n4+CuUyo`VHDfk^X3A{XN`OXC
z+4T@o&H-Ba<jVs>>>gjSpE&<uGk5^l%c5EwJ6^y94_*pWh?wG82wmzdh*}wmTpf4<
z*=+P|OwcJmEW6W$_qwB{_Y_|{mb}!<`SSatCwJ6f06swLc$5$Ss9h#oN{FJr3?E45
zGXqw+DY;n3o0MYwn%xMQwyDdkqFa7!fW|E2u8Dtl#Ug3#g-C*{IB=}_RTjX|V;zQ-
zAXhIyE(Zp|Z$){rBwl0Us)F7ExgwP4BtoASD(&zsy2e$tX;Cq@i}Ql06hqSK{4-m?
zkjRGU{qZk34x<-yQPj`w!xr&l5ZZ!}ZE?x`e$2k>_Gbw)*8wgC^7Igc*On$j-;qUp
zH>Ak!LfC$^<}G9dGIu9cg%NYP0nmdxET?(?9n-x?eAyo)9qsF6hupsiuZSqRXFEK<
zM@l7IJ`FWA--N-ShCyfVj|}HPl8*W=+aS*ztY2PjCo6|d9IcKB_vm9?1zr3)fP70e
zP8LDh*C}=zE|*nVRUyu|9-+fZ=Kds=vO1me6cpJ0c=^DGI)ZrW#zDuQ(;x*s3wsAZ
zD?;~onV(skT`jz|jm}9kUG_m7{vTN}$r55wB+#7io_(=^ydtaSP@Q~a-GOU?PougB
z4G#$7`rFzQj_R}aBe(9G9qx)x8EI(|ajU1hHMljy$3Df&UcPYZu{C+5!@#VtFXgAH
z$6cPlqeys6oYP{&N@Vl9#Dykv!QgE9#P9K=okBSQ+Px9Cvh<W=K!7zl+{K1aZYF??
zx_^iT0f0UibP6FNZf<TOeg{HyA|d^aO2aD@0+v)dYjcw`R`o(^o=*ZI^Ztj8Lbr3G
zCshGYJ)-fLDQ@EMR=D%?z(yl!RnMYhd(r)&q`~<jsXIPDYu{OUj(&I$rZ8E*@8$c;
z9XuEkyn|Hx@lM&BEL!j}oNeu16e8QBe||1M74zpYV6^q)<mX?erI4(<EXsmOF7$k}
z<SPB3WgsCu_Ui}ibmcMSby6g7;%nM&8475@IZV=IHagRa=vUku0^bt?(<IyR)Zo+`
zOR25TLa4UdY*I>ExMeehxh@8!%{%%0<%D@&A*p=kj%~-c%;l8?@~Y4PyB;nOJfVC9
zV%?Nxg)FMWM4$Jtj1gyJGx5O*QYqrdU>+`A_h$0^`&EK@+)F8bf+0|Mc!;>KNFv&(
zGl_%#I-O)SFrshg=aEq58nL+<!5;fI={rQ0XFsNvIj#}~``Wp*MV26Edh1^H7jk@k
zV+7ILK89wpy-nA=(xT?d=<+8u>CckE3@qb`Q>A^nzvY4%NNyP^7+&S*nrG6EX2-Et
zsAuECLP%_*_l8<kIsEWb3sPucG_#}fA(9ATR01r5#O3Gv@AO6^E~)ltXoN|Ymku1<
zu<62#U=NH-Jc>TBF`loy-2bN(&#Htw;krrr#iRD(lw+^?P2?m;e&~V!cV(E5F5%7U
zE&~HAYhS9I&yRo(@x6=QKPpD0`R}Hur%OtI$~=qZv%78beUa}U2GB?Sk(#!P_{DUT
z?Bcy8;gr_3-Hb|Yi1D7x3wXB4Y|;jr3?(~!>&aOuv4eu}z}g8aE-2}rIhCkTh=4U>
ze*8zCGqgL?n}Hgt;}Qc&-_SZq1ZV8G6y{W{M|<dHbBZ)?b()LelIHI=-@bpo@fFe@
z+VVQ_Qb)>ROVZMOIUW;Jo|vSr&p)p_v5EmS*jT0BQEIN1{qn8UFuJ9}$B%c~v*wzR
zR==nLk`mQ?c^imiXl{vumG1Genf>?Kc0R?8xalZo>s<Dw)8xIUa`u!^>;7QicNx98
z6R}uP-~2@%a;l-@_l`fuDb;=SCf?!0yPfZUobVv50l$?e^L+pydbW;7H7m`JqJy}V
zd4E~IzkS5eaSlCTAM-xEaGFXaCqAl2#w*U3!I*q}n^b5EFmYdMXjjf|i1kRDEcF_E
zFJY6Y5R<glWMP!btX1#9M48O09_9jo5P54DJ-fOU`kGVHneEkl5gSD@A1n9?v9Uj3
zV{_p#lJQSVB^LZ#t4m<~LKHzF^+0bZ^rEP8V(4^Fc|~ZW-dMD<@1zKo=_wS!LpW37
z<3ILbgtN%Wct|o7c4zrxW$&>wJ72T?xb;$fG|rw)!fDu56XeLq1q$-=MA-{lM>^H#
z(utz9#!m@v()OPz-rO9DXHD3FBW_|FSg%~iU!BL~Tqq(PA;;{jwZq(6SzkUI{!8f^
z=U7w$f_=nltuVtU<ETUT+kqKonF>SoCFx9m9h|-wf>_w6*kYVAm{1{(-Zx5k0A-6l
zQA&y388-M{L^+*6`TdVCt;_Yw!-i4ndR(!Jy~<-r-GYcIn4*to`_GMOEv_E-3o|y=
z$#@JhdxK`7o98(f*Xws(5sRnGlLfE%TK{>_sB$y+;rmv)l`ByV#(#cj{eo~8c^di^
zjDX7)GsCXm8KW8~_JFRpU(WKg+tF6-DCs|(Q9m%_D+l<cl@5{&zxi<YTB0SJ&HWLp
zwG5~LevDLZ+t~)}VlThDwXIuCK94FB*>D}XvXA)6k?-d(3zTi~*Ae6w($;+Gl=aP#
z=`jdpsU^NPK+#CUYX++ktabP4HqDttYH=^FdF<3L2V8eVdTz}x*F9e>?UvH1{vv!+
ze3bQhf%7qUZEE_KU*F#}TUq|sK<LEmS#$LsTQ5i@cL68O=i3**2RFB#sa7to<l(t%
z*Lp>>#WzYff`3<@N&PU-o8m)y=L-!1lz7DAl{lK=s6QP6xgz<0`@IyIh`MTOp;>g`
zD+3{C$ZR6Vjgu7jimp!d-5os%2^Ddm1lZSLLOd!6HT8l%%N0xd4M<avb^5CjyUuIY
zdYOa#m<_s20(%NZcIyW^Jv#BWIOBI_2i+X}Y}wxX$$ji2-S*^$%^t=APnGZKDaF<X
z$=SXV_Fd0DHhQ*;ZH7Pl$v84LBu>jSw_$u)%^iQquvaM<;9rf|443*8W{*$fR2?I0
z(f=U)Z%1~)3^4gVnJJ6aI*|vK?F%F(YMb=_5nC)w0EWQ{WzwVL<1g<%rM`H)zX7wX
zC+<Q7O{~ksef59X%Zpo2%*0fV$_^)+v?-G;ek5EB84Nx)BqDT?ACIrQ9vdFs+R?pB
z=+>Yf2t(y0EYEkbHGZxO0gL+}_!%fT1Rax(R#ERB{H_>ZFX#9<Q;Hb-c>>M<V9Al+
z)_>x|`4yPcpb7Dv<m3PKMHLP%uQ^*#@RPW8w6#j%9|6)La`$X8`o7WJr_}f#d|QmI
z*{QkAaWf$p(L8)C-F=IY8M?Wbhz7gxkWD7V=5!YA(5<rCwDtawMYVd?xK%7_fop=?
zc^86UJ^1`+r`D6Tj?vn$_}5J&%CYb3n-cm$(DF)eC|E^MW<c^vEMMOLtjE~u_A<})
z>YlRK>t9tpaBFjvbf!xXfzK481}{0(KXCtx#>f|LjNo(6dhNFzQHB0@=wBglJ+Vq#
zwP1|$@amu){>Lz?haf`w-9Dn7+*kO%0&V=AK)KbFtHxS^4@K7_OH9#`WoJw>7<xV|
zlZol77r$aTw>m@D3=e$0f%Hgj%^MJw@evRHmWYEoPRk?&-LbIE6(!r2#5uq2^{_0T
zAH85#^O7Um!&P7v-@oiKprx6`XRkCE3h&*BS_if$p4cCJ)3cxN@(K;adMp%|4s2{y
zjEurE4@>wWBsgJhgNWZ+5x6RSoqFTOx+Z@)c8EJ#I1282*xHaQE{=7wwfpb#d}P-T
ztH&M7HD%BGCSx(D)!!8~;=4Hb#Z1aJCHl+`m9^t{bi3m2kojL2cywhaaNn~6KV~$G
zm`bKcauSoa>3psEQyfxAiO-HT*Hi%zR+<o`qmF!k+)_pHU#KO~;%jv<fMoLAFP}BL
zJ=?lj>?wDGZJ2wm=3u1O;gu*#s?NNTa+aXb;=bssO&7v2`uw>}@86Y;Znij14YihV
z=dk&dQleR@7hOB;TH`$!rt>gw=gYIh-Fi9X>MsjK<h_6L2%vbnGZtMsztQn+y--0X
zX`?&~I}B>=np9zT0`=ypU!DdP(N;eFkBn(2?|nG12TiH!IY!bp8|y)J9_98~ojj9J
zfnC#cVe%2wRJ`z~?_u|5Y-nfzsB3D}nT;8u>@OrqzCCy|8>xm=Y$M!ly?8vAAks|@
z!G5()(g;jI69U<W!|)Lx38ksYrDHV^ZORWIr11gca_*wYlg=h&(J~<5>e(YM7LPQB
z*Uvf-ht`;ln?bGLi!zY^5hyq-SAnz><c8u&U!s`o<W7kFu2seE+1)!Ko&>FU5k7mb
z13lP6WKv%Afe4L%V(@jUn@Mt5WOEDNe@n8()zM6pJhfqspK1WOUtGYfvlR=W{dk_#
z&)!WSU@iG7gVPdxr<lp7`bfk(FsUpW0|aCkUe9xU$;u3Py7jgLER!tGM@hgo^qu0J
z5@+%0jAm6o8!J30?KylEc3s(ZnbH<&s2D3-?0~q<^2x+6sZD#D-CF<(h29<R0uf!8
zd`wJees=|b=mbNY%!nC3%>wBks3^1H__iBVO1L`h0!1b*@qC2?n5eR-W55vkkf_aX
zQ2TjS{o5^ni+*^ro`YO}+wFFS<{yA5V~17QerLlCT(7s*&O@5+K}-jbjWOHBNDRe|
zp9k0OT&8bUygKm4+N&|kwPtT>7S0BOt~V@2+XqC?WNC5vjy5+I4lQe~)_gNPm*Q;x
zLv)RMyQ=^bY~;XToE3>t)Snkn#_qgvdPZB)xEx9eM*T2PKkjX|%I;dt7<$8*l5V%-
zAykYE+4m0`jiPu7cuASvEgTe{tKaHx{tjZHYLe0bwu^Eg@r+L)OQ4~rF@|?xi5l(d
z=9|eO-$kl*8)<r9%fSHqSv~`^;pa#!5&dtM_znIQGX-i4BVKTFbRv3jk1J+agR4sY
z(?g`ZQ_oM(Mg%eE>8hFXM$k3v(oYZz(V>Ws2i<Hk0&2P|`Yt-xXkgr|ou^1v(#qT(
zJx^i${kmIMp!<!d1A|DG5%?FSw()qL8h)`I8U%+KH^jn+ydD_f<6ZV@fw$jJsC#o3
zU%f8A0IshaB41FDz0Ni@vQRdcb-YMl=T&T9Kk0`afVFbI+qgcZxKRitu{q7i!RjTA
zC0yM?`s92t2J7nFO}II13s_B1)-rjDw*cCo9DZ=Ao6!_lclFaz2d(KKfT!p5AiJ7}
z|I>OsY6qMgvmOKi;4Ag*a%^1i;Y6$l<0_B)<sWok-yRRlOcFQRI4XEuOCHT#94!(~
zVnv$X`L{WD$MN6nU(hNL&xYr=&6r6(yYJ4n5Vb^CPI;okrhytm3lc<tS8|-D4hEdW
zv#V1ptBHnxA5s9oru8eSW9zu++3E(m-QtoWPq!JVFn4seauWsr(TK)Mo;wG#?!woy
zeIi=r`Bz2)$6tJR?ssk&>O=F3@QRQq1;`y+uWI27{Im+0K=|tGC6CF=_Ne}HwlO<y
zoFQy2-mMh%@MSLJzKxQ-q?GK~+j9|hUS4mXM|hQDn9qKM%=GV=Y6w^JSiM2BG5<o8
zBatvUDvyZe(2fjgLT6|9%ZIZegVQMa{*9d!cyx{d4+3E}L0?m>ZLf7d&uUA*#@a<b
zZb?OjWR8g6g9e1+aKIUl3zzpLcCX@*c^H^n@b789US!ZC12Cg9yadI+v(krJTr^ok
zvW-G7lQ47|d^s#SPH~1l$v<#?{!yLpv<Uwi<UZxP(2is`F=ePk{BZsolneYNAq%<P
zVTbpd?d>RAwmmVn1Dgerh-pFS8lLgOFG9mmxdc!j{Mi@HBfGX7Qp1dw9Hu0yA4}<T
zhuHeGFTYn$Z|dsmIvuMXr!0DT0D0a`7~4onv9RHboI9&kb1$B^a<E<SQSz3l%|<W&
zB~69x=bzYER)W`dhxySz=V@RR9u$8$t<&n;0HKbL$~5$w1X>v__oa3Lb0%mW3p`vu
zV_tIIc)#Y|@060Un*w;8m8g_*$gJSr9aYZa`?I+Pj-K6Hx5X7}b#+t;q*s2fHgA*?
zP3=`VwtdxNensIxsH!rCT092@nDwg(xVhcu+{gT!rnK9^fXr}PTK{p}bHF6*US_VM
zv~9DNsY(rd5L-P`IdaDDT9p3rfnoB?!kQBS5YW`#wIhGKw3t54<h<O_q1NSdb}D1G
z7Z0Up{apTpSEFPH2C#E5p(D3t%LPCd8h>=&peqUgO*RfJJ4|S)2xy_BBXY9AcGk2w
z%cJ||bc4fXQ}&CcWpNJ6RwB#*w2Y5L?)JUi(y==jWq$?V*fKhc=USgZMx6iC0>w_I
zD_9AJ5vi+mMANnB3{<cND2>YcWP@F1qd04>#g#`JH4SFKUAs54&PAe_`<5*fnek0I
zOJ95;jZSMl$*?w0QSliCWT%+#@?@61BB$w(oQw+BsPEeC#l<XXRfj`D@s$9*?AWhW
zwbsXE-ZSqB2H1ojc+>?ifjZBj;L^u3JO9@GJq7V7OYLU#sUVunH)6}#<!d|cJX>IG
zM^41Y<KPhx>@%4Ikp(}FnY1c8hmx4wFAX85B=-O)^klC%rz}9bSJ?5>MthKHB0;c8
zU_ROfR^MQ-_^dQFP+cWgD-PkM+eHQ1<1f<89-BAX0wse!<R_mZZHDA7_gezn#1$QK
zwVF@NMp~iD+m-#6=j9XXUO+M?d#3lDF5kuo8i%*tef~SV7<h+ZOVU3D&NhygP_p8&
z*FBX6bqla_g!La?5+}W)lzmS~jReV=L&Mh1M<^y9>0ua@5yZ;EYb|ynlUSl^#pr@v
zc0|Hi%N~muk9U{yi}lu%Q(0M=t*t_Sm5IPSY{}vK@#X(GLv#LiDw&N<5KHYEPn?pU
zRbpnE+_edXyGdmq&2I&KKLlW`JbUsJFzW>E-!b~$t@+Ti8O%D6jPey;SN9Y(IqzI7
zjz;oFjzFUbiewDot(UJKu3}lr#}t<>MTKsG3`^_gE@)Kq#|a>XPGfnw`;*%aXI09>
zjb;3CpxYdHrDg#e?>8%}k-O{FE#bXL=(w=8^Z;y;T_Ow<3e4nY^N93FdaQU^HUMcX
zgkcokB_zdX6F?>Rx0pMUvFeK^{vAf<f^1`IFX)SBWso!`;;)Qgs1~fBFQQGrC1OMn
z+wbnvJKk@)q*J91DYY9!G`m6Hx6JV^K%)dom)pPT4RD71|KVuS^Nau3Lra6IB4qn)
zYCMien02cE0j6WS1~_oX%YP8ocI*0={5F%1P-lg>+)7z)0Gz!Vxv?mc&~bo)_wRcd
zk#K^;{YYs(Bu_HL8t6!~`qnxaaIAQ5m>c|4$kd6g4p65pMHEy2L(ctukyCD><X=v|
zxVZjEA`R-5{vXNLo3^O^zw`X}RKXGI{}q(Lr&){Hzg%A|SeU-9>PjCY<B*V^QCXwE
zAIeNh%8#<LiCF7@<q5!}ewa3iVLX;e0<gtgv-u6`Y>1Ot^|mSHdit9RL%WeJYnIX8
zjl}35zq?Jzz?Bjr?i0B`tTOqJ`4nv*RLTYvkV4bbNji<b_{Yya9LE98sMn(Dojz!1
zD&sm|*B4gk%Z{S*(#0!uVA|rmK%==g%Ibdy=ll!StLbrqKh8Jr<UTdupK{!M*=i>e
z@}|6?_<-LQdKl6w=0lZSN1C2-`?N{!GxJ|OTHjS?Z>b59a6I4=!o$ZejZ;D1<t#y2
zlV$m?7luDf^2Yk*>&=(1&cCXLbe@Qh!tIZ>*16u(Z8IkT)oYCbNW24$wYgLDOsCb8
z15?Cv18#O~2iz#bJNq=}LOw5r*!;0b19y)0zrsMY<iBudj4bXHs`5|77NQoDnt?>S
z$xHEr(dtUU^DH-Ro#U%YdC0Y-r(qXN|KtwYu$X)rC7=!fC;!J*9;`JVJ{bjqZX)Qi
z6RAbaNV<2iO*W-%zJ{WX80mw@2>MhtCW5zY)pUNn)&bb^?--P%8a!TkDn${nh`ZJ$
zrc1OF11Xr(Pb=V8f_@c**)8QMKvCN+A6_^b*%H$Q-UkZb&<I?*J63xW!<NHZc?c#L
z09e5K&18-aYx6}x$4hQ)e<0!pC!q0c_IaY~Wsp%*+vv_n+9XTJ<@Wl5jRT!xdV#}n
z(~f^ss|ERmnI4b(z6K1+?tu=;;`>=y+86MAZ}jlQJG;sTf`xM1&g>%E6NO?IG&d8`
z(3k^I7kMh)Zxt2H7st!dfe%FDr>Gi<l|2t3nmCoJ3vom<cz{F6T|vC)yMl+GGlb(?
zw-OAfh{>O=`q%nM9eaUV=Fg{S=Ku-u%9hj4S6Hk6LYx-F-;IKwL%Z2y&c{Syq6-|W
z++E<O-@LHH7Eim9Y>2=yXgNuyOfWFdTc-6}AN=qylo}q*`^ocs1p9%-MO3|-q!0Y@
znw0-1L-+Bc4ZFQ0a-CsT1PJB_kS{RWivf*9#=wAFe1j2N#ERQdo|+^EFd<-j{bC4~
zzzCn!HtWhm1p=+YG|Lan7sI87nd&*e%f5g7TO{XpVdJmJfwD+I3d3aX{CB&+RW8oh
ztCfJCSve*Kndedt%LOC{ZLcGsKw9>EqA4?n`q>@0zVV4V1ev3Rq5$Nfrg~x;^lnd9
zjP#zQp4%2*po)65NT%8C-*|hRYNEpfOgP(XgGR|JF?W-_vZFVgPRUs*EHO^{Bz>%L
zL+@MjzFNC!Ac=Wa9{X}0uy{I%fzkz)Q?LewjQWZxW7e!#{e1vn(B#kHk3P*e^~Sd!
zhDU4bQ-FY2B9TcpPu5=Y$(xo{cu%2Xpmnq7(g%u1t6-Qr`|@#jv-8G<g;;fVP%~Vx
z4$~XwLHMi%1p5WVC97nHs&Sx?+IEk=%BVS5Wxu<Kq#|pa9|WFIv;<MPPNoRdm{CKj
zoV5j6IxV#%4OA)_8{D!pTE;7ZYQ7KF#3C8MDEV#FCjcpz-ZIKrjF(D==$d5$Mm-x9
zT;{ujo=pU*Z|XO*yb!!l$k}V4v*HtunViaeV}X=G&f2#&ka^%)tI(U2LT&>&)n5T{
z+?UkHt;l0^e1$Q$oUG@9*GsN`vjjRaWO2L5$uv5aLUglTbd_WmX6=V>TB?PrjFBdi
zLI^7E!K+r}2SHw=>D=;@0>B{ug!P~0X>8}Mk=Cw{YkT{_?)~Gg*(t+0YiT?O{fg9I
zh*BESn%=#D>CTmUY>ib=b_?AKpZk&@`Gqm7v;SPJmjRRfaw7)Assxc{un{r$c0q)}
zumm(1#Y6k8aI*`$UkahKxg}9@RsMsgVWxw8hw(B9p#!aG(2Xbz#uSjkia~PF-{o4E
zQ?4Bf;w^`ewzBFNrFD=~v^3J_Af>HAsE>J}@EBOzecSo9C6P2QPO*ak{O7gsH&Kxf
zXmB>2puv{IZ&{%1z@;U9Q4PJPi+kJCnZu?B>R1_yRxD-V)9`?Lb2$JyeGypawC*fZ
zw*0r)SMF#2%t!eb=WTx_$`&i+8Bl!28=XD$M^n9KvZdInzsM2xlB_Y{1?F<qKSqzH
zFTkQg(FSx=W-71`=m$oTVr^0E<{AxsW;c}xf_as76nOYzHL}>9U{b-s!#|EFr(#QZ
zvPFb=alu&(9u;$gF4aLtXBIol?&%EZfs+gjd2@rb(LI=?fM~pW%Z`C`@Qq!RmxUF1
znRA#Z*xcFrjkZz>=A@hHcXwHnwE?`gF1H(Dm0m|wyfkK}gYSJ{-h%<`2M1mRz^V<s
z>AEw|g1|#|2J5}D6?ln`&p(Q78T$*-A%*ZBu&e7gU6W4)T91!C(&~6*Q?4a%Vfn+4
z$pr6~5pzqhk~xqk(Tl`BbZBdPpz0?thy2d;AkK84e8_S{eX!^2T9=Fxgs*}YaaTcO
zdpBY?!iWcPCw!iDKU&t>l?}_gNO^>0o_?DMH^Ud$J-$H3zUPZ(fpV}-MvPj?;Qp;d
z_%SXob1Pj@@sfcoI4-5fD`HR6K81$m>m^bq?fU0_C;0>hyAH2~J-+Mi;RouTxtdi<
zAK*<2uznBXq26D1X^Q3q=NNDhh~Dpc>N}f@X5KGbWL{0b_PsCX=DVCj^}PntAvC7)
zlygM<84ZH21oFDDp>N4Tejo}qEWH-I2qr)LLA0PT=VgJ^mOuJb^pQghyYoYB54?y$
zEgAtTZfTqbkw;3V3hGd|?7}=K`hKgoE8DE{4+0{G6t3XVQOpMi*#Y-t7LN3t(U1;|
z<cJO=-aO*gxN%~7D&9-l?yL7Vi$B~i+B`rvS+y+tquq6!2r}OmgDzJchKTyW3MmA|
zUC`L4)7=fLN~5YtFAy=FIQ;N^`aKvrEKhQ}_OMk_RRyq&MYEq~&29!YXN@~veJ+Y1
z7kEUDrkFhCq5{+m%tK!pD(v?-D81_p6$W~dD}ML+Ao$b3@Bx5#Vq`XGB(d!k#v7IJ
z_ZQu~ZCrE!Ua;IS_@J@mr0W8#cy3+e+^A|E4uM&^vncC4b!Nk6s7b~$;rRwxM<?nC
zY6_}LZbh6@CfJ!PvSPhpBIhjiNaEzEexW8X!cC~LP%;C3Um9U7gOVp0Q~UV$-UZTF
znim9n<p<x2O54fyKTwlx#UKE2qTUsg=sE?RW;<X@<&k3O&<3Zz4j`=v=o=<mey_lJ
zbHDzJU9o7Hc!_?auc#hpMzn(yX_$N@%6x~vSzsF;XntU)OXh&b`R~zmU*7>2)dAI^
zAO#^{Cv83T)*T^0rpv_v`Finq^yC`nq3slu&A&X`;4B<5a<Fl}#Lg9+Ej~-ZkHPGJ
z0ob3`)+~*tRVP&wJo-5ZR|4f^o{{s54#TjtHP#--l6POyXAH@+bp+#r1wS9riMG#y
zE{mQllzs!a_rJoD8|09|NU&%+oc?ho0OY}Bl0FEi0}91y#2wVB+7|rCGICjh!@V0!
zY{Hc1JAOqD@R967=N#{KRngZ@e`SJx6ma#2CERCUK4EhH$uVdRL$@>tP?*QEuHZ1r
zQ%@Y*89cMIO$H)ChnIgNr!x=f)7ABpnuz`G@jmT1Xp?!aicK&G5#iD*2$n~F`sbgw
z&vKGt8Yeh=FRRbHNBIQD2o2m+KYP|B^eMHFBIXawX~ao&4PWS!j1&v!*1n^6N$u;C
zL=M3gG-PG-SPhz#Pis0bZaJSLGwJk35$TblR!G?C^UV|-Zu^y=gg3!T4tPx`M=%@9
zCr4BTvaudL>%MKRfe4r_EqjqSPK#dVem4!v+JQdkcCf}6lYduyG+Zoa0tFS+HN$6<
za;bGZl;+*MYL>cMcPa78k3lu19iVRD0q?`gwo>8bp5P^n&@rp{PRFqe#(%!%#V1Pl
zIYLkda(=fB|G@W(>c-BEcErqeXg+BbH0bSG5Aw590%$@e8ONisjlVkhdv@jiZ)OGU
z%vG!mK_fixEqA%7G(25Or)^VR=x%}z!U(UHrAhCn0ISM8Ag{Gk7fce%=vot}%kQiY
zJc6JA)AwPH!gu>(b<e2x8xq-Wi)VMjSgHS|Ev$1ZB{LR{t?i{*fApoF-b1Y5sh+oj
z>i-G8*U-p5eXMipjwmk430gm?0>Qwrr<zMwTujtSLC3ZiSRy<UvBXc>qAmKdLC!(<
zc%jT;!%RBhNhJ}A0LW>hR(@@oIdY%nQfq7L1((rXQcBW3$2DcZ#XCjE%@U60hrBv>
zn-Aywk5g5}!*)al-zLsJ9SWP*2TXBrT8>J(H(aALtevmY<@kOe7;;ww+5nN4TP2mH
z;~pXF?(4mS0-sHYNPAec>e>W`l)gHYt#UPrEZ()`elP4?S;}Dkt0=^<3cGyP)(g89
zxzot;S+m+3@N17$ftw7F3Q@?*lUCd9eMr=t$;+!i_EOy~r{Y1ZJQMW2ankpi4*|3>
zAnxQOrDG|Bf+O?tj*0$ri}YilDaSzbDK0S4f%9C#0+q6LKHU<%jQ#poQmXgE`hz_R
z)@ie$Ildn@upi<$xYRxkp#~pbxS4ni$<N?7c|TngsJDmk8v4wOzHIlqyXF#}8GJ&b
z$h!^h(IpbFyCKl~G05IX({j{EdUtt{(r7(dRO;jEiVG0!##@x%0ZK%09JS0nRnJO_
zof{Ut?}uU`5<yzLqOQGa;Cz>}SXq?NWE91mrO=}YSi93NFXz0fUO8{l1VEef$9f!m
zj)M9YK2`WV>niLme$B_6Ck%Rxac0)Y4&*Q-Rv7G2Hf)_SRdv6@5?!(Q%$7s$9z`;~
zfLkDz`F-*G+!EOW6H>@=cwGL&8$B%4X;GLjVLND>pAl^TxoSL%NWhIAQ}p4a{*;)u
z7MP|iJE|M==iB_=GleOz`zCADmS`DKN%_cHoh(K%jJk*i0}#HlC4sG?VGy~tkD@HU
zFh~X-?3Lu@X$u584-c!hwIlc;p?3jT$?5|oT(>X5=a-zsTy}UAz9*DV*ww~sFNJ_Y
ze9m>@sU7W2jO1xm@$*l0U~*WeGVrRjpZ7?U6VC+?8~{09&>D*ux%&gVOzpl56@459
z9($_}hs4uy`O+JM{d(EN?oN;+(c@>^V(k|e^RKap7e48`kig%Cksnjq6M@e}?l#YV
zN`D4kfju<nkrjwYj=EIsGaP_dqMBPbU1tCX%wE-u-2+NbreMixz87Hx1`AT7fV3DT
z#U0`G6KW^mRj`my7_vTr=5(uEIbo^5zkIolHmY@9Mfq&5kRxKS3{(TeM0`%h-U9ZP
zgly^lH*q(=DW9+ib3hgX4oXU3rIbQSXu0e2Eq=-><bd~~lD{3*qO((MkFSypFKWlY
zO;>=DHC*z4+OGRBSy$U;zi7|86xxKf-$mCwso!sa_wKTm26Fmb`|so$uw43*3x-+4
zHPp!a7l&=wOWp>m7zRvn(N08BvfQuI;1O(^R%P`W#~RS)S65drt4@x|s}mZH%&~h&
z3bee9|L?zyx9!&Mm$Pf5YB#);PiF2qn}(KDM&&nhl;#(z_hCSr!1phUC|d)<CcXZX
z5dLZx#}X;{#q;y?e0M*Vop&9m$D907NC+MY8=?&R4TIFlS^fXZBKms>H)Y6$k5Usa
z&(B$Q2*uyezZyusrRhH4L7`A)o(Ug{Jmb+)Ro$MyQ){?9kgslUMbOkt@>lpz9Wm20
zp)Mxv1VohlgBpJ7Vp}bio(XdnCWo*;(SIWd2o~GkbT18TQN#!Q;#ciWFgdJK9zH1g
zdl2B8{*3+qP4D<tRP_I;cVM?WmyP|P4W@4R=s>Q;Z2PeQh3GpP`p7G3{Fgmw{2fid
z7Q-h2iQ}VDp_I=ll+aH*cG0mz_^AI;fhhYl2=ECKAyN8P15eg0j3!}|+ofB}Y)j>@
zJ5YEo_06M)+f($;gTNidUUr(u<lsXVfKYL6!RfLMn#nRT0BsBI*;Fqb8KjUuQnUyP
zRjoR*diqsUWctXsPZ*K{{2u(jLf3_CGK(I-?Div67CJ2;J0+fcBOQxO&8zl`OT+kS
z-Nm<&9h?_W%WRa;J;dFazD|oG=ge5v5Y>aZm&xz?XK5)~DvDqY&{ePeT1T&!egOi!
z$0+~KjfgNMT`SNu+rPM_40t#-5NCGRTCzv??`T@~Af;8x+-<23=|Fm7^?Z8BYWCH|
zN}yHzH2b?kw+_fX`9}V@+8}m-N*>@ZdW4b?;|%k=-g9gd#Cb3{Ms7Zc(=!a}eY{$7
zbOyo|#?8b<fuN{jrAq?<R`ox*X?@)^F)?usn#LBfgiu>s`=<rOiF#&+3}sSLg<zf&
zYRNTASLovQr02cYsszgo;KdJCvMDiq0NQ`>T@k4vF(mRt0%L%r%IeU5Yq1O)Z$9lK
zJq4OMt0np1GlL)Zq&P0iF@Rs%IEa_*MsOA0mBkrAcignLZz&Tj9!~x^Vw*1rYjuXz
z-21oS;!Q7W>I6^(9&tM+o@}R4-{@`n7a4O$lYeudQL-)nq^en~|Fhnc=93l+FiYgh
z0iWc*IeBb4Sr~pkl>l_Ne06Q@us_Y8g0VjTUYrP*&M&F7mNaxgT~m3r4m2#POI|X~
zPMJ*ad(ZQj0;3K`=<jjlM3auN;Mqtr8lH4nStK4#^lIS;sS`2xJ2?UV<<?&^7M;!Y
zJ$4NQj$&Nc?eA(b9WKKDFBJrSh0=o{Q=3WI)K!bngYauBS?@E-q{5O_FlQK3*g5DH
z;?xCyTgNOWN`d6ukKR-3EIC<tv_G2GGyP)u!x-m{0ptdgFt#Iz7v{@Jp4@?}O-J?<
zbvq-?-_pd8d|K>HcDW#I#2am!+^zUmZHuq$_U#9eM=Nw0*VDxfK%IA>L0IU479$R)
z=z1g<wmlGq^_`^oce%bhPVIvs22irv<0$k%H<C|xWvE+k-zYS-{Ox(R>AtDhdD{iE
zuKs_BAx@hYtxQqXi|?lA&QD%u-ewq_&fmRKg*`j<B2k8DBr@3p`t8Yb5eJ@9v~jNq
zfFP9C;)`xzDpzHC*}!iY^u-?NFVjQ&bCTEUZp|TC9VHr2>#|=5LaswCJ4!0m>O-n*
zkyw!!9-ro|H}E)kg%c*z<_Fy;KNCMibB?NX{QgGnoucHEPd1V<IkiL{u>Bj8a6{#N
z3z%+LX;;Z?es4QCF=%IBl2<Uli^2XlGnG;%jMIeNSu&4WhoI;P@XWiA`>qd(iEa-=
z+)ca;yD$rw(0+1G;_`p)zcbE$s7xj3AWV6^Y(S2!JvyQ)?B7wTqyx%a89sNpZ8>q+
ze>?Wg++3&I6<x{JT-d>(KQ+rHMakmvO*U4?&g#_KRl7v8aH^Km0)S1_hoJYvXS0|N
z!e55DU9_Ne!v{kgv1af)khC$2C?5<B=7~eM4(LU*35ypeVqwZBKK59K!wLy|?3f))
zPpk$cTr;sjJD)_gtI)^b^@808d2O(_u?CAc6+yore|pd?IYz=rJMLE-fQ&j`yyEdz
z+Jdu#Z>@|Pi9A$lIi0&AigV^p$o#sQt(HWgYaDLV8iyCh3=1`Ti%tK89T|O<xMu3q
z?$G(VfrVu@i*iXc)r8)2mtv{{r&1u+{CP^$&eR1iIjCsCu2!h&2ge*V*SvyvJCouC
zWJG4XoHrC0Ng!vU^F<b%V|DacF(^*!e#@5?PZgPE*UfiWJx*^yCPZ1ZW-R<>d#4DB
zn0p^On)I)_F>2h#?<}J#`9E=k{xkhLFJh!Za+15OS$~H6rg3`Kx2?i(Q(x_livAxb
z=JSE;dwEf;XV<L|OI;o$R7M#Kfsq{dREEmMdra%D`rRFW+y}6yf3V(+{D}{!qYdm2
z5~JT26wodrRtWmyUsZXC*W6{x?7Con;<dU8_f=nY>_H(Qao+ju0_>?TACCE#g^)Xn
zM|R4*4ucIqy?!~ZT0y*ap5Rs`U9964o@nwkpq~8ena~D26KqGZX;@!2ezioMhRGYr
zI81KnRDS{1^h-t?l800vy>9m;Ryc=qYh60x3n~E2T`kK|?jEZoipqI(6RK>kr5t^9
z;8eP|dDZ?nO_J$thuH38N6yG-GhVDrDVkI%=0mRP;Tc38FzdYdXF%mmC|YE$Vn~*y
z#~)tpIfUHQAIQc#8RY)FigBjz=?Mg04Nn;eRO1mVeVhm+pHY0r2T{;T5p$O3*herd
z8aNKeK>0OVOCx>0<e2lHfRT;Xv9THxJ^B&*S1B)cBV8Bl^-nsKiMJ0*f}Hn1T5!n_
z9k6DCS{TfT1V0$~Z@NiLdLAHA2K80=d&1jXg!t<a07J%I&1cWeu6w6$XPM%of-3T;
zEvDrA_KeZIkn?{N=wxzow2iVOfZRN_qr@umpd==qC1P1Xhy&hrxb>Z$&*K$n1(G^U
z+z3691aKn$&7@H_Ia*M=I9{Y|^SPEWG^7M9{s72fT8H{L*NNin{Qlh-u+uFrD;L^!
zGWZ|Py_t2+9Y6*HU6j$$@`Fx@6M7G(GA%mLygWp9t}m}6_up3LfU15Sbt|H04xA(n
z+H(1ywt=UemRHWnZn%9Rx(zjpOjyOU{C|@+9N7_u=ZQZ!GM+4X8j`s?Uk-2l;4|mf
zH#oa@&(|2qFgNzIoG>II53$GM9cr#&_!)dT1|NyjW!1LO?iV6V{#j@4-28u3cHYr&
zZG9gXHzAd1i7w&MB03qO%oA-S7~F{<F-D6)M6?)P5+x!^TtW08W<+mS8A9|j#$fbb
z!YE-d%IME=lid5P_kI6)*P3<yI{U1BW}mh9KHu->{Jw^rQ_mY~JUeB&3p2^jVa_00
z?KM=YXk-EcVq-qZ)o@r|Eqn0gbilKN6eM(KZXNAUf~Wi=X~bW}oIob~MQ6PsNuP)h
zLKwkjktH4FGw*$m_rYIbvgQW+D||=cZ@ZK(Jj46rcE;s|^d>lfH_}G%p0C+4pogZB
zQtMe{ZF5u(no2#%DHVQ``8w#L2#pNS&32Nsw=PKw4nQvIE*&K3{th|HQ~8bjlQ3zo
z4c2fT(5Xfss08Z4iWe>D7!9xWJD=rNA;zG*c5RWBH~bunkmnosQ$t>s$mA4c<O{`V
zP0O|}PC`rzL(OufVvjb;<9#5}KG0wd>nt}Pqj<^9+L`r*y`yeW(Z%ncRW&lW<{CKt
z=$mFd6J1{5l&qOtgPfOBXKPjISd!AiyVqBG&kd+34HZCTA&Z`>o3nVjxYw^_OuD*4
znOfXn@uHuoTvJ}s0Rxi6Hf4eZyqX-p+BrJD+4kuRc1gq$QmM=lpkDNydl%*PIPUGy
zo#G|`tE;FI(Y2k9J!h|V+u+=o&gJV=KxX2~@kxD6xiBH;O48ohE+9{p_9RF};YE?g
zuO<bT@jVk;^|Schu4)-a;`naQtsM}OUFA)8IEQQ^qvE&AeN7`r>un9?2-YB&C(rtQ
zcKjQ<zUIX4p`mOZJtuobKSm81ne)qo_<z?}1w+T5*x7yE@gMSzz8IN&lEN3nQny%5
zbK#1_R|L71XYg>HZZgX+u{^_rboM50Z4_MY-(_WOaNpdey{dApS4`Tq@5AO1I;_Lu
zwvcwjD)5<!;C8Ca2zcp3f-EuvJK_`aehn0`(JpMAZsxPK^*q}I5xJDe`4l8#E(}f1
z%VY~FmL9W`AI;7Du93%Lq%~;yC;-G-!a9`X69W{v%FOK%ga8vkEK1Xh`)yo*29`fv
zfETg5bXVbUAG`q@l8O<6{?TQptnvk<u(dOgR4@qr-h4GV0%cnvw+%??;8Z{cV~Yjv
zyWp&t-BCo>XEBvQFdNV<BUG0U+2Z&&rCJtFASk>BM2DMipvUl1d?mh2<&{l7Dm5Q8
zBxdPcnVq3@^|{K{StLiIxvD8BQpzG}#<Be~A*5LGJD_ha3>G3r(0WPeRXkp=4TsYt
zs|K@6SzOkN<X(Au@sR<3f!Ba)1ND;g&=t`QB%T<ySS2_#*|kFtiQXu9XcWjuGET3_
zVZg;pHa>b*6W-hVJ2<v$R_nod86q;H=CEs2;iw6=Hlb81f3bNS_;TpY7tBg7z=Kr+
zA#-3A@tv^?lCWsh-e-h<_2E3@@oOa~dnL7M@BVuixl|j#4iP>_6k%g{roHm^=7mIK
zgPX`1Eh~5}_%?Z_%;cyJd~^jM5oA_SQ}wTB^g$CZ*I9&SLLQL^T<I;%Q4`+kx0MOg
z!tsCV4kv-hviY)mDefH=QnR0h`wkZaRN^Ekafy45>`A!pbafZ%^lJ=Wob{w;)BmM1
z9OZxipDF_jhV@k=eXzlYN2lc2GPASKJ|pDUj|Jng{N#h?>+k!8iX9E5uMiLsfWiD7
zOH!rw8biN!Uspf8e~ZC*om<H^FLca^ibJgGMJ3lB?L84Ot!4(;1Ca^OmB*K=ZPwM8
zTw_Lb1F}31NA6;%5MErIM2~%|)9LjN9YQOR;pjVgMJp2U8~=QAkU1a~0mSvu?ek1M
zk87Nkf}RbX+cv4T{WDA}o*XfVz|ekB+c`ubpB!}k4g_^xMI6D7+kCn_0M6-C^LiJ|
zLk|Nox=rnTy_S6BKK^HUHt;5{!g-#SB}B`|`Ti*S5rC*Vssbb5lBm|!p?3`oj<kdE
zEG-XOH2?A31Y1U{V|?oqK+cqm`X=uM4@&2uf+y}wumYv0+1M})k=s?#FwQjn2(1kJ
zJ1tE0e%nf48CUKw!OJ}40c2>ky6oTU^IAMgoSHT@6_X<+giwQSI?5a+j}>c1WBX_g
zPlOI?rZ`cFWXFevzl4S)jd&JJyA3m&;3X`T=~_c+@q?g6Z(pfGW<E*Bgbtjj=cMZF
zYihkI$$D(4OLBqIi<6ul;3{k#CL!`#GqoZbU{T<V{RHmgtr+QjJjlTOK_YLnyR)3z
z<RPPj>|@jz_1x`ORq3LY-?|qeAB&5xt8B$NzmI9vwVuB~zz{!Po|nZW&?>gAF$n-8
zB0C!X5GasuN?Gib&1E=`Jg-ZSx#+ejU&=5NxV1q_B0I?U{*_U8f^QT{-x7gVJzOa-
zpTB>xIFasOVh+(<g<5xD9636;qA4Q3uQKvXTqhzBo1^7Rou(II+S%^4dup1GUfD3c
zS1a?l@5B01z=r*#`ti#^;*l@oQVE+_UsOXR%vI@OWvD>#Z*&az^s};xzKNOoACn$A
z11Ofm9I%IQ@oni3o-NJsJ(87;h=~F}Oyd}Tr|_+Blp=xEy{h24X!uSh4SX<}UrClk
zWsQq+rc`=d;6Gz&o?O1%aD2jDj&H5hh4G(7M9j_rX_L?Ib^cA5yt`C;&(^1CA!ayK
zm?c!c<%@A^6X%yhPcsCXVB}Gya*%BekVk`FSJN%oM?<=5@3s7;x->4ByDPdZY0C>n
zhxS{;d(Pi9lj3WH=zYzWX6erTNHgt>qX5Z=-%UO!01!OTWFf)53JK-uXA=}*vK%o$
zyl!al7ZEcJ9DY_4RMN`~4*K<kg!I4`N(4@LnH4~;Ir-m#hdM?=$@TAX0NB%CS3T)V
zxzc|JT(A6Z80Lq715jA2Kr;`!l6NB+wm&Eo_Lg}|fR_2^1o!rx<Q5i}Jop!8is~*q
zE>2P%CiBLAfAzJ>&IJ9J^WOXE7c-Z8#<ld5u+xX4J_G<o0s5y!_@uL~Yb*{AsxaS|
zjJtVoaZa$=q|B4)$eWNtojOEC1Bk7`k9#>eT|ZqXjL78mT)}D3*Y`=?O9lTy<?tmo
zh?mz1P4yyi=?3_{rMrp(^KeS%&)#9r!wXO&+=UP~b@{!Wl?eY}Kj}&-dUfyD?|ATP
z{0SN`SPWn9-?y?L3JlN4dj~Z=y$Dsehh{Z&%VJM}D3>8W3uYDw<DJ4+v|t-j<<ZXI
zOv-TS54)HTu#2+;%H~e!;`K@aVq5}wz^bQVmuH^T@$JBb@6qfS&q*%siEn%q{cF6m
zNDHnra>=oQAtv0K&CMdBqIVuYXG@H^#4hK0GbD;5Dmj@OY%|Codv6-3`rD{qfTh##
z{P3nV)&EqkasIu1xPQ;ENtIOs@3YYDCU+z|*ph$32U#A_*DxEU`pG{MS5R|aIN38S
zU~@N}ssfl(2Lcv*(~y~p004pgJNA5m8?K+MRmvpJ9<;RN{hpOAv!vuao6++j>tg|F
z+c9WcM;P^b^_9=}S;F29Sk?W;Ffi+^5YAHPlC%2kf{CO~{7nbJ7ouT6oG!!m`0+J>
zfcg1QWIpK?G}c%I`QNZIJtHD6);#j(vH{#YBvxlW9gXc}oL<Ldk*2%Yz>vG0T<K%n
z3YYrz8ZSX1bA1Ss|ES(zZW5Q^r^ypHE%tJ_M#hJ7@~NljGVDJKeVGjA7;9h7EuR87
z3ze%Qh%BND%)`E(sY4f#neGR<YFfAc2+M7?+{%fq)me@nwon}NI)mF7%49_2uI34&
zR>KL0EiEk%rp^4KEmY`m<Ob<9UGNXp6OgKvv7Z$1%ka>)rp(JYzKFfV^Fc{0CTX3`
zZe)p8dbjwGwdsb9kAq94N~wm*we#C}=4{qTg7PlAQ{|RZO4u?w^LK-}`S~2K{Pgte
z;tL{83p)S_YrXlwWodru{jkbTD%uKnPA>A}(PE2|yMs7I5pc8bw_(c?7$^ea0c+`q
z?$7l%F9a_F8$1=BZ3qcIc8~hl6`(NhVKfySyvNQ7??Liii0=s0Bh$p~L&oD=BQqJ&
zctw8{@r5FMFm|@)twduuCbgSlu?vSkhF-Px=JQ+gzs-x|V<pQXJb6#B-9wS@74xMh
z=Eq+@_ovuo1wHf(HQVme9|Ak-6I1K#-G!2S(8Jp|F!EO0Lx>qdJIh+8=KfSQA2~#^
zUvm1RC}gUXn)lc3H-<zt0YT4SQR`FMvwi_pVk$GOJ)OX+-4~_is7`S7r<4(m91Xjj
zw6%Y)lztkiEEJ=+q8f$uz&muN?U-V@LFNJQT*GeNu?6v9x!|Wjr134<k!kexYBx)>
zIF+_RsDq+@*szYILN091x#$3y7El~;nkfTvjW;Tbu+^3sbyq)d0tja=vfY}GdhzpP
zlaQV-i>@=9rEG47hTyY$TM-HyT*#Skld4hDh(kfE;B(wkN7r;GDGIuy6e-;aYsT=A
z=llaU`2cvPG#!XFHu`8Q<Jz}SR^-SS`M|aBU51!K&JIg}r2sMs8``ZI4}bHQA?0u>
z*dB<)M&p8Gw4yj>_sfE5B}^hC#BaGD4C=Q4D^N}*`i@INdr6j#l*icVW4p%6&+Qoh
z{fpv_08RatZ2fb34Jm#MOb+gky;Sari5bF;LJrKo6k*e^=5R5el?PpaAFK8>o0$!t
z6)G>!&+$YpPx|F9TiSGyp|FJ!#S9#KLMBf*U~fQJt6r^45VyDBHHPY88lW7=9i5jI
zqHDXjDQ(ea1jM<|rK!yjTL)~u+TDUzkuttb+BF-!ogNS)C98&}b~{JMZqX8_`z0!7
zl~WW<0@0g?`|(^yW1f!M^eBhPk&;tYJ$NJaCBCa`(OK??tpF(gJn<63Ks7*?8w%|W
zbFn5h8K)zP=@cEVyiAN}pSB+Y`Th$XQupF>kNUeLk+0Eybs?IuWNR}ZgIe-zTI{!M
zOcJNhTo&mh>OG5ARKaNL+icW;J;t51IdJMX`m9+S3I9G`K$cMe*Ud1Sp$_p&t&5Fj
zd2QmMO+9*`r&OR8jJ>>T$6~(Iolk(NI6zY3AY@e+lVlRE5<qTYPC^$^U1#DQ%yoA*
zVRaLh+^Jk?$meq=#%AC4%X9^u3LO)+JW2VWp(nP#);GKO|9WRrt0ivF4I|Sa(sY(n
zUoF`u3MIpqX0*dX%&+)g&TS;{Gv#ckdvmMK*!cb~&m~YIG#gZpv~rFF@!LDzHdBnh
z!1~m#sb8ublr<MS<kMmIGrYYKSb3_ViPljnbkz(DneO#mANJdQ0I&AWjpX2Srjv~?
zi|LC{i-GL>?azt{$argumD9=<+x{%*M>J5B|MB>+knS&gXh`DZQrF(bi?_C>`G@?`
z>)Hnrx~wmEU5T^4et$Js#UtreUHlQJ;kW6b>yxsUSdPk_9A+rtkQh-hO!=r4-}(<Q
z3x9YL<ZNU0bGgq%_RgWV{@w+#EAjq6HW7!%+si|zUtSB#SU?D{NK5yRb^Der-F0lD
z4L{9v+EhcM_9d~g%@w+BPJfk#=EZ80C=CtG_!}5-#Ij(3qdTbYVd;D3sKM@nW4VA-
zD`mb}74s2FOhT~<AHVTFwKHzz40_4Cy49)L{sPSl`%o&a^<e?iW(_PEXialh6RJ_5
HX7TDjG#JuX


From ec1f69a5e88590c7a807e01160f09af0ef90f7de Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 3 May 2021 00:46:02 +0530
Subject: [PATCH 06/92] Updated

---
 windows/client-management/mdm/applocker-csp.md                | 4 ++--
 .../mdm/certificate-authentication-device-enrollment.md       | 2 +-
 windows/client-management/mdm/devdetail-ddf-file.md           | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index e84a683f15..aa3be14837 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -265,13 +265,13 @@ Supported operations are Get, Add, Delete, and Replace.
 ## <a href="" id="productname"></a>Find publisher and product name of apps
 
 
-You can pair a Windows Phone (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. This procedure describes pairing your phone to your desktop using WiFi.
+You can pair a Windows (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. This procedure describes pairing your phone to your desktop using WiFi.
 
 If this procedure does not work for you, try the other methods for pairing described in [Device Portal for Mobile](/windows/uwp/debug-test-perf/device-portal-mobile).
 
 **To find Publisher and PackageFullName for apps installed on Windows 10 Mobile**
 
-1.  On your Windows Phone, go to **Settings**. Choose **Update & security**. Then choose **For developers**.
+1.  On your Windows, go to **Settings**. Choose **Update & security**. Then choose **For developers**.
 2.  Choose **Developer mode**.
 3.  Turn on **Device discovery**.
 4.  Turn on **Device Portal** and keep **AuthenticationOn**.
diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index 028007ccce..6288b39f91 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -61,7 +61,7 @@ Cache-Control: no-cache
             <OSEdition>101</OSEdition> <!--New in Windows 10-->
             <OSVersion>10.0.0.0</OSVersion> <!--New in Windows 10-->
             <RequestVersion>3.0</RequestVersion> <!--Updated in Windows 10-->
-               <DeviceType>WindowsPhone</DeviceType> <!--Legacy in Windows 10 for Windows Phone/Handheld-->
+               <DeviceType>WindowsPhone</DeviceType> <!--Legacy in Windows 10 for Windows/Handheld-->
             <ApplicationVersion>10.0.0.0</ApplicationVersion>
             <AuthPolicies>Certificate</AuthPolicies> <!--New in Windows 10-->
          </request> 
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 25be11c21b..2212dac63f 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -196,7 +196,7 @@ The XML below is the current version for this CSP.
         <AccessType>
           <Get />
         </AccessType>
-        <Description>Returns the Windows Phone OS software version.</Description>
+        <Description>Returns the Windows OS software version.</Description>
         <DFFormat>
           <chr />
         </DFFormat>

From aa2b2bb21c6282298361130c8960ea6c283a9099 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 3 May 2021 14:31:48 -0700
Subject: [PATCH 07/92] Creating Test TOC

This is a test to see how the landing page will look without having changed the original landing page.
---
 .../TOC2.yml                                  | 113 ++++++++++++++++++
 1 file changed, 113 insertions(+)
 create mode 100644 windows/security/threat-protection/windows-defender-application-control/TOC2.yml

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
new file mode 100644
index 0000000000..cbd308449b
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
@@ -0,0 +1,113 @@
+  
+### WDAC:Landing
+title: Application Control for Windows
+metadata:
+  title: Application Control for Windows
+  description: Landing page for Windows Defender Application Control
+# services: service
+# ms.service: microsoft-WDAC-AppLocker
+# ms.subservice: Application-Control
+# ms.topic: landing-page
+# author: Kim Klein
+# ms.author: Jordan Geurten 
+# manager: Jeffrey Sutherland
+# ms.update: 04/30/2021
+# linkListType: overview | how-to-guide | tutorial | video
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card
+  - title: Learn about Application Control
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is WDAC (WDAC Overview)?
+            url:  wdac-and-applocker-overview.md
+          - text: What is AppLocker?
+            url:  applocker\applocker-overview.md
+          - text: WDAC and AppLocker feature availability
+            url:  feature-availability.md  
+  # Card
+  - title: Learn about the Design Guide
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Using code signing to simplify application control
+            url:  use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+          - text: Merging Policies
+            url:  wdac-wizard-merging-policies.md
+          - text: Recommended blocks 
+            url:  microsoft-recommended-block-rules.md #there are block rules and driver block rules, which link?
+          - text: Example policies
+            url:  example-wdac-base-policies.md
+          - text: LOB Win32 apps on S Mode
+            url:  LOB-win32-apps-on-s.md
+      - linkListType: how-to-guide
+        links:
+          - text: Create a WDAC policy for a lightly managed device
+            url:  cardreate-wdac-policy-for-lightly-managed-devices.md
+          - text: Create a WDAC policy for a fully managed device
+            url:  create-wdac-policy-for-fully-managed-devices.md
+          - text: Create a WDAC policy for a fixed-workload
+            url:  create-initial-default-policy.md
+		  - text: Using catalog files
+            url:  deploy-catalog-files-to-support-windows-defender-application-control.md
+		  - text: WDAC Wizard tool
+            url:  wdac-wizard.md
+	  - linkListType: Tutorial (videos)
+        links:
+          - text: Using the WDAC Wizard
+            url:  video md
+          - text: Specifying custom values
+            url:  video md
+  # Card
+  - title: Learn about Policy Configuration
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Understanding policy rules
+            url:  
+		  - text: Understanding File rules
+            url:  
+      - linkListType: how-to-guide (written)
+        links:
+          - text: Allow managed installer and configure managed installer rules
+            url:  use-windows-defender-application-control-with-managed-installer.md
+          - text: Allow reputable apps with ISG
+            url:  use-windows-defender-application-control-with-intelligent-security-graph.md
+  # Card
+  - title: Learn how to deploy WDAC Policies
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Signed policies
+            url:  use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+		  - text: Audit and enforce policies
+            url:  audit-windows-defender-application-control-policies.md #(merge with enforce-windows-defender-application-control-policies.md)
+		  - text: Disabling WDAC policies
+            url:  disable-windows-defender-application-control-policies.md
+      - linkListType: tutorial
+        links:
+          - text: Deployment with MDM
+            url:  deploy-windows-defender-application-control-policies-using-intune.md
+          - text: Deployment with MEMCM
+            url:  deployment/deploy-wdac-policies-with-memcm.md
+          - text: Deployment with script and refresh policy
+            url:  deployment/deploy-wdac-policies-with-script.md
+  # Card
+  - title: Learn how to monitor and reiterate WDAC Policies (operational)
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Event logs (tags, IDs) 
+            url:  event-id-explanations.md #(merge with event-tag-explanations.md)
+          - text: Advanced hunting
+            url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as below
+      - linkListType: how-to-guide
+        links:
+          - text: Querying using advanced hunting
+            url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as above
+      - linkListType: tutorial
+        links:
+          - text: Creating a policy from event logs
+            url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as above
\ No newline at end of file

From f01cc02d6f2565a7eb2977790f1ce32a0023bcae Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 5 May 2021 13:38:32 +0530
Subject: [PATCH 08/92] Updated

---
 .../manage-access-to-private-store.md               |  1 -
 windows/client-management/mdm/bitlocker-csp.md      |  1 -
 .../client-management/windows-10-mobile-and-mdm.md  |  4 +---
 .../upgrade/windows-10-edition-upgrades.md          |  3 +--
 .../deployment/upgrade/windows-10-upgrade-paths.md  | 13 +------------
 5 files changed, 3 insertions(+), 19 deletions(-)

diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md
index 7715068772..101a3006be 100644
--- a/store-for-business/manage-access-to-private-store.md
+++ b/store-for-business/manage-access-to-private-store.md
@@ -40,7 +40,6 @@ Organizations using an MDM to manage apps can use a policy to show only the priv
 - Enterprise
 - Education
 - Mobile
-- Mobile Enterprise
 
 For more information on configuring an MDM provider, see [Configure an MDM provider](./configure-mdm-provider-microsoft-store-for-business.md). 
 
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 2864971440..823611c02a 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -64,7 +64,6 @@ Allows the administrator to require storage card encryption on the device. This
     <th>Enterprise</th>
     <th>Education</th>
     <th>Mobile</th>
-    <th>Mobile Enterprise</th>
 </tr>
 <tr>
     <td><img src="images/crossmark.png" alt="cross mark" /></td>
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
index eb784753c2..7deb34d682 100644
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@@ -531,7 +531,7 @@ To distribute an app offline (organization-managed), the app must be downloaded
 
 To install acquired Microsoft Store or LOB apps offline on a Windows 10 Mobile device, IT administrators can use an MDM system. The MDM system distributes the app packages that you downloaded from Microsoft Store (also called sideloading) to Windows 10 Mobile devices. Support for offline app distribution depends on the MDM system you are using, so consult your MDM vendor documentation for details. You can fully automate the app deployment process so that no user intervention is required.
 
-Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 Mobile Enterprise edition.
+Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 edition.
 
 For more information, see [Microsoft Store for Business](/microsoft-store/index).
 
@@ -786,14 +786,12 @@ Update availability depends on what servicing option you choose for the device.
 <td align="left">Immediately after the Feature Update is published to Windows Update by Microsoft</td>
 <td align="left">Microsoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer)</td>
 <td align="left">Makes new features available to users as soon as possible</td>
-<td align="left">Mobile &amp; Mobile Enterprise</td>
 </tr>
 <tr class="even">
 <td align="left"><strong>Current Branch for Business (CBB)</strong></td>
 <td align="left">A minimum of four months after the corresponding Feature Update is first published to Windows Update by Microsoft</td>
 <td align="left">A minimum of four months, though it potentially can be longerNo</td>
 <td align="left">Provides additional time to test new feature before deployment</td>
-<td align="left">Mobile Enterprise only</td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 71af1da585..4dc8588285 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -39,7 +39,7 @@ X = unsupported <BR>
 &#x2714; (green) = supported; reboot required<BR>
 &#x2714; (blue) = supported; no reboot required
 
-|Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
+|Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile |
 |-------|-----------|-----------------|----------------|-----------------|----------------|--------|
 | Using mobile device management (MDM) |![unsupported](../images/x_blk.png) |![supported](../images/check_grn.png) |![supported](../images/check_grn.png) |![supported](../images/check_blu.png) |![supported](../images/check_grn.png) |![supported](../images/check_blu.png) |
 | Using a provisioning package |![unsupported](../images/x_blk.png) |![supported](../images/check_grn.png) |![supported](../images/check_grn.png) |![supported](../images/check_grn.png) |![supported](../images/check_grn.png) |![supported](../images/check_blu.png) |
@@ -63,7 +63,6 @@ X = unsupported <BR>
 | **Pro for Workstations > Enterprise** | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) <br>(1703 - PC)<br>(1709 - MSfB) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) |
 | **Pro Education > Education** | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) <br>(MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) |
 | **Enterprise > Education** | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) <br>(MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) |
-| **Mobile > Mobile Enterprise** | ![supported, no reboot](../images/check_blu.png) |![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) |
 
 > [!NOTE]
 > - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 57994ce79b..816a17268d 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -50,7 +50,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>Windows 10 Education</td>
         <td>Windows 10 Enterprise</td>
         <td>Windows 10 Mobile</td>
-        <td>Windows 10 Mobile Enterprise</td>
     </tr>
     <tr>
         <td rowspan="7" nowrap="nowrap">Windows 7</td>
@@ -261,17 +260,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td>✔</td>
     </tr>
-    <tr>
-        <td>Mobile Enterprise</td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td>D</td>
-        <td></td>
-    </tr>
-</table>
+   </table>
 
 
 ## Related Topics

From 42d9f0e25c7f5d01a38873d006ac34651fd0dc3f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 5 May 2021 14:09:17 +0530
Subject: [PATCH 09/92] Updated

---
 ...ficate-authentication-device-enrollment.md |  3 +-
 .../mdm/devdetail-ddf-file.md                 | 21 --------
 .../client-management/mdm/supl-ddf-file.md    | 49 +------------------
 .../mdm/w4-application-csp.md                 |  9 ----
 .../windows-10-mobile-and-mdm.md              |  8 +--
 5 files changed, 6 insertions(+), 84 deletions(-)

diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index 6288b39f91..139413ac41 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -60,8 +60,7 @@ Cache-Control: no-cache
             <EmailAddress>user@contoso.com</EmailAddress>
             <OSEdition>101</OSEdition> <!--New in Windows 10-->
             <OSVersion>10.0.0.0</OSVersion> <!--New in Windows 10-->
-            <RequestVersion>3.0</RequestVersion> <!--Updated in Windows 10-->
-               <DeviceType>WindowsPhone</DeviceType> <!--Legacy in Windows 10 for Windows/Handheld-->
+            <RequestVersion>3.0</RequestVersion> <!--Updated in Windows 10-->   
             <ApplicationVersion>10.0.0.0</ApplicationVersion>
             <AuthPolicies>Certificate</AuthPolicies> <!--New in Windows 10-->
          </request> 
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 2212dac63f..de26ad8620 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -190,27 +190,6 @@ The XML below is the current version for this CSP.
         </DFType>
       </DFProperties>
     </Node>
-    <Node>
-      <NodeName>SwV</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Get />
-        </AccessType>
-        <Description>Returns the Windows OS software version.</Description>
-        <DFFormat>
-          <chr />
-        </DFFormat>
-        <Occurrence>
-          <One />
-        </Occurrence>
-        <Scope>
-          <Permanent />
-        </Scope>
-        <DFType>
-          <MIME>text/plain</MIME>
-        </DFType>
-      </DFProperties>
-    </Node>
     <Node>
       <NodeName>HwV</NodeName>
       <DFProperties>
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 2c1db8dd46..1e1ddffd22 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -216,30 +216,6 @@ The XML below is the DDF for the current version for this CSP.
                   </DFType>
                 </DFProperties>
               </Node>
-              <Node>
-                <NodeName>HighAccPositioningMethod</NodeName>
-                <DFProperties>
-                  <AccessType>
-                    <Get />
-                    <Replace />
-                  </AccessType>
-                  <DefaultValue>0</DefaultValue>
-                  <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator's network or location services. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
-                  <DFFormat>
-                    <int />
-                  </DFFormat>
-                  <Occurrence>
-                    <One />
-                  </Occurrence>
-                  <Scope>
-                    <Permanent />
-                  </Scope>
-                  <DFType>
-                    <MIME>text/plain</MIME>
-                  </DFType>
-                </DFProperties>
-              </Node>
-              <Node>
                 <NodeName>LocMasterSwitchDependencyNII</NodeName>
                 <DFProperties>
                   <AccessType>
@@ -765,33 +741,10 @@ The XML below is the DDF for the current version for this CSP.
               </DFType>
             </DFProperties>
           </Node>
-          <Node>
-            <NodeName>PositioningMethod_MR</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Replace />
-              </AccessType>
-              <DefaultValue>0</DefaultValue>
-              <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator's network or location services. The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <One />
-              </Occurrence>
-              <Scope>
-                <Permanent />
-              </Scope>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
           <Node>
             <NodeName>LocMasterSwitchDependencyNII</NodeName>
             <DFProperties>
-              <AccessType>
+              <AccessType>-
                 <Get />
                 <Replace />
               </AccessType>
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index 51a1739756..d6b9110b32 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -67,15 +67,6 @@ Required. Specifies the address of the MMS application server, as a string. The
 <a href="" id="ms"></a>**MS**
 Optional. The maximum authorized size, in KB, for multimedia content. This parameter takes a numeric value in string format. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized.
 
-## Remarks
-
-
-Windows Phone MMS does not support user–selectable profiles. While multiple MMS profiles can be provisioned and saved simultaneously, only the last received profile is active.
-
-If provisioning XML is received for a profile with an existing name, the values in that profile will be overwritten with the new values.
-
-For more information about the parameters used by the w4 APPLICATION configuration service provider and how they are used, see the OMA MMS Conformance Document (OMA-TS-MMS-CONF-V1\_3-20051027-C) available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
-
 ## Related topics
 
 
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
index 7deb34d682..608f2041b2 100644
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@@ -800,11 +800,11 @@ Update availability depends on what servicing option you choose for the device.
 
 *Applies to: Corporate devices*
 
-While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 Mobile Enterprise edition.
+While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 edition.
 
-Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to:
--   **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
--   **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required.
+Upgrading to Windows 10 edition provides additional device and app management capabilities for organizations that want to:
+-   **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
+-   **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 is required.
 -   **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered.
 
 To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).

From 722f7ee58d424e1ab7068d71d9d1bca4b93a9a8a Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 5 May 2021 16:27:20 -0700
Subject: [PATCH 10/92] Update TOC2.yml

Made a small update.
---
 .../windows-defender-application-control/TOC2.yml             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
index cbd308449b..e8a04d9f6b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
@@ -27,7 +27,7 @@ landingContent:
             url:  applocker\applocker-overview.md
           - text: WDAC and AppLocker feature availability
             url:  feature-availability.md  
-  # Card
+  # Card               
   - title: Learn about the Design Guide
     linkLists:
       - linkListType: overview
@@ -37,7 +37,7 @@ landingContent:
           - text: Merging Policies
             url:  wdac-wizard-merging-policies.md
           - text: Recommended blocks 
-            url:  microsoft-recommended-block-rules.md #there are block rules and driver block rules, which link?
+            url:  microsoft-recommended-block-rules.md #there are block rules and driver block rules, which link? Add both, actually.
           - text: Example policies
             url:  example-wdac-base-policies.md
           - text: LOB Win32 apps on S Mode

From ea054485c9ab036d8c4a4ed50059df86470afe3e Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 6 May 2021 23:10:54 +0530
Subject: [PATCH 11/92] Delete configmgr-assets.png

---
 windows/deployment/images/configmgr-assets.png | Bin 139547 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 windows/deployment/images/configmgr-assets.png

diff --git a/windows/deployment/images/configmgr-assets.png b/windows/deployment/images/configmgr-assets.png
deleted file mode 100644
index ac315148c5f7fa276cb84521b26d1332adcb144c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 139547
zcmZs?byQnH*Ed=(6f5pfG^Mx{hqOS82MV;fmqH3jfDjzgqQ%`MMGB?3I}|Avthl=-
zI0Pr$KF@pKb=UpY_s3at=B%^U?3ww^o-Mx}q770edBX7I&Ye3Xswzr4ckbNJzjNnq
z0KubwU-}w9wEb)D!gZ7t?vxBNZU5^$uzjuh`p%v5D57i2hyVJ7jw*)mJ9j8t{`1^j
z_{8dd=g#d9Ri)Q@?q)lt55F*vkK;32aRX3UMmP2cB%Ey-><>e$3<7J$5=QV<KMWFd
zU_20Txz2O5+`7hx-|i4PX-({2Tn)MH&3PP~xhlrLO4;9?_S(eMi@^6K&IUCsE{@hc
z2->rr`nAdW-DNp6zjM(fJkIsKP4>C`;O2nv?c;O!2;sLts7Kyr?vJb^DdkRqLGDPr
zTf2KqlKEh7NAGJ<g3$LG(kV!W5rd{~xqP)Vi)RMkR#TPQpa_Xe-G1`hv2m)2WELML
z>IVx|OjNSe51S#<U29r5=Kv?VzFy5r5oPWY36fG{r|n`>jSI9YrQ~!$;3qcb0tAL9
zc2F8B?|pu-+!0L1`k$Bb`%j;?=M?#`ad74h%YD_Meke!cwA^a;{rXP;=ijV|?$<2I
z4>Y|GdqSSyt=SfKECAo|ZM|hTws?1awx^vzEO*?_<T2-|Irzfn-V}#Xa+NVDObBKK
zeL&W<Oc-Tad=0QP&<m9Ces^akVjNd1q^TBWJ<|0h(0#+q{~FE^{w^S&5y_~j3D<r0
z^wa+TC)Ym#qnQ1F&$}%aQ*kB`vBwiVOP_rC+LL~?g40s;b4~&8FVF9>=yg56_6fhX
z?=zM4MKj}?23lYC3>!9|k_MAM3FInSdxn%^%k&5p(of}nPac=0sx_Bl_KcHQZKaN=
zUZcG*(r<fs7|FiU=6Eu~(TLgl8kZ#e@XZ6QNoAa}sNm(=F`xMzw)`fkzj9C4FqIu$
z^G$?l0=Ms&fP~hHLUpSz*qFE+#GJ;{|HN@eg$FZ9y>13iH_?B%%`NlH4Rlp!+g^Wj
z8(pPphW>sT91tMFzd-y{^r_=a(7^itF8_b`L54sLWIK==IH(;F-2-Lg*j@Qm)x{<j
z^f(35%*o53iNtW+RZ*&(E_yl`ttKA#nmdg=n`2G0hm-Ir7suXocmRhKi82!f)?s&i
z&MsM24AI>$x$LK4N3Y*u%$9|Fl*hC8i7Uyn^ZS4>{m-W+-vs6CY9lfB_pr!_=WNVC
zyun0zyda+qQLtf2QM^RHO@1VIB=y(M^-?>qPP=1ag>c4YqMxKNXL5OpiRQfHeG$SR
zY$+6G8vHVGx{m=h$*Hj{qD@_5+%T%>E%gO4juFza44dIg>hexKtoF%wdaW+ang0WH
zOR=NIC?h^4tsbJlTxD5RZ##WwPR_veo@hNMv~f1I-iT@lffKQEyGp(;JD4q2K|^&Z
zpeiu%<YOm)+~9Lzu3ilywrslw4b{=bDbP_o4WV*2fpSiRGf)2nfj&-+!_evn``$ex
zl6Y>lvM+m*8=*z3-xb_QFmJ#2N}keE`SGv!<W)DtsHpV4SRZzdnR}Bi`H(O=K9*`^
z%%q-y$9F6PXvAgnq*jiX$ytr{M`D|7d-jXnlU^y$2BmRKVNie@0k`5hla5*(1y!qs
zd|0#!ABAEc_%VjXrKdFyfJ^%uI3}C@S``Mj7<)Hm`)PjsBdfeCh1FrQ_3?kOJ>Wn1
zSds>V676~-S%Q0leNWH=c3>|U_=;K4w1yvzKmSAD2q$>F5!BS(EO}028HcNuD^Hkq
zDDX`;goujAbWZ$eVRm`(Mm1LESullzO|M&%Rod5xgsGl&pRCQiF-LD#zsw(o4QnSg
z`AJgVLk@>)A7;NlRSylE&O<|roKv{ZEDg+R)5DSullbBd2veR=o9}pgOSVzl{F9T$
z+Y0kf$l`~ait^q~=1)VEn2mW{@8mpJb?$~I7Ngq$`NlyD<NrHIzbGBmJ+>AF^_X7U
z=t1s3iEp1Jlb;o74-{R-eK``K+|RRdHgQr9GdI&$t#9bI74EPS<UIxi{Qp3)Y<;{m
zJ<)j2kS+b%N<|$`RF^M7M~tn^=KP+bp{D;^MOL>!tPjl_5S#i&7YZNvR9`HSYiw$N
zrKjGv!p1q-9n6UTRS=ayf?OZ_r`(K*{-;e-;Ola$aA=yVi$Qn2c75Wh-*Gri=$ZIw
zyCnT6qPQW-tjEqvnIa=Y%B5<3cqU$P^zy+(3ACf3nx9?MpxLwe956hepztDvoPzQ7
zoBF3C-UQ6d^9ly47C!%7ql~DJ?AufSQK|nnmQwdWO4WUTxg>qz`rLW#qRCF^+r=>r
zJ4=DmXoFY~N$FpS`VV>^wkOQhxN9FxD?M1JPI%GgNR_2RRqhVR^g4REBjQ1<vklVw
zkSH^KeqOfHY$V0+Y535*lQSEpm547|QfRr(zUwOzjJorrUeJ5#c>KEmod~umB!x`R
z>z#@x`cS~_yEyg@G3aSfwN0fE%5tQg`qjRfOU<F-;~J>sU2BGgkYwnh+fn(pJu~c+
z{E0P#gMXdN-BgVz@Klq*=C(IM%$J*;_}<aWN;y4=i$l1cHxDi9Ykn(E7l}C&u$ZU*
zdU?2R5o^Ym?1szndWX->8UKphe`IXCu(OrN4m9@Vr4e7q>#KN2&!=`Y;w*)rfBP0l
z`3c*bS9&Sw^JP8XbXEHBdB8;Z*xkjR!AqfidiOKJ#_{nD>thS%)7+sv3q;H?w<+Gk
zg|nzJP!o0G(I)2UH}0lxfqg*}i|29WZu5p*IMAIMH!rAMKvK4cT86MOEwis@`n&R{
zTJo16^>StFwy7Ha3l5AMkmD`tw0C+N`bPRL*1k0wPY72aLps{ZB&^PuSCQ4%P0+)j
zx~Wki+^c3Wb0_tUCy45o7ScbKXdnD{Q@uLOrRH7Z{{t82_;P<!H+_kUZN7<OOtf0k
zUBU6<`>NuUucYbUqEZR6J?LfQz%JEp**W}Q6BDU^+2>4^l^C|?#%Q?qMRQQ1w5hgF
zxx;^kEpIMfNw#>O=y~t;fX~-r8khY_GeYgEG#+gVNsetZ+W0HDWQ173+S?+tUFoM3
zE$Qd1-i_&X9b9*~sm$oUr)j<Tl}fbH^mFlpjX|Q;V*?O@Z1)cjJ58zV3rUZbLdk6-
znd68*R^Pf;za{-agt4t}U%}qZr%Dt}NH8@Xs{P2XVt#kT^(h8#l`nJrvru4C))$|l
zl?8)v{X*w_Q)0)kM!dz<wd5&u%w5)^-|4b7gp`a0BaApHx)XGO-HU~^XiX<<+%EQ-
z09(^+F<N=y#I7W_(R@S<nn&^(O$fX;G~mYSh)=XRiFPeb`6w4M0j>G)r&#s*I_dhe
z&@mq{E6-<IWwqI?ZlMLS^eR&z0RQ#|)Lt%YRI4+2NT5v<BT})jEr4g3+%U|BgIPZ{
zmkF>mV^MW`wX|5_n_@dURSA}$Cmo+>p>O4BR<fb#b+@?5q$Q3~<&~{w<s}ZUs7~Qg
zWlKDI$WEq=NsMu_q*M4Re8f>~S|0mBaI~sGoiAOPlc6oGR5ols!z&f@!$WkDKTzqf
zbb@o7WTn>idT7{7SmC16Riv<lh(m^?O|=zz=hE0MDs9pft1}b9eO$fwA+)_RbGIC@
zI3hc~NC@jNxJpk#wX2FMTisyR1w5?Wi6VF{x4S*%T~U9N&yGeJ@IU2(S9|1w3YeNF
z2_R9^g7W{+YCeL>@z+Eb24h|*G{z#g3yVf4%{*FEP?{lWG*KB<MFo(}6RjGy-l6oQ
z%=Ye2kvee=Q|@Me#fn*v9bHZ@jaxO_f-DW)Gpt$hgSJ`|z7Vu>IbQ$fh`m^U0&qol
zJf6l+5d>A<17oh5;PRikh(nZp3>M#%;j~QG(?3p6LpPCoRK=8es>n3p8}!B&HuP+>
zE};fBW2k?0yfGmAsr4j169CN=_a<wvIEb?$n|I1cJpS1ngcTl=NldV@FdV$y;i<!f
zhKXr5r?7ck{Kt-qB4d?Zi+|?SLr6HlmJt6{_fcM(|0Q}&=o`*HEikucwfF)ZpbdG&
zIUG@8K#_7HU1VN+x4?u^TE_iMtnfj8O@rBr4QGTvK+Ny2URu8w9%ly0m>Y!8W*P<{
zfh}~3`8(`}eLYGqC13S@?^Gpz>`7|0pvtuCO7UuRW*fB3c~-2C>OlD(D#~8>S;?NS
z$V|aehIOmkwdGf4qH}F=mI#X~@Ij?Gh(Y>pzNAMY>6CbjJ{jXABI#uAB+z9v7fS21
zF2?7%3$BKj$zwXTmTCYCoxg*~Q-d`XSJh`~97^P^8ayQN;$)x&#IssBf$hDv2F{IU
zd_{CsK1qtxk!5Q5ZI7vh9i5j+d=!7!nk6<*?=dxDM-_zGqvM?zupuN<EsqHq!5h$#
z_@+Y&?0%z~yWPrD*6%8kv&-#KmMM67Iem^Tj<V<}`}>On;GC{^vvW4NvOt@-w6{sS
z3><2)R;g5~^$;xrWin-#AS@8pa?*GQEyk{K^P>q@OS*hghl{FfkhBrmf)I$MCbP-Y
zkpdLkbDcU-+^%dJq4;L(>H7iWcF`6IAk4F7kY80NV?7!1C*)bjv~+HU<$^cP(B$Bc
zmYs}&j?HnoXW{l*4sMA1dz*{<o})AGDGa~J<?eE-BYTO_F@aCUN#3GuElZw0PYm`s
z)&($qvETQ6a@JbGbk<x)MSF89U1ZF)rso@D@!@zW7cXNjtvi|{&@fX$U1n3&`E^@o
z^R}gl_^i1~@9Gb2E1d8{k;!rpVz%A*Q-SWK2R3m%%T6v#h^&SY8@(0|QARe{r;29=
zlp}WXu(^=Y5zqYA)%-)|3_U@BKq<ltgbEZyA?fk(<7&(x_A9?k;CIH+`jzbCgD{|3
zRP(2usJfGfE4@;@)y)Qgv!0h;XWODx%nl2Q2R~VM%w5hV{B>E3K^Wyu4?gM9c}?`+
z-n>ofw9HVGLA~Ubv1M~4f{>-|n7dYRzk1*I7nWtzmd11+!t^9c9Xpx!80M!9yqxyL
z5PmT4@;RuncRJrANxqs<ht3ok8=nHr@f^G6QOz~PWK9hUSIK6uwW!tc#eH{^c~&Gu
z%5~a?*5o3L$n-{x^{wksF5_smja6%Q%Lm#GEhIG$QJ`gYi`@FeDLkP2%_IQ;qB#_V
zI2rcl<eQBdZm`N6fvFu=yVl&y{Zkf#f>-jHDXovR23~I7!3G8->~^=@VD0xhGbC;l
zhrIF%JVO8L3`UXBigV|C1gCQ!+1W#srN;xcp9O?gFc7oo0QO#wefVHG_w#PDB=lL3
zc)U6tl$p|bCNtrjzB9*ZOm8ylR~|#XH_PJnO1{%HYe|PNAS0-2P)vH%@Zc;1W*+V!
z5J;f&lQb{d-ZX-3oGs>AU(Rdh-#eXQr=iJPY&tv~0L>ttsAR{)XPRj>X)-?>*zYqx
zHUTAzf%<bx!IG|dmdBNGl%(w%=mtYMF%o6>{;y4A^Sqq;=|$SgGYR2RamF%VX2trl
zxtY^gG)Wgu4Y03N2>)Cf`($kUg90Rf&Ju1Hpw2nXypLWFjDl2B1kuO8o87<})5Qs{
ze#;nkoT4ty;)40c!B~6D9P<I&n=<E)doT9~<x3?2xs+M|K9#@)Gj+e2-i!ZL@vY=Y
z=U3kkko7xVUt1AHg-&N@1(!J<TkGNB80of^+|5RFc}D%kQ#$TlDRk2oFQnz~RZ6Lk
zd1EW+#Sb|><hHTdydFT=fl&wsGj^crD&WAD-l)ucMXcwUk36RDn)n(-{*Ge*Dej3B
zH(fV{a-q4_HrPn#w#uF%=I6}xV3EX=<p~titnZL@&Hdds7w(v@jVy3Xc*T7q_o4<a
zv80aSEX9PPmh(>k)FC1**)MTGUz#8i#=O~cx=%BiR~APsmHnJ%jtjQHJg1U6%v-rn
z^5PIo-L&H%iE$SU1*d2^Yz}kU^PmL-m(EhA1tTT#V#M^aN<&0mz7_p5FtD`EM1zfw
zirkjR9(hefCe|50f_k1*R-|r>3NKtvuURkWay3KFesZb2$@w`j&B88wHWh5x6_xJ&
zXs_vl)u7S2KwV)AiiQmlvh0`d^NkNp6hQOifsLkdkUq)NON${JE_qIN5c4|+4~OXj
z!PTc49jC}3-05qt9qPn)qwo<ub`Ga%kb8+5-NfDbpHZ6XtDZQg&WS8)V<fb(Jo5*h
z9<^Nt6%R~8AsO_q*B-kcMI<E4LIi7}#r+<Ks(i_}k6Jw1xVY~Xju#lGqOK+aw}9@+
z6Yv+Torn3TFd00~Edt$=e{f=m`6F#%Sk?T)*8tk=8)qWT8Ha1D&~|9{Ktr&h+@oXm
znVSr4C-jlLBgFYQi^BH5!Nc#JRQ)ds%s{{iZ^KQIjp=LGS%@1~^$eaOaaY-GKzWC+
zqgJ4fs&>)6dINk_{@*yvxnmnwejwYk?}AboJM3HTl!-g_4tIKUiM20;8f2sck&nuU
z<gJCQquwRUI<ZR|NtgQ~7*iQ%UCLC^oTZgHjEt#ihdtI&7AH&6JL1O{9~EqZ(x0RZ
zum=wgKC77K%>GLCtDVQh>F`3*W$5n|>`YkFvh}cGTnk{v4r@M5FQIW-|7whnL`i*!
zLOe^j8|`K>bk$CuEO+&usSYc2y}bz>3!&BL6)!The56KR^2o<!Ly{W0xpsKg>e3+d
z%=|hbYW1-3_Q(A^(o>yGEYgjT<#wo5kF4?YkL_<BZAtQ3mK&`{;Vim>eb%@2??#PV
zKh;BRy?3jpCHKQ@w`c?~f5zD{7LOfEp<`hi<E`}?^HP>e7DMm(pnulHRgE8$;Wt0&
zPcA$<x*?Nix@|c$8khu86^H^r=}(zl`+FH84|(QhY;hJh@5n%s4j0>lHOn7fJ&BSi
zGR^X|n~8mlZHH#uEYN~PDPge&<cZt2EeB4MsKQ#}j-yd6fP}(ja>=~sRqdk5FW#dQ
zFZgLCgB!k3XES@Vy0yNCzcH~b<s0y7EhoABwrwP5-Jqvm?)H)wB#k2`rV}wi0WqM>
z_Z0M7qM!%ZnBBJGoYdO*D8z8xrypQm@{-|Et=eo5t4&Ro8l4PVPVZ5f$(%r+kVY`1
zTe^yJr3;Zq3Sl6dL&SAW5@shC>24?jgO(?LKZZ6x%4hcag7F-Nb|4tPFPucn8Y0E{
zG$*1??UjF$-P9HD6{4gKv7x)L*?B)`f7m9azCY=-Pc92DPju6iTS^PGE#U-zR2ViM
zrSxXBT(zJ&S^%)<Js7Fbp9a+GAZC0C0vw3{G=0CamJuMHL9}d(Y@rWExzvDG=7sK+
zE(Gus%`Q@_e|+<AFsVbE+szU`4$viMMM}}BzmieF&Fc~mZ<@$Msg#!6L1g``FIe8Y
z8wW*N%#TLkZkmUD^{`2sQu^D5f=#OJ_7qMS<<rUCv>E}A5@F4td`J7An)+8?Od7{f
z#@Sp^SNlSf+!2EK6Kmhp{D3SO!q8&$s@4ssna461KKff%zb4X*+!=BHx0||}D9iE!
zkQbV+yMs0<9;=~Ye!fGrb5+D)rd!t>zg}i+Fr73ln4F}U6tLMgTZ*X7ej!D%{Ne9@
zrq{2AcMkJ*7o2h>Rl;%`$f+tePtC^b5uz&SqWdyobBi$3sxYxl2ZkEz9hxbq13Ss-
z6*0X*vo2-LmWmpuoG}FfZ;zBQT5{Dao_DV{p<cUTSLS9=g8awf-698FXeo1i%`EM1
zbqE5Dw?R!-N!)d4Jyp0W>dcWJvtLlxTKy&$wDKF=QFa^uD6Zr>zF$>x11%y-yl#w=
ze;2}szRDQN2)|wM&6)LeU_8~`b#soeK+0ITg#g+wtqfqycIJ)&77H5wALDp?!rjiH
zBn`3s<xw7UK4`@Gj8y*8xW0MY-s+>}$)wCE9{}-hO^NIKz}9mwqoAZrFP+g@$fCcg
z^WMN&^Ox8Se(HP_q+ly~G3-A!KzA^+fYf`*RV$-jaFV<X1BJ4@eX2$ufs*sgbO;ww
z5=V@IKwMY6#>}MEU?JQ_;g$1D$$e|?j5o^4w4V!kJCOx!d4z1$+t4059!?2fOC1rq
zwBmf9E3!`V#{=zmm6?KV&5Q#W_dSV$H}fyg=XioK7GMBpXDRaJrR-53h3xf_)s6^)
zEJF-FjPL0l{JpNf@V)TMoIEb@SdeDKeot0ZU|$H%jzgN?P?faY2+yBh4Wq+cxFVKJ
zt%Fv-^n8t3FN@>O(3W(|DQ3C7MpHN3M8$pT^4Q~v+u$e_Xp6Y@Aa2D^2VU|`9$0oD
zcvq`T-8uwsueIi#H6&yXKDUUJ0i8EVe$6%u3OKE2)NWutM#nwj;?v1AzdcddaT~Tw
z9UQuKXU3l&vu=IVK>a0`o4;#1GXfG<?Wz;OT@pn#-hY8UJE0_79k!PLAjW2OJ^3-V
zM>>0<2;B&6c?%F4`+E3Ii>0;o(h0lR4U(a3Z8(>KHl)kmoSaSCnK~9SjC!9Bwtviw
z8wsHVtYjt8fEgWEG-6-P^L<^<jmP0S8F>#nvAk6R?)UwCYe?!C`XSz%-m8y29onv+
z-(H+mZwcCLDn*MR@!mVlx69JxRf0^*VP^3MD%6h7%FHTFk&>70;}J*4K$GC1beCvQ
zO%-YG5JhXlK_Qe`V+Ns>F*btoiMY7M0DxmP*}yCA*+|GA)n~nX`C5`sCFYL<pjjWK
zkhh~mRZ-6Dy}q|8lw>2~6UBKWtZyTkLaepqi6j>7xt$p{Q;n;moWuBPo17m8Zwt>K
zx4I<eDY9#b{JEayj%PKwRG<Hpzhz0<lc3}!FNeQ$_TFs-j=*232IivS(Z-J83P_1_
zCN&(8Ag-x3<9gKZ+vM<fmQK{NqUP?9sh4hur3)^2TgAXnP|H##=2b(SdoZ!P>Q{)H
z7v3mqL2d9S@ol;zTAxq<Xd@3r?R0s6)W*HbW}2mW-&NO5$1Ib!^>UjmVYsZBr?Xc6
zmhgHp3R!rAn_X<x=#`rdnzgA<h^bp|)w1^)@flRtTG3^dyEBR3<k3vK`8X$_dssY_
z{xi-qPaRo8BT9Pw1J6fU%Fn6mz|ocCXp^!Qx~{JvKqvQEEK$(RVy3gbd?aFhW$+#>
zgQA9|SZL^mR92((;i<IBGRd<N*~-j11+Px!$VuPcqs*g_N*p)a5N+OTZ9xbnW;6cJ
z206UvJHiVWXzMtS%$&eqpEQlD8EtjRD@f$sX0YOwj;)zzMMUJWQ4$Xa<$ZxBZfB#O
znL2fl(=?QHTY5f45IAN{L}0Z3A`^hH=Yg4&vC^38%9Y{XIQRPI2!<VvW${y%O3jfA
z*^gLoS#plU&7!N`C|_w*(pI8;^h&ujx|<E3y{1dN?Dsk3@xCI;FU*vkL}fNIm|ykt
zfP}!J1(TB~q)BOp)_~!USv$inFKDwF+G|W0uoUA3gU?1mj{7O2mVR1m4a<9UDSuj$
zKsFn$%AcfeSCS_)8qj#MNLe(Bk}QZ>Hw-n`gVrUGjfSIEQozeYt>q~F#h<+SCs&w<
zz_!Zc$(1Tm`M_i3xh{Wq$tc-an*QAT*F}acO2<_z|4paJ%RXnzpVI;O+sl7Bod9t*
z#)*iobru^xTBNC}d6`{QLGSbH^TA>o<Ka-DSuEji>2PMzI~m2`DzR#g1Q7b8pudG=
zn72TLex}#G9PZt`HL8LK>`btPbhVjS*2ks5>uoK%+HPOTy)n`98s2Z1yB)$FFe&+U
zho-|7%1;$58a0EhYx>e2YXL`bo4(9Mi|MPRX0AE~FcWGohM>;QkB%F!yjRVA151%-
z>|FLHJl1p|JOZb}&BoM8m?~W#EejU$0g<ZsrO-Ha)h|vo?R;E2Uc|@bwH=UfbYXIR
z{hyL6;9^mj-6@ENWEp(q)yhF7(8M_R)`QkGEABOjL6Y!03#VVB7OH?(O-yx|G4P9l
z9Dj1~cm&vI=L8<lC(J+bP?Z8;$tgo@3sCrXiF~Dekr<57vO<Rdc25mCK)wzhkvE;2
z@g^gv3T(?`t0A8=ICg()71SBZMU?Oj-riGYem?j|x;%&JrhF8k&~>dsy5G2ql0HnA
z$G#dRWk+3%)Vds5hY+=S8<M%=+Wc(FaOjZQhsV1>_c~(<BVe8+L-56-+ZC`HM0Pth
ztzzRZy`3)NgX9v1$=(L2yL{U>yR;ubZF^&g7KdAY#=ZO-;}eRj>6Wk5lSt*`m<^>|
zZM?<NW*A6>GZk(N4|)L4%S)=tv>X$XK3exJT=DX(CXOn~dp@Et1Z%Om1SA@s*!s*J
zY?`l}A)DLAqkN(-;BP_@o`0f{-<5(cD>QC`h(}MV=QE_s{>2AQPg(so?_3S9BO6`=
zVt4Y3uJ%o?d3W>s(>6%~r3<WBKj{kC0e2tokX(c@9>FZ{Ig>w}AzV0l>jO@iIBaW-
z7%r~a$!VbAg(%!qMXaX_j#pF7oW{~#NnJ4x@q4Yl)pJ5vNygT^%Xyn3rv9e=h+e&<
z>rnP0(!}lO{Zd9T!=$rCczywld_@L$PWVWiF57LcU?XpGhFX1$@0WVH$ZhNGwthoI
zc~(|iF8^+O+8vW(Gr(rr?&irPo~PZOeSW|0aNh{2o6q|FCf<3i7d0Z^m8Lz0vbe3C
zRB0X*X1*|#$&zqX6H@OPyQ@pYYxiIX?AIBAQ@5PoX&CyNy0K)LQ#E(m1U!i5K)gwJ
zO{2x>Ff;jVZHB_lrdO@C<cR*AHMdb2+=-SI?&uH0<i7x8<!+%k*}U|Nn_wI|?SUd=
zP^xsSG=9WQ@FlLX-DHR$mK!r5_DId=u*tBweJuwp{mZMZjA{e&gG$zXqu-Ytz$~oT
z`;ricJCn^>i@gcGd0YEOdQyxlA<2hz)6_fAn49R-Jm~f+p|#y(@mBZ|F|#G~=eKK&
z;O)qJgK^!Dr9Nj8A2XbC_eg<zRL%6AvZtB#t%;~f_-qj8P2+&%RB>xi7D+0p>b5Wd
zRRC@N3O>4QryeFk9s*Q{=Dw^{r{OMFDz)s8n|qJ_WImjDa_3Dj!iYVfPYxT}<(r`6
zIwbr5qhY*-D(^mKB0{Y2-d8eK&v)#lvegxFk4~@YTT1BYR2@IxQuVU3Sj2yOGh04+
zA}@JC*+?KYKp?d{Y+G~G)AJkk##UK|{qVUN>bNG?l%uy#Lzph6EsWQJoPH{xzh|k-
z)>t``DNul|W8p4}_e~fL|BKXT{~QbjfK$4I5FcT%g3D$(s3=4KKv{{*?@;QSvpqjR
zJ2g0<9BfC2Pj5^4p5b2<8VBq!IAIjic>IBaIZeJ+%L!-O%A@GQ)zdy6=3lB29sg8P
z)#=CrP?pXq63&%>pP@fD8sG1KSobh?J>SvlZIRP;^CeGsZQKL_^NG37A$>*}{GNJt
zp^YQvOBp3sOS~dlWZD76QN_YU%pz9zJ(v<j$wKi2<i6L8do=Ib)o}iY>(&;d!mU4s
zm^95#5r5jOfgIg}$~m(mj)A3r2`l>6+RisN<;{NT0=zq-AH@ZI!)QN$G*Kjm_;pYR
zAIW+7=kkc4Fp`^)NFQNXJ42eyItmEMG85-(ldiT*1_FGbp7&~~S1TgzDENTr9#t8D
zi>MoYKuTPAS?1Q@`7M63T8)oR3jh<z(k1uOxqO<{nH(6mV<2HJzj=~<G6hv%^ibzM
z2@~^fZR>D3>K2<OgEWE}NVh%(E<3c^JS`EU;H+_}6w&7H>oiI^u%DO2<vjIzWI6Av
zTG1ij)+?p&cSZWy5p}T+&unVz7&q{nrKp$w**Q|6g;^ROx97^;z;)MF&+sqLIrl*h
zCQ7NAT7Fh?)Z9Fmm5?YBxpaJ^j7H<1Z4$$r>vnf@(We!>Wk$As)Vv>lZcn_#PP|J$
zqz{HzUeVupWR{rJ>vTjv&u~8RJ)e(SXNt8a?*-cQrd0}ip4g3QF~=%gO@-)|d0#k>
z_hQB=9Wrztw_|Lv@w_OLVjHir;-8FHq&Sbg^4k{|t1q|_>!7Ef-Za-~CU0WHL+&5`
z8S*w6t-yh^Jf(sYIgiu7_gd$5*b@va-mcx-MY}RSx4g<r9iiFD@zg|E9CHY-;mlyU
zl54@s?yJKsJE0aC+aBvuT8O!r%MbVXZ+-{y2Nu_6`)>bkxVbEq05?#ba!f4m-ZmNa
z3d5A%xi?>**5_l<?e528LAAXVgFk~$Q!F{Ei=}+0?W0IKq*oD%g6%8S7AV4-!^*Ih
zLcE6k@bJ4!2fh%Y<JPOi$>o43q!H|k5O9HtGX=kEvp6a~;(TV}^6+LCx1JLW>V{fB
zwz{nIowD^t&UZCBZ_DKIfn>I;!#9JsAf^1C{IN%Nh8af`&Epr5_Xv+^!b}=#-nutq
zHUE?9TkVKscmCxcO-#_V<q8Ol&eQGb`M$8A7v!Q$j7`iHR#jO`&hmGh66SE4BfPS#
z1;+^^js&*s=D(aqexkSYCxBml;wzy{E~o6Wo({!{Y(%FY?UE>fR5cVo5j_WRK_CzX
zC1u(eT|pP=P2%6u!%{2EJx!L9^vl1Kjx-GTBwy>>8Aeo7F;NxJ27Vl9@OZ2~ppKVh
zd&aYRY!>Xj#yQ{B2T@DEGwnEL3%95h!#(n?95(hP#r&93QGPwb#%Th^cPF$?I6HAg
z@J6}VO6CpJrO!<zP=G)lwWv6r_QaGju;+Z;uYU2HnS8Ck@429`kKQE&My3RyM~1K`
zT8wqjd!SglBwX)q_*_?i@tkydObDqZAmhVh8Tz%u-)uobhHec`Z^mL3V_85e4l?ir
z|2UvuuFm_ztqo4d2)xf~_SJ0Lp)Gwf>lG`&#I=1^*Vt)2p7RUtWNOEzq53$qbrH(_
z`5whHqRO^~_>PSsYkUELB;kguYz^b6b+gamwffvaN08d0Tl?t)2~!wL<aS^!N+;NH
zVeWyBj~W|D!=E=`Omz`|d2Pk@!@Fg4VM*J0<7w66%_>c^lk;XPKI=hSjbhZc*DEBR
zdtZvkO}_HgV!QWbC6UwMBy#C;dx&RoIL3P5b1gh`mQl0@xK+=I<h1x<AszXry3%}x
zS{l|oeck_6s^+<A^~Y8=x*$Z`skPTp-oxHzdEkpna{oX(yLln0JTwXbF^0*t1@XQ}
zll)P4Pnq{P>9kB~w(sPAq$BKmbS{fWzw%3SmfMYd;7FQ^377ZjKy^bxC1C23olXmz
zmfOdZBqxZIGUe$IJ)W@hG?C&e+N&vX-^Gypz+p-3N3#kbZ`(KPKOB3$lH>b2fgipv
z#%!Fc@Ym$#5gAJn!uFU^-m@uB_1++3;N0c)fn4oM+cdAK)yycaJv%=EI`7H5`2=?}
zV))OGyq(K7wylpiy(U8b@~A}W)DZ<r6w{q%HNyTXlO>yrP!1>9n7M5Zq~+g4$OzIw
zb=Pa_R<kw_=Zvv)@2yT}Ipj}OYj=vgjJx|wyIqezT4K@vWsiB+Y17@c(H_ov)vp2K
zj^ts>PoWwSDXWtB6PVsrZgDCdkA9Uv-ulX0>epq@cMjRC2KJyxakl(j1yGL2mePez
znq=Rqk5dmDU}Zaaud6RXtM^N~5)=Cz3nO7xc9TYTw$JI@{isDGS<u;jPF(!2UoSG~
z_{^&4asr6G9=no$KAmE2>KqRFBIj~l1k~(W4xP6jlFRdmR&sKFWmRB#9_Q#y8acfC
z0YnF~AcUndtrce!#(4jYgvKPGVgZNQt@?uP%uCD?LF-SL4v*kk+e*J<U7?m7|BfW*
z-;BDxJNpBRX)Tij<L|jsIPWy>%jxbn!HKv5KfD=v=8H4ag`AGmTLqE(A`#d;W%tpK
zjNe#3(1yL_rLkv0Hi1-VkQ57DmIl7k!N$_l2hvh;?Bz|a4}-xmOf7QzhynjKT|#1%
zS6**arMfi3hwEa{HF=3|B&aY^P)8z2?&{cl6jG3Webf~Ky$b)vvfN$+E{Tpch)b{g
z_~vq@;t$Mv>t}i19EjzO&)>LKT<yi_+FQRC_cm|EJGtQw=KLsvT?hZkOl1F>U;|GI
zjU3+v&JQdiTMH6}<n`{hz7V;s<V+G|E~hleyl=u)Q+8>%Ro)%q;q1lP2C4s*#NqlT
zLE?b}($*dCAfqh^T^z4n4%HTHAU9*T%aR~y`Yxa`sT(Etbx$J+*Tdg&YNJ16D+?Ct
z{|m@0xdGM6!x_s@9#TUO954M%*-Xpl95VD*ICp<TYK!2BLy3w*k5y+w1J9<^@l_ES
z*qA)t?PI2oz72i+H|VaLUBqo$X~`vR$<69eHSrE`NDglf*9~-H_VFlQ8Mq(v<Klp!
z-JW68V%E;{sM6KXhNl=wvcIKvki5Q@^T6bXd9y>z9(1WjEALHq+iupWhuuK8Dw3md
zEN&h;By#LTXm-CYA+d00EYK%`*W0}D)i-J+h+)Bn&mB~@z~>;@wJDlzr0gKGd7XtX
zGG`o|csM)4!poKbe*-i626f=T{J>Qas)Ta$7w|r*HETWSr^MK<wj2-2sA(5a>I<Zt
zCQL3G>IIE>J2cGLX8LF#teb^NWI$yO_ML;&tH3$;(gxwohd9gmWAghY3Zi`a61zE%
z`C513`U{TvP}+@&tpyi0x+vr65F2!2{rbkso|2szWjlk?nv!NuaI>1nbI$3V+XY7W
ze;HJ(9S@Vzoy&$p3W+=K(nn)4S6085j8as(gxvLr{kt9rS?JNh7tMk;%}fLJH@OZ+
z=03;*Yst^#o9<*8JoF<k33pz98K%S@s3#KsH|OlPZOb*i_ikmk<sep&KuVKMz~70F
zsdF88D|PSUPNejX1)ql(3$*pn=-&+O?2Yn=Ue4q8?H#uWZC?m4KU0oh=mqR7*#c;Z
zu{bTqc2w`m_Z-l$t&G(7II3dvY7PCTgk7t@`-?k?IaZrM414wKp7YX0+iIS!>OVA5
zdvg>Btmb6eYyC&alJkDw-S@cK*<J#fkY_u&8J<q}25c=avgtR#z1xDw6NvZjHEVrm
z`1eS0%{1V?lKu4V7r~$gsSBf{e{3wcrmfFup=bZ~Za~1N#n*}m=Q7W2_K4f|(J1Vx
z_Dl*$0h3zRy>L_x<@@U!Ln-ptdOX(6MIC?*<UMNKl~cUgZ(e`orp{=NQPM`%Ft^@C
z6LMl>z{44waWJ1Mi2CqJiHm`q%(sJ2cL58jK}=c;qq5!o36@a$aayrJj>~>3bJ;&a
z!6^5d8VU1f3P&0%ef+}?iya_YG*?tWEvno*U?RBA-X|0)HZK&Jf%EO}1{UHj+eM=a
zWdh?spgh$VLzi><)iCEmKAg4O%^7JW#h<dyBbyEWERDFrm7+~9^`yFOrxi2=F_tm}
zcOFltL{OMQTh}!2F;29z6!r|wiwjzKoF6el(Kgc3VA|tN;Q6B#7yJ(+*9rf;&9Qox
zuripFOj-+xeqX*NJ*a`QcD_PR<v}vbYQ>J|smzpS6wu3;QVcTdHUGSbtR{vU0sxd~
zDi3iSuEH0*oyg6%vSH|W`PbQfweijg8OB&cH{ey<Wc9*xZ<+)r`HPEE+Ox;1lQk~^
z8<@9^Yj5I~DkC2tmf?M}wDq{8O}W6rsQxHkyTX7w&R%)^lYKV(TWgt!Zd0-ypdj!z
zzHsuUHW^at4N5_%G*xafH@9`43o!A{yKAl?LOQz|45RrDrE}L_`<_@E);;l^K5NPD
zL{D&NQUEA~gL1sLMN!(LHIFTKz4`n$B~_mvKYO=Q<LU<iIV;3gt6d6?x-S=WClDJm
zKYtLCnbUAd-n39zTJGxsI@ll_vY8Mp-5pEAp^t~T^0I0FoJy!`Uku)FS)Q2irxgbV
zRqv`x<XNJnj=v~|lg@qSKlHdCi&B$1rK)5M^aY?U3>61EQ5V|rOrk(zan-opL0Ztw
ziq57m;Y8X~&wu_UXW8vxilN^mgr(G^Lc12HBWMh(g4_0SZ6Z}Qv7fHe9!60wl&r=_
zakm}%BL?P$&2LV6G2I7an`FS77O8#N<#}uJ2}ah0vYT)TvN=Xmkw`nU$p1H+PZs*=
zG${Q@z?;qobH!#v%4bmbs9^X7r=mJ}A@=v&L$uRk&avY$a-mDptu-iZ&*QGd^_2%(
z{`$YGnSfw>_1R2@3VRBOJw{`RqdPqSyI;qcgghRVT>o8gKIKd4I1*k?H{KeH{$#hS
zw%ogE-X@6jyc;>=b`K=yE$Ds5Yr9%vOVhy1KQ9vVO!BGoaK1sdl0?RNUv9wtlrzJp
z*rE6Fia^i2*k;8ux<JKKx)8LlV`j@#@Y0<Dv5OIU=&h{7(BBst`*m>xcLsaIHAm%d
zm8WgaQq%%S7kmPI7yKzH^V(F)nVW{r`;!n>okP6QLP9Km69&N-q*8d|n*-o+6)HjU
zpeJf&X;n*NC|iXNV|C1zN(HxCf69LIH@*#pd!_x@IBE>B5<f5ObVl!~F)t<nAd1xj
zvgLC!umbm9F^NGWGu_wja=G+Jb++@j<^)qKV5Ks;hkTL6@<7Dz5=E!Ohl_d&8tj(9
z(ZeP6{jJ)&7e|a6<@>Ldx5e!+5dAB>>uipiwn08;+-ACqP~`Pici2%*0i{}q^3Pr%
z57GSD{Qff^N-k_bcTv=k&#{6JrPyLTx_HW4R1l>(2cNLy4v+sj3#xDLlW%WnPkZDB
zY*o22P=<PN$(<rfL3|un47jrGzaJU3ffF3q=KbG~xZV~4COWdbBHLf;-#m&tP5xmC
zK8ol@U2pxfnYn<|3Xaa*`|K5(=iE9V0z+Hk+x303pvuUM^$B`_?@izXZQDezlXF#!
zvInL-SWFh7bHpt@<H<R-c)@RQYVE7GQ44HV!Ab7~R31d^n-zf%Y@~`fD41#@7L=Sv
z-o?0Dcoc{pTQpX*h=rdUI(qTXCar(;)JU_j#k-EjDP*|c4**xTykArhd6Fh^?D*!$
ztwT6;6^7kyp-uXXT(gxhfbGzlyyyOEnR3C$r_bsEwZBpID&KXThUe9AUCCx`HjdKH
z!K1okAE7~3x5aQ^mQN<GJ&ntoEv+UcSCuW9b+tTWnv6cvm~a1TX!m@5ycW#5>Tww*
zlR1o6Y<_NX*m@1CO}%t}(oahhQ}lwz!bhqM@jF4=7ds`HDzAPpP|=?Rd$5sKx!=6|
zD53)|>rr|WZ*X+IQl6-<(egXuqy0o~+hr3+X)))sQ@Cb8F;QZK;M$6~#RhJbs3p|g
z>_Tgx1B*QRTPfC@&syKj)geB#s&$oHGU0qB2n#C5za%@fW++-Tzuxvt_vqIkfiH<w
z8hvgBt6O?h3#7xp+>D-*V?a8+HG*7uW_I2H=2NXa%WldEYQ$2Sy&)(uX(*xMhNrVv
zIYp!*;)0&$^mPl>;DGMQyL)`nM;r9mK=3<(%LNI?KPcE(lVL4YOA!{knf?pnxb4;&
z4l{R5QU5+oX1Dn=sW7iQ1MjgaprCL*%bKRusEzX4Z_s2FweU!8q4pxByi^b+_uUAI
zLLOXLwAd~Un?7!o(WEnjVbr7y022|g!*vpx8Z>rDu7oo|VsmQn$IbXZx8M=^%|}x$
zidj4bf8rKt()kBfz8d(S?o;KZy~h2)q12Z|x4u?VF4qJbhnKuze;1OKZIwAL&k7Yp
zP*lz_uNM2{3G)4)0USQtzcJ#r;GuV@NFk`$Cisl;d!d`J@fP%`_gnPbcVbDK^}F$5
zF8S!El(ic2U&1*lC`2?~$HI<wl_br+YDkv&>j)){yzVDma{ZpiI=`D?O=@>3YesgT
zzGI8oZoxMZSaRa{KEUnoE@sVC!qh*IXaEjAwRzxDdofLYe`9;VKaR|+|DfR|zd;j8
z<bB}|VOWVn^tCb2TDb6??1rh2F?Xtqb>@OM-_BZ`TPoyYcP-Rk8u3Z`S5hvz*jbz;
z4>EezU^rE5CC+4taKe>&$~^F2x03&yBsmraHrP_~msa;~fKx{s10amri#Pe=OPE;}
z#hc%3Ml{Xu+9B?dB~a6zsO1Y~37P4`#6U1cT(j3-u&W-kNVfe^AD7^sT9OMJ&1=+L
zY!2HeIL>JW4R?Mtoz>#4gK&VI{|wa#VwFh_D+|4dwf>&Q_Ok63i5mL`*|5x*bN-__
z`r&KRQ)zH+EAM{#2PIXI7r~9W{Vu^~;w(rFT}<j`vRixa$+WnvmRKaythb#TcBmJ1
zC`M8fXsZM6@IZ_-(8PV089mF4da#NO_%Jf&%fI|mVuRWF(tEJznNjlsN%($X-k;0Z
z69=h+sEM$A;8PQx_4)xxjjlw)EB`7kTsdMbB4?R-82Sc>(3|i)scQs>sY(<kZD6;4
z96mg$#9=YJ1;#BNo)_5<&*y3d^w{6Fe_9oR$UR;+S(6Z`U(bNyt9@zuwcgBp^_fmg
z*q%KdlXk@PKn3&M(N<`6xr=;Drg?}jv29@4ww=-S^a-aHPOw0R2*zN9WT&Z-g|Zx3
z&+y%!-|?_o*J?e_igjG*9L8^js83zfCvH|UhdtMrjU+0fCCY1)wn&@tCSZ(0K(2u3
zKGsny$=$-HuY9fzU|Bp}<l%a^^m}B!*~w<EBG9)X9L91x%Zdy!zgZ>q!KYo2|Ki2P
z<U&k6(7XJFiKf09lMSPs$*2hPCopO8$j~YPuo^y)p_RS3lr>`xX)%6cEMYdq_*UNA
zJNh;IjHvkD@oac3r`s!1uBis5bo3yot4qyc?WkoKuKQV1Ugq`C2%p@V3w6cUDz(uD
zXu{s$2bT~fbl>}rZ&f~UujvJG(05XTOCq_oX-X9gix_OEJ=n56h*<}z?~uL{IcEm|
zbm{*7Wcxwx)c?^&<e5J$AeW7;uwJiL?VB5jJ+N5W%;~Y*(5oNN8l}v`Fn_MB`z-gh
z$><+Q(XZCXLATfM3^lG?n{7rRuiU~>HBp8a%Sy?I>DLYoAION#lEE^Rd>fXpf&0IA
zG)FPYio3G8sTztS*%?sji{mwPg;0~+L>Z|V5TpSyy7oA(0!u>QY)e~?t)Y_5<Qy`^
zn-q!`Ldt@usn)S|U<QgLXnK*;6(?%f`f4;{w)OlTsjp}v@4Iwj@_*-TdX)1GZiTbw
zZ-?LRZ&ez=0^Hn}f!627;d-wt7*QSKR1~R^He4YUC({n{lzN8%q_H3c=Oii2MyZ6z
zx>siYk*V|2NX+$yViRkJ?2tMyGhFjYiB*94yYD3~gf$9C-$;jvt{NZ}j;&eYBZ!VC
zJGp-``fHnY)Z2fmrrsW{qWmm>Qu5y;LA%J}f5j!`_ONycX_i76(!o;MmQ2%32Fy)m
zV6b6^IKTl9or%ok{N$Mv3@mN^T^PqADhJRCss(!;KXWe%(E5j3)mVd<=2)$dN6y7n
zn{{7&#aX-FOCFwgt+4v+@?GN+l~20Dx#((;<^5Dp<4s%5I%l81u+ok_uc7BJXh$n0
zhUe-)SEEB-d%|+fs@CY|z*<?F$oGg^8`{yJ!=PIH#`mR7T)siw#kVZPpvsXgES)?x
zXtb7qaZxi4SfJbN#JRqfxPUUp!Oq_1NFa&y$qGXO$k|c@L5!g9X%MxgYUabyyhu+0
zVZr=cd!zo~hVsZiE^J^=*sw^tF^r{5R(hik5yKfhTX``>tZ%%lN&S!5R;WUztoK-%
z0JCoJ#D+87`4>nJy$W6CCqi7E+Jf4XL*ktFY6V9wYof3YBqq(W2fYPRw-3+PT&yLN
zax%jIZ{<yifQe^}8lkzv;~-UzZip6po1@92D#_US>r?P!1qJbow+rdSvW79*&-gw*
z3pXHUzk5<pIvS!To|O1HIHgO^FDqAL*IA|4B6)CwbKsj=D(oQ*q59I3kfFOgj89M5
z4@m0*<Z2w}n{zVnGk-q^SV}$z`ku9(_+OeizK<~GtA9UOa{W|%o+b9ZJI=9#qRMk+
z>aOWBVV-0AbZ_@td_X|CP38TP+9DTt6w%-#XpJ0Kld$LbXnUM5*oStVZ6fn%tk>~*
zR2*sYRvn#V7{<2sP?0Nd?sIQ~|H9HlW1Ke_`OJVc)a@Tt%aALeov7j17ANpo_bU$I
zK<A}#qG#3~p&QGR<>|QsHn`zE3C_HxjzmpDI5L=97e+Xm)?Wl-Y)4NXZ1b=dPiDp*
zKHB|*l7__RjTdr8y6Kd7K)Kb>yV<qZ8BO5NCV=$7Nz~Nyn^?u{=VX+{-Hzg>X)toN
zYw<pP3&2%>l;8{Y!-H625)NO6$bi@fs=g<>D{E`7>kvCm9AZs!d6o#C_xVqM5d6U1
zl$5o}dDhwFFZbr_X)$UnhnPRW=C)}z|1>=r^Msc$Lw(|3p;y;dNpf&Sgi@pd5`^9J
z6Uy&=M1g>^+M-k|)tdy&drYa4_RPigP)7Dp4BTF*cE$P4e93U?m#(s57hGv{ORa2)
zS%5TcWHD%=u4J6B5XZ5?wH==ClPHm|)>mEsd<6Yf3*>Vx_#2SVn6u_w8&_6N!C2oU
zcrq8y5IF=It`t)zlQNAm`N>#sAyJXi6g?u#zWno>(4dLlBf?lT)xBk^*xo9FR+|@V
zI-I<nB5A4|Or&b=l|N#QgLPI)GPqf3$SZg{C9(xIR*sQ|s!^yoLiM@uF0w$*l5^PK
zFDC*Cc8`G|ag`4{Gzxwf(FBGHxs;Ol^lL=fTtj)et;6P{eej)yPwufFFKRzIfA>uI
z`Bow?AM!L&+_5GK%-F*jK*_n#X3Mxmaxblzd)%L8U&m#3ZzkwoL@Bb1FVsA?iij~!
z;&z~|al7{pab<z*!aysPF+-+1tsLPvLb;v$7K$jRp5mLA`1e!6EdLl>cQbXjqj|$P
zHfi>ZnJmx#4-o|oV`3Q|Dml5uznZzcF{>zx-FySa|M-5Jh|zws(J1u~S9*XO_{w1^
z?Tv|pNfrA^o+3EI0on`^aA1tPbChadOLuHk2pg-G5J>lin8|Iw3x)hew`1}V0@|js
zmkuN~!DeZJ#r>buajUyO`QI!||7xBuBYBUhRVJHKqA*UnbR90B;!@rF!lYJ~z_oZ7
z3V9^{!HOg4EHE=o=YQ+<cGmB*e--olS7a6V?a1Cy1pYUREs1u8fDLu=K*U41lHO_a
z86Y1JIO|-eDbD^th%aBV_eX9jxu2zshS|=vEKn#TCfS*9FYv31NoU{dIOv>Om7L{c
zY0}>&^y_dw(}HwfZ^Ph{Wa->*mi$epWE?dG*Wnm)m`oXo!G1<T5!gT8<8LVBeuVXM
z=e&;lan6*r1SIu?XGh}&Ot8tA#rRi;SJrXlZ?E@@&6e<^#n+dRUr~)dwGsx+%$5eT
z`(c;9gku@TCe6#TyaA`RKc+_9#akE3cv=VkBqsg~PGPzxdTX*Jn78(BAh4;+_0OEJ
zdq<b*<;Kn9i*cn=GkDLFM;oxK?`pl0JO7i8HgW9bsYUWg4G>AKzsMH?k!pMQy-?Q)
zeNa))DN<im$Dp9*{A3}5+Uq$JmGg@Sx}2;_uI57%8nN#P(FyOM4?k?3%J#l)KlF7T
zt`CEuUe9Ef`HSi+tNJyqaOKIn^6hX2AWCp3*BLh6&N0LK#FDaki`n^5GFH|nWrbl5
zpheonY{%=1^TqqKiPq_nh^7hYNn<X*{W$SjpW%H!R+ePm!LHUbmVUT;=Rem#hGMT~
zVM2qX!qoI<=z$?4^f7ttPu?728j5@L3ep*4#SKdGFqHj@I%G^$AE-F@OBLyaj{Ww{
zPLd0yV8K<!{3RT`5U;wT=I9kjnmzdHhhqLhJ-1WVygK{9#*>z{=P$DH>}zuu-rD+~
zMN{}LPfA}KCq32emB|s-Xz`wS$r6Qm23euj_FntVlV81s1V~lSs7&N=z5=t1wGnw4
zENu*aqLe<+l6$TLx`3%<R#9X1<}M;;EQYIs33(8OStMg8A60o_Po}&hd^J=>M_v3@
z-cD*aD0cie>heDY_5X;Jkzdq7j53Pu2Z#FQ7T~a_swLqJ6e^#sGRcUyMSm_kDydS0
z<fSSg?|DZCcE%aQ`K53K;Mo6%s&|a8Eb5wtyF2OF>6j<BZQHhOJDpB)VxQQyZQHhO
zJDpCxytwzf&%g6$pE1_hwbz=nR#i<9X&v742rfqJ2!GlYo*qDKNzO^i$SSOCZSkN<
zr>etLr(1xKrmq<V<`h1};cS+fA%`Z&MQ;Rme&4DT==ZmheRgB6<TPHSyh+S3Xt<2w
z3?~Xr&)U*J8&j<ALSAu1IEsjWUrj>oOcc?=YYsJ5VrbuSKm-EOQeoG*!zU{ls1g{_
za<C8|#V*~HIw$`T2I*JiEBj+E4@K&1#Zxfx|E%x7?|v?zS`HqH+K=~E)iDfRozZP+
z#b_jCCd*1Z{o??12%L+H3c^y0bY%Y|Y*;evwiAU(IUyR(k^4vF)h{F>bpVX4c~440
zV+{CCQhBF#)03vi;Vwj&rvlv{kC@zczw*KoU#2klf(;~`U~dn_v3Txg0y%E}{8Lm`
z4zge=+Y1`swxBGLOJs*8E!|?^4RS}JAIm3~&|z;g&h6c)sGFLib8&IoJ1x%cO{v{y
zuy6nal{Ns8<;kno4!fl}788-&U-zG^oBUmuo@O{8Y?O(n!~e^d{eRaOg9o0Rq4(5o
zetR$uTboBo49-k1GPSxj`YFWGNuA%8brg$NA8^)kj;;@lVWa_QU=e=*z^-?Kiovwg
z`5=L<(mJ|iX81*#gYP&(xtW>*C_*qq12C#OouvQ(xrU?d+_TZ&!Ok64_=s;-l@SGa
z@P&BLRgBuY6I%Vcy~5}nS@i2gR}^P^v?@Y+;FZsg#GH0+kH3#=g2USrC5k-;xT?Si
z9}UWf@~;P3cg66$aTHzG)3>$7!}SV8p8}oNV%_>0pkt*-8!uZn*BbI;m7BW?<ucfD
z>L-2wU$h#F_nP8<H<_JVAtk8<Tb03J8YOW$W%<!c^F!zb_z3MkL70s^S`?*AT1g#u
zlwNYQUZNQ`JUworL|G6IElKU~(kDSRs~bxa^db3gigKS}x}!juB#nSy<ZN=i&0IxX
zslk9SrY0fOPKG~wG_Sr;I6I|~KwWkIeW>h2Ls2t#7>l%Dhni)&nJe8pv14|@c-Sr`
z3I{p^dGmLLBd^gW)(~ftWeJox4cC=w$7!4hvwJ;W@(!atxQn|xab{AR0{X<FJR?|#
zpg|KyeQB#0RfqCk=u83&*x7Vtr&*M$dg<T+<7QM|@XXu)n=UaN9Uv_i_#LDSaQSjQ
z6`@G6#i5bqAFzPMrciOx#`b4~kj%+TmI=$%Qvx!DcqA26fed9(l&+f+a-`LfKvkvl
z0rM?AC#tNUqlzK~)L+!8(1wtdT#$)mii&$OXddC~pKW?`6nLQHlj;gYm&3<eK)ig#
zrPR%RBXE?|p&$k8@WP#A(zNT3dlY3SG4`sH!VY`XJ&?xNgVDhmX^9G6H<b}S$tvpV
z&0V;X(1mQ}faKnsSb0G8o&3Dv1I@mq7t3OdWmq?$Ld>Irx-<>+f5H1-KQ1(42NQY}
zknJ)jp%_`p(>EpB=7LQ6B!r+0Kzq2wN<v(s7DX8jr6R>^^F&qMUl|d5$qhuqVqB3f
z&AHlpF2(T@4F9SSB#9|?RG`e5f<!Rx+20C)8+WpOZEsRc<=}Mm2jRHXgug9;{XTk2
zHu{Tqr+y%(sxp|kc!#Aac7zaOLy<nfCO$3-f50azA2cp>I}*?4)ka{;deUn?zMN0r
zmu(3dgx@?j_b_nxF2ng^rn{*{ix7Mj-Y%<Rs5{7l9ux6T9S(K#^_s#;O@Gn<6ZiH%
zKhY2rCo752)v`3@Jn_9`87*X{6b6ukYzPoU63#zbjG~Ap%#j#c1ShEKS4-_#s9|&l
zC<zm3N19e68Q981AsXudW}K-Rhh(_Ha<U#Ize0Z<qm@-1MZK48;FfsMc>GwX(Bi<1
zyFodGP31f?Hh_WDn+4ZX4KM;2loMX+IH1cuCdCrY7c+`xDk+?ONP{dJ@2C=q&mtQg
zX*^Q;#%x+@UnKc!Pm|G3Oy&)Ip8~Vzy_JFQZX0?Ir^6BE6jS}EvWWOUQV?p1cfUle
zAFG9C3<64GL?R#|rvWsfdljRew6;~%Y$Fl95kg7BFO_?Mm73gSSrH%>L6ekGc0EzK
z4QtOT%#vs}m!46oc#U*Y&ZJIP!UT2XpzTnDBwa{v#F8y@R#mA=Pl<q#+9b;U9POD#
zT~1Q&)J_da@<Ic@T}!gAa6@j~Od{t?DwoJl9vSO0+D{r_H1p*cm0w6n)QC5Wi~YuZ
z^)~-dG0Mei7}+hUp)RLc{gBVyUp8|EHNV&}7|6BCAS3jN99{LpeNiQzt|d7@F^Yka
z+!qpiQR6>1o{(GtxqCxGk^>c)e_|ydWfW2rGN&XXqcfBRo>5CN2^}dY<2g;V#sg)M
zu;SYJYKub^b=^+tA|bi<po}7JV5l2mCaNExFx95{MxIZY3b+88|0PMG|BYlp(v@MG
z?vS~BV@diSTxH(Y6q}Yb)M)2GL@-EF9al)w5J?w+=2UiC8VK{RwakjImiU&%Hm2p2
zVmZDgI@5B*Z&KPu%ILIUG>wPFzBYvcdwxat*6y6OEky(l4zjVK!C`}%Wj=tRl}LmC
zzf*Mn4=h*wZz?jhh>TZ5)xjT>9W9V$(TtlJ4#q-3EQp58^eedpo4{}71lxtwDoRiW
zqMld~57!~1#>2)Y-GZ3vn~3cRi$*%K1d(UzA)9VkQEOIqt&=$&6FjI^TNDE>vTqaO
zG(;>>nbsXo&Wvj2L1&b~?{FGT9Vi<KvHB>=C?oTHzp>Hj^(xkb#`hTk3!5z;ZRa<A
z_tRlpN2H<~N9EIPOumy5(*;bh$5=~9>II?%x8@pW{nJ|v{7LyVdStso*z)uFu`Urv
zO>(S?kY&xU&i^jQ${-$7nnJf$V7L;bkiA?U{?BUv+vR-;lboUTCb*|2BJQ=vAaz4A
zWS5I8@v(}=N9<!ZzXl7g6a>zyLRfs7;F<I=uKx~|)$$zTapZr!``SK@df)Ex-g~_(
zj*%6Rc2<Mb2{$%I1O;0<zP`N4W$7*YQOd14LB+`WMtxEUTtea~GJ;K+gyB5AugpUo
zJzZn99@s=0N=jmTD6K^9>=#m!#k`MFtN*u*=4c))vus0|v>}r6U6N9N&P2a#Ael8T
zr;hGIsuJxD^@^&zuVCEIrEn8Pd8u;^@A*e~%&)zJU$44@|9=hewT-%w=s1OcYwk}f
zA2pX8m7t-#{e4s?AQiQ#fh!+^gw-d`B=$p#u&}Cq<#Z}hNQwkSj0Su0SZ#e>%kflH
zeYf<u-DS}EGWbwJvJ5sUdEXmDH|%v>JtuM9t94A`N1132CKr0F3+%vx4PTMh8y32_
zd$6hkfwA&RWslBjq!|2bVHFRVW8|O_MK#5;f^KH!hzZl#^1=epgC^XJv2`<fZg$o`
zCw6XWNsTm;jpjU(-ouE<Q8LC58WjO#uL4bV9_Uy?u&HS;rb+uJAjCzDdwdW1G3No|
z5#(ow^F;I?d(SO?4{7oHlqF_jXs|O<6~(|rhX@6s5Qw-zt~t-Fg;Z4?rj<+LLnuiY
zq^<$4stl}pDz>|WZKW=ah6c5k#MUyYs67e#Zhm8F3Uc@m^&3uet)v(ao>`fTjHqtG
zf=zDDrA`$U>4P9e2qTBi@Z`4FQ^$Cmr&j~QK?svr?v0x(TOPs`B!mEC8e-4l17`JQ
z0VX6ZI+G-&2TfWii)Cd}vy1^HD$ydy0js2*#REzGIf7sgAFs#8J3ZgA-JUnyg<Vw>
zzdDXA@0;fCfAD`Vo3lad<%1t{5%hT-9Wsv|ccbL9vs=+=Y1obN6>2If21^y1a|njI
zsiY~zRpDimjz~5l1etdf1vFO0mX}2dK?0y6<TdF*h`av)Jsxaw#vN_vs{najYEJC*
zpID+pmb+=BaRrJ136gLRnrICjk;%HrSSRrbN0mKMW25FG*@!0#nGt=sxH>8qlfakF
z?Q4O{(B79@d%K<pdm0gOcXZXmL<(asxN`}OhdnlJ!@0cr`VY!CoFA9S%7p(~4`d8l
zFeS?Ye}JA_^WbGDd8;!sf7aHtND~sibSH?VzeXu<{63%k+U`bg&X=o)ON+C@?S0R+
zr83&v+8m}hk9V>^-;3XT|DEd(f0@K8wY{@{zghY`mg|eUy0U)V&G6~CE~=)9F{KVz
z7H0-~Uw5jH4IV4JPHKW~GNh|sl?U-GN;PQ8Dy(oe(Xc-@XOu(TWBxP8Y8^}vG$l|2
z=kGHRJ5Mtji^M~>;;5+z1*6W{j}ko)C&EN0!esY#E>A>}(t#@#%3Khg(HYVLXj7tj
zsmw%3a79V<!sGzO@;uqS?0yd%S-zZq;4d|S#)%~rB_gc_XlO!Z2P|YJYJ0I6PTbXe
zQIY{vG_r&Dc|_qTa^V4P!&C}$!=$Q$yN8mVENpChlkD3n@xvsAelPt53VM1~!!f*1
zn7{ASw@bJ;Tf(LMsuDmMdY*@gn4C@|RMgarwreap9=kzOa(|z%s|Ol7JMrv0ZXxWt
zUd<N$ce|cDuXj_;vlN}I?qtr#8mqFxZ3b`}DWa#eDCXVhXiagA9SblE9<sR6{zsG}
z41x8}_jWLu_Se@DVWSU407x8#k)F)&u=ysm`;92>s|2J+jyi`a2Bf$Z#+R2!De1Zs
zlN3scNy;qJ5nU;^p&=`WRCvv!)>rUE-;Hr-t#RE>INRq`5{IqvHI`6R3&=n*g)ucF
zhV%=iNLrC*NzNA-x~lh4gR>FswhXFEX2!BBn;{OYR*9Y6mpvR)6}C8f)5}(AffSTH
zCb;G*yFqlD5+ag%l4Oz+n)*Cum?&ZaW|m$or)(x8NIFiVq-SEFadS1#iJCVbJBkvr
z7~R}GImw6acjs{PI~NZMc%i&sfx9~T0dbiUIAQ-;d~$$~8s2>s#fCX~75qZT0KM57
z5Fbhh6KNDltlpk^XbzgN9_&*<d+Z!jRSx<F4HoNw%AAvAwJ<PWNN!w0&bXxVoE+GM
z@aPMfTckE(DH^1y2_N*hstS^;%20~blbJ3MH5#kz{zY0Wggu$0OIt(P31US2iRuSW
zJmupFA`J$YEFevAA?GwrYmiT6`l<gmm&{->L+HAXzD4h|3tLiMt-dE2>)<t7N?NpJ
zd$ZHq@-Qd8n7QtS8V1Bk;wlNv%t>FH$fXP_$R9+ZOc;B$?_Y=d&+U>=*zk~L1cNXL
zDH@pQA!@8h8tn)O4;H{iu>fjYW!g5XB@m*^)Xz!vjk1h=0WkNVuB;9QEitj}Ut-?C
zlHEU5#@m;sH3=1{93;~;#;PNb4VPz$#a5oUNMCq&m0203U0KKh?WuE6;($ymPBRs^
ziR>~yytlI_PJa!43LUhmv^4D5*%^y1ib&ghQ~{_Bsr&Qawd*?lxbWV~`t}EUvaVa|
zTbxPV#^mHAouY27Q4rD%6C4g3+?N(P?MV<4519S&P@Kkh9{mx+|Iu<J%%Cf-36|6w
zj?2{>*<Q?WCbMUS=k?v!>-q7&_rK5c*wjDtT`zS(UzV$w%ZQ%N=dI*yK4bg$-RpYC
zWxwQn+6MgEn%DseEFmG6zKx@^Si)LN<&BGC!-vX_HxR!0xaH}R@~~`nqKnMG0$6n-
zOOR?9g{z8Ng1B7Wh*XOYRXzwdEVF|y9xcuoy4q-dWOk}yLL0~ma5UE=*%ZfPfIH4|
z%>l|r_+caR-sorChAB_hG4@Mw^yRvg)&IP&8Fnk2Pm0*7MbphpWLiU01IYyp>%fz8
zHX71kMi0xxxOKgR4#SxnmWkdyE@YpHx^o^S9iH2D{Dj2wNdbn1W@{!cHls<u+WN3Q
zb{G55M6{GLAilM44Jkog`b)~p<X6Yg256_QBW{^F#$Qts%wvFkq^J76#GV`Oww?2m
zK0Lzm?)Y6*#4+~#PbIOE%D_C&16>3Vk;-}TmFFx<r(-G0uFo4=lt%mgF<7OCy(^Wc
zyScEatlN4(RdTzWC~G(9s>T-8U2ipZ*`mW*n0Y0`Pj{LSp{;ZA_Jagja=IezF6DK$
zK+o(jK}a`{#67Pa)Sw`uF32qOA<<1kGg=@`?~M4^TtphhLYv#*29s-|Z4d(;%<P4R
zs@zv3KXV1&Z;WP*F)xRw!;TyPo=M^4Tp%E`SjM%MEm;cARs)7#7T<W{ZzT{BV>^UU
zGM?AObi<YC@fGVMywkaw63-0eXXU+GS3cPGrc0mL{@-<uA_a@~S1^DQoV2S!^RWQ^
zp=m%B0%zmE%$n|((oTr3l~p~ofY07)v;aw_{&HzG@7zY;6}pVHG%XlVJnKX*OCH@`
zxD0LF^pIxT`Cb4wPu|N09z%~mR-WE<nPh*pxCiPf%{6T>nd;;A@cviX`H<qNXwmFQ
z(@Wx^GgJBvXUV$xV4-ckAurb9E(ZV1EL#}OcJUWtOlUe#ouF}z;YZ9Okd<OZs^`UO
zrNP(6&*rm@)z<94sL6DQ>NstpLGzWQaqqiz;M5!S-T%@-Zgej5=6v)A%!CDWgg^#N
zaSj5}ul|WjzBvWCEdmR~ked@LfOhMCNtBC8L^R7F3rIBtWX8b&lF@|7sF55eG%8ST
zEl9`m(5eQA4nw7I&yWzL-UV=xN13r{l$mLU0Y`|V1V1y00H}0CyDI!|)|w^S8ZMx^
zxL@Hjkq)qRk-e=Ip?DFz#&rlY=^R(kgT`L|IyP1n&8Xj*DHW_^PCWZ|4h*5o1)wV^
zs9bcgRiQjX*L@{H0J7|SR~c*f_kJgt+)W@mS+k2Y(z0&9HE!jY-r!_^awSr6RUwgO
z9j#ZqkjA;$I^lI~M7J$FS`iKk<0%fK=ijf_U6t=7_iGdBVMX=iI#KEKIlm))3jcq5
z9%J+V)TFTkHYD`DqgZ8thku5QQQ`^bfC^MTG9ZSe1b^2N2viybB<{ALOmT!2BPsrF
zXE~G5fwD>sM^YgzLkkTFYJr)hK~g5C4e_zsnvf5pyl;5Z@I!Wl4flgWU`!1208+;h
zeb<d6!HTZ~#U49dscA@m(jXS>9s*I;NaJ|J{IOO{E8Goec!TJXlt0{wFpGci7%sYG
zz`nL%QF2r>$O*|6swQS|eKm)PKYD3mK{cqsk4B-<nm^Tk5aW|&L>Y%E2zFR1MtTFL
z=We=ex;)N1Rl@rvd8OAe!jwPBI_9%}LF*6}!x_*0SGUtzWhb(CQM-KUOZV3GGv?t}
zuoCvr|H6M2>iv1k`<~hCDiG(Y1O6~EKNi6S3Jc|JXi+6~0JKu5Ou30}-7B~TXJ+=d
z6l(zn4F57gg^Sd2KGggV6Y@R+N#1vo$DeIv9UxZZ`w0t`QNkE_#{3iv<T#nK%rK7M
z1-5Sxdj5RNRG?|oD29p@f0<?}4nkl$ktx?{0jjAIzKW9>D9$AX3Xz2~z6f1BW1$-S
z>=?MtBJ+c{&`?oA>MKw$_w*>=@4HEm#(kmq`x5o2n6x!FzTdlKLZZ6CWgC2?22rQL
z9IPac)hje(YQ7oyOri!S!xqn7PgKLt8fb5UVtnPb@PlTo&XeX!kL5c_G8=Vv_FHGK
z9<u;sOyXiPoJpVRWaxF5%!b8@)A4GHIellC6n4qKH@Aim+lm4ywL#{v(}>2~=qZl3
z|9&Rbs#MR3%e#>{J#Dr8Zvi2=^Wl9xPSEms)$;l@>@b8?Oqf2&AzTYLPEtIzQ>d&-
zDtdI;NGIqDVIO@cX2EVhz349wv<FVEwbs20p+qYiKAP<{L^x;>`pg|nH#}sALKw-w
z!W$BPd<R&%$*2+(<%VG~BT2!IUZJ-mZD+i`!}crk|K1!ttGtS~gtYxo$8cmX3gswc
zdw1?bw%Y&7dR1bqvBY*aX0J{8qxFlel1P_g&+Z%~MwTha74N98C+akXDTfpfmY*i_
z()}$ys7Iqu&Lcfha^$7#3(I|JFuW8_wWC`37&c?gB%OE&<>TI&)fl9YyCrp$Q5}pd
z8Ce`1j>gm6oPdX;ICzC0j`PgRk|Tba)rbUx4%O=j9m`$>>j<Bq{r{$?y@XC4=BHm~
za{$6OPkrtTu45)9&N_PsHNC6l0MTF)r^h)%pN!EqnV|}+IXiU@OLLxf)7X0xl-1Z5
zg@j@&20$$wy%B;X`<GM9#ySmzz9|bOj?1gV4e)X*vdx4ICZv9qXuT5yD^JJd8fAY)
zo5)M$AFqCe&0s)L?k~{<=X49?LhlP}ru<cC+Mmw9m|XK|%X^NlqYFT_xO;HEh&;#l
z*m+C$GM$4PQbL1tXHk={O&5sf7!K<B$uT9z^4y|vkWI~t*PTrC=_b|1E1CO=R5ay{
z{(7BPLc2gwkRSZqQA6}O@mitwRX9Vrbj;sd4)^KJyOU|iEd~y{E_l+9UHuPJZv&Gn
zpW%2E0|AE{@MV@Xf*CEX%19#^rWMwMV?69B1WSuH6Pqv~6XG9^a%=%v0;wy^3Ku}i
zsL7|d-Wg_pX$PiQ7UX56mGIc(gu0@$(I(fC)Pi%%Z&4+-I3?5V&qV(Wu#}W{`5ei`
zKLxY<!Gx*(*|+$2qJ5z6B=V~dod{ziyw=f1P|-uUz*Zu^8CUXWdpxXQZkbL*t@i2n
z_pZWQwht?g;WM+3$dE@Cx+y=%Gn!8}Qr<j_=d8VJBtyOE3kMG->c!sg-btnI#q#H^
zhF~);zz;bN{QGW4^$35|>2r)7s`mIIPIH-TFMgRM-xm-59zED?ymXwaPM+=(<uHzA
zDC(<5U4crNt-EX94g^g2|1z_Em1jmNrtEmJFKL9oy+mcuQU{b=7K4<{0762vfnVpP
zFUjP=v!bX4Qx~-HX2y$;oC<K=r;>w5so(LiI<^Qk8yw`x`C6*Mk2XC0+Um*W>>1yM
zXCisg2Njejln_J|PYGKRj8_m<BK6}V+1T27gYr$Emh{68n>P$Kc=l!6l_E5FfBO6)
zcri4(9a`F<E}wLk(1kkIy{)~^L9OGekmxgVv}VZ#x3W9b(sIATE%+<!MK(ikFwDH5
zID5Fe_=Q_0C7b*jk1R`H@#Adoog@R*KiF|6+frZs<Otc#+Ie3TSj3U$Vylz(lRMYZ
zGEMlu;1WJ1t)6jTC;@Yv8q~>`oX7r5JJ?=q>|)5E{(>5T)~0cio40fHKk&Jb0l#X!
z?tbljTEju)eIb<Ne*8s(;-+0K;~^~cmt%F2_&cN#<3ck-S!>O1WX%5b_t_O43#ude
zd6fi+xqW<PmKz=tb5+Wc0go)nKu#7%3#JTVP^(i*el0DhhU=!+UEg_uKMW@pJ#*>W
zua{Hgdm+kPT7+Eo(v`5tw-Tg|pxg&B6gmZb_|7;4;4LW(TM)k2ri~9ho72j7irI*h
zUd#4A+N4H_;5CJ(_c~X5HyR2|5#I>K6wLIOU$(G)oX?TvVUvmTI)AtkW%%5*TWqZf
z`1mGH9)kqD=+LH+dDAnTs|DU*j^mPRt}HNhGr;_xb?Er2D|L-H-crkd_;&1W;rz0T
z|L?p;M1r3u%*F8V@EQ+O+$k)cC`_pp`=r7la0a}-W_@@=;ShYBE&*lMyZQhhN-yjl
zQe-?1Q&5kGo79eM7+96(E=qjt4T_p%!_fYjy<9W7@-r0wo~4ncN7cjZS6k(Z*8FR!
z6mqc%npE>K_I^myP70DTgdM(+Bsx$m-Y;DlD8qIsXYk{d=7(neWLkp6DS5MYd=I!#
zk?cTLB15Xn*n%%b#g{GiwKm#&B3Uz3+_BZuWKi5O0;R}49SyrlQ1AtX;e4oR%*mT)
zv;sxmc?x_0AI@Zvzki`Mh?_zj>sGq{^2dnOdf4P8*q6L+rT4bqn{Q_7ejFDwaK|&>
zuLJ#@btW`g7@^~d=mgrTA|0%n553UxIY}K*m7@2ra~IFu`Ow4O;28FQ+dvF|@2gJw
z?q|Ngd%b_J|BG=6xU&1rGz4&xdV?Vj#Tq{#fc#R#{M5x7!8^U^HsT1(lbl-V?1fup
zIba+%7v(iz_?^!}ZW5XeWXx_yjx)gof#ix}rN|V~BLLX@I9{BsNOuEaUEm3nokW?t
zCPGFnp5Csm4{L@eUtZ`$b9=pt?kqC8=vO<5f_5bI0IWTn7-uXXaKStf+2jW@FgCFb
z6s9F{rf{a^90#o5gf>CJ3mq6o4oj5ANtJ(2p<VkKE?PgM94Qt=Y)$QdiHN|~jJy6L
zKmVZMaRk?U))q3aBtweplxXkK;bLht4Qq>LWYm*-fElUaN=WA(01OHW76HB1gf^H<
zOkv$3x<ZPQ$e0RjkitzzWGWmXQlZmo0V$v5-J-pQaKtBiOBC}nhzSV5SEffaVmofz
zM$#R9*nh-yQkMf-?VNaO3mQ&rpQc<Z$bU#Yum#wmpak90P?B}H1-xo9ov}u3;yyRw
zrCQo1>S;qCy>y39c4oP`x#blW{<N*MwYatrS65G-(hV({&>tHgS5(yuI!m)!SX#=<
z%M<#y1;4J<yk6i(Rrq_>!ln51Q?L*AE5l*RCe>L5?#Vwzg0k<GP9~jek@IeM-w*NY
z#kSM)`(|UceB~{;j+W}B9IP3rVZsJFGJ0VSh2ye0I?kU*Bb1BIVBX0~lB>Jc2~h=Q
zV7sT|OO~h7tjL#Age46qF@;H(&Xt4@KFYC=_qKYu6Zv~|z(KcKBqgRs2yh7pP?tLH
zuyJC}oKZB@25ZMuVm(OTH<#JoMc13vza~GyDWxHvO448t%U8XzZ|Swc9Qr~SNMt*y
zfX}ZupMl4Poy7W+lYq(DYW~W+tb`IZQu-wMoWq}!Gqi+!!YIpWq(Z-Tnbrmix?Es^
zT|*!1XeC_{Q$VaX(t9}ST08*=qAO?e{@xoR=F_&dE5!WL2K>nsxQSZU+%nlMD?ys^
zsKFg+lG-eem3<PX$`IsA06oRA!Gso2BTM~^OJa=KCW;<;MfX8$YW}Rw*^@t9vES}Y
z2))r7l<aDaBlqP`5;x_EY`^mQk*R;;WaQ&;8(+LWlQ?F%n#68iQ^Odsc%EKMg9gG<
z!u2nB=##;H%}HRT)2%Usa<W#>t25<<7>>upKkG{fmYUdTL>RtOmpP&LdeXVzf8fAf
zaA?@S+X^hOIh`xis5SaoR$h)Ark-0wR1|OV+dbVFZhY#mC|LlY(8e9K)DX$ua1TK+
zj4LgN_2mPHTiv_ODc+Hrn}}yOcqFTgr|+$st%d?cQ^u?ss=&}2Zq71z+cqJDyqo@*
z;@>Ie@YxW@OMb?fpjhEfOG~RUo5XHtY&0B+1)R(m$DnXNv9Ckebjy(C1FKtGv8dIn
z7WlXvb_5m{7cEn^YG_@hZK6M{m#b9&K_cRJXuefzHA+1aFc|b8EPn<9F@iF-J~n<G
zTioB=_NyC@(d}mv6YzaJ=N!0X`<m}`KckJ5;z74QCW2-8w>&y^GEMP%l*R9F_2(4R
zxwr?c{POVMx6|2;dE=E|7M9U!RT>TxAVFDz28Yxlo6nSjLB14oHT{{!ZqpOMejL#e
zRyeLE!P$q&X!Hw#=fnUG6k*9k8Sezp(rY}>I_o<*`k)SG-|_a}dRT$du2SctNu0p>
zM$~JAJ&w^86=CNCGoELx$m+p@t!y|DkE4*J6I1%{j^lUr?uz-drG$&Sbf+^271W{`
zB@aSHpJm${2tAFkY#eJ(l)bxXJM&`>L#3p$wpVVygt7~ytz^4)EZttpSr$q#AqlV1
zbK3Y#?HIsWx}6dGjr}*EV=4Q6HiDo&xwJHcLzC08KD218#%-~Fgl)_J;;wNdm?{oh
zjR-r|S!@gkhO{6PWrWoSKh97Y8TRYW){aN<ah92?x}xVhbMgLRRWdTHWV&QGnc!|g
zcHMQ4uj4o^V($Ki9QhC=M)79H_hVcJsQr)w$L+pvX4T)(yXJvICcjiw6Hg>eX5*j%
z3!UGuNeVjxLx{JNL~3Y5byVIK?iK|K;83x%hpg4{&kL*^1}cSTo9pPOQe9T%h)X*7
zI=^^%%ryoT`63^xqWIG*7v{A#B?%G~3HRpw`f}kh?Vz(VY~9hFvREmavf*0~ol$(~
z@=HiEFyoe*W2e%;Y=6N2^x-se;Y;}yX!t^1CngwsNswetS#T`*2P~s*9s0)9(3TsA
zyt@)vS-%<BESmUS|H;lTs#v=9^vhxBLJRbbAYo3GG5RV8rIuReR<^dtoU83D;~V(2
z2H9o@zqeM!J}fRR5Rv&tntXA^E5{O6r^~2Kg?3@Iv)$SoT!XZvCami#p$69F!ILAe
zC}q{+G9xZOT`NmGrXRLZZiehAkX&Q~3XiL}o|S#Mk?8q8;q1JOFj&~g8Wyg62GqV!
zOE-m1z@98@B@H2V&qYz94rBR!p&K&yz-1eY*>St`dH0LKHIs&*m%}x9jHf=^8#HV4
zz<U&-)^UJoQkoeSVR7GyJh*52jv+KQJ&l<nnY;B}&5toi=a7k#=WS(Qqr)Uj?}l3h
zo4rC@4PtL;$t?_ZVEXq5EF3P62!wO%%Xsb4(ffXoV7)5~OQ2US;m>tBprWh+Eq-N_
zLazf&C>-Q~3Phr*qX}>Wa-7<6S$KM{tr#P}bGynyUX+m|LnuUsPx#RA!BRI=9*^Z`
zh+KB))DxYEX#hU7^wOLdXBTTK8pUH7xatF7wyq77lZHPCOUtWE@88&h@T1xn@=rlU
zG1vL1EzVBDR&CfRCAxLMLag>8rRpvdVWP15Z`L2Ck9+jHg><gmS>~jwfGaG{2?<g0
zJk!unWtV;!m#znEm!$%vQ*S7xQ}hDmNsANxAXOYCi_@}!mXAw~HVewJVLx==Ge`ht
zblQVY2epLUGq(kO$I??8NV!vv>mcD^XXiKbO>_FyYc^r=mtYQmo5$uGggT_-cKDyF
zJUZ`oJm>*N0|B`6^ulea<4Zfaov&#PnV0k=)vZ5KzV-V2{PL0#uG>=#(fvkp{_UO<
zU-o_Ubd}(h?#lDMnmZ~-%W18+36afagir}@);9DI?J)HIueo6=gPA1HAx}IbF#b+O
zJw0|&juc3OYPN1K=YFV=7f12-cujs>_C8@SN4#bGxDd&E9Suh?h$O`9ex<YFJH5$u
z8zXA$1RYl!1(w!RF3!=DjQ_*Z{G8vg|FI#hjdCJ`6V>~wwYa^ngLEZnu~s-J10jtQ
zDXjSbJ2`Y;9P(4G$}%2zJ2NIr4Id|{g*MJ}bR>>gk-i{Gq_VN`r)(>kOHkSjx=sAN
z*l&MelQe^Nv;<p#M-e(&Da-@(LazOG7j`mras&qbP$)9-L(4C2qr-%^c#Sn4oaGS?
zW^;re)JqR*)2r1LCXmnKiwmVE>>erF7$hy+LZ7n!#x~wXU=do$M!L&fB+il!YN=y|
zu@dg%9;qgTD!_s%V_$|2GYYaNyzWtFPwg8}?0oq(LEzDlUGWkpF@tBSHIP#&{r&tz
zX1DnGkkL|T`rx5l{}tuKX;IaR{~%V_v3cT>y+S`GUY-xyeZvvM%4%Dm-RUWv6^y>~
zC2y_!wbFjSj^I<|l8<jg!HLWGh-Slkx>HK7Jt5=nAQtx5^#&(cbQa6hx1+pf=SG%|
zq8v+(;yl!-Kw9!2vl=2~-b|KiMq@wu_~yT&2nny>os<Md4}M6PgM~VnO3+z%fBYku
z-B>k+xYU6Nn{p%J=AI!tXi$X!`aWj{UH{vDMusv4W`I<0<v-C3#dRaM<U<GhB#P$V
zGNegx1y#tfPNA|@z||_xd-&~J(4QM+65UQhe01n`Z*i%{%V%4fkRcZucS6WzgjGcq
zpll_~xS7ah9UFDY&T?yXwk72>OAB(9lC$1uh)RkcbyuY8-!5+0Vs%RLCmlj^V_UR|
zhWp69>*t1<Un^uVnNO(WccUAdjTi4Akz^kdk#siEP)K|evqhP>tW^Z@O*3TFRf!U1
z#{|*^KI=Hzma7E+?)aZ@?^;V~&~|x?69<ga`S`vuTj;z&5cwjA_J@|vxhz7#&ccLQ
z%q_?cnC+ik9G$oM<QVE5kap9am?!#G^#C9z2F^F>TM825@9PAxz5=gtRk{(YT5jE3
zd_Dr@<zl)$In5BN=h31)&+kgYP2x^0lEQSL0{=cMGNDS1KN8LQ>rZNisC40TR^^xh
zGhu#2Ngh~RG1&FvcHD*#FHG)*t_K@^5=Re@+=!5tn9H^ziNkr>H(M%wHgEk#b@e@S
z?6)nSr89*-q>6<dJix|Ob7F8b!bK$;P*BX8yA#htP7t-p-sLoIdcAw)hJn7w5e)p|
z2MoQ=w3FcM;HBp4_jd?BU&J#U#)e%lNF1Mzb{B>110-8LCm7=i6-m8_Q@Y!)?0gO<
zjM<p3J08h0e4kd^>V^{!XnWb>=DTG@mT%-92v!Kdgu!Z$5?wjmr>}QMZpk?SZgf(k
zn{BS=HC~TaGASH_=f3~EIH#(`lr7M-@~v6nris_hSSW2UtgFXVa=9oE6Su!Uz{bk0
zjL)K{#*cr0t$89YW#u~GBA6_Et|$+ZE1i7cE3VL=Qp|*=Fd_^-dog*O$%LFHHx%EV
zgMpE8_i5Wg%5_+ciM|TjdJ$fLT(n*)O6PBeT`!8Uai05aBE(6ol|5%mk4(ujdHSZj
z2)M1?Z}##X4}Hupk6%annh61z<5`?)j@mL2R8Bc_*tVWVu;l(QmmLHSTg5Qn{PPeZ
z{X6m$*SU?Wc8$UJr7<0YJ|Hy5tMN6xlhkIB-0Dw6z6U6?$u;>+e4m@|ty^*;VD5Df
z0so%T{c-F&EaMG*d~S9@^WHoM3rG;=+SLeZPBtHrzS29q)okD8kUVGigCfCfjrSoc
zG+KqOA%^o3L&eL17Gx@LG92MLhbls?ByVcNwa4EKX1QUJ6QGqC=A)XI!zwO^jGfi<
z+C6E-qEkb+->;}tp2GkGrQGy+O+F3Igv&e}Ipw0e=>3fyF*~#K5qcTAu@YvNO$@0r
zmfj&GNhyw-+M7UoeNTEba)=z#dB}gn$OBXmIn-#vWw)wuWj1|5*&GP_<Ar!sMqbB^
zG$iaayK|`(It!lUdUNsN4d9C>CSjJArd{bn+$hm>(T0y3W)Dgvu1S7vZ8UwBMA<b}
zR=>YnFY)Ib3(Tjbv`FCHT}6T)#k50C6j|ouWurw$5XK5hk9#es4~ZI;*rbG)eTWOc
z6p`Tev`s-({jP;iOeN(g*u@%{i4p^#x$esi_wcm~@q^(yj+BC}MJ&?e{-ft9vXa*3
z+TH$D_MsEjkGQo>TAWZOAkyr%1fHLw$_|U6?}xX>zr8!~vSajVon*W*^BYr1-``Z1
zQYBe@wy_Gj*MhSMu2Mke$cc54GgYJT=FxkJSbGW4zlrTYSvQ60gl<9ob49Y$T!zaA
zz3qN81t~2UBdZIw`1;NlchMnlzkR>=e5)@AR#9I)#u^xUFKzXz179~6&57J(n_b3q
z(Ww117*6iA%+j4GT8FBv{GbC1IlO3KD~zo)kk9qIE;0_QQ^KjTTyvc|Z^T}`&G@eD
zG|v)B&me|=WV{@Y<giFm;6VJ<1U2du#jIJy&=fAjf=Jvo`W%vk73TV9ryDH&D8*nP
zB3~$~Jda{F@y15-rpApUuyW8)NG?7f6biXV5r1zt5WB1KvOt8(bAajNIfRG|YyXat
z`i$Zem-AB{`c>vWfl_&*X=MmaL-QjVMHzO9c9c?32z#tJB9wAHfy|z2q4;c;p7Gay
zaFlR1pR31y6uU{@mO{gi)~^OA;jG(fP)a6?2@7xXeAaV25a;pdb#0?|{6GT>kNx`t
z_q)Tw^JN65{X}nUFkoHvGixU6s>j({PsCG`bm$o?*niePdb-_Ma$bt3`@)pPt+H1z
zA7NnS_uzno_Dx;vd_?tW%##_nUQJbovqHJ-$El}{PCIw|ZF2U4(bxQ`)6>0a^$%#%
z!$Ug8$AE#yUx4D~?wAoubq{&YN0#IiJGv(fr#JcRjE`yI;6{`Y(E&a23(sETeUtZ#
z+oFPByg|D;qXdG=>T3sk<BO3=NoJdOwVxk<4X-<k$Af&+MpWWPS48E;Zuf`J|6s-p
zDky43r}3$ll!h6e%<zqj{4|-+t7ov7;8<8#G!(GK3SI^`=>woft#K?>>P9`eRarUA
z>6gW%<b{-@{ljC-I=lS{ROgTJc)XVMNY*XW;S!RN1pStxSPYXe0%LP=GcYVePxiah
z$k4$M(G>kPZtbj*rS~Vg>NplhDa4idX}I~*m;Xw;@kjZ*nRE+^j<>NeQ=ADay`B~=
z>7kzfzp66g1{_91_h<zSDsuzxUbeu|hu8#H7?@SK!@0IIf_OJ57FyB2ZyaQoPH<2B
zA11gCxQE6ZJ1a3ppT^N>_n5dI8?#3EL159GFw6-2aP0&hNJW=j<ZsUep-(0lT1>hU
zP4q)`tK9>6tLg@`*6M_{FEAOLH(D7pH{fMKBQTkwvPHO=VNT#4sDe}6<y7NW4LZGM
zpQR_;kOWOMMs`&e4VdZ^aEz7EspbfhGUZ@IMph~KdtKW>u5rkHMf8GWq>DO4Kx#Gy
z;2NJmP)hF`A(eIi2%?Rk7?)xRTa*G#w1FsZfRpd!u$4(Lo^XE;tmDE*_E3u?q`_QP
zJ;U#%DoocNx)s|`-`Z(Gal?1Pzay;qSiN_IS=U~;f#$M(@b>!A+*@tJ2`5KBa8Nj)
z5!$kasDem-dM}y~Fcexl&%^qBnq=4cruf@GVNQF~`!d|sK}VdjY3SDKAcx?YW_ePp
zGf0D;9V<9IWU<RXJb9*?i~I^pkg}J-NQ~7=p=zT1!?&A3C%v1p!es$%A^myTG7s*V
zY-sat>A{<B+p^8;SFOkRE4mlB?9Usvb#44OctQLwPrVJkMPb`lRNfc0A;H;fw(2sO
zT&gDFF#A}!n<EFK@uFmg%ewBWXd2aK8|alyB2ByE1Nn@(42A`$oHV*kDEkOs>qAA{
zi+IM3Nwgj3$#w6WrX(JvXs&iT41XG&jHs!xiI$e3{az?($ZxKzH7}*w0^{n>wE%fu
zSpBnxr|Vlay|-@jGn4I6??bcr=Gk;UfAd{*HUs{p?D>r2HCPZ2kI}9xG3Dja5X*2j
z*|_O=)5Y%J*%rgVqDh{n@(<GPBNb|V-COXpGAqXXZG23^fdnnvD!6K#fPHcT|614m
z+wIrSLDYyWr02_fYa2UZZEuuJAuetaE^gG53#W@sB3<Z4_fmcKwn6*FyTYtr6W75w
zRsDjH1Q(8!AIQ)A4*X;L$cg0HOr{>*z3WxlrGFU-IAPTFUd5N~U&9a2h6zRsUAxc9
zs97r>?}u7<0<K%Ho|=F6b4_^e!*?cmY+hEgXG+Ml{`A;LQM7AA<kO&tSBJF6b}8;+
z!#m=4dw^R0T(kb%9bodT;c?-A>G>D&V4kK-F0b<2X!CtL`t>w~TxZ0ecL_FpIX;AR
zSoDLmW~*>iL);me>h@SE60T|EetUK`I6B(Qx8K6o^rsj+W~d=NJSLM72L!xrPfu^)
z%|N{T2_Czh=wdTDDJYg%Q|^IA>0F(7buIj=pyiO6BIbahq5|&pNejF_@huh0#57>g
zrxJmLoa>e`o}kT^hM+)S{>`2y<0k}%X1o{N*K|a1$#|kW*qi|Ht~v<w-*-qdFm%GI
z^HL&ti%^Nl#I*4(O-p7A(JN@(9mZ^1mb+*A-%eeAtX8>|J|z^4%BQ4M#$?!7O-dDs
zamOIwV>UmZk$aBvUtT}0ydocYaEHB9qmKq<%+#KDqQqh7d!y_>@nibmII*zulj*);
zr5bcc+FYp~+||d8(};DoBY%&}ktp-U=Sss*lyo8{yJp1-6uSyg-#+bobe|sV#@F$;
z#<%ZRod$P!q&{qMv*We%qKx9s(ujty%(Q@3Ia~Kt-bn0e)V3v;{w5+qtL`~$rNHqa
z5b<mF0%4U&#9483Oxj3`dX8NkaKI8gR->c+gVzszC-B>o@DgNpp=f9`{Xivm%oQ7>
zG9w8W;jxbbggImSSgm06ay0^Mm?>`)(Q=vy1F668CKvSOm@6O<fh2Il3138OM5I_}
zK0Xe;Ab`@hiEa~5h(sai__!-LOc`;g;|bQ`yv{pzY|J$<yLk?WeM5c6fBw%=2di1B
z#)@slueNxfJ59y4_4Pw8QZjXHus9}m{ORx3M};)9QJgI9V7it76qMwG%+uNI>`f`?
z+L7?l=BK3O)Z`9^O4+facd5Qw8msy%BM|Q0q1dU5R7|OIg8h|SkMYwY>n60$Un}A*
zi&et-`;@MUv84E04SX=Q3di~x`6|v=G#NxG1a?@m(n=7Gebr#A6}GUZrp|>TOO^Ft
zXen`!q{+=|d(7bdIQ}`~l{XPWi_w_5OzWWcVDO;^y0<ozc6}Ad=~4Gwcfz17C35Y_
zVErj>d*V#k;o?SFWoW24hj~5hkcn@?*SxBWGTW1Z9)tI^fpqVW<sFvt6G~MIN}=tv
zae4Kl^zr5MH0<xKL<4+r&;9e>zbSu?YIPr<CAiXiVXgJWKGVLhbWT^9o!d!bo~fLv
zQ897%eGoqnMjHOzeMGA^ei~cl4PIB$Y%D^?bNYUHCYL9DR70if(^|}Ux+Tjm{_+St
zbX(MGF6DVyT2?{h^gMQVIDWHsu`1-D+;U&lep{dYF0wfsja6=!uv$Isx=9(s^B$`=
zed0b?{X3BQtLJh3ywCn9$X2Ppm0<buQb!3}+FSQ4%k!NUNm|-j&0?4=E-aw8YM;s$
z4`+K|f3Xl4TUs?x$$D?bJP$o!9v6zK#GHmPoJSfu?vt!q1O%LS4jZ34{bzEUpKr<K
zEbwoWDP8PUAH$7y9o>4as&UcM$uz3Z=^wtZS-x+U4Ng6%&*J!AP}_Xh?|P3<rhlQ?
z!NVpUPrf@*D)O^>PDDgJAM4n7@wP%UF0MzN`v)`IQ3)wX%5ihQFy*TO*f<+l?Rw^3
z?Q=c<K@<%7+0H{u=-;59y)BK45C>Kv@a>btCyT)NBLIqRnO-%TAx4|fU7$JPN5G4D
zGKLonHCf=KbGqnaoUk&$Rzqhayf|vy_OBMA@-x+)m9w6cZQ!`<v|h5;`#1oH>-hb%
zgaH6Rv44#WCRhoa$t)e}7uIwf`tXJ1)Bz}{PFiaI;bT+_%S#55()g<LeBs@jw=FW*
zBsNt3D(3ZF8C1AO(v1^thM7>FzZzM!sPqz&9REhVJ3G-{4i9zJt~jJq-%XDO?)mSV
z_HlrD)BTZbk3v_5ir48G7Ya1lQwmhk22X9mWWqZfaUC1r0t71OK_fX~Pl79AVgIoa
zhbfH~i`=r+zi8X0gnHbBtqm4t^gW_{`5I`mhf4k%dziqL%Wd<VV<DOc^SMheXjPh>
za5hOuYs50T8C_ywMUH6gZ)qL1lbC|)8d`J+<-n38;%%pEbAHgzHEgG`<U@y`gn<Sk
zjoj=Q03)g9q1!Yf)5^O~QTDokF#^`P-7%1vf`m0DdWlAhE8fB;42E;kXfpT@Xh|R^
z(OwMY2dRIct&mLX-fFPjhtXzRW5W9DTrSI+un<h3E|htnh1Mc4QM!--@qED9*>3n`
z_INj`2=;-Q77O{GO$v}Ys3C`OH9Fez68&P(rGA~LGSk$`%5ILfMMkW-SE}7{ZsM}$
z0`<vL1~d;J<%D-3hhs$LI!B3m4%E4jkYSB{f565@$<tLUJXCRykz2ZQU8j*y2yTw|
z!%2?!WnJal)U{%Q>$R@D0R;Md%T>XoUUzyK>>yJaSaX=g|EGW-e_rRD74K7*CB0ZT
zoHS6z#4FI?WRs3Kv|<(4L>ZBMz7J>0D1|jP{wmZ>1A%}QS^GC?$aLBd&(H5rop*S<
zSI9v%ewx6!{Vc7~+J%}vtTee`^;kwa=n_*dq_H}>Dhnv+3t^3OL)IT04KJnTId86O
zLA&LpeI(@Snuc*t;x%U}4cs}_e<3qG>;6b3Ux;e+G>oZ~R2o~HlPS2FV3yT3^Om_e
zLc6r*drUd%?MNZ-MOv5MveYL#HiJ@ri*(GUq#ev~b&j1#yB@cLS#ZDWxlLKIXUfuf
zFo}7!Ew!<*iED~qvauC4m!{^TFhX2p&%dsKKk+lDWx-txI#(NVIFYw=oiDjwm;WoG
z?Jcgjre}%C1-Jb%<-X8$Zr6T#e@k0Q>-FAP{TmC-RPpPM5n4K#PSJgDM;Kuc%RIBv
z(8BL)3X)YeyFK01C!P8)*){!-vE_sA+WG5^X+O0uJI*iA$XZRpm*`vc^_hhCRK&e6
zcz68bx9i}co!<8Q(DKcab{|@rHpA~ek%^4P>|h*bH=3!}i(^dHe{!6U`&9&ofB8F*
zK0B}Z8d0-9`!E)#yfS%A!|gJUZ@>6Ad`NtsP@L&xJo2lGNP7Og2uGK^BRCN+c;s9`
zj^$tb2AB9Fri};YdmL==#+7Gsju{tal%$w&<DxBa`N8r%dq1sj=E{z5>dCu8{CIAZ
zd7gLXOAwOtb>%F6=O@&@g6m1q9c?--e9e%ZDnes&v=U|xE0dwn;%=W=TMDmh8Z0@{
z3Ot=BBUGU~U?D-p_%OLqbNp3Pq%n~B!NOV|pu5Y_B|lJpZWi%=5fM?xDYx;bV(Dl0
z;Ne)1j2_Sg!el369Qc@U+MZMAOv-eam@z3BjGLJf;=E~5jqQ(<tqF9!+>`*8$AVbq
zQakwEt;p3NhFn|~csp{`hBjX=Bx>1=$ul-|y-%lyR&-`R@8rk#Q<^4NI0Z?tX3RT0
z@eerKhT{_VJ=g*%_|r)qF;JkTbkEfF3v};@ykMj`ETMpXjw1Ps9;dCZEyum;ip&Ny
zPrNS{7j4H~C+mLSAP_EM0D*4?%a-lCImFSuA0a+JqVQNfY_HCtq_KVGDVp8tug?=y
zFS6#929vr=s!PY!!rz&n`lk2W`$<QxDevKTc)g!#0<=o4rDY@~C`rn7SY6fSyu<(U
zVK_&pEgj)ld2XqRmd$9A18GRqhnz~Q>!6f+ok;TMWXFY0pdb(1tknn<mmrmKAdDt@
zAV{>v6m+-r`FrP(PX*K~U{~+tTtd=-JFI}TDnS-XR|2^lu9>hj)4zMf%G3S*&pLnT
z;ksc|9i8uEy&Mu3rKc_$3l>N?!kXD}TjoY2ujl3YD^cM<vybP?#;<pWTye+f8wwRd
zBkuUK;Tcs!aR;~c(lX41sA`}Eks{GPSO6MI)<r_w=~(G1<r}k|bMgrZiJD~43<POY
zg&3sX*L?XV&Ace%F;hWzT~{|Ks_g^aZ(()N>#K`FMRtIVUbv5&F{_3OyIys~4b)ec
z=B*XhQg2t(_K#8dyBV+#cNa!CR+yUJE$KMFLr2bKm&b;QiaZ#>LM+g$u&=A%h1(0u
zM&p%M#`6xA#VM7Zr58PL`}<+OWTg<x62wvtXNT6hwEYXmrP+C-ico3n6<f*VvXRcC
zhiuFhUM8N#Os&9Qc6A+Yuqchi#<|G|vr>F*YU|~S!5YK<nFhDQuJ_Pa@7={@LPk<b
z(hBZzO)a$myAI94{eiPZjZUk?qd^|;Ia6&D(QzrbN?hQX!u7P)R{M^g&fm4hlPL%E
z*Q*ph8^l(+rM;zP`>z43v~g{GiyXe6$2Wz_YC93+^y-`s1LzqpXHYtSCsA)sV&n$*
zF*4Oi5W~~^;-^@!mI-`cc8Qva0A3s)Z|Yr<yiY6A>h{Sr+F@NnBU1ed_|v~1RZs1S
zy&v*7K70DpvJ#o6dD<y#w%>lgRmF2wcPk#)nby0ayq}JB|2lLXE#w~pkw(;>SIxuh
zN(E8yl6l?yy-V&c8gSiRhppNEfXp$J5RU7n=N8LAjtcaYfOOP*aM3XS_Iixzgq&Ll
z?y_FMfo}b)0wN2naSS{}p9sJi1sro&#(N%Dt$_3Eyq*pvNC1bZ6y-tfC4T0i2$Y9E
zYiXbxyZfs`nQCxHt(d749bJ_8HO@}bO1c2oX{{(ecB3S)X5ElLxP>O%Af;d-KPG7-
zRJGE)wma+Ht?J=otsM&S(63Us3qDl@WFI~0C@KJf1XAu&p^CLZal-By6_TSiVVFoz
zB_aqTBC%D&f`#^!BII!4$<j>}<-+``TA~sPdfPoUi%w-|WV^`Zjk)OVrq?bRKRq|y
zA~n{B-2OiR*gz-0bKEm*$juS^pKxtr(Y`05cf`4^+LBWa=GizBJQrmG8Oml6mi95^
zG%Ms(G-Dfy@J51?Q{l6G9%c3FW~^G<js6Y0V)*#IkPMY0FGQ-Ns~ZWft|XJ-n-BxB
zN(`Gg6jSy(9!pj&!}4WIk(7x#^`r0xl@e6KI*L%e0z4i)i9Na8cHfk2jGjVmZ{ZCp
zl2hB>oAV=TxrH}Wi9V4sm2x3#aru=8%2Adv_2!N9LHViP(q3HoqnXSGFg6{=$OKT4
zl<}clx~7oTu4otuxkQkl((K}OA{CTtYz&{67{f(Vvlu3XvpzZmQ~T_VgF;8)(C9HZ
zI&>lq%^iya5=USc%s^$gq*InaS)>(5O+E<EJaIX`c<kLcux=kEiPR${{X8LDPq(y+
zPUbpd^ehG4EIFk~vdEh*+%iZ)%5A(%mn)p~<F_UG=@s6@EE7FQZn#=S;up%L^!mlL
zGTrUyS|{}(=MROXl;dTGFmkS_cC^Su+aaga!HlCEUyQz1wiO!@)Vv`BrS7(D=Un?L
z&banX{PMO}@%NY4;)k<_V7ElGDM!G(BcK#sEvd3scVp5~4;AA3-v8u6L~<I73LzCz
zs>C!JM=TN(iRzo@Yr=Kd_u!dmtX+vO{P!5Vxt^;&@6C@Svc0WczXRIR(xT6pa;1<j
zI_l;d(VaHxO;Vwh_S1&iF}kA9T?B07x7WR;yAcSIJEpZEvO)VcZvrt-=3UTa>wZk5
zt-Ve4Z=F3`^S1q<C*f*oI&8MeTOk4U9uwBx5>xBG>h)JNFXp*D^tZo-ZHuKoGZ<0T
z;BnpfM^d`7eI>4Y{W^4Ix;#D`|9BnZ**2yBWUOvkWv)xx@H_kL({b9VC!nEWfXoAc
z*VnY5VZvm5?Wn1!t%_nrYXD1HfCDc4mup6yvDur>m%j2<eBs>B;wk63O8y>v=mGb*
zG`u~2b@r<mIclV9=gX4{VXV#k?D5A>KLb}@`3L7HkKg_7H?H5rNt5uipZ(Z5>iu`Y
z4==<KhaXb(9P6L|{3ku$lull)Mvfkh%P;>KT3U;r0o`@lG~9gCjc(ct7QBtW{`D%g
z*Yv4TKW{x<a`8nt;>aVNqvBGJ9y<mL7cRifH~-5M#{cc;pXYX~>8vG&W3i4BMXV~0
z>${5lvv!4ZVBDRb*aI@j4#*^g!iAx<Oc*QctFhmaGcjY#p;&!a5(9&~Va5^rp>|Nc
zTuitXk$0zMA|i1^G9e5jhR*gZG8KKXwrMe1n^&W|xdmyNwCB<?Ns)o<(1Q=t7YL+<
zFxfZB^0n!FDUI1$>FB2Vm4YrCyS|@bHQZd0E31@MY$A5B;1(}^#wZ}B-Y^IwAOr_|
z1ELK22TmT2GQKp4OhxK6C6l|3SOi@%K(!9&kB8>2LX8YS5e`C<hR{<Xr(B6}UJ&oe
z&pdSLT-@FK#Yunf0gNh+F2=NWdK7dj7Wuc?qH&y`I2bpz3#1Ossx@y4WRc^FOO7vA
z;S0ND@~CN;_Ru!rvBc$xOESwzHnMV*2%x+?f<#vYvtL<_3A;=+&tnO3h?fOXR#hWy
z5k^Z_3hSF&v1-j)ENV=lZ*3*Y2aLeH`EO#~y7kD(WIQjrP@Gm#O$%l*teY$H&lPoZ
z;%(&am6D$X+R{4ST3NAvEz0v{`pv+azf^CQSa9{!yIM-J%1?~6WX%h48g8lIEMeYK
z?DvJ(y0??)aJn7+%d;31Phe_Y1bfAE=qqlGYggl~+3V51DkovHLi!R)&g2q+@(ryh
ze`hvMnf6sY_V^um_L+O}(u)t`rDy+xC!f6;&%SsYUU=~VJoEakGWk9XRqY#a#JE4>
zKmWc6Uz+hZjIEuj6If3A>?)*vhSKV%{lkH^dreO8?J@0qn`ys({nSqKX@vxU&x)qo
z(@HkEQW}b<(V6Si?@f}R2E~oxxavw$s>HNQ2y=&wQxY$e2&1hjjkweo{YWO5x6R)R
z>%KKo1Rjdeoy5TkL1IkdThk98S&2pSUd9EBnsLmydYrRIA1r9kU_o;PzrN&Oxaj*=
z;o=|sMdgwo{uMv@@s;@LPbh!J&whFpe*QDcU+{~c|5ekr5RDw0z*-%h-V-4?Ew505
zsw=25A*M18@f)*|P*k^XvOc1jIHpe74Fh%?fD4}dH12-upFO9yorQ#S@Q}esB~xh1
zHKJL5`dn!b&zE|IE2flSGKhFSj)}FqXnJ`Wr`ZSRHP16`oixI<__piD&JFrPA?C@v
zOZC}OQT+!GMz^FHT)Ecmf3`1DSL@c>^QB&t`di&?U8L5o)x3rb8M0mUx3aFQ5q;vd
zC=ZqQ=wB+U+E(HE*RDr*x_cu(sd4wm_88xHG=kF4?wNPbMq#%^9)0X7{QVy{;_Zb?
z@xn{9v9@kJ&N*Z%Ix=~D<F5~4T}v05Tg_)?HZ-=Y*)HR_!jsOJF=MfK=?Z-2Q)i>9
zJf`yaqmN?d%>7Il!V_L0=J$VaA&xx!P!0dj>#r+brR+sM_qlWN<P%T0`S8U?UcZqe
zN4tKM70Xu?#ity4$YDY}=V0QvLfG=MGF_S6lun=c#2Fgr2N(RGrt!ruegzGK2DoWF
z{p6FnGW+{K{@G3YTi^H^K6B3JG(P?AzUO{7eaboKe75&`5;^d|gYn$6&lJM=vcn~C
z?|t{@_nkQl_y6}k9CpN!h(`Irar3r9-EJs@oLo{gu$rYP+_3E(PP9U7lb(fr=25O(
z;+#iYM+aV?GY3nSF2&hrpT*nqKwApQSXLy5J8!!UeQK()cGYT396t^#maIl7AmoX6
zk@*6Ru6bA?7mR428nIxtt`?<JNp!U}V&a)U#{P#Kj$9}L875>PBe~7$i#K?`JZrxr
zDPq=736HWx=*|6u16u-Ka7|;1P1?bhpTfmCvLUG=t>WeFP592Es}Zd1FVYVwnK-6G
zGFb6Jys|L*Ja#{B{p3fGl*5j2mu^GlYG0Tu;!?lb${eJWlsa%GR>l-p*Tc2!Am~uz
z*jZj<S`_?>u_aoWy0!4y4R|{y$j#|ec1mvkzfnGVG&(jsgvy{?lyhmRE3S~37SUB1
zZsX%QLrDv{r9`{%(1R_=R2+sOdrd)Gdpqjt>xF<;p}nOMsayc5ED0^2UE+H#Wzx@=
zMXZpC`22@3W54||Xy`CK@A(1`o{yU>skbP-26Ni8CzMu&Cm8$4dw~u4P7Dl2Q1zGo
z*nh^}TDO#3RN6#Ll7GJZh@_LB4Iv4wMg%KU@3_QNKPeI@H#Z6d?AsNboXI7L1gJHa
z)CnX%u+J5%mP|t3T7~!wiH^n-ue^Xohp*PSI~}ZcX%|j_`ON6SzkUQ?KjTpBIt+T(
zex4Ar7hYSBHLYb>wQLc_jT(ko`_v-40r<lki)CV6k4wiU(693e3?Fciq}PmSc~0vn
zz>nQaeP|}~_p^nkVYewqBOcxj&(6OL)1zO&-c@@miKJM<#rkwjRZcZ60{tu)R>u<o
z-8re}H}&`(PU=A&IKI(rZf-*Vq2n=sP79X4vldBdN4qKty&)G@qQLOON7P`12x0Z1
zM9QkMa&05_7~QJmh&OzyWqeY9x$b%4?bl4h3vU^`u;JYB5=_(a1m_s~+u!~c-}=@!
zC7f9`rYu>!7;94%IOCs>;x~uvjl=e7z{yW9MQuEfzfT{n*I+MLCtf{l8I4{4yT|+n
z`Q?{ij$@BG76S(jL?vIwvIWTUS%j^`VK<Dz{wE)VOotG<U`ThKkd*Qq<d6MC`--T_
zBIelE=?!@E#ktt0?g)Hg*Y6`9H7~B(5m@l%T-|2N)$4iPbFm?^Pzjr@&z^+Om|8pg
z?C^^5IBfLcNTvCCzW^4keg}6hyHj6QrePccNP9!N0ecUdu3s?Vn|sGjn52GN3s?VD
ztB`#5S#@JRJP)jn7Ir(Y*Ug?^+<8FLo^ynK*3@2W3HH^7qYlG>h7sFEe}aAc-bD{%
z+JId!s&><#9l7Z7iyWK5;HtqmW9k_)ohiKBj{37aR(Sl#q9?JkV;Md_;|orxEyF{P
zJc*ZHcnP~tpN_x$>CYHDZVX<jn1GwkKUK!+9KL(a!}#pMd+Os;-~aa`xah<Kap7%`
z;l?i?i;w^QKe+$=_wKV>o5I5nJ&4C2dlVO6y6I1c?MxhWz${#M!@u-K<(A^AKVOOR
z@-m#k?a4mg6PPQ51ux_@^q;yI!*N%uW4Fid!6w8Q_P{teM=HvGD7*yc<$@)S+``B$
zjg)9KfU>@Elvl=)?C3;}+m9uTGi1v|nomed*nnIF#Uq0{l*=S19jwRt&K9g_YQ#IM
z*P^34g}2{afceWepuCJ*DS5$>gd{KC{pZx*ExU*@T+KaVZT|yc`K8cyz|j>tUAtx}
z%`YdDos85l2a=c&&Z_b%3`#fg1BXI5&BTCaAQwV58A8jzk$7tE5^#58nWQiCAVj5o
z!(uAE(mufYv-#09c^Ms4Gl6T_fncuozcJP3=;#<5i4%OYVA3={6R}uW2V6PTuBbJX
z7WXchy~V^kEyrfUXjV?8zPJi4=LIqnP9`yWLnbKhnG}-UozgDl5+)~;FKLr(0-bG5
zNF_QEm2~?^zwcKa$AG$ORLaFR#~TK*3Y{=CHMi;ofeYfgda6IG<;G$x@=p(3qu{JU
zy&b#pc1>?UxBZ>pdxf&B)RmJRCrERWFX{J7-|U?2%EIIvEbD$7%SF~E-c(}BXH0t{
zrd;V`I_=VK>l5u*+trGut|qMMXu-<XMl9^yfCVB8I~%d0WdrKFhG@L^3%qsDHi>jb
z<or#cM(oeYDgPAThMo?gi`UtB*nFJ7IfX`<=eK6$8m;?&xjnWFzxc~L*!%bwF#Y5e
zIP9zx&iqC>uD*E?R&?~2em4NIngK%iM`6MIAK}OW-^1xMzNF89ZrC79*U6t^?P~Jp
zxR?5QK{q>*=5>q2l<i_C$u@p2o7c%cpFi!8w&UA{xq8a5y0ur@(XQU|1s;6EEng1R
z*_uOFTOP^IpxDg|o49hvxO{1i&4;@cR3H2E=xTMa(i^Ownl@NTa9buF52d`+Kbc61
z8!%x&6t|u<5f!x|ocq!O#PVJE*svjJ&LmvoV8x(7yi4;jFr;s1f`l~A)lwnIlxR3A
z;}GAc>LI2%`Og>2@hyGXASyF;n7Z$tn2#6m{bxUkHSNot)V4o5Iy!VaImu~v$h-u}
zwh>J$JmyL%i7AgsdUyk?Bin(oeaD)1$(X)0d+lu9?#noq=-M<|gRQ#a$ZhG&ds|`k
z=kuTh^PmK(<yzObuPeFw0b<r8RBr^ewfZTkOt@0F|07<DP(?kW)%_9a*AHQdQ!$_(
zRfEJHuXO8y<=n7j#dg!5Xic{3jn)Abb&kvCV^#YqT>tv@8$E-{^U8wtF}ijXy12@^
zm3Z;lr|_}UK8A@C$Kvu|{{mn7$`^6YK~r$ulM7|64&kS#AB2jC%!xTD3qsC}UFWUu
zBV2k3x5Xai9KHWQ^2}}HTSH8_rTACB{5cLh=n%)n$9n<O)#W7X6}%`Ji~bqY*m<})
zV#8AkZXOZv+%v>fgwHQYoFFIPscv+2%LK1|1JZJ#NXY~t%NI8>j$9}xysH$+b5bZ5
zx)8UK3OTKwj&z_N8-$#8%H%y4D@Xl+!7@ot;ohfS!p%2bi}v<bAp|5#X61?|^>I~m
z?8PuHZkP|aXdzvKT9~xSuqU1((lDlWLI}zPJQm5Ls-g-5Q%%U%)X1b<CImuoI58kO
z%_Re99WVlq&3!|6o0dxwF%f?Gk<&E2#xhUlPSc7W>z{%eIIcTf^gsVp7ap3tor4}l
ze+;)7BLAFtCZ<h;!m*Bh&}{3aF9$!8Qz4l`PI;@vv<v&D#9<f?=sIc1$hp9+zcQ&5
zvXIZFkm!<lwIru9>5d3t5~2{1$@k!aebK+R0(HD8lS?2Wgf)|v$t&9~UZJ1)AUWmK
zj(X{;w(7&9f*6=1^DD7AI`#;rr+zjDe>^IM6UGU@Bc&|oZ1)mywUpNr5>Ap$k_^6q
zm)m#wTy<?oOy`&+j4wl?=x0|PaMGw-K+|n#Nwi><oF_|@twLxUu_V=srKvV-NOb5H
zJQ6Wop%e6^+s+W9jGU)5qz~~k6)&#XfWJH!z|GHeqh(<Np?32<M%E9>>7w>-tmmSc
zl2f@31X>WT45PhyJ<!&T<hnc>mqzjOGhsaXMmf5LRJ4WavATUR9-ns;#sz+h3F#B@
z_}%N!mCRx7hE`XX9`*B})U7l;C%z<WY*WInco6i@CL@T-m_c$%Keh*7zQmU_S#lbP
zCN&LCn)&jh*3Kkanj!5A{iF;@D?tLxwr9OCEvB!NSyrZi$JVs=p3q~slHjG2WJ^-a
zm`H!Q?#5#nG;E}<XigqK8i{l*9(f~yNr7@4+fc6k*%AXQCOc35Y8pG;t-tXx&?AO@
z4}~{G%c5}^dm<`)36fbc4XVkvooBLXbfnwSl5E2I#9FLNuG0QmJGdU1K?!{SxwG-&
zs>gave_Ms;H~Rtm19wf>_OYfF5>vW$<-5?HX?LY>tN}wShq=$1u4!E(*O8^#4=pkE
zg1a)<51D7t_d>T)to|9#jUv^3+B8(`w;#%8&P4gFS*Y1>UsTW92eo_8K+RtJqHdpA
zs5@{L1|4w-8je03!;U!;!;d`*Bai<G#(v~@OgQdDOg#Q1>~`wusM~dt)(^|aawXTS
z*>3t%QW<_m5Qqdhj;eKwWTg<)>x7_o$-L9+&Xdd9YvR>1U)}VI_@-pc=+XH14cFuH
z%PzweKlw3!e(5E6@`fw%>;re<vYVg9nhk9jP!q+l`U+hCg<~+HU!|HUemapl^pNIz
zArC$H0IDluu6+74pT&%svw94>vxF<9R=;n5^Xs_gx*K{7w<)>m&ws+G;SKo9)z|2j
z^Pa-^vSY-#592xU#L*ZGVBL%}?XH{a`0gVAT`5?K-PA5&<?^Q!W8N8xM&+VHKWCDZ
zl@pS85&5!%Oj;%xd}dTG6x`AjiUg37i9}1f6CDHhLUQJ5$PS#0x=5`I!s{@+yal<z
zyP|B^o~W$Z1&PRh_{VLt@!C79^=*b}p-+6dOped}*#X2+%vP3LC#tL}{J|Fm@01%G
z4RTePr${{nrS7@<mPRnsg;X|!cF06Ps(tT<F$j{}2>VQjvq<FloxQY>Qz1-3R2wC1
zF588qOd1l>K3&qX32{ryfRU8RLsuw<biip}X6jhnRn_-U)X<XCG(s4nXzGUjktUCg
zIIs~mA!>M!t$6C)^^>|K@kAyi{ahw4Dd~?Kh{TD0++kpNs_3IS@tlz3Q~(J%H_B_v
zkZx{7v@D3I%*VOn6O{7;I#5eH%5gZ57sAR(92Z`Nkaes@Yik?gWo244P8PVGUsoR-
zy<GiN=)SR^`dcgQrQ-M%0&Ohb@ICo&Zwd3IXwFs8e!G+tC6d#MP=#*gt%`?rBG2Qh
zKtxwexmrrX!>}Z3oY-@<qb1pb^_lf(&NpLyUM9wwgmKR%(JDgHLgBeWlh>N}6YO=5
z{hf8eEroC9>M*xnCStXDj3hx9-QydY(KnI7P$BD$Z+7Cj=hh+Ayg}-w3F+>3L{pr!
z3CUym#7st7fy!>IS(A{y7C_(H3=SLkRUA3^8yM5DC!+nMx+=rxKe=M#C0||?UyC;u
z3wzA^Wm+r?S2jsLS@#sKP}L8p5Yi@Ps~Dg+93pc43blohZILmin=5e{1QPsqvxLtE
z^ivlkr%Z<{yd<^V-K)^rxK=0C%u8}E(#L*QhUiJhQn7wsh!6j{@cPs4?MK#&I^Xxw
z65Km`4I10J@Wa2~fhp-qeD$C)+P=I~7~@NXM4}NsugPcK3pyCk?i{Nj|Kv}v4LcF6
z=SV0b*Eb=jfv}89{3^E)HyMZ8Gi_*0uf>McIy4J0ZA<Zc=Q4gJ<(x}p&>|E5L^6l^
zUHan6ITzun756!*Za?r@Q|ice;j_!EQ?KxP!SkQjhE~y!H>%9d0n?Uy)a{|^(2dua
z`K#yY+k2TNUp!O_ex8Zx(Vuy5E7-qP|5ig332xu@!dnj8{}@NNRy)G;&I)hdSh3em
z8;6o@?KJv3H|(|*A?Xhp>8xBm-CEcc)ULF7=994XK{GDrOy1cYu{HSEsVC#R|My+|
z`nSI-lIt)18m0{Gg9~qc5@-JD9-Q%~yNl#gSKaHRuyb(8p@*ThL$2kHoN?w^j?eoC
zk39CItKTcH%`x95-9mi!bLVROnL@mMyti=4sU3J|@T60d|MgEj-IG$?teC@1iub@{
zHLz}8Q~vQ{7b7|4+(rgc6(y)Lxt0qZKRV78Bo31N97Hf2L|JVGYKHVjMcp7oYh>an
zv+q99T9gkOfV#bpMq=9OC?`4XTZ2TO2=aaFao5AoV$mv@Q0c~C^K6lKrOKAQ7{*=o
z{eX)XN|waryhX+wsSD{Ixv*}n4yD_X7LwX315{Y5X0L|P;#NXVIY=c^$jPA8$mf=`
z?MTW5A|ZoAm(*u6CzC=UNeLM?x}|N>`uPJ7$>EXd0DA0NHziKgZ595rX;LRO1T^i+
zraLI<KkB`igPs%CrqB3FeC=_ONWYT0B$<p#J!aX@g`BcGa+{ipgyW*N_EXV|pX=#P
z@r|Y=r*UMOn}nQ(WC9@PfJ096+^U%8vrAbao`#%~erDu+3bwCPa#~g{q(GX4pP}Hy
zffEHs*^R{L%6ekC3T1Qs?T_Vge*9Cz6&t_cX2O{IdM_ZC5;rTBnZoM}x9#?o`tK8t
zqb3-0Uw%XaW4H10TEQ3RaDvIzj*d)+u99?0owo@g(^WO`Cov^S<)n*3cM4ysL&BqQ
z%f6FEz;f{gX0dQyS7bJ{3we?GVs*8YYhXFnkF7*zY!wniYtcNg7L~Df?2~H30mHHw
zJF*HjF-{1D;0N0{YnEAJw=n+=2t~WFZh0DO-Yi4=@({*$oQsi}qY=tgV7(ApPSCmf
z%I}1F`=9oq66p;Z$AJw?H?|kasU@ZvxmJ;!^6kC+6xK;6jl`KBAB}T9ISC&*X%J={
z&<7)i#&l(i6L6iZ3rSty+^#EBI)Rop<r`A_3$d<^)oS|Qd<o{QpOtZ7{k&n`4I0h~
z+EYC1MiR{YXy<sza^60BDbBt14V-rEi+HDgJic*cHELwSok(=!;){NVOD-{T>7~C{
z)4T-fFYZf_D3|}@Zz__D$<O&&xH{2k3q+%Ar4T}M^m-+wMMBQImTaS(XN~Acw;?U<
z!<QiD)1q5SuHSOLrG=PMV(};jj_N0uSo2-jXrRo@Cwj<dt3?ZF&Lz_xX8S6I&oEbI
zsu0V?&_{m#BmMQ|N0#Vu)pSh#SkuQO4Zgj0Vdp|a_N0{+5jj^x?5A4@rfsridx*IW
zqEI`x5X*eadFhclYar?Vc7Z_b=6n}Is*m}EU6Tt5d=8sp-8pAdT?ITh>^ZBZ$->oR
zTcj#hjYLvNrP#Mt`1a@ZUF-46s#j#Jm3rmmh<}cq!rQz(<-e`+(LKiCmaiUz`_4O|
zSLrF9FTVUQNP(OZ*26i}V{3IR*5A6j2b&VF)$1;zh9s&#Yl<5Qf?Tcig2jQB7eaoL
zgck$eA>{;;x>S^x3yH0e3wMQ(od7ygb;yPi=#mRc{fLp+_nW`Rq|>fO^<EcX;PBm0
zRUJZQxe(b1x2T3tKcE3O-1jt^T3Qj8K}+9&s$wTcj$TD#bpKxv-Dc|ri_D34EQ*v6
z{-<7h1&_~b!c)&I!^_Vv#Qc}$;@Q{c;MrAgAeLy70aQqRDlCJ)OyV;9v`GkMEor0z
z!|~`VEAYZI58;jHUd5spm*K@XTQPgd3UscVgL=uQOrNE6@>N}ws;H;~>$;bp3n%Ed
ziAj+{7@dqJYRa+R9C6%THe(}gi4cr0cGsD973;`<Lgu@>5l})Zhq`h~U3g4WbQXp9
z{3%~q#y2O|$NON{(fu*^)qf(@+KfIGaea|bJRFd|E`6G6bAlujpln(uK3O5HiB2qA
z^ftzg9-%K8%Vf<9EI4^EechD5psWZ{a%{p`G43?g>OJ;^Q_xTA)Ug*yZ|>VqbbD0J
zy!66LOi4<)WtS_a`VG@uwGvZv-O1}VJQB~0)FqFTfuz<M$s9>4KQYprO}HzjmK2ec
z(v)CY&wOj;`w1+IZcXMEeYxIpBAsl_p=~L!n{cnMjt9OpA&zg&sKLp*4#r^zHQ<cV
zN&Nosfw<=2ez<&0GbRWLZC@WkcS{`cK2p$p6N1@Jxi+**nvHn#&9zv$CWrOyX{=h8
z$I7)iELjskcUxZH%F78W^&rwR@#|@o&h$+a#tYY7{&@Xno05dmPIue4ZU5#<=)8IJ
z@aikGv2x`qZO@_oD=~d~Kb&yF2z>5KlX2GB4LI?nT1?w3hJNuX{ZtSMYA)4<NTdT3
zYgc2>32$L=c~WoiaP^nZ-Q|L2n=jL}d0HK}20g{2n-y+BrpXr?BGZkEcnIgs=!2to
z8HDGTrE$WDJZ6n9$1ROH{B3an7hd=^{NM*)QThJ&zpUnW&i^dV`_4Hk-#+g%u6*m;
zpEmhBDyV%YL(V9)=i1PkYe9RqO|D(Mrb%6712PuLoFOG-Pb969QF~3_YSay`#hSNQ
zBC#Zm?@aq0ru3Qaq`3W{H`b+&*zY2l!rPnqY$>lBeIkQ!)`ZXFlnH06%o=d0_7&c&
znp{8GnfI72>F+cyL`$GW&ked;)7rDqtP)qQMluiPy{#abRQ;>VT-_<mClKLHOvzj3
z2;4f(J|8cWu|~}DigJ~T$_f?Q>CSKrABjd(m<}bH6*oEGS&ndRrRKrBw+BoeX3;L!
z>aBr&PJL3}Ntiiwrn*r-d+nffrxG$I6i=gl`0%mqaL+0ZHD<VR{`2H>j>M`qYpR9*
z8fG(oPIwisyZpRRUrpB>bJEH;4{{QoNpmI6TokxXgLmQR&ezE+ISp1SIc;~z={l69
zS7PkgAsARS7U^{%)FeAlSrbA<SqSAqOrzlt+PgD|3>b@7X1|U^lHas56Pi%Skkeuf
z3)r|MAIu-?*p$VZGFK-#jfRkvI(Yi^S8#n|2!2+!7k*bc4S%bigzMsC@Ic)pplS$G
zNtp);LCq;S70CzDkxJv`fy43rRSo#YJ5%w+x&82&m(w`+)pA_&VivD1Sb}o2iE!fT
z5D>!l5i9D}vzUHTD91MaiqaL6R>#!(5j)ALadRfh)Z3cxD*9(cj+u_J7awal$wylv
zAmlXBt<PVRpqiCahH=8{F>lt$1V#=>PJ`V6AyZu#JE98@+<80N)~^wA8bn-(DaomD
zR1-%g=zLa{FI8In=3Kn~@{5L?*4D`6UC1d{y)|t|F`K77w5ACE@z}z;yCVNe-7GYo
zh>36NX=Cx$<Mx+Sx)TAucuGJbUmvSLUy*vbrqJF$D3jS>olgABWXEjNvqXc)2>GD!
zB}gQq`gUIV@#Q++71M5hd|xJ@`EI$MNqFI}N|p$>Kfh0e<>N$|&t%5SR-<oi6XH@P
z;h0#xCV{mpfSP9DqtP77=RStT^IpOFHOuhUqSr*0BDpe%RI5x>t7V7@v<gw{LLl8H
z1#ZOr1&gtCZ7bRuQ&_z^q3Nxb^!N;CFlx3Fno41>2q;1A4OZWxKBETDBXcd+RZm{a
zB^>Kp!!wMSH8nLl3FXT&x;neCaKS>%e|rhup1T|i7A?o}Wy^KDZf#{8`%JFE$4{xj
zX&>*8GtV4?Lk}1%<4ZpbO|%2^UqMTAi>~^ToCeCI?nqM8-P+dPeBJU1=;jscR#YD2
z>|&$v{5f`lFJ%fQ+mKGC^u<(X&lro-_a2F}_N>6X^}wGOcVKm5HPV@sjCtKi$^@H2
zyT+Ga5!|GCWh%~#@apqk3DKUHekJ`>SMRvfhvyR?{SgwHmH7ha3~3pQ(p({xYh?dn
z^@x^*vE-F^Ff1_+KichT467Wi?@}O9>M5VC6_PbRFUtNGNmi+zT!rVggV%tS$#=9a
zN%AP;`j3}u_dxv|)r8uK+GlwkX5ZoGWAZTxEB%I&jmY)cc|M*(a>s8h^Eq$k$-H~g
zX-kA#>s9}{I^9N0Aqj4u_coTj{5+Pw{<_Mt*IvVtS6{{AS6;!QmtV#^FTI3?FTRKc
zFT8-apMM^2KKpEsGXI%p(6V^3URO!pS&p*)l9%MkynE7VOC`k52}ytGO7i>NTlOP?
zrcR@4N8{LW$7=s!d+6Bc*lDilSS91CxwiP?i!a+xLZ_c`=8uLB9i|_d9X)!CT&PL<
z3M7!jlnw>Xc;p?HN`|mrQ9P76prcJ(@==JL`DW57G;Uar?(Qy(A2-h2edgBEa2W0F
z9ayz`rA{b1yE-v`{5W)UB;_I}bSIcVvyf9x8<R394VDXdWxw%Qu(S~gemgQI`2=(N
zOa`An>F!RVJ&{AYs}<{)%)_9815jUEE$T?+P#wAWP@kT#xn+O<LrP)`W7|P4ym=WE
zYs(`TJa7=6fAeLehYUopN(Pc{5*HctrCQokL8-qW5{Z-$DH%*NW>S#jBq!O0OqaNe
zbOf_#jRnzf$#Xb3-;B?max6OYVWe^))5n;vr$V*vUGaDjp2HHK?F8oP(MNQ%6Ch4B
z0wNa0dTv@2wtf|~n|$<Slsx3*<MJKy>t8~=PaKKXc0|OD@eLI+@wHDfjvg=puF9m4
zku=izAgTvU!GljM#(=(k(XXx^v3R+VupFWla&Cp1H7tqgyxDVc!#^*_M~*rf{Rh{h
zZ@<2hg$(E-+%IS9-sEXa@3BCvwtT9RI(opimGW@qijxq+hEuUgxo({NTKjt=HMNzP
zvu+;#`sS6`bI&oDSTzwN%En@J`Dip$jlh8DaP%n~gxc6ZR8{svU34(|XNDmjj-x%>
ztlM}~QlEU&Yo{<b64U9?BQY>G0)s2YVN`4!#+FaSn6e3&P%!}$E5%+j8Ivk^#V%F5
zfR7_CX<vvhjQWnWvH7Ub&K8~Y%7i(a3*g!Z7oyLU-Oy)DIbx|e=FG|AieEp82k)JS
z*>l$+UbPPY`Td_TsGm%a6N3<lXVH>sM{BYU4?en32yRkWi;*P3OlhB}D37ClU`U_c
zZ0<}W*-?hoLYnHLt!U`qjOxmA)Yh8kgZQR!HAOFK$5mZ(MtI=ql7x<0bdz8_S6Cih
z>6G)Mv9VDn{OptE<>hD?+TaoaqQ1Ufu3<v%B(LtycC@uLp{a2l)~{Wy-#Kk>YezuB
z@>%5CnlOeAk7NELS7XY4`(fT2uVYYsrJQH{j7(ggxef8A5w9DpQ%ANGS{?!4{Ht{!
zHQ=_FobQ3WA-*pPDVQ~DmYi2|4u>PUa!ZWrAIHprS;R(-#iwpxiTLvQxZ<$skV~>u
zQK2rqx_QSvhVdR-eYlI@86g>C$BxyPE(N3I1-&*ywgorM|070B86kZqtvAsq_MH@#
zn3|Q-G-72@3>@AMiMB2*o4pvv4f-@bG4|_-$vGU7>r&XcHf>LIwzs09qC)GfG1Z9n
zV6zaVfSe0m>ek-fjsfu@s4F*bl4T#^4UCF#1;+K2IggMuZh>9dv=T3Lydd)(nTzlf
zG9tDg*<)Tq>bm=5T%U3Jwp-pz>C?Brrn|N1Xm4@#Ppn+7`SHBzTD%mgrAv`mz6PDE
zm!NCKGITpqWM972Jx(oJiNw<7NG@A}?6M_DFB3OOBht}<VA!lqhGZ^Ky~nPIl~-;T
z{VnFLnS+X0H3nA6*tQ8gzVva&W>$@Zp&-W8j=_oJPt-clIe-Y;h(bHvUt05uo)1%o
zOm$-W@Zn>7AasV1(}tnLv2eixj2b-}eETX-I$gn$F-Qk24)P2w?%NB+DRHnfcb}L?
zHk+17#0LE+^SH5N^rD!S$utK;e!FqiDj}z_sFK%-6DOiWCOMI41)61|*x21ii7B`B
zjI6CdIyM+@E?R|1WsQ`U7nHOT)0Bis2uW>Ehfsk|tX;7Lqel)!!$9XE#yX&=X1!qh
zRmV;Q8`)bFX$Pr)q!aong7SC_6Uq~qKX*BDRm1qE2c)HMBxKS^V&Bmz6FniOygO|s
z1{omHg+QWHh-n&KohigKLDXcTI5_+|zVW%k(432)g_Ad#M3w1a>trpU9#$8xed9Lh
zwN<tWnyM&dO~MXLoIp^hl<H-b+bnqWHHoX0aBqSzZ4yJ0)7mn0k(|mgy|{?UI5bSZ
zl=#B#_#@fOWxJ7)iE0K>ELa8%8onpyzWxSox%nm~rWu*kXR;MoyFP%~FTae(9=;u~
zy?h@=$mF_z-(4|y<N);PBNKBzXDky(Zk=Zyn%_o3ckAaVm%tm2yB=6yBnI*FGIcZM
zC}86}ijQ|Rx}^`-l-1x9b*JLHPkkS+E|`xO7QBup-+mR3&3_q>y!8See)D;iN9MkW
zhvq+z2i|!Gr;Irci!<}}+Qb!8u9Dhsmkt&}dd*8WV9v@pn74W!=C7HLx7NLdx7WXo
zg&P)Pank}UYJD3^+7>D?eQ3<nsIJ}e&mHUtuy3)=c&+V{^ZMV9yov0%Ny6Ir#^)fq
z)}-;$b4!51{V*&Y!;vG)F>WHT`hY*6f9rIFqcN$E4y@}c$2||eE;GF_a%q{|btfft
z>06;J!l61LpE5yjPs=1eiSBeQmaSy^jTqLyQ;8|bj(vvGf-kHiyaZ<>qADPXqdUvO
z^OiS8T3cK722*2Gqpr+w#gy)A*RIu<8qtmAwx1f{_aYgFx(pgL5JQI!72?_#Rh3nG
zW0W`OI7TKrl8AN4M7yjCgX_w%Zs9Aas_lmiKcgYwjz3!luB2MM`Tt$v6piI!96i?^
zvaS$+9ieh&Yxzqry@Z)FXXqG?pb##}m%4`XDVd;$aQXf7aQC_{{NodQVNgJ>@j{%b
zo7K--*Mwe^cs{CW;I)^M({MEI`0RL)oDQ2f9EtXnAq&#BB&AABm6V$2OY8dgLH*!5
ztXsSW9g92gm0f;{=>rcH-G!8j{*)botc;U<hMG4!ctfNOO+}9ZuwS;MIxw~Wt{R^D
z_buy(LGeM_uDn^o{`mCzr?5W19{e6V+lOwp&1kpMuWb;fjGe06)VZy<qRM=acWYtw
z?=xr+TIS8sn?kAPE<FcxWzq+wdvUdy^_LIDlw|TTDO;zyBI-yqXkLI+#&;li{B&zC
zZ{A4n<_(qM2OhB9^ta#(jTSd8#<amx9G9M9$*I+AOtlcx35J;3_M%vFO6idHdw%8f
z7+pUGBm0ih_&$92*ggo{ci;W_eP+zWefQmmLk~YfCl|a>a`5FvFQh9dW<c@|Ocuq%
zS<l!wRx!+=Xa+$_I+ehJx8B0CrHgUWM~_EWcehNGx`lv7g_y3w%QCsHs;bn9#&O3T
zi}h=pgdF8?^CS0T@PxyWkO3+o6Y~8VVrYvE$J<L+prWp?OcZ3g6A-^tN~KFKzU@Mu
zs)8xJ^ZE-o;pp9P&|dp#p#nj<Ac^8Vm6<4%dvj{w{R|e?*lbC;s+QwQH3ttFOu9F$
z$Lq@ycq9|XtCjr_kcnKZF@=`yJX*TAtv9XPr*cA0DX~;5;^{V-bcWEK3L)0E0^|FH
z@w2mMpe`a2B9+L8WipeO_TXMD!mUPQv3;&bIAM+9M%+et^W)&J|226|C@6N|Wl+`6
znwtf$w&uS=GUCkuz62@2Nu|^|=3a?DBWtl?*-BK%BvS`RA+W;c-E+mJLo+LcD4S2B
zdf=|O{l3{KuN{pAOFHn%Gq+*?y@#QrD}gz4-$XQCfzIv>MhxwT;Uc5QRO6ku*P>yM
z&tvqc;i#$WhrBbX)$~mfHxr(a&N*WyP64#EwCW^Z2l%4%$<{-0F4lERa^G6ya$%I0
zM}?$r{<rFOd1MeS-|t&^y89ko6|^g+Z9-BzlUW?n?<2VBg_|(%VDpW@4-(kd_-UM2
zD5rh>iI*4P#jas^ZD|_<eF9jzE{GMczk#XMS?n^X49DzKhsCeYN9CXp;?0AQtLwyq
z<r}be-4OiwH!q;6QTncsvS7Xfxv-q;l76^$AV!TVLwR+b62Mrf2FurMzzIj@aM+&h
z7%^f5YHH0ho9shIG5$IIfd)HCFWrON97$~X3}z}HL|jg(Wy_c8gtDozNz>sZm@B6J
z`}fy!_U+qO2`b$Z-TY2#+;v~|{4IzIvB)NcTy)5FF=n=F+UJLBL){oKVINe~)NB4P
z&7O-1)Am8U-$-;x*_bc4aPzr3UQ>zEafLdQ07M|BQ0r3DUW<A{Fq_hI>yLl@1I|DH
ze7$Bf{gtg*{OyVP*wC59UJZS5(bYHO)YFg0S7r`IWjKwWUv{0oftp}=N(Q}uWAdBd
z`jo3TO>P;!{PN3j)KN!a;J|^1S8n;+Ft-*TyK`6Ub?kI>H6@hD@v#fDVk*~azT8NT
zhmLNLYia=Ry!ti<q=(^i6D~wuyr0$&Nyv@_SN|5we*^pMvyVR0JSY1G*5;OKz3J+|
zjEfvo&X{y22G<QX+x<mnwj<q%w)QsMxb~k2M9eeO+|Jt*YPxDLrhAH9>-WbCFT8*;
z6DI4ffNcTwU-;%6OrJg-^X|SIsa4C6YE9`2m`p!0eaylVX7*#(o-uFa4NDKUZasnS
z$-#p$?ZgxD{PWLm7yT`$<3C>hI}RRmD8~2ioj_jn_(j?$cz%wo8i|u9o~&_8NvWL+
z(Ej-Hr?9kTF}||@*PT>+`0%m4;H;bu!-9niF>3S}@OxoADJdKf^@1YTAont)mcm78
z^U?E#DX-4*Px8@=f##b>TWc%UtzCmDQzq+{US1IRY)ETc8&<94w%!Pm$pj`%+C{fD
zWz*g0+fRt-+Y7|bxA?{|wr@3-HU-eemAvwh5GNr}&Wb6?X_9Z7OLn6w9>eODt1)6&
z5Mvs4p;n>~3vH%DtcM=4HP!HbgOCS>w=Bxax#$r=oG(TwkD+#842|<&Mtiyexta>(
zThc;2We`hqI~8BB!@Jc&QWGhZrP@%LYT*)xBooB=STjC*z%UG{t3tVu{&+Zqiija)
z>9kC&oO))<Yd<hr7>J)j+<R$-?GASkbxb=z8M4KjH3mlKcNg{`3oWAyW4Gs<BralB
zPRsg~p|hnOVO=>j=Y>g6{_~`fNw@h1N>GM=z8nO&@5yB{Q`sA}bwhCL&Hu(R2am#D
z6Z4p{`$&;d*mKelOrJailScJLL%%W%tf@n?r4zNg9D=@;GO-q78qk+funkJu!GY1C
zXEFZ@&<TnB63L`a_DwmBpBBN%!<gPWvhx4zT?Jqj$JRb^SCSACB)EGig;ENoP<MBC
zeQjS~->chScW<dHbpeVLsZpd*+}$DWp8V%KGqZQ^%?$)?DDx%f?(EDN-QAh_c4UqF
zzLOe!qYfiaa@H`svgR2Yn%0jNS1y)mt7gO$#1zwf+eLJe5z`x5-=TdRIKcG^3#<?+
zWAYW3m_&y(52X{k$5Im}S79|dbaB5Vy6Dgp8q%{BrL}5F>o%^UnDltcFUpqAT}VI;
zb?O*LM-ED$^Um)@9a~3IbZjYwg@jXi36oSN^Vys8X-i%iZOtm9f|3f#-<(aodWBNQ
zRy8teDLa4Ss$eF88?MV#-!;Q1BW@>*^2oEp=LNYr^68h%%uFGnXisoYwr|&7rn6(@
z5Akl;utEIdWe`S=K)7<3|4!-cd&zFRQJlZ9geDXnpF{~wk}08S3yNvdj62{}R9ad}
z#iiwx8W~Mn7ydy}$xVr3nh7z@ui#EPCkrEBZor=zMa2=Fen9fzI{HFtLmd>_Kh#fi
zr~gF*ju;^AWF_Z4E{tf*?{nz2iEC;8+EPkOZAnib*Njr*<EbpTjD{Z8kNO?fnfedt
zLWi>SAJ~-+AJmry9^Qur4D3w<wG0^0OU@0XuHwi+-v6$V({ES3O-<W2rLw|uHDjj=
zFA5Yn#SXFUy0)frzJBZeSVM=!9z$1jx|^ayV`U2Oz9yys;wWKqiF*w9O-_C`Wz#mQ
ztq7xlYIR?N;NVkDol-i<{ip^7)GQjbGYc~3(>f-!K@ohX>*>6(mwMG@PRviEo@qVh
zytJg0QktddRO~*G{^9~`5*aS*PO}%xBfdGQhU<X(h$#dkp&+F}Ou&&I5L16?_LYQT
z!{oTP(r<t;*XFFD&G}oooZCAu08BZXeEh!gcfL1*g_xev@eHvydJscQam0C1WikD}
z?l<bd*RFkXdkMqB!eZ}1$Z2|WtT|<J+6HS*(OFXutyCOZQMv;19D8>Nyqntku_Irm
zf)X=JNpUf)U%!?zw{NE&J-Q25lC^#Tfs~V*OWT;VVk0Dw*6!VV$oj}yCZ36jO(>&z
zI&ECDk_xl8QV`ZJL^qX@rQn(}t~fCg7=hN6D^JcJcPtBQ<EW}QkHRZ*>B>vbWAcg-
zDn!T$@lG_uT^<J>+}ZKXhnpOrQ&+`O9e^$5xsj=<q=?!|8qld1ZT)K{ZO`9KYok+W
zJ9k0@OSn<3Ea67Ckjt)^$$p`{=`RY1W`deSUBh$f_&%-JZwrcziJ@v@@)Ly7xgfqS
z`elTS2;%yh`#`6(PWc1uu9NDU2f%po=e8?w-;-#NAZS=UBOmfxPa6Hf_ug@zq4Y7e
zi90Q9UA1L8g~V|AFsTc~v&b4KA8y+D7|cg>Xv^828%}mCs^SKCLjvV+$G_(xgXqI|
zpQ5%IL_IpCP)aOzvySAn2T>G1Gx70p6dN1E63rctP};IRmjavhp`_RZ3gFJBjNY2O
zK{%sw+90UANO|WDmM+6mbn=Cq!p(%H^KXg))@;T*Asxbg0XC!xRFO6qudIEB`nTvy
zt4kJBL2ZTX$ZLoxMnKwzccf+8meCCv2Oc?<dS5OCKK8Gslj548O-PTap}uL6)V5hH
z#W#tk;Bc-Vs%vT8+Esji1<=-wTP2K*8#mI*70al+JdZl`NTxQeL#f|@Bs%7}1UmQp
zMC#l#m{L*$C?%drYeh6w=2X!3b-8p{&sgf#El5TyO()h&WA%M{yzWZh%jZ^Qb3}Lq
zMMTF?a%wYbk<pr3wQfsk+~&2+XhSi4-v@@MZ(Ij(y@dRrgDoRjTowuOF;uvECO;p|
zC;;RqSk0g?^#F(=J}DDaiWi?X6u{3c)~rTG$I`;(ODUBZVrW9TyokeywDD&k(<Hf!
zjTj)m$fG;oUU}BmQcvkMr!(iwlr^XLtOxFCT$7fe#dO5bBk0cs>uC5PP3XkFZKb}&
zOF<9_6NWh&vjM_&pp7a`_zrG}BBxC7!=mGMd6!t<%eE`{Zq3`2)GCEa3o4j2fSlsx
zXcfgL#8O7bmb7*K7TWaJM!Kl&ope<C=@iV@Hi*+JQ=az&P(pYav2oKzYTddu73LOF
zVY%8Q4P|P|HHX{C4v`%wJWPE`MrOz`uqOJCyvbA%p}w7Ko(ErYhf&j3Rqd!-r*5=t
z*)nRH(v-r&qxPt50l5pfthQ|2K<(PMqwLLFsjM)|A*K+-FS<G{7&VnPQWMjV0BkVn
zoo?vh`7(ksD(7dhUB7;`eA#kJY?>y|>z=0HjZP_@>Gw51Q+{a?wTx@-5KiR599QP8
zq;_%b=!CW>IPRw1_Z8@mUpbNcNHug`-wSjsdya(*7SQ%>+Z!w?e61}k{;BY^h61h<
zOs&8Vpoo|~Mh7_8_6-rEuTaMVHJk`YDBf7-<m6IOaS2xj++=gdI*coC9C4106B<T*
zG(0RUf-CkgiU<p(!mKTny>2PZob)X%nLdtw9s2=op7cCr&!0%^moBDttJl)HjoWB5
zccQkf-^3lFH59sZ0(FQgrGMXiHI)~kyN_urGUTV=PAZGPywxjpz5hMJKM=R2NgoWT
zY}FA5CZ*gofs~e32T~yuAGV;FnrbR2$*1FvX-C~FvMDK-J5^P+YDyJ%&Zr9CG|VO9
z#<s8~fHnuEP?MMtI<-SEopMM9#RRF*)#{K)stOEe0?Qp=CaAdHUc^+jcMgz7Z$To}
ziN}rw=PnC#E~oBuw|LaO#K4%{jhI*Z+{!xzQm#DU7hyR98_qk9)qL;ad$JYf*rFbz
zrfMprM2zwRISs(ffKs+EWBm#$sR*D|>yv5l;B)D#FTSMgtfkbmdl0oukD}<vCj5}|
zbHe40PHR;aMytyu{F)lR3ZdK~XFF^FA)O3~i#s0bfd2+SE1O>lL)*fv&&5X0wOP)!
z5nwkdi~R_cy6F(^3h>Do5Yy}mwIeS&otP4esh;S-9LT`4Us4?=9Z`@eTtnO=urCV_
z7kiwS^7D@)?wiVjD!%WssiYuB$Pb9orcIk@)uPojZ{A#*`Nz++WWgL-w`wW1ORb>G
z&u&VO-JMRKeAtX$emS0Ada@Ore0-8xBgt_}T>v<@iJ$vIyBVmvN0gOt5V+^jp2&U3
zKqndJrt=9ijv$;M1PKWVGSX!_sQg4wC|+1rm2$4DBz?@ug=peDq@4YhRmrsvD9a-%
z&84kdxg%dh)W2;@S~ufc=B`B)&7>C7dK(IpU&#@k3qN9j>*4`6uEF|$P80S42#%!=
z)eGpqgG1<wfmmZ*O2x%R&L@l%k%eG$I`iTU;j5z*qP8<r@;x#CeZX~*(Ne4}E$6m{
z$!U7)bV_Z}l$QOum`Ybx(SLfpO1+Z@slEbVQ{NW@`x-F`$+Ec))|__A=tM25T2ff8
z=iUOU_&WWyWsXDMa4j%uxvpRxWm2Ko8#nCGi`}d-tsH`|60(|6&yGE1x;o-QoO=ri
z@d=U^%s6N_e7M?uTJ8;fALt_>Z3hcJl_N)P;f);xq}2Th90>ANQ4>gQh8-<+2jW7U
z`vL<q2GNpji|FT7zd6r7%HGH+ZBL;g&4<WKDV&?5Ti^$Ne_ubHGK;s<@m){Uq3=Cp
zv}seXlvW4Ju@KAmEiC@waHjQQL!{O+avDr#w_d44q;c|8LazEq!&vCf#BM+;JjAKb
zQ3>E}<DA*EY1F7uH0Q6mv~2lu+O&BK6%-c98dR)5UAS-|_3qn;)~;PgzfYS%Uwruu
zefrrbnmu<e<rd^pQfe~&-;<9~yUwYU-Xefn$5m2`z+7sXT1_om2h*XwI?`FEo=k1q
zWl&U97&i>08Vx7k^`Wj?onom6yI)GX57*VxM?j?nL<hh-dLwYdTZ_QJTA5lWYo)kw
zYSB<~*|cllmZnepm9}ipq=4Xfswu(Fye#ER?JJ4mnDF!t-bk$jvgq>DkKqO<o;!Y3
z+-b!|CEN*OG9V)k5U?O=tdI)+Q3iqEGKHnqQC|3$?fmL8pi`e4VBFPF<zB*+a8*N$
zMiiU+;G1pk23bsXABcJ&A$!4i#qQ7$=Jb++(sjR5bdwnFbyibt1&9tSN;&Z}5{Ngq
z-09@|v?4H(wikubPrq%XvoE`vCQtr~#{cj>U2xi9%4iZ!v0)K%9o6P7s$s<lm<-Qy
zJowwNEsuiJ`cZs%6ki{{HbEgerAV9>9Nd6{ubnU0T`m*<V0v8`lNuG2@u*@khq~aB
z*jXHV1^V8rHyw5H>e^?hYkF5&P`r=|YAU27V+7w#?HJjSR%WlH>s#NheH>Uoy>B3O
zvlcuDp?pWdjOQ1Ek-zn8R|~;kvt|vIF<FR?iI$Cpu%5I}pFT2;79CFzK$H>4+j6eY
zF~W*zwET2YTAOn202a!q2}Vvq5J7^?i-R52$DVsi!An;g#SZ_RH!s1TPky7Zn{bmR
zGTIM9Q?zCQC8oAwJ$4UJ*BH}xG37WUNPYGK<$!g1K}_n?l2Rx#C6Sh_+CZs2j-b%w
zw(>&Ggby)hFYMrcuaifeb_0w;VJ`-ZoT^N7y&V=R-!5*Nl1{B!Wl(HFqD(1OQ2AD2
zu<$?PFljPc?lgLeN!gi^({}CJ$w)DX`>tRI+1)8Htv9h{G8JVPbDhO)QrEWJMiH(4
zeI>P_o^)g9N4ZXGBI`>rUGwikXhbBf0L4H$zge|Hri{l%#!_i6UTPJ{4&NwST!ZYI
zY$`7<myN>;N(yL2-f~)0v5?9`^5y=+TGL>R*vmUybrFKgqA5Nzl@4v$pJHNSxPP>a
znrF0g^13Hw>ju)lcJ)e0e|Sa)<t$$8xkqsSXaR5!@*_*(I$x+S0P|ADtshby!eqCa
zB2PY5+STPNmQ#90+r6HCgXHLBs;I7@`5WibwxTR*mCzD5x706a7lX0s7$4F1#0z(b
zeDfP-kW$uz|4FNVruF%2>8Oq)sC~+wPv<S=_I+DkDaAyF(Dv=ys6)HflvmByoZDd|
zsqv9iT2f5usfkn?97#Rfr%PWrrK$fNjo<(9bNc+t?`hJMUup5u<#cGj-jv1U|ILvf
zQs++X<(sp66RTFQqo<#JRpNup{PQpB-mTMKj|V_Lo_*nUYTGtL_MO>Xj2<(Q)-Z2C
zIBxjn#grfL?DKDM9T!Z^nyC?McUl%MTuQIK`MzI&21bAUgei{RHts`r<FeWl{PD-1
z^y}|4_Bfoz22D;|sA;|Ulni%JQTd<~t11$ChBbVv4Ao>x)l{c8aauBO__3BsfdxRE
zFTVH!z52?l+<{pp8z6z0&iZpU{qpN?G-c|~w1_Ln1q&BR<u`8JcpCfTc>3t$Pigv$
znM_`b>6Ft?rCV;lm9D=28Y-<Wr>O8~YL?KPQc}~YY3r8Ms(EW_ozjMqxIwK6EThV*
zGAb%6;0g#IvqtA!C9<9zFhJs5s8`XgRexyv1D<QB!O202R8CadWLhbA6+zOmG%A=I
z8*CtjQIJ}0BykL9!dg~RNWELd(z=a#w7D{ts)|dfvba=;X;pO~r9}kLh@km&+hyml
zA8haoVv2PrffU5o8Dq0pO(kjIFmcV*2~wes?&ONuC;iHgnDo))QRT;R-XWB(Z{X^_
z=RD&%U_r+^FE39z+g03986ChUS@l9`Yd^*l!si2m!UkL@e-PBdRZ}UUX(H8fxlwr~
z+p`v4A_VX`3#LO?u_B1+j77P0_C*iTH<Lf1@uT0T;R8BQMq&gvoES0X#+S>w1`RF?
z`uY4+^AGND9EsL#$)$)^hf#Dew$BHFz<MmC$|TYsRJsjRu6zLvbsc2w9upK(p5jCO
zE3;rn@$Flf6f_hdr=6R2r+Fpwyof2j3yN=;wvFvdYjal84H*X}IrW9QW~!4Z9b~R2
zQD<Ys4sPhY;yjZZT1*+QtgMpHt`rm$3em*#gAK8or#GjzZQ4>=vosNWs~S4nxKp-#
z<zm{pnLCYbJ5f?fDn*8?skXRp1^zBleYcF(m3v$n)HBU>4MwKS^KG7C1Cvio@5Roe
z*o73+d<!?v=eDDbOz91*QR}DiUDSY(2(HFdXBuTvm|e=9$q4ygZtnWkl+tqu<;S(9
zioi%&Hz>N;0FI6F1ev1?PMTft)d56L{#8Cel;_M=(|Q5(U1of*Tg>bpgm;0^We12m
z{|LwA-=xbqM?@MPI~O_Se#7pN(>=krtKX*h=1qjmwCmi4^0V`3^|V!VVzW!>)Ql@B
zG&oGshkNYrfGIJoe+}m}u3fX1T4l7NxUe{?&ISppqT+yJxd!Ed<+Pz}11&9HN~=m1
z(faDuR1r`@fuZVN4PkPMqml5UcuLvWQiv%wqFTIYF{P)cQ*_MU+mOngemo0Ef19>#
zD6Ca0+P-+XJey{%v`JT372jiACxE0HJNE`j!ByC#EQrGR9xCUXG4#Y!si{eS+TKmS
zKeUK%$s{n2=5Lxy%d=K-UnYVQ!sDdwlC`MSo}*d+YupxXT}o5e{z65S1vI?lanw1r
zvkrC75W>%AEVeObV5)9<S~FUjT}}n%HI6io389jbQh8Cax{&02(<UaTKGS-I{Ji)E
zb!^v`uD<dj8aDI@YSJW;)~s1a@o}*<f58&!-Lsp_G~AoW&CRE+oc90Td9%csmtR1O
z7A>RhUH48Ixq*$c1`irQv3o#Ff#oY!QxJDf+qG@2Z4`X-vOP14X3v=~c}Yo0rXR*k
z5Hrf~i?2pg$M$WhcdzcWapPvG|8BYID)Hw_OaWZOrAt@Rjn`dH#~*jJ=*{_S0sY3r
z^3X%->NgaK8)d#P%6o6%*%#iRmMxm^@-++i@yBts{RbS*1n);WdiXIE6cVZ*OeQ6m
z?xWv+DX4}?emy@81gbmedm1`pl*W=P0j|NM5}Pt*GIw~^aK|NIq^PKf3R&=QVohvG
zNwIt|JvTRpAH3Bno!s~i959du4jf1~-h2~f=4Ml3QX&-;7jiVHNV%)ddBT)ke1HId
zsB{8DYN?{4iYmBs8Nwa(U>1OzYJJ=hl&hx{>M0MeK-9^O!rhfpZ4e|tbT_n_BRBB}
zVl<A=KuXmSrG;PUKp8I3Q|Ay&3$3aur>vNCx@Y7>TAD+&ttOrVBI7AFsEFE?FQrG$
z>rd_4w4tKHVku{^F1b#KN5~eZ2S)=$=sFefxun`<52H#u?iF<uEzwbVH16($1Fh#k
z0^xK1cU0Mc5n{P7Sy1WVB}rOZnwq|+?^AJihgC0JiEyc_G$RQp8>~Nr)Y8JqPg73O
zG77BX&Iyx!l$BZst&V}!QQS$6qD9Lq>Fo3WNBI@C^!&RIQ$Xe->XQ~sVKLlMh~a?I
zF$=~TAr%)s`Gar#vXP<k790^z?FU{>-P#S5k(MwPxO;L2&ti~lm^AxBa%i&2N>DRv
zPV@5fW%OJcd#?b@HLMTyM7B4<oh-o))8UP7Q`70}?q}1tIiCqB#fCQ^rBzi`Vm>SV
zESj?MM_M>!llF1o08c;QzOT)5VD5YAu<7fF^JkuTl)7~3LQ9q`k)3W41g6L0^D7YO
zf}DcXg@=d9^x3kqa=tZ#rEXundKJrRI`q)~)TiG-83{sJn$BT;aHrA0q~9D29D5hw
z-{ivpdT8??h#Mm(Tc>?OVWlNZGWprBE*H1Z8Ya(7oM9K8TS$?82T@>2IR#Y~(&E*d
zsn6gOsHRC%Dx_#3NHsyKUBM2*CfQE<O%hBJea{VG?_|&8C`&6it&8T(rm0h>O1WY~
zDRaG$N9+TDBc>wb2!Wdc!o%|qJG8T?vt<+sFSVQm)dkj@w(ihbM%H$9hgH?e>>e(g
zIDk4G*^Lqs6KMV7HB_>$oUZEd0A<8>;`FOs)xG;Je=o8!GbwBPR_feYZGN<9<pSDR
zw1IL0wozel9@o=cuXA-BfbAIgDCQt#mLp3<aV$mUB~l7Cr=IQl$ah+oELkcqbCQzx
z-gI7n$kyra#Obf)HgMsD2~@InEfY~}f`n<jOhma63x-*r2lM5H8`=R}3E1O`7d2}}
zDMN=+AlC;=b^4p^<MjLD%lV@yuQZ<`17fIoTskF0#8Gr;Bt?dVQ&mkBl~j~bc3BQ>
zE6k*A1zV}IrjlADwxE-HoT@|EJJ^y_Lfdjns8`!0TC`vRlbSv><}dGE-cRV=jB@kx
z<R#yf#d&m6zjT^8YYuho?)`b3F=HpneSge|q1wg+5Z8}C`HC*R<XnnlqPjPM(Z+G(
zC(#W|y8N9tM$}hUJIl)lAAZhtT{5+6*T&0!`t(0(?Ya$g?m4H)xj)o*4G?D6t{tgw
zAN5(OT}4CU{yXs;lhd=$I)&2HQngLP;6qMFaDNtSA~4#5wVoh-AT6%O3AKxy*3)EZ
zOTW!d9ZO|_kff6!|F!Z)0}UiLZK&eTAJ%N(voTw?Y-QOZq!iz#%g@iFe12#<bnL`8
z*)d%4ccF;zNGj!urL4S6ri(;GM^def8sQC?K1v!nZtj={hXiswSbv~KO+6z=z|NXa
zUsvO=Az;6I;$7hOu;Y|U`Qm8uq#Fto25gl{+2RZ)R@2u;3CvN!l@u9NMcI`hG-u@|
zdTmBNjolVcE#iXd_@F=OU&nN$kR}<j0R_mubTYBg2&Rp)AU4GbI7}Q7v5HnfB}75Y
zNVPFDSl6W9biM#{6u5M};nML7&Ns>i;mW<@BB$x;4mov`*M`9-E$q$s4B(yzns0oY
zx0=hTsx*hHOR?s<hKh^u(uOrzI7&H&a`}g`{QTQYTDx%@1xCcuy6w3%c+er#vPBYM
zI|;t)DJV38g1E6YNtEx7vfz3k-O};rPH0p@GDXIxP-qC=(jyXG-WuL#^+V+lcMj`w
z_)<>%EMwF;K0ZOFM#)PkQ8VSC;xlLa8!Bi1@09w`?dNnlz4PhxP4=fkMnO<PPBC&y
z%+1bdeFpu!c|0vV@&F{KxUc2<xvsl&PzH0)o9E=W-+rU%zfGl<EnA9U)D+WVd-dui
z*M8NiRYG!_Hcb%{gU-2-9u8;q>NT3ImeG)5$4ZC6{Y)WzWl)Em!MT!deGbm+9`-Wg
z-c!mZE+<X~%z-udR0~Fc0;xP8LI|EAd3c7(et4S#m{f;V=F--ce^F|$<ESd3gR=n=
z?hoV{Be6ljdflTd4gO%#Tj$R7IR(tfJp`LGp)8B|#;o_QW^1G$Ku$!D|7Fw&(<^oX
zsMGN>0VBz~KCQQ&^fdsN{WO639XEj1&ss}Os?+I`cK@T;uy`S+=)^Zh<Z>To)5i6(
zWC<f$o40MGb(_~ycFA@s49cg{&?2e`EurdAZey5~hEOPl)r3=6c@%{gM^j=*GG(N-
zrWQ>zxKD%^^J@s3StcZ^PZ;fMApM&+ZIDkrC2{(<@^ig$)-0;xK3NDq8)!Nla_SO&
z$5R<U`%%67P?I*TCH-re+@__s*l+3g1)kquR!^nO!fYxoFQ!uNGgdJPMOz#ej2RGo
zKL=DZDQ!uE+YQma_8k^2ROIxBS>Eji$f&`WzpSP+2e(n=w3|0M-4O{8V)Q8!ql*<W
z0-+iG<3w@8G}Rlf)#U4=&uRIJRbqDABkYbH+S0V?v*@%_j`t!`Lf|GaQPa9(I9wrq
z!xizXFE03d_x(@A4EvbqXzJRfBeiPT+$*i_w4;tQ=B(^oi5LF1Y~4oJUUiAsnJ_W!
z7j`C$H{Sk$N=wSb9-q!by=Bs9;F}lUbCVXlXg#EFPp2FjOio?-GVt|_vd(6H1DLWl
zWx9Cra&dF#&DX!bYY3g$bLV^I1Lbk)Md#6^$-hvmRxRkaY15^A5GO{D|6o7Bb=O?x
z+*3%0vG3NUlf-HA)xBF6nmqMaaWm<5=LPyl4;$=U2f!V+FTBX<u%nrrIwPk{PSKgg
zkd7Zn<0=29iP^=5W(VqMEV)i|-rPbL>e6Z8e={N@ootpWPH#+1tTakRm|n^q0c;8p
z5`y(6nrw1K<fK`r8^>VIpX?gT0^(%Ilh)v)0^%2VtTf<K$5O%Z<R8k}TdAIq{J@`P
zJrPRY#h|>2nkr*hh?{l-V6BVV0o<@z5{`KL4+)Hjp~CVSnzUd8O`5-fiZ?B#r!O5u
z8BG&uTXhUyCsm%(iDQq>uDk-aKw$V$38@SA2NzMpQS0OWfFJP%zdC<jom%;kUl%;?
z{=x42FC9_|mcwPKcjOd4TyZu8NVTsQlOJ>r;Z{>sDw|AIRMb*MrBcS4R5^02*sV8!
zDydm|OZxnauV~iX1vF^LQPi#tIt_8M%Wq9Z8J9PAJk7K=zIN*Qk&H>YA=m&ZBs_{G
zl5p!|-IhVUIddGe0b$}GzX)Dk54>aoIo-N#8#PN!)z33F#ZY<zuao@`la*abMfabZ
z(<vQJp;4Km6d~Yx)(}(V@thXt(A4a4wBX2%+Q)$dxj#**@WC;=Aomdi?E{`^d_o25
zEirNiff;K?o5V#4QN<clJU1Yr`1}_}O<~4!1zoI9O>LebqpgJnh0eW+d&k7JL$HcG
zLw?{+Kf-jwomZIMaXDr_sPBkkc|(wF3S*`!!VToEXy*GA)ucJiTeOUN96FeSliO2O
zNDKvWM;G-Z+M_aV#^mLk`vKckxRdWms-zwHKs>nrP}VT}=E;G!0zs{+#n7A%gUiPu
z&kY2w5vG2^AI!S~({tDzT>jHQiVBUPBb%O1$G5mpUILgA)5Z)uE8DhgqN>UY?htYZ
znMr+7aUpHZ+Cq5+x!h?hrz+emTslGFffODUM)7g+)GRTLVxr>s`6!@u>(+6<CX|{s
zOPBTB`x7Sp)tvs8I{hX2`IN&%vuNW+s$$X^P+Uy1EQm=%P+}rQ@bewdy5Vsu{p&gX
z=x6>N>2GY<l3Pmaw&v4eol}{dE);SK0_q0HC|>dfRCAqJ6F|{TVrkawxlB&GX$_E#
z98G-A@ghD3ZucciR`5Nvp3c!^28098@QC5w1pLE~zMw8$Ita;lo=HZt)D*{$8>@w6
zeyY!iju>>96V~+Uv;D@^r*{u}lSvB5A;LFdoO;S}Oio*P<;9(LEEzH8Y$2k`j|pSk
zgvoUMwU<d;?zoZuE=+upE`*1;59!mZPM&?kKp9}9)UAg+6crSCl?CF0y+JpQ%eSoR
zyGFk0JWIb|aO?jzZHDMwd(EZd=1zm#Khhh@yvM}t)^msL>j&iinyW5$%G6v#w||)3
z_ldbbaJ^8TZ8KVl9>Si(MA(#}J6_)~c7&h{FTBw6ozpgLr2&@C0h2z}u%X$Kg9B+J
z`NzAd*WgaDFMR!bLE9rP2pTx_A<TCj*-}WS*+CJVK@c3ZmIlPMN*X2Z^KwTXod(rN
zVk#BhfYoBIq@;;EI)vR}x$zZ(q^7YVG6|3E;TH)~@p|V^%x()teOUs0RFRE(u%l4w
zgKy|=)D6#Qqg)MCdiaM8%ASAp(Fp<0{0AGZ7G*;utX(Rvs-@xzjJ|Q>85%;JlR~Lm
zWF8%Rcy9_x%Ait;pb*wY`KxenZP|>tI7~!?I8C(50H~Oq_{F5ooV4SJ@L-RBglX(?
z!1dH__+e*P_zLb*aR*$5BX&Am>9BFf2h+;sQ#joDGxw^>giqjpVIpzE+fH`i#pq}d
zrgsHXP#BkCR0KuDaECtzpTgiHBr1|ZBEl#zG@J=hHMQ^5iTd^HONm_B#c@X=GCZ2X
zBBIz&JcUKYP-tWng|URoF;d*ZqLf5LMN@b*6Vot!VgYH89Bc6$8Vr<+HlkcG1s`RH
znGYZyC`&xEfRtY&0PaVm#Fg@$;<a_p%4Y{Uhj*s-;oYfyWM}FY){Qzxcc$)qj&BmK
zD_up`XWXWJ96;b}?hrcn^>-By>Q@o2gAF0U5%n~#HvsZkR8l5uHlt$VD7i_3OzlmG
zPo(tb>D<<|k@a#Qrub$k{FgIn1<ZY7+Jl`!uAxq#E1i-LcYYY&^@D=%wRi4KsKJcy
z;MS`2$a*>^<VY8YP+)K<WoFK#!nLcZZQrA*JgzNOhb2%jX1Fr(!!%&Tk2QKKS{1gx
z^!kN!DO6tk0qZW&J|aC3kbay;MyQtsAOMa;dd#Q`yzE(U4dK6`Vy^k_J<q%2N8!8G
zZ`1AFU!+5lhiY=%_=zci@`_JLlrr1AWecrYy;^qJO-@XqmgyPPrd1nRm))jyTgqtO
zno^sjQ3T&idAa#AZN8+mjFMBDQfgYdgtfonq@T-r%jV58dW+2|6VlQswM!Rj)~64p
z_CJ(T4n35b^z2Eo{G10eNzGvbyJYE7Cbwmj)HIb+nV9|^>2GX^i3p+Q$!aYgKAo7J
z-i*4mO7N1(Qm#uk=TK=@AypNXQ})Jf6vlnos3!4T7peL&lAm3Sj<s*!*6-Rrtan_n
za0&J5*^QR1SSf2Ar%c5jF2B*njaw*|`vKj$bry2=?DMaSeRfVRB_}7zhCkD1%%<ax
zJKAs9Sf`1Neg5<Bo4C%2phZiTQ9r$ga^8YPe&b3?YC`y??Ql&}5)$HN9c^-Q6N-<E
zbJB`sAnvrIT`*?cONjTBla7@zmMvSwam{z)TCsAq+^4OXG_7GGcGejuiyq3Vps-N-
z{Jt9^AuqrFHr)vWg#46~kJGM-yw098kMi>i_`VOJv}S755BUn?^P6tGijEpONXpU|
z?tCC$2JnlvR7OE(&6ewkxM$3qEq;3R=qe+b$Vcy9>V-ri_ox2gYl01~Kw|Ux`9hpC
z*zVL*j(5U$>lK%j2>C>wr%e5wI(BL&>7PG;G4(&R54CRHN(K*BtzJtf9zR^d$jQ!g
zg*}J<n(Mii=KjFw?9yc`>C7`u5<eJKo;z=m#EEm<J6*eWl6wc?{WSR(&TEWQcJ(39
z-C+dK{-Gh1qth@dvvN}>%88F+;HFjxpYG7Z%7N+R%M3zC#7^5QQDLc#92{3I@Pkf4
z5H~;}(&?3{kbE8}i!(rIl|R{iO^)ikj_B|q2wSEaA_6q7{Le08@8t)&>R%ul{Nt4$
zh;f6G9JOCL@~?650^Bg|RjnIx^c>;x({_?}5q%DKs2Fz<6{p({;m8s2I^x>Hz@05F
zL)F3H_)MPx{%~N=Ql_kn5d_$xa|U~mHSFk@(XIm}CML<$9+~p0!;vE!aEBocUTK%`
zm97-N{F=z&=E;i(2oLv(Dl1by>b`OLSCOmua4KTrQc&UZk$*foun=cBNU~sud_!;d
zphETp47lx7I>f9Jq~emYVl$2`QvRZdmosX!4|H;3qGM!pglHz4nCXD)sLIVdJSA$j
z0SBg!+8+0TxEn8QMv{C0I}t}uoeSW{Ibp~-ER>}(E7TYMeg`MQNn!(KeCuCm%<3^T
zcFkCtw0;at-87CSXO5N8(kVqh($6{LS?6aC7x!qx#a~?eTjUxUv;Gt41D-Frb}VWn
zTs;@2KB%fvYejKx1i&XFuz?cpO&l@Oj8Qv`M8eKj+=Ry*8v>*ckaX)j$iGgrW9I_S
z-FBiU1|=$uoIn0UK9E1;Gq0#jK7kPw-kl;^52UJyWU2`a6+((pbm&yns(fR#6_EBu
zr$yq_aTu8N8+*}m>8tk56$T5g0bbggYhfVzoYn>jW=r7>uSw5-5F~YX<*lK=QAP~b
zmvTMG<W9X*_pjR+B{n{h+P3dR?K^hGrtGwO%{rPna~4gSG?{)JJ5~f{*uf1t(1joP
z^%v&;l-RfgYJ>E5=;EY*mP!AQKZ?K%J170D3qSDdFU*5cO3JHg%{I&y@jMr6)-ma4
zsVpg{b@Nuzwk7K+gzJ#Fm{^Joi=g<(Sc(mfq^!kjyuwOsl1K{|E%mZ<go75qz%ppi
zVf4@gcR6zQ*{8`A)-S*Qf$sR%^<sBe|GrAy@vOu06_<T~_7fc)Ed&nd^~JS)dzP0!
z5kvqxeT2bnFX!55%x?bxrUkp>!nD!+f<h`Q!|vEFT^w<6*@>`SYHCxjw7T8D|6!aE
zxs#X>PiL}b>;W9yx^+aUiNS3@ea4^EqzOM0?1XR8oANgzBo4aps{Oz$&<5isfV&ZG
z1;e5J`qG9Cn<$gXEN0jA>D|*y$5-Ekhl6p$D78Cn!;c<P$B*y10nE5R;BV35<#g};
zkJF~jTa_O_BIHy$sjyH%7=s2*w73oc0szo?kWL669XE7hAY!NNMGznUa5MohU^I5h
zUFmz=ICzc&({%B<8;(%ODW)!(c*QU0MFeID?A?E+Vdp>mqoIcZZ^N-ckNb}mMOTdY
zQJVTF&gk2#qdu3sYC9;&L5?t~b6<dTV7FpJ5X7G-x;rXJ3*s|r5`{W2PF`ZtEM^#7
zN5siM=gW+4s(4*xia#9DiNU?XFl#Q+Au8nupMt{Vr2#fUz?4`Mh7tw`hNvX{Y>>2Q
zQSMq-$1m1!mp`qibrG*2qvD5;k}h+u{j2byXLLP~bGWNhWe^YA&gH@69Y+JC$`kg^
zL<I-&oJb%Zk??TPN68->^wGSOKsIrm6fwodC&AnauA$PB5;c_%*HHzh!*csq&xRAW
z+g$`!_;LG}gUd~eM@i1bO5h34xGSSlz(E_upfvtIF+fTh`q!*QYnnfJ!w#ici#8mp
zx)&QN?l}IoKU@<nd@2HaK!_8P3Ol}s@XX=+k^tU91GonPkV_+g=&?VLHyjO-GGx>(
zXiMDW6mXjjB)tes!}vE4SGmWKV6jkU<tX{_(l_}wX8ngeR|kg36kfC!<y8SxQLU!4
zq9c~rnmc5z52b*}L`gfyDZXur^`9m@_{B6@O!IZp<OgnhV-{_lHeZ2?o1EgBz#jR+
zQHUpm(=B4oU1C0+A=hNT{z>w8OQbIl8Y=w(f9?m0ghxhF(`ISZwnHcC(fbhUKkx_|
zG~{Rzm|+Ju=s?$B7=Nd@)8E~s|Hxq?FvG4fr~mJk@X#P?l@jBe&zLobwr|@?mD}@Z
z)8e%hhx#QsNxsu-bPCH#D6gcD$>b`>4l;1yq4e8t(`oi!OboRhMy<>_fMa4}BF&w*
zP)7fZ9t4CjDk_R%;$r0-JK6$no%#eYW~Ae%$-heY^~KeuU29ssb{%cn!sLX{SFKq`
zD^{rdU_CbKr4_50eDnFrm20T195Ybr#swI2Qc4n&o@Gv$Mld1>GG@vlGdo8{bOE=X
z5x}24$}%-Ig?cloLzr0iIpL?NjyvGi_a}h+{P`E(aKbeCp3e7xTL%K59L)L5nX{=W
z=hs{-07rZk;m7fl{OTcm%yPhb<>oEY9UZ`!cXZw)F<udJeeM=uN9VqB;RR>O%MW>(
z;>R5lbioA|JdoDB1+84QTBcgz4WuDJXt(`!3IJ&sab%G<<lLE19bmQ*FZe;@uXF(T
z(cZL<hB0e5b>Lt1?}R7*<;eE@gQ&z^h>bEU9dqUlW8-nDm1)5;Jq_uX0Pv3={PG_x
zb^OQ-{$%Z?Qc>;#xZ|JQ<Q$IrDE@FzVQ2*h(n-KuYv_R>A{2O#qZlL}BMJ!9=qWf(
z0*`~Yy@C#&J0uwO;7(+4Fei%@{pd<Lb0Frvz~~&NP+?7>WQXmr?za|cXFCa)9fTCa
zoqv!9gpZ>K$btGrILNCiBc+62=tIZz8zAWbIh9=iIX-N*1aj{XZ0PFvBoOUSj&Ra;
zI4D~{Tk;V)@}vGG9!zb(rXR?wxVwDr8tVG<*r+t9UsYyuZ^M9pEr2-jiLyfptI;O;
z><{e3gDA;S&H*{VLZ54Ub!zMYbxj%$rR?^CYl*VU%U2sBDMG_>XeCcMy5s#jVD1hJ
zfpdLu52#rc^74`4ex}^_lw)Q{d!Y5*Fn-M^U3?4OkSC`e@B!{~zZZ(F)k{VN#4ThQ
z(dql#oj$qRIvnHfz?_PTQPN`Ic4J6-)f+kD+DMMRfKH7pCBgi8?MDUV1=!VBu7L8T
zJ-Pg%+}v>Tt;-DY!EEf!xdUx<!rl*X#cpA7&?7k|#gVG)LgxitP%!sv_+i1zqx`}G
z$}h;Lwd>YURD2wzX0*`0i4yp{d-pE%#aG|a#EDaB>eSyTG&F>c9(JTm4_$~Ur9HaJ
zw9W!1i(h>Cz34#VVq>V^A-!nYA2aF4AAb_NRxO&#6xg<HGGvM=MkTTNkS}s`vFY7f
z>esiIoFg4;R<D!qh+;Qfe{ms9yxjY2)YoFSZCfTaOKqyAiSiM((C9G}#0@Xr&~HH6
z(a$saC@C$i6ECI}n=m2RP!(~dFhLvj`L|-Xc*!zq-?lY{F;Rn?8@_ol!07*%Uwu!f
zpLU{C2GP+`^urJ1WTPnLaoQiVoOu77J(s$3d0}~l0j|M}nSatRzy9IqVXf@RdRj8j
zj!FBNu@ju@w{+<WNz2NWt5KOt8eot9Ha1oQHf`K2<iBf|PSk_1Kc>x^Yv|SkFqInX
zl}|bG7$<G>=Pz=~-F=_H-5qxOc5P_cvK92z*FQMvN8WLty8ZZuk(--K-+lL^d}?m}
z`i=C_$6q*UJLjzWcfSr8GiGdUzy1Sg{Dg@#?C9aLhDMPkYyeSDCqr5l-E8uS+LaX}
zIM|2?Z_?2k>W0oVf-Ev>$$z-<@X!JJpaDJk*Dxjy35qQEGq!Ssz6l?Hd^ABiL5n}v
zkzvB9s4C+JIE+F<JiE%`Po-Cf2Y*`7{V?_-ic@NLbwucJlUQ&RH&+-Ex%>#KDyyiH
z%MPPq5Yb0U^%3QU&X<Z)ciyCfr;f^Ag=LQHSsxA9!NiN8#f~`MYFYb%^+WPW0{!+}
z=_`{VrHT}iRCo}zahBTY7!@Zf8`*$L`;#DWaQVkk^2U(dNj5!sfmw}ivw+MXzoG{}
zVv-jM7>P0Qq5QA`maIF%O9uQ&Tq<t%qRLDk)qMyzRhBB1>;_$inHnqhY=>uH{rdH?
z6R9CrNQdOfr&Cx55{`KBfy+k6t89>Z4qMFnh-AnSZd#9jBxoG*$0y33f1xJ=BYcQ&
zFaIik`ouV^gFrd+kIQ{WQ0nrl;^DGIrG<ud9XC=L8Lj!c@qOZ|9{}U!?}E8{e{(V#
z5A+S9?<ToVAb19FucM9-)N@bZ4l^77$UVr<i`;ecua0J|s(F4)9Jn{|Y@6xoJAAfW
z7fikM@JuC!U$jS+TqnqeRc>(n=HAEAO=?Y^0i$EA)N=%bIymkO#EH5KY4A-m!t~0&
zhQ#FwqRzROzH{(CH!y93$-AT#|0sX{GcOm+CugLb*be6~J3zSZH0)!5tXo)E)J67R
z%lTPkVj9l<EUw?AKI6J<-THOh`7fq~rpeUlutT_gRWnom3HX>v3pOq4-Mfdju`u{?
z+)r{3U>fb7VCIb3d=G7)vvxoV8w*tHpc`J#ugk<g-l7^jkC_QxMFkZX7t6zgwhisJ
zkPQh$b+yq3N_)=dXh1=Ta0Jj`g4n8#zv}ekBh_-wzR{V%g+YUg7!@I^luyJ6xN(-X
zkbLAmg2ab-%pae~AJT+}8668nOw<B@=vHzbK+K@afk}9x!#1#2?karf!w$xvAavX~
zuQ(AW)lqQZIKYil!C@;MM1y>y6CW&_S4dh|9q!1#<VUWM$}`T9c5DU}!sP*=+z>A8
z;D+eLe+?5j7V(F?OTlnB5{8;~2Ov)9mzH6dW7UyU@pDH8iDX@LU_knmfJh=KDj%w|
z6Cmk9xSnZ#oN)GEjqAi|U?=e>e#Ia3Ove<Cd?xWS(G*ef%Sb3INZA>GVvq9U`+)Dc
z+FH}eQk`e$s*w!Obwt?-5I<Zv-ReHz6D{h1KLvyXJ=}Y^$8p3t?2Y?Q0UZ{Vew-Uo
z_R12_@p76x&jao^b<bk4y<9U12cq&L&lyDfb&gyfcy7#f#`T1~JV&r&MJXf1ug&c2
zKqU+5lT!_x_!IrBPbGc)hwzZT@(T5BNTd$oN={V->bzbtdEIxS5@E#=9JpM}eeOOA
zk#p(!1FkXjaR1_-GtZ*|m%0<4)G-KG3+_V@Q{2x6(5)k`1Q=bhWjCzvMBLa_6fdp(
z!T5KFDd+A#9go|cPt}3XkzU82>)eQenDr^j#{3CjuLW_{IS2FsaQu0SNAx5_E(cYg
zX)>x`00<m!x~$Od@O5#QvlEYw--;D0f1}{p#B*9wLA7O-RK>D<#R@9nes)q?GwL#+
zpY9L%@q3_(fj>7Z3jXYOL8i}~E#GMM=hoOnS}&N*FW_oV88D#<G=Ff{W<G*IIOLR%
zc%}>q0T~M5j*2?hO(PmlZZt7cr{1nBqJYsigl8I9a}EeOLZ@0f)2z>g4jm8pV{Oqh
zqy<};BO<mDdrx}Vn*D<a;%LGS4fc>z>A*YTc{(3x$SarxAr5KKIZujk)lx7>0EY)_
z<JX8ANP(HwXhskb2jUE7@`33S`1FnFiak13id4d{8PP=isFVzmHRMz}|0o|MkIxmk
z=guJ$Hx-WRsHidnNl~OFG*qplDg!wM(L-FCGz&RpT~q$Se7zu21SkV7=nP4ESXauB
z{ehgqO_5U&L3E;6Lkfz+=Jat)95&lY`Efp3Pdc@H?IFmAxUmmF$_#PxAM{lx7z^D&
z@S&yhjqq{5sl2G2HerUlM9<-<G@(q4i|cwxzS#!xv7Uc&s`O#@D~^U6us44m7(WW0
z&OOqNeBxSpo)=XHCLL-jGiORNrhs$YH}bt;TxUL)>n>qoRLZ=_z;l56!91UAawS|P
zNu^DRvhx+=$CC$!HX<Dr<?8c04xlSXm%ae!ZrKmmPthDOz-8hxk^4;FV>pVL>jlrf
z;1YKs;ueznL(Qge{J3;*Zo+hji+coho2jb+Ck`X-xZKdz(7{VmyllhBsT+=e`Bxrb
zXO3QiKi9cdckW|JH`}Xc$WvB;u`_<W;Pn`I{^XzixX;x=pKEw(L**u5E7ZY&#LMSG
z@^!r`e%$fu^qRc<UC>#yV#SJ&By?*-k?AQE7#=F;HQXNnl3O;X4*mO}VXfoG%0E{O
z{JAwmu#4{l4?RJhJ9nU7y?Xf7X>8)@1!(B@mB9vmBENFV&7lZCEcysR#~F)*@wtej
zhaXK-r%vGx0!A7Y!2+=Y@eu-vb3V#B6Ci|*uoUUwHWZC1I@R1sk;aq%K~zi2%B0f)
zzv%E{S}8{I(7f^~lhOdn&e|^D_(@MzbI+lp!cd)sv(7q;R<2wjA1RlSN4ER#fA6B-
zfBQ|sk!hVQ=&(!LaLx{x@*5QyDGffz4~U!)QsjnpQHUU^a?XuD!r&jt4+4-g1kHcQ
zD}1UQhuH_8C&h=;%{SjnW5<qV|JBl|!e|o+k&I??93UBL<T6k?efU10BDU(I^`gt=
z15$&8fGmQ{AXd%|#|yFtBBJtVNMux0sJxBC_T5-?k4_8xVXinji5S7er$A8dmt1l&
zHER+}sR=Q3^G!F(COj&CxTYqz0ZjBOsko?!2_~lK;q6|HBLAEh+!M${L`1lRkG#U(
zkZD7_kUqI5IF05H<pn>uwh0ONW?DWaHA#@U{~&NuKEWs-T%!^RFE|8K3~^7XbRt~5
zY(UsBt7{_{N5!R#8f=nFg#4M#r&3TR{MG{r2;q6eTV37rl15H@ITN^z8#hu)QXF;Y
z(2+7)wv<l|AP!v9vhp&~#WY!vOVfdua?)v&`&O47z6T~mpUt>0@jR)p)I9?Gm8(|L
zi6<V<&u)|}e;V58wyF;Z*Fdr<o|L%FfD;}cwT(;uCP-TR|6#qvp?!PMFTeicvaS0E
z_j~{MZ<med4^y#DJ?U7NP2>HOnGbx!pkBG}{`+X$xN(%3m8q^H+v7RHeT#btN4dFB
zgzS#z3ii?57U2F$O^R1K3_QEg!F^`#HPkC_zWF9i{Ar@pw|D>VZrSCtu&_}4se8u<
zY$f+NUSM$?h;QP=iS*=?Ptq%|yh0B=@BqE{(PtD99wD1?APfly$w&QxQAK`sup|IL
zJ`J&xdKvC`;e(99oA&EY3(QEvyYIeBbLY;b?c2AjaP%{YG@(9*4(y<hwBjgXqu$r$
zhOpH^{mDP;Ip-Q48*PUmI2=<aqRx)vIy@&QhuXJqFW;EOXL_D~`e{ka^y$;->Z`Bj
zIx?8XjUOlN4bq1;Rno=&<r?kBKb84ilar1+ire=Xkx`$1=vU|O5ZtrRKKBa!F@2U_
z_XAb7Z_lL1pM0Jk<c=-mt+(HI-2V7uCVl<&_g?zDA}_q~nuPDqts#Ow5YpzhL%;Kt
zS4YyO&0D<eeZ`+&BMl9sJ{dh`ysWA7=hjdO;O8+sC63}dx1zWX%_%G~mYQZTG40or
zpHo)x<L5w^3(h~2diUz?*X>}JV~-ssYlr>0HAD{W--qtM@6J66V}FZkO&!2e9l5=7
z)bQgpCulgequ8-ok<%E;&(9Omm(eOilTQ#J?u;;5K&M!pbLWCPB3NUI&Wwb@VSwBq
zSd0Xz#+J#OH1+|~*n?0CIpr|mj>XK1z`~Cjp^1))q7fs8)9*9pP()<75HxhA6l%G$
z*(_n;J3O+>A4gbGR<87n8bhT=Phn$(vU^k%lT#)Uh`+3~R7R!Hlp}xeD};fMAPA;>
zM0B`PR_+mkKt)cWx-Gky%P&^SQFZ((se;K!Wo5aT;TyyY1Qi1ERa(mAi_1}wQ+(sK
zLJ>W7LwZ6&F+zsO5vL+SNCVPi@`qzqR<0}-zvb3jxMMh$<7WcIafOA4N%^Df(XndT
zvISjo@x`<yGlw>3X46S0ok&}@Y}Vzb;y~~y161zC#UQ7Zd_O31ijR(a$f+7BM*5&D
zYe-pCnz-Z1X+@ms9O*?Ip6gt}#2p(HB_<}&?RVTkKTVp**AU;i!|tG18;6$}rF`VL
zV2Arj@(tpq;(@3RqY4`bWpw{4pxmUh3|q;sSc;$wy+k|tgSa9>5&q}<!A$GMcOi!z
zeKh?s^Dic)n`!0h)!g_`lQ3~zasLZB#eIN#O`Z)ks&C3ojmoP$;=0KiPZp#Z>u~{P
zuZ7KcX0o%g<i19Fyb|v=?*zW8$fANO7g5l5jvK6ZD6VqdXTtGFLR5NuWx;|4G<^7Q
zdiKfx^Xu*<fIoW(;LpC13GNFJGkiM}Ypn571Uu6Dl1$u_xbFZdNB+Y(?kSMYNs}hg
z9e3U1+*8J%=ee$>7A;yxeVoPjAMWF{^fZ}{+oVYor>^t|_1q|83W<u2qAp##&{bDm
zMUOssFGYj|(2N-~WHyico<_c;?v-aq)xRLAc$SQtR`i(R9r@E~G4?n=_0&_TXV0FL
zmX;=@&$uCNm@R-K?4XNu;)rt*{U<=sTI62b5wx@T)?p$2XivWT?mOzyqX&%{Gln*9
z%c7MlS5o)x-D!K~c4_nQT|TrQ#~pVZJ^SplsvPwU71JJ>bnHm7GPCHYBL@0)+n4g+
zf8RzIUUV64+Fl@1&UK=3JBd4Qn>TLs(r<{o|IS-9>XVQBy6uYK`-f?%sj@q!KlcM!
zumQ~Nx7|SZ-+L#8hlbIVDNMYKJK)mYB?0`|H&hJ#+56i0ih(~j2;k4Yp#u1`-wg@o
zzEX6{rqsGe7r*XSto##&d$?#IbtCD(_uLyGe9|Ct0}oPw&Tvstk!s}GD>~00bRbx8
zOG-+hN+uK-Sq+Z}<4!{%n<Ir_V(V(Wbp%-{XF^d@%0!Jj8$pPJ!@_jX(vo8CAVmt1
ziDZ&k!o&xtsz#^1l=AcPxN~17Z_3fxK_iO~^se8qK|1U>M_MsjX9x;NAM%0D7&_+Y
zFku8Pg42iiuzOWeQ6YDfVufg-(-adEA)|H8nx#^1PLAXqY0AyXmN=xNAV(Au(k{vL
zK%b*CU^;tvV~tJ>@_}?Aj212Mk?LmB0mO%Su>c<HN0Z_sB;Dw2;DhNHMT4KFDX|i?
ze0Z0`4hswAjz<l}$?me4vRlUC2Fk8mAe_yTW2uy{0Z1O+s^jClAblu1bh6O7M1Jv>
zADyZfUU;59{^(;GI8b#+WQ3fFRO{BQB_H@U6UZ_IaU(DIuzSmNRff1Wv9U3d52PtR
zK9UN!9E<q6qYTA8CWgyAUK&DN-`Ln_F6#mc=kVZ;(Nfsq-a`8Df*>I=R>~ju9?Bt`
zuLB4iKIjZm+`L(mTzBkl7Z)EbqY5BwcnN@uBiBr>g3m9Pq0_0BbN+XqvjNvov`si#
z#7=(w1HP0<U~&&)2fhN9K7D&rn>MX!Bj2~^NS=TG`7&}B9~;N<SIg*g8J96eq?>Tw
zQBF}@E_hBrZgaA;Bn`M`D7XClT=r8&$$SsvIm*q=kr@sc)kZnvnL}D+rh+r_v!m4S
zB2Y$%07iB2#$JqSx3QBnOqwu;uDbRnDVufc)@j>+F7Tob_a^EE)JwR}lai9;{%Xqi
z5wLCBHpdQtA3X1PVH6n|NiEY-#4q$fauEi|T5>`RVL1kLQNLh@1?pXla;mmNJwtf0
zWS%cy81e=^(*^-}K0&~$D45!J?k*dcVFyKAU!)Vy8OSQks5|kD0Hu}uToiJ<Q&B@n
z3DII-RLIX2w@WAkgbDHtNH{uPycERl-LS)pJk+tMm*5_Y?-6o2AZ-XQmFqQxgZSYN
z$jdIyW1T<q%=pW`+YZ5KJ%m}rb-`P2y+z-D_dRv#(uM2JLdnBXM;%42TD6jN;F_Sk
zQT7S(Xp6(S4o#5yvxMsvHPfc?V&Q^$bi`oKh9DPTdZjk~{aCqj6&=#AH(&Q~TDfYC
zw*BX!UE4O&CRtcmSnNyqv_{<G>CT#NL;XS;Xl}?rWY9>X;RAsKaey}*F>-g_dFRrk
zpC(c`cV61HPN(_v=hAi8UP~R?wPOO2B2z1}GBfFi@4u%nJ|9KrvVLps*fej^T*5F@
zXYai8-_$fdirTkIqZ3Xzo|03NIT5w=6NmkuyZ%F$UUrH2MdyCSiWPKt|337e|NMvA
zwr#5#drmJ#r_d=v<1FNqi5Q5a>@>?Ae~`GRo_dlJqQa?T#}0Jozwh7<SQGB3l#01o
zN(w~;2hjIFd@pZo(a|3<d^p{6_ucZg8Uz95;)p58I#3-DkPQGG9i*qMyi|xX@_f@x
zx6%0V<LJZ_PoP*Pr_-iQqqpB4DdDC!PZyFB$sLPdF_rM%d*~YOJZEHNP-<cftzElD
zh#Sc1yYIXs(?i?0Y$ik!9khUeAo^>;QabnSGwDgr?|=aV>FTSlrVro$fNr?qdLf-4
zir8`*X#o+MH+LSjYu{cvYv@3s(`QBs5YL-$y-97Fr%>CLDN=Umh#`G*=P#i%&p3ld
zjrxp<bqrm7^;MLUo6XlgnVP30(!-BDEYog5_D?$bL>e>ZM`{uiMcq5LqnmHONk&Gu
zY}rERo_nrLoy*D1qYX^lF1q+aA;6bkb_I>(xUahM3huNVA)~UZR;?29+>Y<D^p<U<
zlbXoqx88aOef`Zh)Vf6rdiAx}r0kJ?{#9li^|g~epY9wh9rw9<WN^QrEPPSlRrf%L
zCq|BsuRrbqd_cQ^$@oJLJs|fTUhZUOZf7DNN8fz&HFq#uGTBdKNulhlOqxG$f!u%F
znE(_pDZq=Mi!Qo|)~#JDFL#bPb_8|l(1!I>>61@Kajdn}s$~nlw{D`2?fLm*qCa86
z1Y|_wcTY=na<TKwIPj+`<*1Ci2@VzIzb{2c<4^MP@@Vts&D1KR6`gtJne_WFlf2x|
zIQ0as7ve?Mu3E~L9=8YXy~}a?dGdHKx5g}LCWeQch6Gg8){SfF_19mg7hZXjjy&>6
z>f5u6lt((>kHDjkK1vBO;dE%99x}rG%rno>RhM2wUyb^hI=5?01-aX4()claPlr<5
zR_WBTS&9%O%=R#((wR=n*QBfzvjh}*GtZwF*b4UIN8hv1$5I5Och1adQupI!CG^IR
zA5RZI^f0~p>Z@Yjnwdvs%uSzu{$;wG>+hFddP$yz?4oKRsULp$A=iaB$W&pBz+!~=
z{rBIe#~*)OrVao4>#st{G5QEnT3%L8OP4O?I{IyXejlQDxZWMb?b-bK^QCRP=l(||
zoR?pInI3%TL7FmkisakWDGu}l<F8&Z_HH*h)6Xvm=E@Z-sdt~=a_x|J96^wwBjl9Z
zI?T4g)amD6cwW+uI_Hi%?vQJe#BJ>O34E_|`Ocm_n{K)B8hYl*N97*w-le^~6wS)c
zVskrMvUIW78~yzuXP$j7oq5^`@?z6%f70>8XwK|e)US6JdicS69J}<CSP^5Fos&hU
zoG_f8eflx6zvq8<(Et8(JKc86^)&F%o^`@)s1$P9=jP?hXCT_PX+z8TIvBUfQ+}nf
z<0i^<*ashelAe6}MJ~f^aho@P5q<RW=k(Rr--{bWh^@;F{$6<L4ad&t8C}Hv?DMZW
z{vZhNj~Rc88Sxu^glBYiNdRr0Icqiz8Z^MK+n66GI&nSs!fRAiQta35>u-Lj<M)LZ
zU#GX;`M^1EkQn&0=ObS3zw+AKG=1iuPTW&}{@tU)z^7B{xVgfBEMKw8(SgigxY)1T
z<4?Wd*bDeLdh7&x^#7ifZ*MwoR;*arsWk9asZV3cjh&D@CRpge$fzVb7~DvLV8I>4
z57Q}Mdg(=4ylfeb`tmy=jpv?w4%Jqb&<V#MPj9~YhK$}|1n+<U`yajj+N+eAUqn}4
zafLMU$qCVP%{5m`r+US@O|){|MjAf+Xm)#0$Q?$=Mt$@lJ^%dk^wpPN(%ir1as$zp
zrq7;74{|4B$&w|KPQXkD#fYqGtSe<S5+qyJb8@HbQ4V)YR*sDDf%Kt6e+3ht%PzZ&
zR;^i0>o#p?68$-MM3%^i-<&_ENqR6X5~IHu9Y$wJ`cn|~QwQi&sC1$8<sk<$RhT_j
zRFu)b{&g!&o;*o9O&6Vip1h&oo?A$dFroYK!}o<~f&jk#`b%`wQA3%ut)p>2{Y*FB
zaHHh&v(G-2&eNt%8>ytKmfn5uT{`vD(}WD=F|nTg=L{Nr<X~BggihNPS6)f4z4p4S
z-$JJx`9tR>j~iWdB(a{!bRtcM5u?-JeEki*_`(ace9cBGuBfHAM~<YEPdZVEB1W_q
zEnGmc(b2SS!zM~kOQRzP52l4|H*d)@CRlT68F%Um3kyX5i6<VX)l5Efi%V!Gcjo^3
zYmU660C|_uW4>mx$q&kj^AA#d`4yMb8*jW$Q>ILod+++|uah-?=tv<g&pr1X;oDUx
zYjhA-Gg*ZWfH0In2?(m#pd*NpQdsM}nvSG7mo>KhFX!5Br(nHWRz*lga2Mbn3=IpV
zAAa~=-b&*I#HW1yl9H08yz!C(B&o2tkluOk1A5{4=cr}+-soEZ0RQw!L_t)G=5*o-
z$I<jZrZItyrL9cjQ&N(tJrmEtOw{o#6?3O~-h%n`(u*(1DC*NsKgG|)V(v7Q@V&fA
zI@FR5&Wj-fssI=b&6B{tF3LupJHB^ukDIdFVbE}MiO=a?7xm*GKaT!}h73_7HHRNL
zjK28d3o!!^+;bOo?b?;LFwud0`|Y>dh3L}{-=%r;<~eS7VRE3reV;=x5*ZX0CHA*6
zSpo4XEUl84MWaWLk^A+BAAX><8@JKcty}5ZYp<0TAgFIHz2s8Kdur2EI_<R6Xyw|C
zQnw(CH{N(d2$jqr;cFlyivOhjVBncR{3bmHctQ;+g&({mLmHN^ST1eG6Hh!refsp_
z4)h@LKX%Mmd07P#iZ%vm+_p)LfdA`X|Kj@e5xVD|d*u0Av}h66O$(`MdMmpB;m7E{
z`|hIw0|rPPiMsFMhaaZ<@4ug)ufdAAGeN~{lf{b{)3@J!%XQn4bl<)AiTj#0Yoy-9
z=qg5(@lp*hOwT{>e5qqW7BM?Q@+XfS7lLzB`hhsBKR4hXWs1)=_3YJ?f@{_68<Y*o
z2mlEMP~S<p@*kdev^iH?asl0X>#ejcC!f}>TTidN@Qhqr;BzL}-Fh7&_wc2cUP|A7
z`I(HEFIcjYI(P0O_QxD^jOgwUTyptU^w^WnQRj9o=-e|;(Y8cC{5XmF9MX?w&0S3Q
zKJbWRw<)tgWaf-NXfwBiz?LoC4mEEf_K!UFH2vQb&(O0kzDm<(&7)Xu<8}wLX8lEJ
zX{loF+N~q4Sg~5n25=ubWU#FHI;3xJ8aHl|b|G4|daX=nhuf*AoFLygG=LlY-E#9a
zT%RnW@e?M|4cA{Gy4PNNsgOMM3wrhJt_U%su&{`>Zp)<hOq3^2{#B;sLmz^fV}DF%
z(z=TP0e<G0SLnfqo}?Bn(q$QtFUE|WD0?KBxDM-o2)AKhiQ6B4%<^(O{q&Q>-r&QJ
zMp2I*-RP<-F4i`C4|q-&FquTW=bd|o5LE-bRNA_2o4Eb^j+^NB-)GRK%}gR)SiXD}
z*Zbeml~-Qu=>72hIMKuR9Nlhr-Fb`lr7&&UOxnWr&E0q3#(f`ke^^*pGz>c+r~X<=
z)loo$h!Hb9_-JI&2!=;s4IvW=KF6pMI;D`8UVKqD6Kax}KtqNdO9Ku&j5ch^l8znh
zF`B8!>3^wd)21@z@QyofX9D&CZQ7bCjmgco+(g(_7NfCOU3H~QGexHcYg{j3@|cm)
zN;cuh;|{pfD02gynwqLe1Op9rWjWp?vm5&bImL8dthGT02V|^gpWbxJ$tQ6~Ws?vh
z<agtS^>qC3A=I{2OZh1ApR;Cg2WN|HyfkR=Fd4nd%F2`}svvWS$8;gs=)hf?C_gi;
z3y@K0tc~QfqXU65d4UN9J~)igi9;lv17lom*M*bDwrw@GZ8vFy#<p!66ST3NHfoZ_
zw%ORWjmdYO@10*Tb7r3#d#`mZI8=b^CaP6R6zXS+NdHTnKV|7xbyqZ?x739HK9oRW
zZgX?9KV}W<S<bc-!QFkj=$KEHNGx%^Cf~=K!1lFSwuwc;Wcs+5OH1iAj9?MV=g7-g
zSKH68J?_iF!JdNo#Tn`tJQ`9FzY=-Z2Uu`M7VbET3U*{(ojU|brE@ma$%~n&fOQdJ
zX?dcQ$BJU?72l0+Fcn~tvyhWR$Euq6uZhWa{hnE)3<7-tX%tVyl}mE8V1>J;;^EOw
z<i68QWC^FNG+0Z@JFB}<4!tfK2CD1%Wv{gya*hneM!9sVG?UYk<uXNJxw{F(U${nG
z@{{wdbfOwLO7%VUV{C7=?tX9M6PfDAsz(rcz0>g7|B<#IAl8{kz@BYVNO?5M#Imch
zM@VrSiAFrU_>2Zkd8$#<^1`^%UyP+OiFUe~SJ>Nk1d@E2RazJs8~fp8XgV9y*xP&n
zyaDkFaIc=j6?i8jDQH5vDhwR+<#<uhqeP2Hhk{5L7Y@s;<#dItU2k9H7=rH8%C*Ml
z4M5p}>(_?tP)!@oX*?Lr-~Yzt20pv{%eX!NTeO{ngz!fiZk!GAfqWcVy$qz(kYe}0
z55rPHcR{#;Nrw8usA2J}6DC+K=r;BXsyx3q<j-yFak;VVh|jF+q;S?ZW__uNWK3d?
zZ~=6&tdLi9a};0JqbvzI+_pZnT+4PoMODSJRfo2Cc@0a75b}5ki$f!3TKIB`vL!EM
zs^6j?Z}sStzLy<Zfc|ZrmX2;rcLH#k{Scy3oyg?I3MAjI<(xu15faMs`pKq@d#bt}
z;S2N1l8y!nB}OCSQM#)Y;T9Iwm*bO3HiyOuPw;C2Um3#Deym_vcaxnQ#Vrv0;m10Y
zfU=?gJggBh40UEK;|q5wM^{ZIcXvf0t7e0R8agLryP(t(&<!Mp?}Aht*2ymec@v0z
zQqjkD6GUfX^Ivuj8B!R8`M;S>=G8Z&XinMJTO6M)W)Yt=00LiSl9eVb*SS<|?nciN
zOB=_ofDUubf9bbKh%Hn3qs{hN$QM{7ln1%OZ9dQ8S=VVfIeqr0Vi{kd$Vr=PjP!Xa
z23Hn=#W{xbLKxi?q%hnotvKMIMPaMr*d-2+Z^7Sj{{Xi#0QEV8f4_M5o?s>j^1Zyc
zJPc@I7Xp(5jgJ7vL}0TVyDaAyMFRlLvpl|dRvL+-4q@r)EW@!B`RNIPFV-gp-Q@C9
z2J2QZDeAmVIjExTU6L&8KCXu>`IGu9uQa)_xU40BCi?=b*WTEfjeOeCQ?t>Z^hhPd
zvB)|OUmS*=$@C^fg~y|qnSr^8@^{_#C`B02{#BIROv=4|t*J|7F1i55QEh&bEFBaH
zni2!d$bg($fI;wY4MY@#qPux)2eUdsC;U^>dIY~-YRz#k)2NCz^fOIHswBHX3>3~Y
zSSQPXky-OU7woBm+<%@iJ)P!N%DK5L?(lt1D$2_Bf8pMBzoR)x=faUH0xa5ml&q%d
zRum#@6fB@X1mXqPeysJBm)f8bW$}iGZEKLdXt3SHHi1p1_XoQ^<EzW~Od~)+4r0Kg
ze#_!5s1KPato8l1qK*ljAWyM<D`=dI=Elaz7x4SO|ITa=W7}v^-wt3#FG;y$*4M%&
zndvgYlMBSbqZt?3+1Oqm<DIouM2B_q$Wh%nDc2@&b2nzhnH6$Is0UqL!OvJq^IN#W
zkP_gspqOwY#+{3KIHPGg;b*gV!qsB2d1g2FMY!&<gKmTGEuw(;UCbfraDjk;*s~<A
z-K3RIz#T-ZJb#fjFhG;cv!*3SC+7!~rl@2mr0;oa-(WL<I6A>pjB>g-x5uE-jP>pF
zBOMFe1zrp9v^-XN8@^HfX>j*_-@RC7tq7`Ydn)^)d)bzYQzYsZ@jg?IEeo6;9&~!&
zA|neAEXL?ql4Y*9uE5lh9&i@ime9TS@Y@c7!9=}T`=|x~zKv}MFtB}z<=-DkT@tCw
zxb_qFFh@-#YK_+|SYl0Va({{&`rmWI87fyb-;U!+8ce49YLtve!8LaZrug(cCntD9
z1sQo@&v%AM9n(dpql(zCT)Hh$2v_L1w8KvZet2W<J9j{EXpq%L&jus57(5L%LOGjk
z|N1-?`&<6da;Uw(H;On{U+IVcRSz5k4ZpO7@m4N<RVB_BL{1*flg%#C4&fVn-Fjmr
zU<bCUP-Htty|1BAJrE%GgE|EFya$V-qP3RS?C;ZyK0++~HL-b%!k{wSL(93!>{g@5
z#vd7g2k_q_<bvpAF2fXeaGon#oE2Ud$3sWJ0lN&9L;&6yx~^Z2a`;a2<B?i9i$4-T
z>ZGWv{-)|U&4sf9@9dxWR`%aJh(&>T(6!Osg%-=Hl4RP~Bt;-o@y^tSsLsn1i-q^z
zqRNqd`r#D%O5g;~@fM{|hL-4GOkc>pl(u-cV3U!sIMC`xkrm_10^%}lR1VVvWbbW+
zKQS|E=x>9lafOBUY*d8~LFt_jqev1a6nKVzFBeK3c75${5A5%*=?wX((GM-CT?4z7
zqbw(1<|szHqcCI<D!5$UockKbE(+{d7c|uk82sBJDCq>#UeOs|ezSN)vOyh5wvHTt
zVSf_P&{Ch&w+<ip0Xm&C()m*xRxe!{QTyUDXRcl`I>>ltk;hNTrNh<?I3d|CWwiKv
zTpS_yHc!N1YRW~@O;Bykh3eUNbE+Hyk*Kd_c>xMQQ<%bjTcOjlX5(%li>hR<LzpRV
z!}n2G;PrQXOC4N=MjNwFk_IXs38bVFMHGCzTfK$#-OH)t@bDM>6b(19=*tz9z{ApR
zanE3s!6J*k_1FWk&t=CWy$FlJ23YiMno6QFY}z?Hi^rUUziMX^XW^F%BVQu9;V|Bf
zSw9K`iyN(&SVj=NOC>zxnfgq~=b|$Z8Tzmh?UySca#z4xVpLp(pM<<DW3}FDr$5hX
zPA2Yd!KszURT4yH*5z8J;&v(gsL+1&`Tb^$)n$CxN;wHbU81<;ji2Q>$mNM#0lz|O
zC|tFKxG%%aB<IR~QJ?PGC=7xqr~MK9$`O+~Q_8*WdD($IK#fHdtz^QHuB9eszuH)&
zc3~F6RXDCD@{io7U^{tgRN<@@*@cinw%GK2rICX&-r9z0lTf}a*P}AdEI$;EBj{e;
zb^-8Gi-X+ag!27Bo_d>r0cOUQ6$l>Y7*jypzZD^-p>f8iXNAb&Tf;i)9^p>*)!rQb
zlt@5g>b4aU%KndV5h`!S=sRu`TK6L{n}>k|F~bd6adbsHn^D`@*=L`JWy>YKv7C4_
z@4BGIV)8O=(>PxYDmMHMNb8{vtii>DKVvodKo2*%x_L)o`I?}JyFhQybSQ3@V_U^a
zjQ$6Xmikv|h;_eR=DQ0)N6wbf123DSoFu9weEGcMq`>~OzqatHbmlx;Lh{dqUO8Um
z&fI*39cWVLWtiBQFF=b+K*N=S(_$*kdZ!tjE)Zkg1v@4B-prHqd&uuKUh9rvM$oad
zQaPS%m`JLcjLi81%F96QF~4&FiKbntcSQ}fFdQYPGnZhF2i(y!(Rt=c(idV*W0UyO
zO-)S0##KICSr(xbWDS&l;Ap7DzYKER)u|`8Liu-pGnumP8^;oYB5$shY`yw|<qpFG
z-OF`4+pDJ_=O82Myc%LjYD^_MJu<OI$tqdz5*tQbqykwH?rUOKtRx9LGci7%>Qi6a
zkc>*gm(J35B(w|#(S2lVWrT8nx~M8MX5OEkXFVTl+rq-ca>&D|jbT5pO0Oz(8P#V8
zOXJ-OWt0#=?j4bWAttJN73w0@;c-oaH^;rGCrQL>m)dSW#XxSC42|h9%rJ@^;JhxT
zn*^)G2^-BiNZ2F%3A2&uk8Sf|m#0-qC2N!YK$*yi$$942`9>lU`GPxIWn#Jm|6pmP
zv=OWFEC`d)^WJd9>>2e(F2gvp9hzbS$n|#fUqz7>Z8S9IlU5Z(UhJ=@HFL!JAQPq6
zfjj-J>43=Tyg)F`ROxl%gM<g#Myz(D4a#G<gjt#=Z|&f78`<CqC-)Ct4uLPF5KXq5
z3u6=U^^-!<JZ5h%r(_MveZhzL^$ix|-G{!|gR1G2$F{><y5rDUT}E~3?9!eaYvJ>q
zlHd7xyWL$>AKg#gxBQ;75Ru)^XQTgP<p6|=kiX0PSAQI5-dgUKWiMyz6GbIhML(#S
z4PPFozSY(~3Fi9@5`wd2VCI4(+67T<d^DuYs7rVhfk-|=hjizSc4<YAeSp=XLa@98
zixp4J_zgN~rJ=&17OGjoUbZT$Or!1Z`O*91hGnm-=z!D^8@qpO=j(%@H&fov+0?-}
z0wy9SBSsd+w9mAr6LT7S%-rznbwk98blFan!dKm)mFx$DcwzWbmq4CWK>~^3Sn804
za>{YYEo(l%>*2^CCwZxIN-}*k5u{z|^-Lt0b1qa1=Le~$1FgEQuIoimV}VMJfChG1
zED1wGG+_d{PfRvruNK@F2R$2lK`<mFG(q@Qe4tAT{>pGank_4&8@X8V%(G;(GXJJk
z14oOof}C8cAC(&VbpnaNhzuXVzbQ#k6$uC0_IjfSn3Jc*k@scAVO}T8MR59V+tLzd
z;(uymoi)uG;(|=VxI+ZfhDdxVb6g*y-9{NKrx&VhCX!l58{N*Fhi0af9O`aOIj{`f
z2B(+f5~2&nYMMjFZrNh?Wj<Z&`7D>*%@xaQPUf&j(=ldZVrC7m#NvC0l2M-usj1=b
z!&pm|VdiKqw?~a}aWe!*pz<eA3ctE7{3`hF(4tfNy~$=HWMl6Ya?YbJ0fVXz*e+o8
zU1kQ{F1!z2C6kqko(zsxn^?IO6^pn!$?D`0c2ZQ~oE-p;zyCG?|9$t`zviy>K!`VT
zh?dma?twK7zqS4GHDY31fp8nm7&3`Y(be1cF0&bv0NO8Mpv{0+`#<c8m}$HQ$bgF{
zG`Xcf@2_8ml5B4|`$ZE~Bys`ThHn}yDj{_bRUVn&6{+y!o5pW4Wn~T1<1<$kV@fh=
zjmkPOqBEDGy#iqG+j>g+^fPC_3=%}Hx4mUB#JSgYph-R`oam}bA^&h|S$fxcuG?rw
zLuHH4(02dOb`*|h;3V@^wa>@l-4iUG_G^agJVHQu;NR1SjZKUE)+-}DwGz)YJW^uu
zQy3p3Q%&JjIX>VCE@(XERo9lnmLBL=cL;ziaeDuejIX-xdsnR5`4(}5gm{#0npl){
z*)D0%clm4acS+l2OXSPrIR$Ig0*Cjna@5oum)Oxt`p*Ihqqd){p%#NNlGGc7nIajV
zm&+?r@@*UnQ`w^T8>0Eiqimd5Fy%02>aa(Tmvd8OxgmSFoUYVX+L>czKKPPO8|s&s
zGr_)7?`~86Xfyt3LK4PF?DMZ6uo8Wmi=eZp^1%z@7_v*c-eewcVs+;Qt<S}><?-uf
zXVJDS8FM`jsn3<T&-DP_5z&R2X;)a-lNAfn1$m^b27TmWUi7JCqKLTX<_9{nF-P(|
zS596RHH&&-$c{^NeexVx_r9*0rc5x!ww|mD2|9kS^~2s!`ug*)J(u#|#+ajETYBw;
zvmaxjW05pb(fk&)Iest8cguK&8eNc~<??d}sT*8Lf-^aLf*mv^`<h=T?v;($!d(dt
zak0P1>%a(q-2A#b$#T@tsK(N5a8Q+mLrZN|=WLnV5m8mLQDD|JAMOwic!QROvtGqv
zS2dJ0e~Q}8sc01zXe_`pB$2m1X6`>9ub(Um=xCkpLt9g%%XJZWzgp)lj8q-JJ6c}F
zLES>QjiO2{Ty^Nog?%`!@bL5ibU(n2u}GFt*u$!(t{6tc0kYkWtEf`@!)rVI&`KZF
z3jMOxrw%klO7OA+f9@Wj)>}?F{4u!yp|y#-4zwXuON&iV*w$7XM$ija|LPMBO{vSG
z9CWH@V)05T6Fh{iqC3~{=ZNg83S6#nHWKB#sqh7awGZ=LH{biMcY=Ky9^jyzHuv;s
z%S+ZQI%K2=PF9amaDG#*H#^5-JpfnF|9W7~$N2NYvVt)cEmx28bF4G+bYx@qVw}#L
zN7Ds4O8lh!H=zPPoenWkK5wYRONQ`_YuE@p)>o`ZADQB!sxL`@?R8mMzv6z@mP-`9
z37S^~-&JWp(<yczv76eyk_ZIRvOy9B+&LXfnY3bf+;iIc7MoU6m?fV}CCXz9ER&ac
zxyCm2dBxh^DMw-pOmkCZ4CW;zih{MzSX=fmk84B4$cf|PDD==7+t(uqKJmhD8~`j;
zlynT1jiW3TwuE$_fr%Eap{0H#iLfbLcyZIh2rm%alH`>Ksc=9s+yka)8G^+bS2P<1
zZ4T`^?9thCXhtRN{&0@xURAq<zax&x&d{oRKh^#qiHxhh(o5j$JMYVR)211m{IPcH
z4Gow-=i&`Gjfr??pktEfNcw#f_sHJkA}5U#lM|4T)NIuT$+Y0zVR$@oLA!xG>jQAD
zK^!&T7U7&Tg?dRB;h(#?Y{HCZ!>#?E9!Ncg`pe;Ng09HfitLhT_ei|E-9yq}#V;UH
zWvh`^+s5#&Gi&2WgIvo;tWZAA;hkrUxjf#?1i<M<^j&iPB7KF%wdS5d`M6WjLYOzR
zW8-2y$Z&2uy?v6+)%~;aUo7XzWVr={^E94!sm8qm_FKN*LzN!=@_|=mo*$Gw$dJlD
zVMq-X=silm{&nj5PUUbCsegaV<X%_ls{WCm+l?gK{<|lt=5r*xj6c@zyT<u1FcLqk
zs71i+$6;i}MDFn9vbgO^;mc9;ZP~abB^KH3+%D8P{tG&($;pK$vI{-2{M?@=_Iu1t
zI`!l4%4@$8SAsR%Thd#yTOM2zPSQ@j?MjC%J|hH^8+_)j*s+Z;$10x^*Q*mDv5#y=
z|AApUzGUnZ)hePkA+T+uFOJw_;%K~+YFJVwc)e8A7!T)q!1@!VnMLHo&fe6SjmonJ
zzp#+`rq|)V^55NZ!+nFx1nu!=MhDvG&kwZe($*Tgp~ZHQ=SgE2@#R2!%IF-0P>su}
zQvK@#U*;fAkZ5-{74nk!S}R-Vc#u<O1feVl%N12lU^>&)Z6}ZDd%Cg^EUhr@#9$W%
zLllySoamY|F(2HFbP;M!?KImAoQ{+w6iSzT=nSth(Gg1;uM%Alq`zCC5*S3AqO#Q2
zMX-%kI1a%dMtTSNECdlrmBaO5dxIvJo#jTUM6AqjQiKUXLfG9O?`3odj%t^$cZ1<4
zE=DMxE>;%Ms*WpY7n3OQ(*rNJrP8@!<h5%Wk)-CdkPf5W#TmjIXs7$_5Vv9ixO#5s
z%y_{a&sRLb6kH@Eq>t&uNblUMHDfBKc_^AS<I3^_OJ+7r8J1s91XUrVQL4-*j6$n?
zT114#e-Yu)dHOz$^rZ$gGu@2#k}d&0H&p%GWF*kx&qSBX04c5aqv9CUtobe|?~NAJ
zpth&|P`hFChV*$DHijaI>M`}Ig+E9q$nYt$#gNaDp6GT<8ByXpMu}JRH^_cNf-$uk
zf;{e_@3ZEL`&er3J>DRAj09A<vXS{Jde^UI6e9DcO7#5TD5JvKZe2tKqvWyvR2-ei
zT}$EAmIf{OtPTnk@`FF#*($$uR#}K}|A_FWQ~o&%xlOE9TK@0$YB;Z%s%CGEO2ca_
zeyzTpN=hbGq5jqm8!_B1Ey?CRYNnu^;JUX~ukw#&BWR-tZT&R;bj}qj4|FnD53GOP
zV1KigP*Ee!agvrxw6*)o@7611HqYTbuRt#@&+jE#q~7Xm>t}OBucRiF^%mF8+P8uk
zE(>i%I>WZm^iSjhR^v0#kV=x4&|;C|+^v<)KPTakdZD%!*To3`d=flrk;k3fc7Ts`
zY}USo?%oKqyi+3F-VBRJg`7=vb?aob`IPe}CI){!Nbo#pMcW%32>({35zf1f`In_y
zKrE>xHse0bE%-NuADN5I&F*ATwksT><0{HXDhdl9aWTpvdbhsAAgb){RB9+lJR$|}
zA+o(lB6Y^~FP8JW_##NMd&U@24cypc+)DLp6y<}S&O5pr^u)J$6*{AW5L<6GOG6^f
ze9*cL@4q(^m!A1Y0w|=j?WtnfNq7EFrJs{%fpXGn3_nagrH;E8sXl!h4|+>Y{h>iK
zY^@fh#9fu#s+go96lg`a$KUTd+Oy>i<&5bP)0(;-7Pd1yMV2d$MK>AWRtHmn8O4%t
zf{l)+f|uY`s{CGPH;)0nhU+q!o$9)Qnw_{;B0p5$G4q}0{-Ro*q`!ysQklE!1B(Dr
zu@8aH(|=^Yl+KXX==0EGxyNbwBy$hUj40cN74@mCwcML4e9`md6CoDV%snYCdpVOF
zKy&2JgC6u+Nj*wx?7=)iHSse8a#k?I6{#IQ2+{kLHp*=ZHD_O@9Ga_}JFOnYRjzj+
z)U#gx0eK`JQ14=AEq|QP6;}TG6Pe?DRWB>nJ;~LSXI^!i))gF5=3Q6%&Uq^>^4fdr
zUH{@VKV3vD3>qcD_<F|CX}9l#@R~G~S87|`e|Oy4{ioTQ^I*8uGj<T=1Brz&lHNia
zO{p)j$nD}8E#5moTqJx~*}<NH`#+taJ_XA6fLtGqPld+A)LW}Z6hcj}19*m?PigB&
z_yzcC;i5S%I>o%e&;b-P*?e}nSVVYZ8Jfk?0&0HH=sfTkK@7I&N|!K@C`i>MvxR!z
z-yMdr-bRNRKMH1sbeDDtO%!4hzgh1Y6;M^R&#hiTuEpWkvW(6n4XzWPA|<lB9jW;M
z(=+P#BWnAV_K}ey$K~B9jv;IVNwtDdAxK)1+DP?D<+b0RKF~E1X!W}7VMCzUGFGT8
z8t{w@F=5d?ZN9XFzBb3d*kO~f*XH#zP%pT5AfLpNf!x{>R8|Na^jQNp#I?1F+l_Wg
zz-!$)%s2=8YV@LW1N`3^8vcMJY{%$RNA$m>;8)PaDk_GBMTCW4yT+%fC|t!MA<P}<
z3ayeG5PybFEEGy8k9G48V`#*T@NR+jeA_zm@woQtTgO<0syUlBfW!=59Akvm(4Vl^
z;r0;LVtqtsh37btJsXX!7@lGG`~5ACIFt^HPC@>kY0U4xHc3jn>t0an-iJAVBJP3i
zPfEO|7&1zKl--dKd=IxZuJ67@R0X;_3tMTX=2rt1bLnSn%`xbP_OR7Fcohwr?bV%|
z8w~TY0OcjQqPSGboHdsGTIDZJ&~+$Va-aCnyuL<FfQ$WznPWS`w<Qy=1WWLa=89r-
zW^F0p;S=(E3niYBabJ3lx^}!(FWulvxD~N-l37KIacYEAy>-C6pH}mZW{M*13LiWZ
z5_I3{xAWfFl_V32;*8`?%Lu3U!te=s&gi{4iLr>3tG;s;6(tf=Z+=gSNE(5K2cct%
z@ESv2CD!_lFo}$V*XnKPl$MA-_&j4p@p;kl;05q+52wnG*!)-qc45hxmz-epP`Y_H
zYLV<xn&ki{O)72Ndu{@O2Q{}n=3y~O_jhxhvEgm<b>0m(s&}>*xKUOXyd4<1H7}y7
zf>y=Rc#W<5$UreJH4$A^e(xKrvmdY@6v8((XA|zrf6S3cxV`e*_hktoi<rEJzI%X~
z7+DHw6w~CuaAe%QBY6-fa<RB1;dn|qFEOl2FVJUkS7wN8-;1cCsAm1oQJQ9ln`9Mq
zOd}_Mw^LrnvduiF+=P+6QLq4fS#fu0QqQo~kqt|)`vJ?GV>T^)kEFlrp3U1UOna~O
zAK1-hSn(vMfs3-d`H3XmK>xgJ&ri46szBs+>sL)z;i7?$N*=e1moUd$(AM*gWv#p)
zay&jqRI4W-)6b-v`86dxY1Wt-@V;-^`W7>mu@*M_gs}Uc9l_$ysFbF`*)yVrj?qs9
z(I$!ZC;p$>=nSG&zp2`qi9X6h`$?=p9|GukH@|)9NIYi$USa5nsquOC{@!+D<FBef
zE#=+Bm!A@O6%u~CqT=$NHDf&dYdUbV&*icwr`zK41Ed+pr68~*sMP{5z9^oqBaxb-
zMY*{=h;0P&vvUc3t;x?<b5lOSfGxeJ#EJO)3!A-I&#4<@yYDkluj(rM(%$pb>`A)C
z+$GKB@VXr~G(UEUW^M}At6qO-Kb0H6R{q85Un!m=!J{PN@Ir42w%t!Lytt{WtzGI8
z>*C-lz_H(K&jla^D&gVbsTyh$Wx2i??Vq!Ft%<*yo2$>i>^Gd$CpOeX>^5Ua=J2@9
z=}tB2O<)_wWs(MHlVu9H#~eMWM6Y8g;YUGH)m&g`??zbvg<tG9pWVr|I8`ai@IdYc
z_jzt&zNRFQUF`pD(}-HPc6uF}H{9ehQsCV2f2jDt@;y6qxPhwE2!BM;L^=p*3r-$P
zfk7$tT}jln)K%<ye-H$w<C5R&Z;sw#S<4zq5oV7He{k7CqZH5l3sILllZvfKhZr9D
zr=`!lSr|$Hu8j_I_UtR}fjG2^n<)r3N)VC32qb=_(sw$>x!ZWXjBW$Tfrsc!(5DWV
zv-WS{mYi>kraF^VrHT2^@Cn~{RW-j=4ATa^Q7J!3!4WzYBak@^sdTXwNxCiuUM7#i
zK##lex@q<BBQ72N2q>r2p|?C&&Hvi|W@C9oVIM_gY<%*0Ho_4hMwmeYwchR1^OT+}
zI@mJrO*E6s8dFO`<Ew6ap_)%;AR{)|)L-^456>+ibtZ+3;_(O0-N2#YG?8N`#i3Kz
zYi`^A99)o2J=3DPXDT@?Ceh764kH#X7+7N;y<ClEnGG761i+7wKzmCv@cllG^WVWd
z=hP40B3u+GxlO7>;qz3(hrh}z=9@-_SgT#3e7w*R)Hjkt?j=6n=^!Ap<AT^GGg)k^
z>nT}C)Rxz-6g8)HnB{oMoG8%>i`Eq2FUnAD`lOtS{Wa>ap>-!0>k)5--4-C&T-uM!
zexLs%EV}EJt5Z{181mO)S)wn2kg-kk=S~W(*EbsJN>VW)HYP!uPgQXEzJ}^oLQh{*
zzb#B_8T!jY!J!s2RX2xRbiO)7!?|0xJ)9ri08Qxy0(-tEi2sIz`!M9C-J@5mk%$ub
z_(2%P_XMBEi+kwusQEGD1@&p)KM#^$9l<wfII;ayHab8*@u{AX>^)k-QYqUE%<0Kl
zVAO53W3JM#5B_Vn!Dx<18l&n2Q*=hK1c8ue)pjz<)Qt5vWG?LG@6YPi69wH)KZeDE
z?A$G<%(qjnlZD3EC-)OsB&66bm<iuR(3GhC)Y|0K11{spQ~{t<o{3Asn^DcO(0Kc|
zsNwc{k(wSslJUL^C~tmCR*MzGq7d#i6o7}ZOLxE`{-`Jf9GY&hsQBgjZ>Hl-hBL;I
zBnL|C((P26@57gxCe6ll&S9}ALYJMV9_&<|X?cMw6cM5-={v<3KIFl$r@ZCI{g(kx
z49a;T>({rd^La;u-!GT;8TuVNz?lB;?}?bD86n6fgqQ@o#gMG<$nvtfU$QKtgkig`
zD%grV!QO|l2?HC_Brb?M5W`uP5g_6`8Ki!!FqAx~ZVaj8QKp(=x;(EK5wAn#Ybfzm
zCKS$(5&AsbY@$M=we_H^F0XfSLSN``41VxX3_Ym-+0|n9eo<d_)9<=sH^J-5ULeZb
zHNFCCseOo-<Y4VB<7yi%iwc2XDxDa%(;aBVzPe}aC$7imMuBfX4H<9kqxw>dr$t9A
zmQL&>PN`cA6Kx$Gi}uI51Pi-utFHOaZO3eO&jeLtydT2k$Ux0Zw<ddlC12Dw<d{Zh
zQkkTzFIIq;g^v=sDfij6FK>Ngu<|R@ahS#w$lV8Is>&C=gPD?j>rathmDskPw+jAA
z*m=qJEv!iNF=xck^>B7OG?MS|(9k13txdFN|Iu<2eOVs}_3Gk)tCaJ{g#JTky_yzM
z26;S$;Vyb||Mo`dbJ1dHy%tt6-==CfI(~pEu0|iv_W&L9)A1xCcB=R7lMY_=eH{Mt
zUSwwFavYV%t#q|`p;S73uw-z*i4Q|*j*PTP(;eH&FbTR}GNY13P&tN-r$1DA5yv80
zQBnUYTody@FL7N(ejOOVg`)x_+nHI6g9;?gV{9?7l;?lULYh#f<!)rpVYB270BG7$
zrd?^m#bPC0_5tP261$bpWvDmZysSaru%zqEJ?}ZNi6#ryD@sv_n$)~BDcz5jG={Cs
zq=-@YZ>$vTGZ`<^F;POIXTIo3FKz2$<KT?K$~o875j!#ez{YbX9AltmF(}3OcH0=2
zfM{x>PrpcP4R{8he9^PgB`DUXe)J@Ttes;M5Xvzl(oK)hk;-Thi>6-q-;3xjG$3#b
zmV$G9*KJiUJ1>pv`kFEw+Xrsrw*o&FId7VoAjD6Xs!Pxfk-_O#ko~dT6<`QnNe|zL
zGkM-kkFxaLo!z~xH&}dg?tVg6>BTC;GW{r)jvZZoT5kEmYW=p^!hw_5nmj<no<QtZ
zobCyeBj{c_rz$cT3t{?g+n(3(uz0)UaRUbvk=&7vI4~qV>0*B@%{P8a_soBuqRcl$
zTr!~)Sm*Tel90o*km8dBl#0TaQI5Jv`ySAt47(r_22n5WA$=_K-2cYKeS#+wd-~|S
zMa6g;lI@U9@Qa-kKE-D5%X^+~VwY6PhLyql)CCW9A+y<S81Tr=#u(ae{8A+U7>0n=
zf1Zpql{6s`K|Eu)K@6!X@&GFGoKMPaGOxFoC=9#~MHH<aqVy;3db&Z9#dAgxc~j$$
ztPbvC+rBJ4tu6*+Gm$=S=j7YsQ^gY`xc$XwVuWf7;59<Q2vot$>W&-C%vY`T#DZO_
zn{`18H6NEaxoT4Ncjs}mgq)gpS5;A!P`JB-U#xA@b(}tfsKaZW>j*>vz&ZW)2VS1*
z+1d-N*Q?DM1t25L^;mA=y9|jvj!Q}Wq0-0-C~A@Dgn11EfBd~4T;s1N$uUhJ+{2lq
z5EkTjh{a<D-7;sjKsv0)8TcQ2&s0oxt#)=c`){+pz1%>o8<whgtX=u#j~jcGnOd4p
zU!B656iOMOe$$$}F;}#{?hWU1+S-;Fy~>$kv<n#uL*9&s<%f!fK7Kwfi@v*(L}Q;p
zE*rgZX$7>h49xtwvzgo_*K0`#mNzXf&m65!g-FNCWqE~rPgXWFh5T6kN-M4AocHH*
zS%`m{V)Cr#0v6}g`M)WrBiG&Li%{-Q8AMWaHDcq3bwJrv=)dCLjnL(dzOal#+hmUK
zrQFtA+!N|pe9C>k@V%U={QB#7f>(AH(Bd+11^_NQiKb1Dw)Qyx?Pt6vUCl4>X_4Lq
zv0iItXk88xjE4uBOBIFfK>{WVNHT)gE%=2O!mVm^cNT6v1BdKdgM*qSn%@kh5D=XI
zC;~rggLM<xF%w^TO86By<w#E8ajpJ%N{7>W3Dn~@J3==bu6GeQks~=oBCOfzsrS`D
zp)AJ>c~S9}FITt1x9j<Vs4T%<Rh@TkncPaU0LkpoOz>e{psA?pds9pY(Z#VN`gj-+
z6fL;ZP`iX>^mlWw#I}6I7*Acyin^qP`pZ-&Nx5v|&+%d(^?#X{6}u0j73)Fb0JFBn
z|C~5Ixi#nYlP}Z-N)q9p<=JY8{<{e+L$|1VU?VHlKiR3Ybu47S3QVnN!N+)zjS&a@
zzju*})y*<HEy=G+7uFpXT>qlF)YZ}V_-}FNf~e-X%mk}EH;rnNHF(8927dd>hm@iH
z!JiGh_rFSTK}Zs!L~}v(K(%lML?RPV1_Tg_uGEFLWsSF9kEbLes>9|-76fh;j#U?y
z<@)LFMb=@Nx027^F5_)RFXNHt$db7h_QMHpK7m-C!in6_Vc+n{4f-3qj0D8IrfCyi
z#b>!*hUD*_iqN9oU&-PNO%wQkmVyN&Nw3OCeYHz}WpH#nmu8V9M<@I%dz*fL%!RYQ
znVO?M1BANj1`FS2gfEtM_X@x_Su;1x)ywskbF(Fi1D81;9a9KcKIHk9Io`N{be`zX
zUt4hD{!M{Pih*1EHOaW|MPUDRq%}!I^Cz_R57D~3E-RRhyIDows^0a*qm@R%_eLXr
zeYXn&3Dlc(WXi?W3~B@aXKAk6nt=xXdQd>7Ks?y>bz;Zk4S_D2Wbgb@q~LMGTjPvE
zRrH$PU-W>^=X5>M3IVIKEYB<KTlFe!Ypn*2g3AO3&rZN$)gsNt%TCyPn6qiNlSA7s
z3!Mm6;!THtf0E>KzxT;PsDY2W83{??PQ-uPABiV8vAXLT*Cr>IdT(qgaH!aBtW;Tr
z-`uRB^x9N5mMDk{eov6f(9;cla@Db&)`8r5IK{coJyY0`0hr#E?c4sHM&Vu8t@&Wi
z;+bu+%%$FkdmXE3|2cTv>`C3Zefb&9FaTV!)b%nbC}E|J%jdXJ2%~Jw0pB4@+OE|b
z`mR{hxsO9uT(CG12QMKuTFZ~#`LR~BNx?CJTy%~8%tDwlmyg~Ujao0DAg}T>X||YF
zncmeGcirjz-mTAlQQbmCgxNIYwI3^ShKDwv{EG(v`g)st5%cPwqXQzx{F=_U<S!Z;
zRsen~b*7riej``;9Zgu1m8u8ZNLnFh-nt&j@(AOqneWBHe%T(+mk<P+Gwy?%0|Z1z
zKp&>ibJIVK$B`Lbf|v-8&WxLfB^QvEbI{II9fcsVfHL@isEwk5SX@_<I}WTXqH?X8
z4KCY-JYv$)?aB-W;%M43S_2wd*3lk5AC4_PXZ)D#oqGMXp7Dtitxdn2*1IF6s+HoI
z;U>ePd5aOHO4s8m-i`c?4xgD>nplRK+EifS<Ehf?%pQDyq9O@+63gWC=J0?2r*+5E
zq$uqBkRL7jp>)|PoLo6JMh}vA(9`?8@A@>B##&TGG_Tp1<k+F?*nSgIY<<^cI16z7
zPv^%nbTUi;($1RTWgz1NQrhpm)AUMxA+ap4y(G#0wW{x)EwYc?-~>MA&kxXw3!e+#
zK-JiwuAkL@SN11s%#u;ogERit=TCK9+mSjABD)ra`S9mO#%xsaOR57~09R|KG@@_5
z=u6-^MRu*8v4eI;NUP^1%i;3!^6cX;Ruv_20DZyTlvi|AzCC37-Lb)H&Y%=|cYq3l
z@-?sR;y34LOhtbv9NIzWxd}xBtH^7y$8~<En^Bpmk}?=<I~9~Yu+e8gSBC!=&SD}{
z9t!n*zr6!mOh)`ci~|zXw0hb8ecT~vD_E|z&UgaRG7K|hX3Bgm|D`wW>Luae0#Qsr
zTnw^!)zGigDaEnhR_+E2eJ~ZO`6)-hy|BETzRL{t_9>p!>8_4$cJv1m$@=Z2py3;l
z+wtsIIp*n3f8W;Q(yTqITkXq}fF6jC0|DXNv$+O``-HKo;^MHEhjS(p>Ch~Pciwlt
z7b1U|S#daY!^@2hv~u?>WsR(vUUS><akuj&1sSHgzZbxg56B%$QwNLhk0_wb{qaXX
z@tKH`)phO6-e!dP$gp2LO|7Sb(&-NvQUVIUJANeErEkSr8hU*_!+1=RjGSq8w>^pH
zq~%F)adkcVNmRYidHTr~ebeVvlF;i3<F02YZ%nwc%jx9Ul7H`<R#>3fW*^aKufUgv
z3}l(>qr?;KY`VVk@9rO79>2h%p(}q%taL-hi1{}QS`v4+_j=Z#mp8}Nzwr*wi#hY*
z2+TnYHAAF<g}^aOaIDW%wK6^xNQf%noD^7$Mw42}r%NfCJ0;M8B@9?cmj80v%6?9o
z7oKr{Xh&;lt@N{YVRcSy>``DjE<T}FqlQrWYg?a5{Jk?(LgB&0ceSi<6V?oyT`eu%
z*aP?d%ZIr`#m7#7ngEHVUF}3OPRK-<4xXa*)6)PZ1iKZzATBy@-3;41OdXdlX-e8(
ze0F=DbcqZ-QyT~00Mg60OBS2W0+f{bL-@AHu?7?HFM8HAhQIW&F3%UP@opZq2gm;z
zHM9)8r57%D&5f+0o*RC$kUg8Hhs_7q(7e?-Whn5wWH0T(AIdq(S>dlc4|P5BZ-^<T
zF_&59`Ks{f>9(6ix4&Pml^_iaNlm9RXjmWo*7+0q$B$Mf1VU$l=*!3#Y=<ZI*Ua@R
zVOza4Kw>!S&ik(Tg~RDe9f&j)VrMn1%f4v+-mwNfekYJG`HJfHOmjF>C~XsyBRc&4
zI2q|T0e9ZyvwIme*K49$OZzKM;ikTVjWy+GoWCZ#w#)~Y?(3Z0i^ZKABJo`y_K$^l
zkynrGhi$S8?lOEKG5`C^wu=(r-x{wIO*}OU6w98DoFof;E3kh=QxUpX0=$7W)DFmY
z1&K{m$RZ|e6WJrgrri+syC~>Gw$+^x0uA;Q#wPV;j-6zOaerDZwfg(}<@oTGCx(Ze
z&L}Pb@z%veD*6TIR9B%sFmZce<oAD_&?=|mb%8yw|Am2$4-)2Vg%7bF&Vw8_?+UP4
z0kN_n9-~feTG7F?M%A@=i-DXS<W4&WakMtc_lT~8%U=@^Kjt7!eD0>jIeMdQ!)Cr9
z!GL1hF8!kd-oJLV^KJKQgt-x9yp17Kq>`6<t)dB{ue{WHT}uEQi60`i_`q3qQS@NC
z>*6U9RBZXKbPB^(c(>nVYJPWl*?kV|a;5L!UvUjk_>Ino`!87zIKI3WEtkfuB&kfp
z=1jD$1#8=z1aHr9*6ZJ`<VZcBp8_xYrp)N{CD;6Cu1-tgv4%0=b%409ux6#qyLw6m
z<lm0a*{-x^5-J%-J&3Ou4L1K`epcxX?fK&D@8Qg4x)YVK^skHqiAynYF}OEBGBRk2
zSvfdHpK&Y0Mny?6D|db&?VofjqBuBs+W%~@b&0wElYIc1CakPxF2YbM#lqUL{s-i%
z>FP2XTvZ)z8F9N4?2)xS;Ns#ApQQj7f<*B9rQp8T%W>K1WkCqUCq{NgoEO#6F=mI_
zPK8WjwZ9iA@EFx$Q^iR8ev5$@g@EDj+k)+n)YRF2hAzd9Hg2Z8)ttuvxSBD-o&Jmz
z@chymH8KMj(RP3PE%XG>^3=%0gq(%nAxRYGuhSpCZ#Ec^^YHxaeDR1o19f#>dG=cy
z*R>5#eEuQ8TO4=Ve<F3_vqaHgruP?p?g(Q_!&xq79*U^R+*Q9=B=iUgox}43pXhyy
zUradIx_ponO4Oo*{;hd2A%R3x$IVZkthd`vGVBm(lTFNJqQTIxX(-QU17Ve<R4`ud
zarM&w?1(}cTzZk~{6es@M`m$Sjp3OKLN&e25@{mqKh5&oo6;IGxiqaw(oh;0SpCMi
zgAk&#+3+2tbo82aV>6sxvx!@^ij=WVz^3~=G~Qysi?##lyg?@RqK-;Ff^Tm>Zna!U
zBm6M@{t|ao=3G<(FuFMeTH3U`0)%O3X!wndNaiLXT*9n-F09*Gg+H)KJa?>L&bnb1
zTr%BrAmC}Hi{&xj+0UB<Y}M;%v0timD-I!wite}jQ&dV;9a=UB?AHlSV&@?C2<C#y
zRKOKI#uv70=em9I7*mwAaAK<-=iyR|ye9BQ{TNg!5#xkL#aPsMKuB5G%NyBBAVkO2
zT1vvZp{vCu*XKZ>KnX({?hYF4?k!k%I$zcDZa!fs$SLK+k$MFsh+06~PmLFkD#ZPf
z9xW&F;DD}EzmrcQJ!_6%cSuRmI0D?qm^X<@EycxV&b&-a7$P!FY=v-?-^L#ahppY*
z;?De#IGBl0>)H-dSjc5?ei03R3kyu8|6+CaPc<km=v%7REM1<T3`Nh3rolJG<>luF
z^HUG`?>hX|aId?Qlya0jxC)B4v{O<5h{3$l#lWCikJk+!Bh7bjF}VLQxL7``Bfn!<
z{Kl>nrXJ;^NX7rTB#nR4kM^pu!TXelpo+PseDAKIBvAycJ&Nu?p=46u0v1~?nhWD=
zsulTUv+$eX19tdu?&|$pKTKhQ`sIt$N=4bsX-)b4Ot-INSG6)}K9%?Le%f3%|3~(e
zmX7wBDm5I=%mec&!yhw}dmCNJB3af#8Xa$Jo;Mnb((*{kqN{iF`yUaZ1nCd2y@0b3
z87)>gRHu3l-#l@+;<7=%U7sz8z-+d;jhC%gQ!6fafp`DkB5Uc0Nf-|G+!BE=uV2|6
zVfxbp%(xuetm)2>fELJXQ+<07_G~5MxUN*l(C=8<=VD;7;q+n~B#D}Yfrmvq4qL7?
z9wB#OJ(!Lg*Z2$1(COzc8q)guoFAHIw)aEJB(^?0{K!aIHp`s7=*J73KtMnG5Q-Gc
z!{WMAtkOsL`T_HOpum1JmP#S#q|jnUsqYV4N$S9IRu%Le2NKS`cF#xDyXhj;VWiN(
zpn&%mL2Kb+Ez6gK$ZMA_qsmM6AyQR>WBCL@9&Q&XYV5fl!3KweBYe!~zNI|iEKyUv
z`}l^$g6nUmt(g}H>Y>XG=&2iOosUpCb&uQx37sMP`+B&%nfNn|T0CwYU*X?qt7%Kg
zq7o=*1ia?>c%DmCWt>q<Nsr0tnxxQTV+8y5EA@Td!!ADhk!DzcCi)hY$+Q2;!5qJG
zE6hs57~OjY`&$m<cU^{>E6W_v*->YzX5H|9)K?zovYlhQZiZo#HRKb}?E#qrHZB|u
z9WwttYoD9z!zX^P-~{0VFIr!FKEv(bwxzsU8k>Nh>OWKgz$C+XoXioNyPXnMRTa7}
z_WNlESlec;`-dYH>gm>12=%W1%z398njREUy+y8v)rC4;ZumEg*vlVgyR!Jdo<Dv8
zqY1yE+pjezWxDF@np6G!ZUjx(hKeTShfd;qhwk&nJ{|_2--k*hHbm@>E&Q<b!Os7+
zi1jAf2yPF%sEB;O)Idc=VS#0Xh^F9N5bX7F+V%PKXAfi{L3=Ca3Ee+QrFM$N(#DZ9
z3#5sd15KrsD@M;8gM%gY<%Wj`H=nMIU=~_D&*viyyx;8wO`g$YyMeKwtvGbR(={Do
zX9~AAE=nlD{k=Y~t+Np&i-1z;Poufgw?ciQ{a&K{Py%OmJ&#@5nd>1`fS)T&MA5M1
ziT(%LL32!WiBInHzhP4k57b7h<u9F=-*gRB>Xd@&>;KSmH!}SA@l%Z=MLUihfK-(J
z{!KYLGFiHmj?c)-S~MI59}|<1%+S8X24`%y))1YXoU->?4ii3*nwBO@Kych(J?DXl
zfKm_^20c2(YUFb8(vCo<79Z>*nfyBr3@J+zhEI$(%E3n;H=>7wwZOQn-u$~gb!XR<
zPdR)(72#vS{#jz9)&h$fWzIHSZ;Vg{c9xEcK#qiLV2w=<Q3=ciG6d<tk4OE|Nugi)
zsip9p$FVduwG^9qKZ7BQz_`KV6(IUD+JLgs6tA6~fo^8cB2{FKWJ|kUuK_guX=SBC
z%r+Z!LcW@gB`yJOrT-;9K8e5Qo~=g;1yZbkm`)%w2*t-GR$-rpkeY)sSw$2~Z!>aV
z8$PfhVS170lQOscGy4Lin08=>tp0%1?Ns@rA}ZD;Y0gAZ#S=#2426GP+QhN$W2;p2
z>48m-!3%349r6Ct<*ck<8FoK{ExU0rAh&}GK~&$X)J@@=dUxFErl*3|h@7}Hz(L!Q
z25H~MJpDT=c)ES_%3mTuI(vqnLV*~j?G0}N2p|-tAc#r)8(d6G%1>V+x$BZqJs@;=
zY#rS91bhlg*p9gHNxIEFzS}<4B`2x+DZuSVHuUOE>_;o7No2HVx%6m?!VA<qRa<L&
zHOE!vzs=u=l8$EGH@AmMs%;EwW!ODn_Z}7)C!KYL*fMnfMCry!(-X7Ib`2(>X{@cS
z<?EhFe=URaobqOcqADdX&GUcGp(zDUByi|L{itDsAa<Upa7qXK5siMiGqyh?dk94_
z;yvOf-&*a4sBwmLMQVcCQ2M++LkqsavdeP_4u2Y#md37g`7K=0+fq|bHl<$ntJ+Hw
zom7r{A;o0H!QLLH&G`i6<}pAPWn})fq?m>c-dp|oAdmz%vNu2qJtC|!s#Sq?tss&k
zIaG@y4kDS9ESP2I>!O%){UDc>S8uA>Ss`+7bQ;98EdP!Mj~Z?-BP(330dDIsooyY_
z_h?aQ?BRV?iE(EGQMNBJJQMIg?X^v8jDb%btMSOO0W<)(8R{SGT$u0e?JZ>C5;ma>
z&9M_tF#0xUi-K_vqUE=tBplvD2vZ<7n)3KPUU1EiWPudB6?e`a0~a`*rX8Lt@dPcf
zgEnoA390F&Amp^_gAmYfmcOIkkG+Sw_ZwE;oVz)A{_BVpr7b%HG`m!1l2%wGhCEI}
z7)%JF31a<UPBr!08mhrBJ?3V$qGq`;dt_l6)xqgWu+n?t*(l;)iP#u!VldQG35My{
z>iCmq|FwZ#w8<;3B5gy`pdf>L3U}q5^#O{W><Smvfh#BQX91sA#Gl!^fLmFc-l~*R
zN^$(jITk6Qkpn-(`fN|{1L0}win9(=+J1ozF`<ws=Ff}948=d3x2WizQI3CK38bkz
z2%Xe5jN^ZWn8`~Wj$A`2+M9J}g<W{L3)!fDbD;lfe;l1$ps4Jt(RCoT4Bw#MQfZiY
z1~DADa2>M%JjveP9mfcoGT?haqa2azYID)1ul`H(JJtZ<^Im?LMwC&-VyAF2D12|t
zKwpi9AIJX{_~fYpc~qyB_%v9x9Y(P?hqk0E!?ZsI0d8!LlM(V^tMmHY5c8OqW+}@R
zH&f?wj88=_Ylwu)pI(F;p^|~=iK(-gqXDRzfcf1ZL}a#!@oyZaZ*TCW{myhMBt(qj
zlt2+fb0s-%fdnR8h&`n#aZ*cWufQ6pSC&GI%)!t`lll*YP7gRRO$Pd+x%qM8u^=`W
z%e{GRIl}F{k1g8X2XrlT%(zok9mXg_enL+0R*%+v4_<=d8@|}oQ7oCM+KxJotp8T(
zaZ#NoT=W%9$w}VV2E+e-BN=Exm;bN2o+}VxH^IAE`HZ}>&0hI^Tmsp)A+Gtu(`^_<
zP&JZ`LRDatA^7?i<u<<hRc^>>wAQnh<;79B<_UaQe@p)8Cs-PXz)#n(A1`a&it64T
zWg~c)9fFjyerj~cB6xzHPoyL%EI1<hZo-HED};Ec{}lr99)!3v7Ki%<k~H6XF`R<T
zqL$$@!FN348`<CZg(D6d+fPTmj=}<rB526hUp%Uv`pbLE6(`X<Ia<#B@7v$m^m>SR
z`Fo3Cm1HytnuVe>q|@TRFJ2dI^DrIVY&A=1F_niVNJgF#qxelR13Td7&tMDf|NUkP
zh>mMY(F?3?_P3(vIF}tm{Dxfiml!D4F29}qBc!VFr2@jOFG1=EA1%WL-H~zf4*$AB
zn(BuPvaY`8RfjQqkir#RKCxf@ae~>?(&-tKN8X^;AD2+0(Lxoncy|#`3wE6Ouhao=
zKCD-gM#EPCn{tiI`_}Tk!f@^C(4oY6IAJTp;)EaHD}2|z*Cc;pQq#!Oi?CBeN4V8}
zeNDijBd70t6D3EC*1mVuPc!@MX)Iq+iv$@mH6_PnarP2z1MFVum+$Vx)~^}+*R1}%
zKJZ}*yxbLfIyHyO#ZyNG6gp5{{M~JDF&<iKQiI>yA^l~y$O@-$gaYC^h9-yvU0nMR
zA_GrwX6_&kN0qs!NuLfTc2BO0q*lAP_NDC_RXPgqAxs}I!OI0!!eZlt8(OJ|eL1XJ
zCjWbugan^t5=r$1t)|IeE`~<9OrD(V?dzHV9c0bjE$bZMt<wMK%%G&Cy2}^{4q7^5
zBNTMNBndoYW29$X{Oe2BrJ5y<MXQ423M>fkm(~8SJ+EXkiDl*GasoC-7%LW+rhz|l
z269a-%?2c02@{~AA-K5$tA(B|96e*Kx(Yh`E0mU+=5gZ*{+mey^r~-p7z6$N)9zaO
zgXdbQf0w!6IP7Ve^;=V`JKs#~O^uzeAPozwe%IR1iu40$DpevLhf=u9k3=esz<cz6
z!UG?|VB#M?Q%^W!p$Nu))+DFlABgbp-lbTB-=tUm^_mz$#m^`7i=KEw`t@0j?~u9c
z>jn5lGORnqtDN*rt}%ZmgqsvNr}nwp_=q9)IV!l@t7rY<;qljFog10dtNgz$D;^)%
z#i@d{!@?uyXz+51?6DIBEz)^(w7oz-en<mO?>S2;62XQNQsLGUPGHS|ava_5aM;g-
zxO{t3c@@6e&Jjh5g+e1w>x)1sV(0=F*#B44^6&xx8;1-)>(elQZ;AMiFjmF<fDOb{
zh3Ymcl>vd>wnUCbn(n^ecmS>t9yTE%rBCf^z@1m-%k5<XiQEMsOJec>H8fbH&Qq()
zD36UX0nwP8<>lq+BT9l95^o!DdC?m$C|TuNQw{<=vBKioR%}&UheiHvJemgTRrZf8
z$yr<lHC-giPcp^;qOYM!!rYvu<84&##d(do<*za(R=M>Y_Wx1!j`4MUQMYiD#%a{p
zwrw@GZQFL6#&*)!YHVALZ8Wy6lXv(3Joo<YyFVl!&N=(+z4kh5jXCF-V_@6)9q%`1
z`t;j<+;a*}_lb>Jp2eabhY5e~aQ#RVkU2}K*Hbk76ivV?+^1jbj1JV)WQN;3Y6Jl>
zrl~v*3Crai%ubY$UG5Lcx7J%yXpqx~*ZO<!`NhM6C+Mx@QYbyp&Z)-e;w?C7vx2&)
zu+S1WKdc7%#bk)?WU&bKG4-3-$z}6aY;jrln>ag~<V^hb-P>5T%F-l0H4BUKn-C=#
z)%TPtU733G4>3I+H^;LL|25Nwy$2`m&Zm<MW6sxVulaf(jqu^VogDDX_f1?(I_?dL
zr}M|-`CwW(WT}8Oev9n5F&&4lA>v{Q0`9O$zFjgL9@DtEMUgZrHivAAL*%$vL5nH$
zSy*SVgzL*S``ju$URY*&28KK!0Ve9IadSUDG4?wZPlpZf^`~KQP|$R4|LYu<92&w5
z1T!FG_IUiIi&0+SSd-^$y6di2qG0c3ca!B2N?-d;z^*NB?CeZ8ox_d-fAGN~+o?|W
z-QQ*})O9}@QyS|E{(B~f+lN5UvG<qjdTswvtf0A)sc6tZd$Zx6;~#-TYm)5pXHnz$
zn)_CN%EU}U1f8{Yb!Fi(8H)ruy{Cr@y7K)y+vm6~vV=uq`2xE@4?eYw^wovyZ{LVB
z)|wqkfYvmZcCNH0+cC5cqLQr`0?PACgeAc76@fYHWzDs1cM*56syxIJ@MJ^$)mZaH
znaiB00+i_piJ6&|imfkTLhl7dGs5cXT#gbIx(i<keZN5rxV;Ze>_F|nwO4mx%XzhW
zsj8__KiKc>?ZG;+gD~lI>D)1(5vPSV0Wp_4D~u|3@rmCwzn=s~4}AW9Zmo(HyeCm}
zk!iKM#kjr&g%%7DJj$!9$1H;#AD2xw7_yE0Q^j_rsOjQ*yAl~BaB8+nB!0{b4jx4O
zK2`gD>|F6lBA{syVCrst!X-6QA*<kj-^n060)-NyQq$2D0$LY}sfc!#fJt$F<jgD(
zKrXI`TJ4V}v)#em_bnRQs1w+&HvEBgm@SlA&#AL32p$9ll9#-~goj@@I44_pw1#{t
z9O(4=x`-c`W^9UfsA1rR0tp2Pcw%EQ`-Y`{B+B!Nw`<}__SjFhq>O1)qySa()2^z=
zO_z3LY2-PKiMav9M|r;<8MyUW42=7}xH7#I{%aqiu$;GZINx^;^;!TuGua*B5tl##
z)%3=CqpyWJ&Gz$oBG5EcRLD0xE(fwF3zdnB>OGb;#U~-5p*FZkK;`5DJ$pmw4?s}v
zO_=k8@Xa;>{HJbO5kF^|Amj=fMjR+42FzFx7?ROaQ%j9&a%!ra2UwGh4Ce$)-t(4Q
z&piE@8fo!3WG~q4CGJH7WWDE_HhNqQqVhAWcCqj)k??sM3bq1rj-#5iHJ`xmOdlZv
zKxZG+HwsfZUxD=vHZ39&WokDBDfyN{E`7e8`>Xo{{^OkL=*S2%KPQtM7R2LlxJpCx
zH)~}+dd(WcW{=NJ0ELkCse*gZKF_)Ug4TyYbM5hVs(bEHH{O^O&^ub3^E%9y|M5e(
z?tqQ7fIJaiH3e)Q(0qP5IlVkCk?Ia(2pc7~)zH(EDHtx5OJKUM>&Op$!JpOXTW+FP
z;h5<SksKyqjpDFhmo@Oc?>zc8e;`HUOWV$9lqX!}2B>AZJ*cJ^aTGCjy-lv%Q4ukH
zXK1^^gM))hh{h5C-N_ubRcW@SBc3m%UPfE5jKjDS_Yx<i=1e`V3)w5WSZ=f-c)JvQ
zBChG}6}|&JjKZr{k*#up+tD#;1XB^py6q%>EjX(<YlVQ&<SrdlR*e+@Qo)_Y;a6-c
z4<X#{Ip?Oqjf-}Fv63|ulOeQA>HJ#8$#k+%ka72`#%Xr1ta}>e^9#3)`jXx9UIq94
zeI!Es%l)~WFtO3y%HjIO3D<<U6b8lz+WhEK;fFx)7Cjgsa#e-TW{K?gxNC~TYz(0T
z0QVLYT=dcCB{Ck+vXQEyZk`=I4!DjxG?b9S8(33H)7veIkb6DLKd}1~)^mGS)2QVB
zAKb^=E3K^TRlx5piS|7wnr^<CLiry6Is`5w{|`zax?}Z8bp;9%^2T8k)>-d=!u(%=
z3SMp1`5$70CVW#k*}$eNdoJmz;{GovY?)3gx#!t)1%17zr~3E)$e-|PYHF*dPD~_Z
zEg*%Yf6||tZ?}r=8P!FP(0I;m)>-f4K>)FIur~}Rrz{K1f0d5+^)@GxC;)T)zvzH4
za%jDfchA+v{YO(B5O~&brG1|Y_v|Ossy(|SgnvEg{TD;z_JIk@!^@mEF#PwWC=2bi
zMzl@R*2pI+CZOM4HLW=rk{+(^J&MS9mhk`1+n4XuLtG+;?!K%4Kc5i(!CU>&No9&J
z(8>#;vTXIa^Fsa!13^rv@_n-GzY7dH`Mk|r(wjL>^m_9z2;9m2`J69lXZIb$P5*P5
z5{W?^^Ue|O^~0fptmcXC=?lVG&KcjEUScQq;t$6E#n_MxtK-p)0Jiw|2>3oZxuQ1V
za4gMVaf`08%buLTQwM9IDiOD@+AT?u+<7d->Tns5(8Pk=5Cs4}E^t`VIgU`TQm#q<
zI|E+OCn=}*V+`T3$?b>J>tnxzu<_|1D}Hx91+4|$A^oV?aC5KYpzW#ux#8L#R%e{t
zO%kAK2KcNg%oT;5<rnvTg<i@p2H%s~!pffJ4llaB-+fwJ{m!1ImU2j&dI56Rzi)MQ
z<PfDPD=kXbJ}8$}rlqAhu3ovd1VDxH=F-t(Njt|mF9Z~%vZ*LU5e21+qGL_d#%s&d
zjZMR!f8*36B$>N{EaAXcBhxXV;U$sn_VlTloy(=6v*Vl&?Cb*0I`j%o+KWXUj5qr5
z@26s}|G7fG(qbYzYu~H5xf>k&T&}zyU~D!+w$@9<kZ#BGLsO5J4-9}7SaEKgp|sW4
z61xWkYa1It$}S0`T2p~Oy~Jj%Gj^=HD_-E$u~6XOeOSINXDR%d59XXvDM$%HJaHFA
zyx<s2(^^7OU{m*(D)hWJF@UZpT{yAk9QY6<%zIE_`46q5TX(GP3_(t%t57(Egqqt=
z6;9&oMC!>QBrf`q!4R_k4h#(3Yhi@MPf9D5q@kuy=DVN`VwwR~zZ$MMWGpnHAF_(z
zLdrp7KPt;Pz#f1sh^_*39rv`C5v*P<>W_f^s-TT07+6E$v>FLLq{~L#50mxzqcBG<
z3PjS;2})bklC>%U*q-=z8^K;W3V{}0C&E4Be~AgB8O^_`nd%xEG8XwE=MRmBm5C9U
zUz`I*y2K<U!~UCOcvwIr5~Hh-&oAT`-i94C6UXCZA+rp96PxkZ3w4Od&6KyOx(~xS
z0*lKx$OxtkPA7a={`oqntnW6{rybHM6M0xZtjuYy?^+}(i?|ZH{omXH!Y2&RM(Ig5
zx(oJP2W6Fhh&r%3D;J6lrzO_Ap)~_#d;K2<_yNY^@(8LPmWRqpYH~8_4tY5i3`Lo5
z#@#$1(*Pn*!YYe@OU5#$V!c-R{ves8wWVYYa?9!}Q1vPYY_+9lz~<3(Fv_}<1%JU7
z^dpxAmtwPcKEjZ|%sW0=FGgWp_vcTDcbr94#m0P<|A}#3|2h6a+|?*VuQB!Gr`Er?
zl8z1s9?v<Vc{!vPa+GbY&2%=$)Z%c?M4?M=t?6*uq5DH@D;l&?t?#$9KzAZAHEFt=
zVyoTEoG3j;WBJg>uBxbcqEQ`l27P9`*U&<g*i@x+lmOXab`HMUVa{L|SOJRUsLB?>
zRi7wEp#3Pkw@I<i`8Q);p%BYVf#{P?p=X4g6|>yDy_|-kgs7^GAo-v#PRtJt{OGI7
zFezV@Iyg~xBT?`-G_7GdE@3QUXGH#~)&Surw{x|1={R>vUkuQ-bTvBp|5-e$;#Dr}
zbBB8s9mYKbDmgj3<Fb7(^hOz}R0*)*F&G|ypDH}%Y<Gk@)R-P(+*W^cb3>TWYDj^T
z8GS!_8SNUH6qkp0X`ZQAxyAp*Z$Ug^(2}HHp{?+H$u|EUw`ul(UMuO>ud&s}2Ddq$
z{Tbk=YfK2HVkb;;o$}SRsJuL)u8xJ8hvr-How~ZZvaK!E{{EqouWL=5OsR=AJ&ii?
z57`&fMTCz(v&f6R^9Hb~N{Wg^_a?Ho5W&GA(!8WWsaZdN-n;6~gleei?BZ>Yg#E@?
zroPej;GvmUvrk$<-kqLC4kaSx3u07B%Ci6<9&qH(^w{jFvM+>WI)@4Ygg45fqW!zR
zF~YgUO06B}9-h281^(6QE`xYPm`H)#xoKppH5RQM7OLSA2aL+Rn;Yrw7lIjr2V$JI
zgS!M7<D-O()futoFS%QbSqe_)Q@J;LD%64?)77v3;1jes3{p_fn|fqJLDnj}{o}_0
ziX~0-mTOIws|P(p+!op2WK!uCE!@C7bdg4)m-Nc)9{Jag1HIOlXN(0juX1?p-A3_m
z#->yn#=81X)M(2znh}A_K&2hxCz#*;FN#&KzcK@(%mXvUhZU6*DU!0Y#fia)?>3sZ
zl=Y3sm*iySpONe!Y1HGyRW-lKKU0wwzUaarf3Qi(<^qMf^e)he4;;Kn9gOp6A;yJy
zR#}|V1`$=j+t@Y?vzZ>U#d2^^X=6gZ34|cvRk(~1KvYCbY<)`}1PK<O(vp;p{%=Eu
zj}!+F-EQ^5-J~i&c$A^iqM`kL{G2LK=yu9sMF?k+$r0%Nc($_?D;VF%z+;SuL*rDd
zG~ejwvH_;lgSI7zSrva@3VIWIfDXiM(Qz>3Lp`20Hjg7uYOKv%CHs0WNy^i}K2uXA
z8tS2#)pf$3=IjR4$7c4VQ17*N`vzclkM>j)N~#4uWY^B{4P6h?3ZOZ0X4~CPF^I)d
z_59KI(bU6qegB~IlGVM!6?DDD#PEYe{T`;E!>GkiWLrf*m+{a?KOZ+2abBV9R+|c1
z;Zs#e65BpQe%oyk2sYG`U=qg_`Bth@5~HfFE~?XPn>U{6`*JeI2#|H`P3ttt3*xPD
zYH*$hwADl;H|9Krsf=>65=9dI(<K32tUB*wsDO&l_{H*38sc200(EGoAna?Rb>tZM
zHWuZv2iwZkSo}}NfkX)C`|J&VuN)B(U-B~7@uYG{mLoFo&;IYS9H-*(nVhub2+MKz
zoHkh&wCQ~)18AUkE~<0gMwwV1#ew|a=V`;tICX}KrJUwFP2i7Vu+dVJX4VH!A1oW3
z6i~kEdhEHL7T>dZEIN=JY3BW0XoGZ_`wpI82cBNv@*M+Eot0Y)SGOnAo~Se8t@^}c
zbg=u>9%ED0?o=I>wBa$Ox7y(G3B1*E2E6Tj%VWkO$G_0-<Co{_#L{u1l7UZrp9m7J
zP!<pH3I>$Vtw08k*;k-jB#yxE&C0Ie>e|9!W|*)uz%bhS0^Gg(i{4(+=?4+TJvsRx
z8Uca0S<yZkMu=4l*xkN{!7RX#6^)3DMCUf!`i57;piY{>mC7n2|4VXcXkgTJduIoZ
zII0x>Ivl41b}(I?6&<TrvUAd07E`>1g+6tTtPtG}x?Uy9pXWQFn_{20cwETMjkC1P
zVp3H%2*Y}z?pM?-i9ewMbnX9cK8Rd<XhH=@rB<CF33)+$_7K2goB!lz%vi^>%<&55
z=5G!EcRTm2nnH&>1AkHhgFoZc`77}1OSH>a)DT&?m^W|{R-oB?8s9CZMtQ$9HYYrO
z(9yfw-deTb5)N-@_hqL2Mo0FaHyrQnK@Dz%^8Tbnx-^o0nJ{S<tF;5U22(9CGkeB@
zi3}Rcu><WC8lWeYv;+`)D)G7n<*U(ZSY~YWk1_Jer0TmeB&Q}@W$^dU4n|r|=k_M0
zuSTU875PMy2)s<cPoj-$7<lWS34ENP4o~uvFY>Elkl_`23``3HNXPYLy{hObbi>Hc
zhszrzPPgHNNZ=XPq_%Ccx6<<K?o(Qd?b&HYab!!tvl-m|#VPC@=7l2>g&&ran6~Vu
zk^A9bGv4}f1tWi#itqdJCDoKU8rDvB!ue(TIpV{CUz7Pg4bN%j?cFbExpcBWx6S_V
zJSQ_n_?0^C;_apJ>a6FFz`Epm<NB!Q5r$uUn(ewilOJl;es!5m@kJ0TncW)-)aN|B
z&x?Td($4$t`8YPMA{98Urmi{?$uU2Zc0!wD3ASP~aXZDE3bf5(mRD5dLf#&#0Q%|F
z+}yvunwU`Y(M1V>u0*{5{(vSM4+@ght~KV4#`14C`{X+whQj7{f>v%=*Wx@V9T6E*
zg!ZsT#-P5~qOO`WM~Wo)4Hi#5v4slf{+Mb$t-?SUkZRfSRBplRZxPTFYi(`)mKGdT
zj^}ye^$a$TvuaIIpTS{Q+}vtA#eE1qIyHvsb3PUUp!(ooG14Ca&NzjOnSofX`;pZ{
zbC+`mVKKP->rR@r#v6!cXDtRNL6p4g(l8g|v!u8j7NaG`?qul6L{6I{qx6N4W1KaA
z3|j6@j%rZm+vIp@sHvUExLc{SJa4SDO%7om>JQMix&HEnhJ+|%dra;a*IbkZjl$nr
z9Y^r3wzMX3*wUEH>WR}Xp<l6=#>=l{{}ue`)DVw<Km)wE*t6VkoRYH6wM;tNJr9nD
zk4p<A!k(j8r}F*?$|19kOg#a_Uh1@^E!W@3b<Gl8@-pgGnC+<sxYTV#N=O24Y0H%x
zNn!xCoGdvdWjctuTd5lq8ZPkmvq9hYcwasZm{mY4hVbxvnu)>{j-CHsAW8ae+!boz
z3&JKgl{~ENk1e!fJ&eFDK9<M(D0tWg6VH}@Ugfk)FSqLe2wK;W7Q9{}cqQ4MQ6euG
z3~35lzt*x`@mJev{W#qN_a3Kyv37<vNl}uqvbvOz9;EG@E<R$W@J_WLmSj6dB_0<2
z=8)_Xl6@tZoq|2Jpil$pe_})PITaAWVbN}$vDiFXspmYT%mKN*X5HP+|1l1II+)B7
z*=V~*b`G=3p-{j&XEnWk-15&umFE#FKJR)O#bpBxGaDmCy_}iwIFBg3$mVs`I1*Or
z)oZ)Pg%p>SH8^hja!YVkYMX_5dDKvvh5czrt5nibDl`A#$ouI8+BxF5(Gj|KV8rC$
z;oKEapB@{lPT28%xjC)=Cn#M6xL^ft23+bbl2iO32k5=BI0C+0cAFhq;zBwun?nB3
z_yS?(Q@`XgezDn4j29mqPaFq)yfflEOB#$C=j&@KOXc`IU{7Rl#%}uV%C$YD+myDn
z#N9;Dl!@J9pkZQCGAawpo886!_OR-o?_QRQu;EgWl}}8_V7jg<Bpi;(o0I2HcCL33
z9s3U)_2pmph{#_*XyJHaEsT^^4-ANgzh2}f@S1`8<~w1yU)t2pd+*k#4bP~K@v~7i
z_=O}6=jWzU<T;Bg#KeZDTQPNId;N<~7DJI^mN3PD3aslS37nURn`tfc@M5K`=4U3e
z$|zoI$Od0Cj!Jz4$x}{@ne_Xj23t9d60K;aOV}73j!Xf<`*49ZR@skTkG8Y?wgRPg
zaO8IS3{Gw`r>nTU$@$HZ5h~){i};S^WzC3Kh1`1iTiHlRCGBQ&1O&c@)F^SYLdrju
zR`&86ljh>$Hf?}T|3zFys{}-j*9kNB9~RHsbELg6rOoWlS4q6nrK%zc(4`b5Qd%+Z
zTiWix8Pp9b3bxke%TlAw()2B3=RustfYS_l>YPFSN7AkRh7U|H)T+mkB<GfQ`%%8E
zcB4K00~AFTzyw?uD+qW}&v_2@8Ne7=MJDet$Yx&k8_5e@Bz^??qKj^)xH~s%+@XDT
z1zZvZ13o=}j(;<rFLCZN1o5@~?UOOhq6#~&<kUOd1IXI?Zhbty(}sYCydty5<xC>z
z&80ZXb0-@Rw<2uZd7X%U0hY`6+oV6P8~2=%{4hYfkCj{BirSeqc6qviS^^fan4YGV
z)}UK*`4rPWhUnCp_-3aLCt%^h@Xr0t3G9R9!Awq_e*<rU29bKMFdUxuyE)6naqKg}
z@7X>F*lnOT8*2W}U%ss9PIS68-{twXA%I{RUra*m51V1fh*p;^c9svI(vp-W$s8~I
z&%B~6Fx)ou0spA?6(oW>^dZWuM1uf?m6;6eFIKAze}0smnoYngPD7mlO(BNA%aX$H
z&VB_<o2BYaUi?o;f)Nc{#a=?-ti3gIJe?P+1Tf@8hY?&gzoPEAQ~iX#|Bae0+qq!$
zB;svN5*!+Qp}5}ufWsygmWNpR9;<%-<>*S+^*DLHLyQ*as<xq~q0w$<`*Lp=HgB|P
z<+^vM;M}?>`E0M5B6X_1r;P3)Zo|Ubn%JF8A*UrH_|X>PpWcvw!3dED8#lAh4=En;
zFf=4dBstan)+VsV{{}cwM8Tv_dZ#{A?%`#5##J5HAC5_qt&gKAMcw#;?vacw!fbTE
zb+GPO4y1B{5yd!WydTnCU-Fhi8}sa4iDcF22b}VsD+>zI;DU=(AgtKZePZt1ZOX`W
zZhznUSYWvS>~%3)lp$~%f-T2hSCYYS9{pP3meGU=bRI^<4Gj#84v8hJC9^a>UVr$E
z*v#Lq&FpsGxLy}&SYjeEiM41{3$W}w57{uzF%M_u>UC^0(xE;AMhc3}1pG%~q@mME
ze*|Hr2)vUlq^~ZFm&W2?vnkvxp#gfr%v>%})l}Nv57m6P9+n7R`}Sbt`~vD9IlYms
zfbhg>W(SFOt#2!zg(dGK*SYJ<&h3=h%jMr*2}K}9V`jHCxveVA1&_&4DEt%Z507$3
zizsg3K5^P&yW_R-C@ocPeuDKsX)=a4-B>K<z+I}6>s?AkMIkJMdN+WDI%F5NioX2A
zMAZ&EW<&;NX>7b1Jq@P$bUIw$cN@~~ztqHk$%%=xFWmd;>rt!EqrWWhB<$9j(D*+i
zSD`BKM1UT<PfwGL`k@vP6uNgfy2Iw^%cPvxY7}0*i)`9m!?&VK!<bGMyIRxy`d!?N
z+{2caxn7peKl1jH(Cp?MpVp9Jop5{RtL)&lnLMy2a@-&$GI)b{O95xB!`i#!NU*zS
znT5M!_@cXW8DFaw-3@;aOdk`I!hR?`c@s+6JdX9_EmYt8{ZbxNsGzHT%$x<B2t{M*
zGM{>~s2w97+Qn+47Y50#s<XSuvi7iHSz?YJDog3P;>jcO*=AP5h9y}KNTG)}Ie=Rn
z5gsqbNj=1)oN1zpSzt|phrExp6<`r+qk8(2*C36<Z%3*G5L^8;b2d|-n#K(G4m7)m
zc}WOmGlQSYT=?7_?Yo^n{M+_$SzOcN1nY-TKQZHb4;W3tP&+Pt{Ntv3Z`#bGGID2o
zzbP?ae(`K#a>L~9O-E7VbVpm{KGYY=@x2qkUk&(<yaBME?v@LX7JuP%{9f*4*=sYn
z<&I*4f`nEyb>%`w+gFy<L{8R7VI@XLULj-bexOKfN1V?yp~M-4xO=n;P$WuR#yFPK
zs*Ye`tv|XFmY6PQw>et7>^gk;AV6dc>W|F(v<MFaS6C2&kmqyp&PcD%66@^DO3g->
z*5rike!7{Z?|BUgB*Dy`(-ndTpOezi#=^_<bEmbv&#ps{0P(+E!XaOYaHs7_c(qUF
znKVk3a2%F_VuprH1|NKIh_ShV{B}6S8(X+`^S$8t+W+iwJC{E#_Ed4)7pCF4_f4`k
z+_Y*gj{4vgiuU$IXCRpxt>;T;*0ERqE-CoshozRd)Y4KhROSNE?8HhB?&(f=YO?Yz
zruc&K>2;ENl%0<+6VSCUZ7EE+fv?eTimR);X;sOPz~wZXD__X?<!P5+lvzSP#xcD!
zcxt)5a}Q{{b|RWR)|TLsZYMHs`F<3*<~~Ansdys@`TD0b>5E6Nla{CHpKL<F%z1pc
ztz~^9+wwjXdHLJvf#+8rk0MSBjYM!_8@9J83rjXCo5=nNWvEzIyoA{1T_}mr`wlkz
zv%i4nhh6uaH<(Dn1ez(#VtoFWzXyoWUPDwF#G}A&Dvt_^mrZbI^M>WD&<bW)tbI7!
z&}pAX+Vff;$jS0eLx>l8sWo31=%n1L+R%CY1vVSWo=stQ&N`c>*}2aS2gthZ`s3}g
zpLngHYpA4FZQunUKMqOR8$!5_rA*w%xL;7w#ZANR1|+#v^*B*x4!B`${q$if@|YS`
zWN!aXL{S3db}q&&XZl*vFbHHPW>ty^aPJ3GT_?Q`m6%FcgD>Z%#Ql07LCk1`1z|fG
z4$*~di<K2s#s3s44<<7dP?VJFXdO&d$(reffwWrBKn=TKzrz*lbOsB{EHw*Vkn&vm
zjEaJwj7uwlq>Nnge3GcW#SV2hRmSFrBN;jQFpy`0@VmdKYTJzoP%?sD+%0&&Y9KDh
zXEhg7Gz#@JG2S^|Hc=?#+{BYQ&J_1$8U9~<<V0+EcQn(Ormv<B%Yqa32yjRjZE>7M
z14d~p0)~gj$ML-Hlab2i8)?aS2$%GHeqcInp!D?znrZwgEp?2Dj!BxC5BZcqG@;cZ
z-eqU~>DxwRxRtJLVN+S8Aw^~Pc$x(MTJs!-4`Gh~GlJfB{i4mzvP0TkL%u=4yIOIb
z(a+d=M#a;t^4~N^OVlPnQL-^9DM?lWkvC=s^#SyV!d!{To2Kuy(6~ATl&|Z#le(=Y
zFfiJomd3t0stJtnib4qte<eU6#;~S<<Go^Lqf3&Ok#5zm+H2!eE}l+7OND#xfAM~b
zGz{1oh8Xg%rN%p}wP7G5;fr#k#pjRuo3GDUJ?*`~UiY9zWTj#S`OGGi9@Pn!uexn?
zOIBDCb&E3Tq&{XYg;52tHvS#Zkk-DdqeBo18D#k2>~P`D<CfE>vi)v=+a#>(c5um`
z7pb2KJ6~Te+F||g-(mBA4;G^z5uOEBXtqy8rh((Hu@$snQ55^%bq+uujd+4oEyh3Z
z!}<}19n<}xL?@D#x-tIiAVQW~QxoTXe?p!?ijB5suJq6pJ<rFV1z4sE*VZb@st(V+
zxcM~YMF|?3kjcmb^(gl*8fMgXfrofD-)zjHDOX|Rgv7qoa-iFY*H)pKRtLgTOipl0
z)$(#n7WrPPhK3vVf9nr&BzY1dj!wqQheN%mvo@KpB<{^qRfGK~jYRJ?MQ{owq9fHL
zJO$WLmd6d><BZ+m-O1D^vfy?NF<q4_fbef{w3jp*8?ipgT@Sm+gb3kTzEJJ-!1YFI
zb8bahIpO_ekuq%IjpL4yc+$s}t-y<gT`t1KYX0L8{<4MNEH@X&UW%gsSW{Rg2JV9M
z5hOr9S0;l5h)J}P>a~^K``f6~=hEve0=-+fmK!e!0BLrriJi^i!PTi5$c+D=gG=+T
z>}h31Y5wRcQ8_G3zSk|L@<$gxHSgBF-z2`_PLRRzqg6eS@p6|{4^=T$4RT*$Cg~R`
zt*cAOFX*F6d2f**@_;}dF#F9p_mKHbS~@I`!Jk9?CiL%Lp%=G<H$R?AkMW?KqY9M=
z+h*l|DZ>9fB7Y)ebGLqBPnM2`D5q9LNHmf_%749h#mw@1kn*OF4d4&h!46O@NI^i6
zCvvmRke9eS70vpU_A+-(`TDv2Mo#troaw*+kO0+geqL5#u$jkfls@N0zJDVlAEtn$
z?*q+{75V>tYoy*!)=JC_&3T9rWi`7`m0LCO3F%~twytbY)Q{8=($dsPuzJ$QUvkdZ
zMn-9AEI|qENi*faO)IZY_p!fR$CZBG|N1Ys|KC4iB7eo?e}Dc~T1TPSMIY`kv(3u5
zd|_~&UFuQlR;y+qU4^%-pYu)Z_%|t(__ivkMALjbM_nQuYSoqg*aQ2**H7*ys!GRY
zLpNjJ!G2gpT0i`pLWh8as55x7P?85<`Jy?Di;643%v_6xfl=&{y@yvykBd#yS(Qc>
zecwA{{JEHtG^d9!U^2eo|GBI|K?L?>>(F<6;^`@hT7(}W@-m~fasi(bJBcWqiR=iR
zdfwpCzFfQ*OwRY_*?=SS$I0Ub$Bq7Sj$`UoZG`tnV}@|`936DK6MCKP2^k?uu`Q9R
z?tvJA*6fXi<%ZeX>W5y|d$FIb<g+3b!ES`S)6!^ohL%VsNQM4?20Jo<2>kTfwHTKj
zDAP9B0L3;q#fneBJj(;v(J3@=2ng{G^MAr9To~OTjDj`tN+T*@gQ~1zLI}?%yCa?;
z;mT0snU>XJWEq4X@RYi;E*E+$wmC=zGJy*8ADFZ2pPr7>66a)uMo6XrY*jw0r=JBw
z2ZL!k!o_uQJxqo?Hbo5#1uN)apM<IS{|ydmU!*&Df4)1q+lZB&A<TlRh6=lY`eX$b
zp$ew;(17f<pxq*v<js6{V70I^6jbQ+!i<P)p2-MpCL1@qk&qnZ-ySY(LypR2sWjuB
z*nxtW6QWiVR)N3vJHw?mS)V$0646dwaXkA%Ga|&nF)+~^C>>4=@EfIuKM4+<iR)#&
z5dXM<fSD@5{KE3VnYUX1u_y?2qiif8Mzf@;r{a>6@!E4cS7TG<$Gr{PpfpU>Egc!K
z&~36v5$nLrW$~qw>}uI({_gf~PzeVIs?M{9gaQ-AAe<vhcbB3!g>Fcx*Zw?i{^65y
z>97O7M-QdpeV7g8xxx3JYdM*oe9*_oZ_u>mHogX<3)D5<xz$J?Eo1uQwud_9ll4Cf
zZgNjGAuoAW3t}}Jns|VPfB((<)$Oy4`2SSB=pG31oVB&{>;k{F<W<Mtr%m2zu${^8
zBGq%8h;M8#GMSeUB8FiL(#ae21Qi@p`Z&(JVqG|*i;5U#f|HZD9V`etfva30j_wVI
zE#BT-T-y+B;DS63Cw|XC2>K?uRpa?bv)XAsqkb?@<y7^&_3d9^@h5Gd7JG1kz6F~T
z!L%~EB46BbKR;qlGmtO|xm|(6_t+$h**y(3Ak`f82Pr9^oZvbbbSDu4H6Vn5zR2Fz
z&sDp%h#hR1sQ6v5xR1>(&pyTv2xJtu>+SWb(3{k&dF9o=ch!aqz!G`q%b_Y-pD0O3
zEcnBzaZ3i?(A(6VQ%&&wno0Xz;1VennV)YfK%IZD_kW<KgL;LZRlrmU_m-Ca2N4ji
z>y`?%Sglk6<$oKF!*DS>xgruZx-=;Go07f*gK9}WO5?8<m87r-426k~8i)-=nDM6b
ze+ruGIdw-vp17PMe{IiRBaTvG(;T?p9~=7k+`%W~H#4T8aQI++oRkJSf4Tqp`A+&L
zVzvKMo7L8ZkS@)Eb(@iNUo?+u|6xP#-`vk4q>WA<pRGDd%hVm*PA0TWMw~asXdQJf
z?O!HLIuvd%ll|vumvf_Yd=9Z6K07hRFa6%{k=e)<wi+I5|B1cuGP3N&d?|P~>NkAM
zanBy3{P;)EAMxST=D*NO33CB`a8*?>@LNHH)zaU%xtbcs+EQ4=T|`d8Uzy&kkN7~F
z>E1#MEv?8meidx=6LP9ErB)({sXRpAjxmPL)h}4}!;>YSX>C-U?ph?{^rhk4RJ50d
z2t^|UWGRPHn__hO<)%Bw{+Osg_<ud@S(?C?@BgdvEs$q#9+Oul1^!24M9({_g#2fB
z7fP1Mwkx0E+9E!R7ybTSMO|HD8N?)ik&6$g%~Ejua?~$h?q87*9pmeNBC9oie7Pwu
zH?D$xE-g3ifT;bykF4A#Ge)@+25vnWlnR~AUb0W~eWwl%4jv&nI_`U$(rW?B>f(71
zL9)Rma!{tX)^&JfA?(w-#^C2ASlrL|t&|XEH?T8|Z;32DOPhjfw{lH4B|Plk@f`Ef
zJLgv>GkLv@7qjtOCOb159AI^LpS;~f=38~&k3Gr1luWNF8McRv!m+bo<VecXo@P8W
zKSnrQ_8#(FA|uEJ_!(W?>AUvMs6iQ2dxn4R<%gwaq%ATpE2}sxqx22D0wcLQCAvz5
zq}<EmgWjwjLKGOGl`VncGrRUkig-+BSyI4vhd3lBCM>-8NqNp#3I_Tg8ZRP8TCt17
zvL206Xr}r?`DL&%Q1WQezm5#%ti0txEhw2Q{c<tiN|BPTY9k1)p?GgTYIa%F=O676
zYmg)4cyiRr2g66XBjayqK}Gt(14=e%<uXS2`C}F;la6Py%M9ACs1PP^xH@PG8Z`t@
zck*ir;`rDq0#{4b(nq}q!FMOsB^;1P<8Sj7z<Ll;cDR@m8k`IQ92WVTBse4Fx62=B
z2|@%?lEkr_QsBf5pYpIId-8B)SvNX4|Iny2>NI#C3bJ~zYfClR>XJSCKCJv|^}D#x
z-3YkI;>|jjZASTnZ(alTR?$+5aU8zWa307+Z!4c{N6+(E*<8%JzoppL`-D3th_CLU
z{qaIY;7Spy3*$SUTVDQk7ii={D)W)QMP6s$A+HIyINf=fS@vdsg@w|tQ*XFz+pXj7
zuCA1`=q9Ca--^3o#aHnE{J@VJVuU5G!^0Yeo=MzB-GEXe7v>q>n3|g;qBl783{{k(
zAv?5y-+TT<8Fz6N|2^Xr>q+N69!W4Lbf_pG^7kQ$y*?WuV^qkEp!VPuiI<Wmfxe@g
zE$mW4ZkrX`RH^~gSeZC<_qg2^sq=0y%%Z9|o75aUgN}emhWuLODP>Wam0OWY0)6NL
z`zNOhVLs0HBv;bo8nD&KMg5jfbTX%`Cu!LoM6*LDWvF0HU|Fx(s}?5vTbip;IVcpY
z5$4+lpGDo*Q3Sm{f8R;!OPWegsi5tvQlThlEtA^H8?^a0;~BH~tA+HX*<i;|_Tu*O
zT+4=KZsKmM7I3D(D-=tdyY^Sud~7QS=mrKNWQO5*atZ24lGHAUV}}j>rua6&u!(-k
z@EVEZ)@63!)%N-UJ|FVyt~mcQamr>1X6zsveaQVToa-WDIc5WWm&U1uiH@X){rjkl
zhabD3`M#SdpZ3i@YZ?8q*9E=VwX#u1gOFQzgQzuTst6I~iicCbw){J#PHG{oi4177
z>+*Qeq4+O+VL9kxnHQ6P_DX21dF@*p9vF{{L}9(-zD1o$_#C}PfKE))mdmhf(;I#f
zHZT&!om4pM?Oh%GA1a_*90%(iaJy_SdOZ!g9oGa#AVg;GwUHo&ykfD=(#sIC`>Te^
zHv9FroAqRXL{UlD+?`enl*Zq~7|=ToFa|?S#nIY|c_aa`&yT-eePc~nAv5sm6Gtr0
z(i5as91=ctF{z^L%Q?)eu|ZN+JW1r}#9~0ByMY?`+#R`S@&hH;+2sf?pkvYHM1DpX
z5Q(mCWI##ENNZ&*hbQ|{l8Maz*;k!&R1c|{8(FVIJxi643~zBR;MBH#mK-+5LRi9f
z$wA!83YSVBXQa(6auaUZ_j&LvygxOoI=FdMwk(5Wzjht^tN*gozuO}iI+WVcq3Sz(
z-Sqw5QhUL-r;X%1xt{ct?tHKa@(-Uq^m|srn`Q_9^PYoVzyP0f;LL4_9hVvGZ;ypQ
zj5pVAuPHN;hP@S@5Bw}cJy#1AR|$XkE|Jv@rZ4?WQFh{Md2}C)ERc9ed^5+eB?ku-
zC_W_e83`}CG`ulYI>U%$?C2$qvlHRHuEVoi-Y6}M6jtqbYMDF^_8W?o5j5AggUL8X
zY|NOO=T^v079g}Dsag!9KYZkjD84lEI-NpW<aE^G_43vGF+HByJw=)hq^IC!mN|w`
zxs7jg##Z?Cwlq=L-<q^Yay#1|PiB9K8)mAPdA(jF3U|QGh^$2T6yu^;M4yYPc&6x_
z<QTb%{x%2&G3@t$*p&oy(`PJhOTBPrY@>#qp5Hcaz0h1Y{qVyaZjS2z-pVB&`@_I?
zjH1Q_>%V7S_#Uq!3>kmd%jLY9l;0y$?n9PP6iCfqSNhHtPRcKJ!PA?Hq10B58(iQO
zaf>-qdcD_=J`{Y-lK=+3Q%>$Dm_!)rNfNt1u8cBj7e?B~M|oYMSTu65*dICW@(6k!
zL45obZK0o?&d48TK8a-EkH@~4cX`odOpkB6#a2^DyOV0XfjVnkCwEyAZS)!A`{B8A
zNltSzzF-9b^wml1#m=tJNf)7iq!tpz?^df&j?2dd?8H%LjNAza7Q0Qs=fTrUo<0r<
z@Y`Qj_MM)a6C|BhWGS+vZdrytU&Y<s(To@xSI6BWJ!;9=!_yMn^R#67?hj(q^)m=I
z*$=jYZsyE%5)yYCDZS+)i^!1JJ5eaEEtMT{`pqmXr1)NZmTL5eyO@!uh-C!wGdqdn
z6T@5V@A(>KZDsn?)#c=(mqNlx$BK_-ymVh`J@MS!+`<Npy-}mL1E1SDXf^Lw)x%nu
zu0=_*IGUZL=8DkC(n6r$eZF7wz4JJ|p4k8Q3^<A^xy&v_J~(cXSb44Rn9-bQ@X^~W
ziUz4CUT-HZaCq5*E<|~wjk8^HWp)qJ%WHSZvZPiXi|-@4F?&xjMygu8CE6}qA>}sS
z6yY|=h*L;uX#*|E%JCWGx8-sYGiCbZ<Q9Y0Oa5LK#`<}lp|9~$-ly)dS;#H*CmwZi
zA7WgxMIC~u{a5uV7wxnJ<v{A68`4N>e?>d|vaFFk{jP3?vYfo3{PD#^CQoqp?lPxa
zhq+12xzgfVJJ$TSWmLGLopnkIHJ-4`h(SU6_4+Q1t<PSYar@BS-OJ3WWED6{Xr_F%
zT^LsX;I961oNla<RX@qskh0lQ#(Gg06~{Vy)7NkD<DRZIcG(^K_Y>Ioum@AFuEI8x
z(~di8;4;|Hvggyn!7neFFKycB4PWN4Zf6a-oyEd1??y4fvha~p_1m`z;HO<u@6w<X
z-C5O^LCRlFeM|=B#^{`!ot^K7^kwA!ZFeC?wtlN&D(?Eru#tl%tAE0!Evl=U5I;j>
z<QKQ$yu-a7`6zD8>$^AT4u{fO44E*WzwJp&gyR#qk9eN_qTHaeFHi~)RpDb33{Tw~
z%{U?a*7U@BZu)JM*vl#Bx|6zEKYNp^a%pAmZa?RA9&#*|+#bc9!>n72r=;^0L+GXI
zXrsNEQgKDt#J4)`XszUv+#ibLPaM|J(WI!sey`StvH0Jhc443+ds*sPM{mOF-3i#~
z={0guOG%lWH)nr5h`V%_AGZ3CvbL@gS5!L)RqJ;uYH5}2M-F$QM2F3ztC)Fa71QCX
z9u&>RLWUS=1r|_7p+<{iBS@7YVaoFk(be}{erIBk7*Ru$Nvi}?Iky@T%XT+iJE)oU
z^VGW*5hGi}(Po3EZl&146Wf<wRQ2<Y9uXMCw)p<US+wrfW0R;+=27ImMCV|BEXTz>
zNgy@iCYE>9h~7a!Ex&@HDA}a@sE?a?C;p9`u&w@mn}}fz;UKr!))Rk}Jrix0^}XXu
z>pr`rASIfL^M<;r>TVUU{jg5G{*tTag}4<aSNWLp-hpUb4lYVO&3VK;<Su#PgfSO-
z$=6U4Re=uNAKo!^k*dYnu}cKE9qcigF7h!Rpf6v8_CGpA_fqE;D(Y>mJ^O(r{3yJp
zx{i5Gw@#k-yy3S*EJ1Y8$D?{1&8(5hAq{a>B21lF*rwak2EZV&a2!wVjv5+DlYh=f
zHnSLV3*l4hpHxkZnAJtmK6{(qIBj^&k9I1g#6XE33Ose?3-6yq;}tlwG?(#}A2Y$;
zAwj18)>u$#CFze7tMXTLT{>Gf(P;&?U`An#(#mRBZHJ{I=2PVB`ZN4>39fx#P4CYc
zg&?ZAFTW*kziR5J1_kgvA-%mm2kcI0IT-Ippr>&;<)?(!yrKD>EthAA&LLJNB|b}m
zHAd0j@8U~vCD0n@T)audODUz%=W{YLVm3CqJpsORPD@!H#<K%bVUh%_2EIzSxO|q5
zJbZH|1S_(%aRwyuNtYDG_HT$>qxkXil)G2FV+k?5yyI1%z{B3)Dl&9_!D^g66ZmbO
z_YSq`xg#%&`N4R&Lztbv!k_m%E@2t;5#?^KyO%(Ko|**n=|uAtz*#eTj!4F$TH<ne
z@!Xlgy(aTUkTQOW>UjN1P7hM=T$3hFs;=&Fnc`<O`kp5e0?ZVR&9j>>kIkc5Tzl^`
zyGDdK(u>>G60fC_$I~Sy+y1obr)zDqsAltkAYA)r+M#IdXt2*OKF8MS6TlA#(|ya1
zGYU^Yw`vJS;LVf)^gN(~#cc}%IQ~=~lBCv0SO)Re{;|n8|8g3()b629m#V>m-t9fP
z8QL_b>^@}jWSU^_?^6>TU;p^nhWOULgsr>6i@W)6!*^HZ(2!|(#au*n&HRenYmws@
zvc8VDcX(*BSfRDrYZNLo80%iqfg&3tdm@?DQqL+8KRSuaD{;nM=9s*zs`4#J5sw)q
z>vXAlc<Te?G5(8H;$~z4MXb7DkG^Ao;d_i?jmWV4kK$ewAvk^~qt#U{!{JD#D8U3`
zkZXbCqK3TVomyYLOS){t_sPk7ah<nGoVm%dvHtR8TBq|5{oe(Hf-f_%SIO1Bkf*dX
ziaIK!`>3^)ha<kKNz(dCZM6hs2owbrgcYbEx8mk2f0EJ@=p{^7j(2Mp>jx~f0b5RQ
zx=wXLbi<;gVB^NZLeZ%N+Glf#IyJ?*Dk>W8!C3#y2uaSE9%n(~dkNvuc-3>yIsq~T
zcY&;0KJNly-eP@;Urnuo6#dIz>Cyy|_V>*|N>H2o7rXEBUi{ZXvSMoNF>kY}P8ZLI
zyL~bYVtyuH9zo~+<5|20RRJiWUt^a9C6HDGm^rFHgEqYoEbGz>DHpL00O`^GHn-Eb
zEc_Xc(A3h=HgkuF>NSl#npYlW8as@B@4#iupSGU|auBMPI2z0s&mQ0T31O!UZFRmn
z6J)ln(F!W8u`~%s*Fr!c;)TWStqs`dt*SIt=EXfpd>i?5z<!aH+9Y@rd+fD;A61l#
zyQZ|+u**!Tt+?mS%G9xfQI(DGZ>?Zz;y91Wl;#xorbEkKS>g5s^j2m{6bQfI^FRRH
z*1-lV6}6t}t<y6_uDZnCpjb+{qOpQ3-fGm+4T1AJPw-^?atf4=PNv-z3nfj>Fn;$f
zy<H{Qy4}J)l_-2(Mn<VYkEI(a{nc$#>^%`kbY4C1x$V-RC6t25(<m?eu7y+STEjom
zvKuZQcbAEmgXjh^vI6hp^;iIlW|IF>_il7-xCaa%og8K<>8V76y+d1e;guPNDvGs+
zd8SBwSaGK%EK%P>a6_`iYRR}JDqNf3*IADLQt`mW!BNe{#6&l`-WgoBYu;dTyX<6g
zJ7J58zYLx8u+kpZ9T$6WJ7KvseR-2#CdT+N%17<lx?mOQy_qeDY3OucWc+I@_Ka1J
zQofmuj&R%Icgf7{q~+_)%WuZ*ttr8u=wm6yQ=Kb|o^zA<H!_dn^3cwENlWZv<cw`h
z=F&Rs#`Bg|GVc8~#6KMeFcAlQTm;0lte6qk0|fW>%nPc7gEAX%JH35WUR|6?sc5U`
zeZA4co@@{cltt}hbYFwt;T%VdBn;2euAS+fUTih1RKf=Ly~9TvF~lURK2%*KXRXEc
zvOGr{2UaM;O<Ao^Pux^f>%V%sFw%f?Qj?@FRZt@EXL~(#AI-I6E@C7bp6ItrWy~q~
zbt+D1wt6Gjx4t9Zoh~6cO!>n<@?XW3F4~TNoSBfBxMA_Ra;aA^3{_XRf-wqwfPro=
zF&%q;yh>-cdhSMRdA?l_*Bb9j^W9zbd)_ZB)c|Jq+r7|)eLs=-qm~8(EUdP?WpJl>
z-hPKYuQ{~qiFwgs3>QizHe@+U&IodHI9vaNeH(c0FdVbgxn0Y6049;=ye)1Et}&m$
z8Bf25df2pKM2|z0L$lu<LQF-}25;W<rp@-fk)qRVK^7Z4WwKxQM9%;u3)=^LP@`vC
zSFB31;%u#lNMremAN~yA&NM3o++pTD9twWs#E1i_T$4Wu<f~HNw?NJAwu-k%<vt|l
zgjt~dvoFW*x;nU9Ou9Z`(IU^WxEjiEC?CP+vLreffBwV>@+eN({Q(X7(QH12A<Qq!
z>zY~oI=Oaf=_UB`M0z|Pjpo#b=X2f#|MEDwB#&KL*zg7L+-7l4=fmC|j$Mi&hP0Ho
zM+AibBFoEZIsmmmPpLk>>w!c~@~olNHlFikwWax;fRD$3c-pL03Bq?u(Ce(sNX&uZ
z=G*fstS{i0#%w;$b*|8Tm4kUbQV<*7BEOUEb2*eR7U`<(lG7DjT2Xp4czgl)GO}NE
z+%j;#B8$gjM_Oe6`Y}x41CAtk6Be=}(}f8)X#l#>pkl1<dA;mr^b(Bna>0}=ai)wS
z;MXnTnDlijPI)dX$?p9wEHcx)^{GN%Cu;4Y1^%*wQ{vGjUki)HG)x}M-Pl>iXlH&I
zt79?8^Nbk9z@Z%Lr4L2IXkcWf%K`q4zNqBh847%`Ot*a^kFJC3mi$X1mx_COP+$jL
zn1HAVU3l}BH|j9qBl$ch#r1jsC^A3*1Oa+p?yj-dgB6d#`B{?fuf3YpEZQKqfHDhB
z=#Tc{ePe~vw(GPj$0?Fd5QWE#AtsjWc}4g!z{;B44>0c{h($sTm&1BVA`JRBJhmcJ
z2ko|Z$Vr@Eb8{LT6y8py);&J9iY7cUi;5DKMwEEyHQ3qL@QjXcl0EMmSDrxFC4aja
zr=%lQVDq}^Bl5t0LK`ifale!fEX4>S0;G_kIyD<7(29l8Vfe1nbjhbBy#V;G_YKtR
zpY`&h_Wl?I-bYHZYZii8>2EU<guB!I#k)RRA5{(PGHPiT?Lfo(Hc|l9c|RPTejS=h
ziF~q)zjBUO_euG0#{m=x!|7b%k%@`9x+`8M&PF`jRL;Xkhn@L<YjPXs+iSJorw4eJ
z2@97&tBmfNs?U8WY!S>(y#zjI;V7iy`9M(=V#QijjZ<3U41IoKVYfuE9nRwY$TkyD
z3D#_JL=gbIBi?Q_G<M4k-o66bU&tggwkXaDQj{e~RUdP5T-T>1+uNZzJ+tJ$uUNy!
zW>z|jOzt-36ovyK;qT->ru-jVbOB>$uA{#{Q6?rAS;$0#lsjtYJO<(o20lOs+IU3A
z-ESwqv6u{z>s(xFZCBv@C?4`<7<%P-6?zLk(7>qt!WV27cOX$hw?2B2oHknz%Z>_Q
zc44Z19-h%3psB}K%sCawlcG4xrxe7Er7$kZA1~MLI^MG{8NLO<dcH?<*6Kr$2irBd
z?x{x_@?XB)G8^@g@qOfc95t*Femo7&GUG>ofF8*K0TYecgfA+-P#8~xj8$K|<2@fY
z9&5UM`DGHC07X%m_q|aMVtj2_Ui&wQOs@m2meUI#MXLN)LB<ZEtRXaUsgh<>J?vun
zj1Y%_S2p0-NsK*|wrIoqK+BU=3K-?=3U}FGf6j7Fzxs^CM`Y9;EyLKU8vN+O*b%h4
zs?9(3S2Enl7M{TOZ}pSm<SUJGx9hmZesf38Wxdmr&wj<1$&|nKXPNjjbW8XaMRgm7
zIw@h~qM}`a+&Sa@gQ*`7AFpd$CJU>^<K8YDA+cD&5u?`V&b6ZT`cpm%YZ7ZQp7~PM
zjh2X4?OPvEt&k|XuGi08Cr6C=4HaJ)J8uv-eNXXq9cPMKUY5Fr)ybf%C%oaSJFhV|
zy<hot@5g>S{V_}3O;YI&2fe@6)%ch3U$ndul5lkwvSJ28Xq-n6?x&AOoLDlHFmX!q
z?wfPhY<S<*S}=)DZuj^-h*vO^pYITVrOe};Ow+3l1h+!+fO1Len4836H>Z2pa0s}g
z9*J+V$JA@>km^IgW5Y6YmamX#A|?%aSgK<pOo{cv{xA6C(pHVMfP00{DVUnB;#!!@
z4ol+P@>MCR0X+?C{LS{cP-AYhU2(23FeoGW-MozY@q)SOf2fBN&yB_A2~+3d?DTr>
zVF(Hg#$s~J4f!}KKoXm0NR(d{^Sn8hK$)~oh*3eO`Au{8tUwvYb#M1KSGeW8Y0Y)7
zKA;=)az>^Q2M?>1$-y?HhGp;=y0smx<sfarro(HTsjV^Hj#PZsma)eRQy?B4?`ecy
zyl-~O>@;htH(&bk9js1J36pr1y3OArUTs9pnVUQoobPG8)Pj0`Y02a+jd|H*ivRx2
zBfBn=L3=>nE+)(*;tw;4E_~7Y?oe#%<dM*^>E-W0@3R&soRC(rqLPf%CEUb9+1bl}
z&Tg-WLZvE_gsGPs8!0J=_?I;BCWkHmw#v$~{{C3L2%GBnXt@2+6YJwIp=v!y*gW8g
z6!Iy)!+E*6%}MMG-x|clo&X8?qR#@~PE6T`B%dQABkz3<U><Woca$CP4{Mt3?(`vu
zxFlZi86Q3@Q4>3biQU1yA|WUBF;jf^To??Qm#?M?*SksZ5ver{o1~bi4k5Mtw(>)6
z=HP?W)h@-a7nw-4UBzG;20r-y?-{3xI$L22Hjy=BRqdy@<&mij{eWR)jq3_rr~OLt
zz@642&3O7dhw}|7*THhZbcq2N0FI5Yn61fD=nR6{2a8%jAsK3!RoW_a=Mv0A3ae6m
zkA3_Btw@A^H@_y?$|`Twg&wu>{yGGFP{zF8pe$S6cy1Lz`laah-SF&>cI0wRpgYmn
zcSs$<swm`|n;jZo^pSI&_T_As2)+j|tMQOG7dH{i+LrcA{(nrpWmKHY)-}2#BtZhf
z2^!qJ2@WB+H5yz31b25xg1ftG<L(-yad($S8+VuQ**WJu_l^Pl>M`i5TD5A)oO6xz
z3rmW&=0-uX-Nz!I3JQXX*BBWYXYV#l_R5+M!=;%Ul^6Z12Hb`-^2-PG46wV?0{<<N
z;Q9a2S=fm~KMYjzQpDrPlHjolkj*F~_g=jnakd$tT~)5^N1ZqV{P0GEppYm&6fXF5
z`sqyw7yrJvVCU0Y!ocT;9fT#1!O{h8x&z%n^0pfUt@C}|HJJ1$wEX!xVa|B9RY7fT
zmY^f|EINE7R@<oq5SuS?zBCTuYCX+QxhNAr7Cn_#cz9@k_5n2Z*AMKye90qtG&1h9
zxeVXNDS6)#n#)=eMMoRa3{9I=E2!v{Y5H$<3cnI<vFlb5r=NRqA(sk^{c3$#^i4-x
z=Ha4IT_MN=$EkGc?P%IgOItQZmw!YgsQO!K)p>6?i_!+W`8&g`q9(EKlP}9>#b&Xn
zZ1qur)L?44<V+$#0pkU6Uk(U^ST5$k&Yl|O0SnKs0R=rUHQ#okf$jX3;EZV-;kX{8
zvaL*qr^FU};NgkphF}kq3~cV`{WJF0XzkTe8Uz-L+;Z~Z1vom`!}(}0FfJW(PYD!5
zK*pxrC<dCHg{M2I&a6(Wp3Fqc&-b3!1J(&4*|qti3$7=Dv$k~)SGNQ4MobM<?T$?T
z-Ly^T0{5@ok1Cs2@HBK){7v1DgBG7}kRR^$bl0n-nLE@49|WjEKbDLZGHEpY10c7d
zQ-$t&Q+*wGJoHRXQxso0bzwVOo7t6FK#IM&S8&i!X@G8B(xu~m;J>PUZ@%;ZDLyUM
zeIlIIdQ?K$oy8SwJwpm5=6Ffsbs_+~?ACX5OiUU*#UYcff+@`(<oNH&nC|;)%{-p&
z%i8$@XLWE%4_5gM+`Fa+Q(#&rG=+z$ZKz_n1{g2sGio`$-JB_iui>g{2N66U^E|*K
zTGG9Jw5cNE?Wi2bKlg0iR`8$KmDE?nwhQgi79n$8?x%(2gx|e9YPcM|>-!VNxm0k7
zxR~X_SGaY4viR1V3J4icx=aE_Cq+%j!SgTHVSK<G^rFCumj`u&SU}vQ#bZv+;xhK7
zzvSa!0wZ?ijIWTL$3dlT#~7(krQ0Q)vT~W~uj|Wll7N0*Sus;n+B+#o%xJN|<<uly
zAPs7U>-I-aM`>;CG^Ur`PzkqdcxjHamIvHimsdxeSXxSYDuRfu4H9!qWGK!^XItHg
zUJ}JeYcapRL9aZQloz>4m*jy<|5k9GmH^Nwkeb2X0LY6I&haB|j~qnm<Hl0liv2t7
z6c##O0&Onc=q}HXXeTGa&)p^J$KSVt9TPd7gHoma1bn_ReZB5N6a3Jj9)u>4NPZbN
z=C(%HNn5s1IEl<XL2tMj`<-gonx-2);?4Xzy_Sgl%<THS@pGx6Zk<Qcl%~KL6gGkQ
z-Y+Fjr)oS_N&^3jp<&~@0}K=r0TG^33@<ntdM-ynIW{XTk*yO`7irrfOFlAaYf~gj
zVrt{hE9Xft0PdE~EmJX=A+VNC5**{%zJ361ZlHH~*}Df|E=~bWpP{!_^Mik-<+}B$
zx0el0`0aqI?Mwtyq&fNC{p<De$$LLHoQb%C>T1J%-D8h7`;`ZTn`P^A;T$dMNi<#*
zt<c>uVYChiiT6)${^#IsDZR@9>^lpOZ?Z$U5M);G6+Rg}POyk}wZNhj_N->vpmzR2
zXrfm8v)2=MiI&oD$`IU*jR=A6lPsSKeYk!L_rBv4D7V6*U!U)?9KxDu{n`IL-5>a>
z06I``{SFP@x(miz`9cQtP<u$cukE$Gm%o|j;PLO@L)I&Vuf?rUaTCs=g*B9>wndeB
zVNrGdClA+2JlNHg-b@e5+Nz9)-?jG0ktq$Q?T9A?3h-pf0!Evqc%hbb{c&SmYejHw
zI<T;b1V!G+uc`sMR@*+OK}?7&&vKJ!s#}FR`(Lx2i>^`sKsz2AJtBiu-hP$*E|>72
z{<v+T@>C4f{hDcPHbs6nHZB3yxRb7gK4@wr?hTio;HHCmUN2K0J<ouLFS_#g9cBdD
zPCQgPy;+P={ofOW)AGuVue?VXrzY`c_<bx)6t!7w*l>a-t_+Ba+JxeBNFk8m3c$?G
zip+~dWIVHxfzfUPQjh{-+wS$I%n9I>D}kgoyWHVTaS>gm%PARL8Qf9UeDvF_e}}x^
zr&vDxBd-ds`+|AI@_2bgM4%8|Uqv|66?_plM?4G)$r!>$Z$PqNxmOdHyk2p)J^%#8
z>7<NDy);KtVE36msNFB#9z~p0vB68cd`~fZ^m5<bo?Y(e$%NSMk_JfJrU212TWS3(
zRK9<TRZFo2;U%aCA>z-snKQ$cy~F{uiYiX}swHZ_Jg?KJE;S+$kar9cv?05}9fb3)
z_lNT|bUGowCdTvLWpL^J4&1rDOOs6np}M+qlko^nhHu^=##CHSwVnWO3|3md(oI%~
zHnWrU_9#Tcsf_9AV#3^79}e@wqj#)2@2<QfSnGqwKkQT>M1_v9n4XQ?5ju!Z^+w}O
z&1x0|u%qSLPN<gfvD@RQl<9=bAA9=xg(T=N`St_3)hhIlS8MGf9=WB0t!)rf_*JKL
z`5=d8FyO3zWxYaX^_crG<nd_PolE*KQ@HxYN`;+HB-ir_ZfqA8mhf2*iz<`^VmU2H
ze8a0USlg0N!y)dm{wX#-Zm^b{<ofZ@T1{7n$`Yz$7Zwi-ruU+no!eJzqr&bXG&R%|
z6OtU<geI(*sDF@DHep97uxRWfz?CIncZ(Is5CD$|moFzV7km;t`Qw>eI?}6M&;JuQ
zBZK^KjG8QcNALO7mAIj(--^h6=lbNO7>@P3s#5;13o0uN#ehOe0EtH+TsJX%C&QDd
ze&r;x2K#tzBVx5H!|S;{(Ec0kudhj*xQp)ZNAmTN$^J&Z<LFr**^NLXWG{;ZwjamC
zAV1fIkt?mVDWzshC#PMxdHNB={n6k7j)v1s+2rEfH^HyNW9=3!fY|`!<=$C=e>Bp9
zHRa_qkBM{pHqX=EUtTt?7H1}ag|{x$gJ&+cu<7Kvn|RFBNaIV?AVecik9Tkhnn{}r
z^l^0sg*@l`^D}!&LR@$sMm-XC?jsU%g~zR#=d-T1CF2_uyr18SRV91va>HHhL=v~Q
zt1HcCa18p^giK1x<21ep(3g})uMa+O?+xroSLe)=1?Jr0Cjn_hmiH=+N||;!c>|#K
z)U@_ab(N6Mr2<K21{;?E|FcH{lf3e$odHoLnkIUY62*Vc8Ygg{&x0Kz1v}-uy;$we
zzuvXYuC(4uxgv`;#DCu%>zE*A6l?eLqpL!8!<Ntn!GDYLae9h|;o(a64-Ut1nRk0u
zOv!~$iH61IsSSXzd;%_d7P9R;jp;MCO0lAr>wl)*&HU&{5uiQOt=A0sfp#$F`Bc_a
zSr{9ys-Ivh{FqZJt+w!+%Jlcm0#%*#L))ciFZw5R^RIjz&>)e9AQvTF#I7CDd857k
zl8Z+9#-48N3~gNW(qq;56D??}C72FdT*;m=s)UfklbPN4r-WV03#hROx4SRr7#Dq4
z2Z8@kKm_}Vkut@=&ZwwBp2$Of3p85GB%EWP?x5|@4>pVa8p|COwl!Ww(s-#;NA(t!
z*7Gcu%ax=7yNXZI$xn?ZPevAW=%%Jk_>$U8W*ZGv&YxTUhNCHB1hxYNTUxIr1#)vJ
z(kd9*<f<ik*ix(Z9KmE{eOyG-`%@Csp=qDsHzr(g8cN5(gbs1h7SUSr9%uVK{ZIN#
z{D%#aT4}k|&#hog(d^kE@{4mG@h6z5*GCh8Z%m$b#Al={#iM|ckj8toe=qt-oILA#
zagC=6Gr64x273}*Lw5J1FQ6?CT&=@{i&;ecg(T^(#IaM+Mk5Tz-1J6cPvPrtUCwkz
zH*(N+){}Lgm8(L6nsKBeOAp+0=u1>bgB*L|O*)UkLGoMiqoIbzqLjI+Ow599<#A7B
zI+WJL&8n{|$?@ZB>T#*SVZ(l^kxy+<7k0CWf>L_0W_LgWq)w@YX>ztbkpFbUac@D0
z`bmqhiJcE>0mAso*8lMnq9q!w39Zbn*OYu8`|+Le{l>7e-hG$(5@xf<>tBbNHO&kG
zH|~~58+Wty50m36I>r;>ftb>rUr=b@u0+i;*^G14#ehYmJ%R>rJRs)P-PdAL{DR4|
zs7-Z4(>{Msp(j2kOe3-^9Er)3(#JujMc^GThmN>kc5E8UsJ6hSATOA3-u|T|6swE1
z?TtY|&+(i@Z*UsDQ!uFhr;C2_g@G3jMn^dC4jp;Dl@-U|{p8~O_>Fb1(&^}i_S69+
zJVao6B14&xo8=;e;KbtTATE&0KxYQ04oGfyBAc&_LCsDj$RNu3Zp3ymYj;bIM|U(W
zE)$dU^KvB0MkKa8jz&i{_lfT<61Y?_K4JWat}HkrZPJA-OY<_;p`|9bi{7eiMVoKC
z7bsOOlQ&r7iS4W%e9%!^$${(G13Tyu`|D6XzUEa+eK&Lr!|hz6Ora6ywuQUi0=L0X
zxhJ7m309ewleu*%s~~-v%qZZ|iUrNu=`Bv9f5Xm)>vEoqT`p^P_-S%uxN}JhX|`bV
zm@&VHt$wqMaq*)m1RB$02NcJtf{Nau`nhyPalV+3WTB5=to8A7rx0HW_`AbmZzV|d
z?M>P3l0UHGMWIUK@KPS3wyvV<i$lY{yAfeq&BIT54AW^Y5DFbk_-H__7d1J#MC9R5
zl;75Df5hpJNKayF$oTYt_|c_XS{kOKUZQKZoR5xt6z7<W%1+_L82qk7E78=_c1l>2
z`s7L*I?85VsjX$DZWKhFzjd}Tk;-L+!DPvdI@op7y}yRg70{)n4$|bwunmfl*Bj;0
z(>{sgE+Jt0XKP}t=J7$@$v^MI_U&iR%8j9@Z?`%R6)V@DF3DXhF$cLo0)Y07F7x=|
z&#+Ydln|{KD;!L9jN;&C7}ivoudFo(5cz}>eF#RKC?Y=~dVM*#J*L7Kcw(UFcC8~y
zes0W^zI*;Ueh2*aGK!1th6aD~nGj1QUE<6)H346gc)ZZCjm9uKIpTl?jsJ`{H~mvy
zZKyvFx|lcB0LTF(G`MrPUztyFW9sUqNW40qMG9qZJ(a~Y=9@QYq)Fx%g71BOWxAjN
zju#(|?g6PKtZ=*aVw5L!PGQzzO_d135UrfLlfsQlREZGc87GxFOReP`&gKXV^<<8h
zmimG>x2M~4&HpCKz`30^o=|}Q*;#{=L0mrvIQdt#nEsHZ%jB!fDZ|ooz!lnNoA!Wy
zjSl4uo53`~S3yX2Gw0!1*m<3N!^)5qI5Do?#9r}dxuyVXJr2i|POQ~)=9m3OmN2wB
zep#B@vTTCFI)7h;@|wSe-z)$6CPQh7g6Wx+DE~O@!7V3&$8R=d%}-zb(OW}8Hm8<r
zYcH)(`76xrca$v`cJg|y0EL<xC=p(1Mf-J2E9p0K`DF*ZnU6X>WSf%8&~7y5bZ)x+
zuk8U@f6q?WEG^u-$gS=jkogZ}#J{hGm9f)G4tlvQp23%}Y4hkUD*l*q-pZ5idrT6$
zZEh%HpJQ61SEci!X_6zpo-~VF@i#@Jb6@d}xWN5VA1~jbjaJUmAt%n_2l9&i4EZt@
zMWX-IV~>0=(0>p9SkvGCZ>jg+pAGv;R?jHn$VC*O6;ig1kCAhsSJfmgv=E;6JD-)$
zJcyCYkAkXWYQidf$N+a%j`dM)ATKA3AtSlL5GBgZ)g~3x<sd3^S6dt3((2K0Df1oA
zdLsaL9HO}jicH`fglt6`Ft5h5z->&;!;mL2W~hny@amx&1N5g9*{TA@D>UqebkF~(
z(gEk{A+SIb52EuEcnfp}t;~5`-=y)6kE)Ye&P~Ao_aO(R7I7Nr4OgD^in;i5=Grz|
zu;UBc1!4k0QnMaZ$BlT5SfbpGvlYd8JpW2PhfQ53t~A>J?zIKyM7DA_&Fo+n%hsZ%
z15V+eTKmrljLcx}v{-^CX*uR^#;bgsWmSW}>#g}{kGm&KZNBNyme$9yw7FU(>(M_u
zw2T@sm7>_Yy5H7+{?8r)7b;!K$w`^9Xwkwtqr5v*1U*RP&o#uF$#TVh;llN@D3GUq
ztHNsVCVNp)^vwH9A4hYJ(UB8M%*i81?VsH3p9!$771%0{|4QU@k4bx`w&#!D75gT`
z`LWUIIUZ$|Z*^{?@Pqm4$5ux1nCGVv2KQ0;8{5kt|6YV1RNpp3Uqu-QIs1W0tu`k6
zqVQLqDP1b)5L4G4*IrU$ZUfuAObwOxwL4n*I5Rc=lX@#=q5<kI-Lv)2L{fg0;vrs^
z*uRAq@+ez+^JmQM%`nL=3}jNR)SIsAm)T9_Qi*N;ym%UqCxwTU1qMyNhwc3}o=~EI
zA8hM~1#d7<b6*BGjcSI*l^=u}8N2I!jw<~G?ot$>&8N@R>{a!HU_#RKY75r-C7Hw1
zb4ga%VRhXh1zAZEPsTbjvwjZi>NwsBHK%A8D7z-isb6-keselozA%D03{G^Ecg+Pm
zP=E&q2R#!;<&^A2>eaJyt-`MUZ}H*6Gza@ZHGO9nnp~-Q@iHgdPurLG^$lEG^hN;w
zXl!h(0AXfFzj1mqk6uops4L2=US~;@=SJsavQH5QQMj$6I2s~-$NjOTrhi0IfJG|F
zdXFn|I-V6NkrjFFM&s_sakBA|yy{jK+a^QPM|!q81Og05mpIC~_J3N~p@%{Y>0iND
zfB&n-yC9@6&d+4hZinjYAIQ)vP4E<Gzk_&vO_X12<*GAmse}AVYB-8T$xt>zd-Y+*
z(9;NLHf;2wDu?vPy{Y>)OagBw{_ue>M|bSE7eSQ+p=$USe9-^T%IxW;7jBjc)!62J
zUHE7hEY2y7MhOPk{(G5$jylrO{KUng>_bxJdWHS<E2}qD;QxHlf8G9w&}m`(ih}*i
z%k%F*w<nZ%SeA3y7n!+*#ZogSPdWjn+I|=3{nxDgD|1e7iS0qQW_V%|Tk8QNGmHpy
zhd}-~u~7;IBz9Q7|M};+@2?9n=>3H}<h6qBQdi7nS->PF3&*J4i-s03=mb`AoL5?H
zLDZTL3`(>>Z>4uyLz<G21Oc-Z+o7eU?Eot8aFQ30bho1RdPf>My3Vx@pGWe)>kTDB
z(2e&3J2q{t+Bdy0GcRJbUV+@~`k*POG@-^&g?0!>p!D9K`+xFNm^-e>y6H%2#1r6q
z-9`*46YvuVLSwbH@W#5R91mpt)hcB)*!l6Qr_NAGhq5bb()E0MJ=whMR9oX6_>>=>
z8^hvx=dg^{1Ylw0Hrjv@R5!pVnkh@5dC!A1ShMPJF6)>AK!bX6c%dgi_r*6jIJl<y
zKXHTHucAszl7^48Q6E8VrH1zN7PTKjpbxDh<FPW|r(tsPplALc93{fqhKT8IZg0%=
zNys7Al!~|CXtZ@h<bC?41V|6~K)%}I{!tle(J>D#ue$y94gzg*V<#=x5wbC(K}br}
zeDD#2CS9N>3#V-&M9-tiJ8|fY&7RF$pD<4BCGjRSPPO&#fqeh`*9vw`<<n|uY8WBY
zpQTe36Ia}KhMyF6-a(@0^1LxtxxRC?*^kK|2(lrc`nzq4ghXc4qOOb3&fs7hj8IP}
zHq-oa4N**N&;9sqTGqtM>e&~UF*O1+f|t!w@cvY^ZFFYqZdEq~5LuZLWJAfJ-*^qd
zj3h*$<jYq`w3F`WH&$GJx5s<j5|f@i2=5RQL{dT;`=o^uBwrFvBB*oyA5(N=D;3?_
zF^+*2V&)GfFkNZ$h_k7LG&N~}Kt1Dla^JrQy~BL_(&zsAYlhBnVCKup1$_o}jo(n|
z;z|$0oCD6xCZ6zZCowRsjJFq*vSEFu`LsJU$xQbSD0nUO_ui7$5hrN7VuQI(u>cbd
zEkhNhgzPGQvBQe}%5Fau^U`6iBHpwEEAuFkJQGk=$vDCU&kti|0$+2|g@`Ym%`o`C
zcVL{|#ML#lI+9xcwr%ocTMkZ{LILJfO^jBi39V8@PY>BKfbP|r1W)TJKNEtcHghT!
zz>r4NLN&^GX8JB_``L}^+iy26ULWa-2qFjYxMlMc8y>d>H_kG&{KgG>Zp$WK@IOdk
zhkY(G#e3ri@yQ0!(9rTN`gF$GV8yL3OPIRrPld(uu;B{B0xjeZ{)LMB>s=_*$loqZ
zj@~9uj)Y8(lFLX^)c?~j&oqM_7l<uwT#n(>drbP({-3>>S#oNHU%#i^l;h&{j+Sa~
z*1E9O8oo1{iKH5V_hs{v<+W;X?ul$Fjwd?D^tvhm4JN*`wa13T{C!VV>)dJCds!+>
zc;O$2$01&cR;A1`xAt|VIEnK0ATv+%G)S+<Hm3^ZdgMU8X;nv~qea37pQX#X7~bn&
zNiLkVn}4)o)Ajxig~pctibs%IKZ5s&OM9&^ESHDtJr@_56qjtG>6;CulQ-h3+zUKr
zQ#AkeCOOpOPDaH9l8<~2X0<EfzHkz&hOX6p!Y$E3mi=Gm3bj^wo6%oOM!96TH@Q&o
zK*}PT6ZKRSDam88by!Zz_PQv9OKdNNPOoR1t$VGXU2={mexKi89zXd`%02QBdsz54
zDV1z*Z^Py`+E)hn6LCa;xT+T(**jbXOOHVP5_Af4s>|E>Ff%;Q&_`NN*xozuUUacK
zW;`y)(kF64cjcIx{{gT{$yO|Bhrdc^nhkGTa5F3676WFje~$;RC!UH%CXaKdi*btf
zC{`nrCJp3jOnAAqp)sG2K}#6EJuaRt@KID-lvS}+{JYTOhgeD^)*qW9SXU%J)%g6q
zUIpmYx1x0l>2kf9jNoaDW1-yWk^2M8C4R`M3nk>hkCMQeyaKdyxM)E;E!W}TTkSdr
zM0^5*$(%GmoWZNOrp+n(n!%Kdu&3>w#20PFTQ%b2Gcb*5%2Qn26yZGm@~)U`H<Gzv
zjEeAd*|`0c!|MOVf;qh7ON2;xf3|+zASGq~Sk~g91Un~JnG@(W6~X}RcgAhi7q>BJ
z9f`E=26I`fU2DQ4-GR%f&@&go78Y~VU_g^O%qYiX*p4Cfnsv|2>|w4HF`(Mvt}I1^
zz?aOfTf&--NOaBpc&KN;yv>)@Kr>x-S$(9JF<Zo*JR`~G$Hig25j@buw7*GZw4R4Y
zYH+KytU==HdbVaI`LZd#ycOQ}pDhOdY7=4S9DZE2r&}BqhU8ybAsTsI5#uZI8px{<
zp)NRn+MdD5ZXgR!&Bs^fq^kU}{!)e@CW4<TVjNyi;4^7p-FoWw0Pk6x$c|ESzO{g0
z1`@J9!U18hNPc*%wJ8_4daF81uyHT>GugQ8?E9wYRTA&wMIW@ZbSE_M{vi$HcGt9T
z(vB;xcK*xj5l!nqKxMOTF;+)^(ygB1bE)%Ub(U$XW^n#?pjGu($z}Y*jsHbWCUvtA
zIcDU|<8Dku3K-(%)>a7WB41q7a5r4o+AC1mghgzVg2it4ONm9GRPUQUtMIJs{1=pl
zaed{Q;pA7V@4Euft_>{lkOaVajy72A=iJIjGZ6wV?Q!l#E#wgb`P0?8LRpgNG729F
zwcq>i(=c}0U{cG@z`L;qw0^*+tTV>N`mCh?jqre9cODFgW^}F=Ed?24_Bd-<`rk)n
z&ekS^J|DMqT9%zGDiHs^7g2C1zY6$<mZL2ZI*<O}Co<c3mNaJ)zjD!sDzo|bxL`P5
z+JbPseREJ3Fb#S_uM9qF;$uQIaR9y8^s8=oe11Q!wmKD<Gq9NY@AK|NNH$*3zOxZB
zB~KG-!{w`HU{TH6zbNysg6zg+M7*A*ErQ#7U@q-b*N5Q|VLoDEZSD61@t*$60XyqI
zO`CJ%R@=N745STUH5^fvY9!jH56w9ZBUlj4R|M#wzl$)*pc2s9lNdd`6jy|P&H7M9
zmU6v2`WX`vp4`Oa@c`Fi&}n*Edl?o;ogA4$)RFa8rVAX?v;SM7XQr#$)LbUjNl+&B
zKR(w&kOnO3ZAWEIzXZ~C^Q-<`&RjbTEv)opwOs&~xr~Mh`Hy8TMkur2j~-r=rO}Ja
zalTc`{-42$K?239B1>_s3=~#B;}UQ$cT_}8&dl|hUi*+kD9u%F#sBlsp3iyQ^AkZs
zi3=%IQ?lvY9Cgf8U`=3|_d>S#;3@qCZKqT1CTjbgk!ee3L9`rmcJC(-6hbcfVU{{7
zUX2tZ%bU86J=ewRdB=2|!l#k=^ciXNYHpR)55h4Q*W}}bKSZn0QO~tGqr=+WFgZQq
zP;gyg?qH>1($&sio}(WIzN)BTWwB&DBlQ=$9fc;u-X!&Sq$ploclEd3ahz)N4(l_O
z?DX2m4yg`^=deHs9w$xB5`UT!6KSf7kJ{4X`OWr}&`+#1T7=g+w<Q@_e2kVf{RgFM
zj^?=iSs>j7hPVU(lhqpS@{a$4@ibqUDR7uI3}fd12)Rx?&n6WSmc6r^v7uwqj}0Ey
zR7^y8AD@yG@b%)HL5A~<flJVAYP3T%Vs3IY+yNAt-{EOYmJeku*>0=_PoiP+8L4@%
zN=sj{Pgv}4H#YNFo6ng38yD3HKHrXdpL8NKe~Oa$gcGuU?ETCu@OYuLI{UBpYoeNR
z)r<{%2B*j?$sm~7ONrzQ>hF2iyi>l#jrV@o6!7FON=`|kCu5<|SDe7?z_qsc0dlm)
zxsId(M4Y5wo2qq6SRe`K9}-+A2_TrqyBPJOGBP0Yj7xe`(*<F+`&waDfvD{!#ZC!8
zwmGg(_?`hG`_%*s@!7340EgCpygIOV<EB^e=@&4}d%ul5Nd|V>OVV3h-nQ5LZ;~fA
zYY-Bm1dB)A{+wj-a@B96^;*o=P{OyMVSh$7=t43`u&W2d7Ql9rV+<>f&!$R|p<92c
zBfK6MjbBTD2Z%{e^s@-+-UZO=R8yqY1UkAlSF8xWPtjwDq5g(Yzd`7;O%9BI{r6(d
z>Db&I0Yj#NkodwW%o~7ogglP@YnkJ<yEZ};0)kDHYv(Dx`eRw#hQ!ENm4(WHhhR}D
z*YI=A@ccb*-S!Kp&>Jk&n9g}d@GFcpGoPKE0}=70zPw-g({&wID>zUwaUug&uRbwT
z0WW#1f<qeKM&g~#D~jPHDDZ=*e@&=xJ_R&<uJ2|=F&I=*(fM_--DK6y^_%hRJD!+a
zCyoeP-5ZtB#q>k%9ZkbcP#_qB{cE?IRx}MCnvEHD@xdEB`(E-UZ%|c#d$3$z)|NH7
z``HI=8$flm;*t!x>UNuBR^=#oqH@Hgvn?$slbdA=B$Ezbk6|a7kbUv&C|XZzC;s4g
z;WXJ$vC`JX%Zr)+zdH=1)wmFFdr<CqO-f?BLW?JQQWiy3cU2c+=(|$rsX@_67$U2O
z`;O6pAjoeoo03Mm8Q>+=nwXe;;Ttj5h{4Z*aWZ6oj>Z<Ez#kV;D$Er~7%;ZNc*>R{
z<<`7YomDnZ1oT_clVy{|LIUHzz%t3|g?Fj9-;SRu1)Cp_{ogy?H78Qn#Pv;KPdW7q
zBE+X)%6>&mDhk6K!!}XgRzp)a%%<F969*^TW=uYmh~wpBb&SN6YF0d~rcwvMNp?_D
z{V^7C94AN588=ZDH-#r)2NeX$26I_T1--+*E@+qz<TCtd_boNwVU<5+fVKl{#KyM_
zKbA#w8XZBZ%F+cY9cVE@B5Mr)Ut%e%M-Vvq6O=cQa}-nBerotBB+9R+={4Q#bY@!%
zQvU!_EOtU>O%+c60vif3H>$9B=-0MDm0&R>>F`iC0R$E(Ipo$(^ed7?@DPW&%0@V^
z)vRfULU@5xgA19z^GbS{II$O=G!FC3OPeAavX0pm5INcJn873V5^6VE@a>ASZemeT
z{THEBqG1*9?P9P0omdZ5H56KiBnnvx#I$JpkQZs*n&*x;ob}Ew2Z3gY<mW+bU~3Ul
zY?)@j1RXkrgA6Pl_RV&IJ_Cl;*WW*`AfMmCM?=ibQ&e6aWsomuGWG@3gWp|_s6e!C
zp@NPd(i@qO;Iq<-3=)7AhI>fy1uK9Nw$ICDVvev{fg-1RSQ1-0wSSV}MiPi4^l%VB
zDu+T_;8Vlvu39!72u}*g4x9jGCcMJZ3NG$<0t;a-0`ig7GO@X%#>XR+QAU@ta7IV3
zB)Ij+YU}q_XXB=U<AFE>`}<D>A%o`&3U~i#T5e7SP1SslA>xO<qj*NB%Zd$b7O4gr
znDP_^g)IyWWoqHDD(nKCdJNAqd)u{N0eTm6LGN|~xrPVg6O}_&?6ZA~A10Ey9#z6G
z=M@lhIytvmH^QFoHn2(j@%i2GkdWL+am=USfA(jv%^O$^#C8j4y8!T2D#lPOp6dBI
zezLNX)Pra$5}|FL1P6-2{h#6prCV}4MqZaLNn^g(Q3l#FVKXBfg9KV(VPPu<uRdA?
z(WjcS=w5?&zY8$nM$ChU0n)}Z9=G>hW$Om(^(7(O!0OTMn-iV=twZ}R&<#?#2w9fp
z$7>&(4j$7t^?j}c{*@bF^;k?Navcan&CAKX&WAZSQtd}hBR&(=B^@r$Eyka;gbUp5
zUbr%8)X*>{{@$r?G&D>FylK-n?WPN7P}9V5u-=H^v&RwuDsLO~*K_MQ4l~REa(r(9
z5E{;dRBbdo;hDZs_o3)vv7O(dIB4?Inf<t2p=+s!)iP^+78N=q`?Rx95rBC7(UCAB
z3iS6ED4<mjqD0;{==hzdrmG%Oa=-`wB^EW|7t*2%{V=OOIqjXq;Fs&0RcI0iPPq1<
z6=kfp6mxZ@1W>gZTssHVd8FJ(?az<Lc`@-KqN4Agyq+JqZgVlA;7$^+=eJlmSHd}g
zbI0Dt4oi-+X<U*^`+Iw~TXCweKJtj}SvfxR2!XqTcql-j6_zQRO$;n*&|0-cS37M8
zWU$T2JX3kO6YFtIG*CQSGM%DoK@g4QQk7x>3q@X`IS2fch^OZ(pkC(qStRBLQ($9+
zFFChVDo~S8a>G4|*FdqS!8lA&AfD2bU3Q?uW4Gr_>C;(5rn9w{)BIKgcp(?&xL<=}
zvG2mffZ4UjerCtCFC{hAUQ;3yQCk9&qoXT!kOmQPD~zy=Kfr8dh0SSG^Vk*C&=Btm
zgKXl?4T&6|w1z+bkh~ok9&*bzjD~w3HSU-#esthH7dPIYX-1skdDzBZbh%wETaB-g
z`Rx?~utOSm(lP{ydA(kuKEt9)JI6jlO3rbaI`8eb*QRGzO}38q?365|XYOaJWY`{?
zCyw`y(fEEoH=j~1*$pxt-Wex9%sMQd?}t`8E!aP|;N-Tp8!UF#wQ*hg)4rl2(RT~z
zdhRVF)%}PWAvUHK8Riw^Ec(>I{{gcSznDRcMkS<YkFEt^O|_iQ5YR9(jx)y+joQqS
zK$UIjOoJ-VXS&1V917+XhDS%mg$;6ikw}@Db;SV^59CJRdI?4Ad1v47p5dtJ92~Uj
z+YUeqCWKHnl8n>QQ%FzU*9)mLCJO)1t1t<BmGkjEUZB7a%7lCzei#qA;K=b`VzoIg
zm}=kvVa@xNGTI)lGjTn9%nnh#_|4+{P5ja5t6$alH$&Xzs=*VyM=i+Q^YeE@ZgmYx
zsa3-_7uAh(&h3vji-+~()SRl;7K}PouQ_Tj3reqX^<qG@Gc;u1EP@w%7)i60>-1UY
zjkO+g;H&cFVU>x@B`NZnsu95GaGA8v@0Icoev1>kDvKJW)o}Q388+7~9yJ5;M^A-b
z*Qwy@y#Nvtl6+g+%U+KydKcSm@4Pg+FV9|nH@h2hCq5+UL3+Xgd)(}DOc>&}O{-6D
zGp$#@qUWo-90Ym87t=PPomvAg@ccmM6Hc+Pq@5w2?c1A~qg$)rx0h8y=FB>rwQp{p
z{#pyhh5J?G&S_5dsO1(8=-5at<|u<XJA6G&SNTqVL?DG%ciAd_MDQ@u2TjG<3O?e}
z>v1dHa5$r>;kSw(FFAI+*4372`2C~L5y;t#C~i6plTi(AB>nli{WQ!veW8cnqyv<w
zJ2u)l`TG)VptdusGhZKIh;d=?=n%Jxy?ixiz`Sgn#Ma(CbR4&(=O#0|B`jF~ejEK^
z*e1gZAR&a-uXreRRShwfvF9hL`;TaRcv@a1uA7F^^70O6lcYFyNB8hvl5!w9z<1z8
z_baZh6X=DV0~6322TMHjvwKoDo?tJZUecP;=giTk)$RgYrOFmBj1|of;tC&e83shF
z+B7C5wl0LYqJ2^;8aO$FxWdfe*62PzO^j<sET!`Gr;o-^ReE{Gfu9X}o$8mJp=jPW
zudo7tYO5;yE-}Enfj1(-xXm}G&E<7C|CRJjxx>Xwf~o;D*bt9}h6F$()y1Z#b)u`a
z*a$pbCAdctA^L2fPF%9HFX~yi3%}?mki|-CxyIgpm#K9f7RE~Gb%XA*8|7W(J>H~9
zSh3nh#&`Tjb|P{%aI83P|CtosD}b0s8^OTv8@2%EFCLq*PbE67Z#b7+Fs&Na#gu2K
z3f@iajM37#dWTu!EwcBQd&cB*m`q$%9Bv4R({_<1CJ_(HIEV%179P7@J>oLz{9b*y
zs&BYUHdm$qBHkFA74GWCyK4Zz3MjV|!5`PU&?-HkQa>c`MYG%=FTHyPfb#W5qqjjh
z|Mef%Ucww#`P>!H*=09kU7kG}zMD0lo6Q(Gg}OEjNXC<3w2ogqJ3YoU&_dm6PiKx0
zR%A*i8SLALKOe67(^y=KD<-pVNIs*(R}0=A_X}P9m835BuZxn-dt5NxNz(+#;RIi;
zTn_4kmyTmHd;p|tEt<d+iXhMVTlfhe%1(OJuuptR&iv?1g(?UOaXCveww;;ZDY$Pq
z-I#Q>Fdd|r%(xXi8xwXzWzbw06>Ps6aGOHcmB_$6G}q;?`<7gDd%msraD!;Ml*S4e
z>|Ln?J}lV%s0q+a-yyJ)y01i4C%n`4f<pmNw85ko1269T_xY{-3^AFys(0GUPW!_e
z-b*`xY`k&qqgs8(u`m2l=t+#7KmWedTX)9BSJO+pV|6Iac`4s^O81G?JKp{I73$Q5
z*GX43h!IyD*Bu+LH?NX*20OBSR}&XLanmPxo|1rRoWUf`gGtyiG_%w7HINcB@P}w+
zn*%=`{XY80k&lmD!|Ta%PaGxi4dR>7k6{l_2=5H3#}W&KL`9Q=2e&J_6KY(@WD=GQ
z1?=Og_3NvuUUCCz@i>O==>`^0IL^NmL4fhUJ6(+1cHK&{Hm#})O?N-^<2`B+<^?8U
zKJFe=pSCzWrF%cE0(lkjpCD>)Z35qlP1V)0PigabZr4X)090CV4#-7Mq0C<B-T<%`
zpdYi;q4O|)OU4fOup7K4vTu59xkVP?^*hDBC9lkHc<uLimzCXwYQHnwJ2^Te|EnLp
z0~36c94-O`8fuWE<LXr}E<pFfguuoZbb#ggc#rl)S#=9lTFu%?EZBKzZcje5)|^ai
zf~prwt}P>2PR!V6t1C*mj-P=Y;j`stUsUq(>XQ=*@cQW}tISp*#Ib0J^8KE#UKP_@
z73dor?&(z=iK7=ym1?9NDt|uD$Xj}3`OzmYBlr+<Qx!NlP-J$%;N8bPAY*$sb1)AO
zCBOiu`Q;m_IsYcJ*mB)+!(5=hL=Gt_js;~7E7r+#k%?t(rM>N{vF<ou{lYaf*i+K#
zVwN_PL!YE~@G~@n<pqFWK9Ase>-QGENUv&n%<lwUtX@^*>_p|8q&&E3KG8-DMh$)&
zJd~h&SAM*}$|sl(;WdtS)!{wnGtAk!^I;!7yZ&iE!cP*x_YmnlwGiRBdn57WUy;gW
z9d8JLK-;WmbLk(;j+!>EYJP6U_o5!X-S;$LX}ce}0W=-uh)&}SB9w$=@B$2vM=Yw_
z<LP>!K>1q>i#Kk?ftSguJIeqaGErGX!zljk8&Or2yTO;0Pq7>n3gdIg921hk#vG)v
zF<)%^fyqrB?lc<psKaC?^QI^PiAa-ZuCUk~6gxiGvma^C!&cvK@9Y?~8a|-$U$9)w
z1H3By-jTJlE&3Cn_ocV;8=<P5@YP$?P5=X3GMd2w>UN;W%g>h*m+#D?!QUguGa#6q
z_A)m&2SAeUYfY=#5VY1~6B{EJ=ekj8cT*?ojm@B|C0_GI0-cQ(|Jzh5D6uFVR6R^9
zVWTHZ^%+n;-Up#K85{5HvL|C1y9LO@e(Y@S_R(AO1o_la1GM&U7Zcy0e(ylUG)wah
zw&8(dXXI|qRE`PUaKYt-3tBhYMA~=Uo{8B>Tgi2!0&1TQXF`oLrm@V;%ubiiM>n3W
z8eUw6*-lMyticAE#2p>ObgiseIl<K1?<{;$IU!^_+gt814r0|P*%vKV+CkguDhfe&
zE*QX&x0%9rk2D;Jn0wy&h#!Jn`@Z_M=XLlH+Ux+MrNE)9p+>S3A7`StDyVDj6p!7=
zqIks3*p^&aXg}P>VF)oGEXuVFOvCL$h?SC-$4(ZKW82Y^Hn&#<Jf3mQr)#g7!^YAs
zM;<;ST&J-g9edeZLfYQ?ufKoOx!Ri_xL(%x`A}Oi(ajTa-tOX;^A<OeoZA;tIB0sd
zSD~)#B{ozVz09h6VJlCq!h(O#VEP@0pMuiz&!#uv)ewDc1#Yu_eY-bg;Jlc;v@gS5
zng_n4*C>Rb50em*e5HkOzCDSDwfoiH=~=BXpdjR)_}MbqX^E+ElP&c!r`q<wwin(h
zMlK%Kc}=ktnbl=8(NDb*%KjwI6EK;(p%Fm{pPQNOb*RJ;h#63rwD#B_-~v?8Pn-9>
z0su1CqQ;x9U9g2!LL<FH?R@%)7=W6LGtc;KwOgS#XS^WL@ceXtdNx>|S=R;@N47sd
zyD*v_^}4giwzlxmalQPOhBLUI-Wg{q;q%)jP>DrT><707-1i5)8lq0lOr_}uxuIL}
zmH7UkwQ24Cm?x~@p-Fz;(K?GiKVLMQk2Kp1me!l8Aq~0O@8})ORnn2smRYym;#iI<
ziy&KQ()KteTN~ueNQ0e3_Jb^QC?X2)4?+S+Twfb*ZP73s<cJ#b1?%Q7#$Kq9Iq&Q)
zSZY6|{(`UH*P5prn{%!f#(5hvu$NV<JRPb_M>6U8SH9{T`3xZ<euQ>;;zp3@It8`Q
z;`FQssu+tAHsdqcS1hFwdFBK*ULQ3-<XqW)rK~>s-P-}OYCpsw61D$LtyU(@+%~rA
zGeZ1h?np%SR{InfZ2RRklqrIiLA%xZz<qcVBG@j~j^@S86c*NToOH_qb~auNRC>%A
z8VU1y<6B4#o|oRJmf@avrRk#=u{UT8oW$EJf(3G1i-DMZD*`7q&`Yo&p7*F<b*!vK
zvR!%X_8h5_P?WCo_fNI+Yil_s5T)Vl+15jDujB;JYnYt6;~as@<B+?aPhbs9r{VVn
zE;gay!+H{r#vkxXoa)nSw1>wR50~ZMUBRLmdVP^XJXL2)_AB-}>QNusJcbfZM!lbu
zHh_fAyB9z>4`KqzF#*h%@K{ALl~Jok0%0kD#51(q`_R1U``Dk(6<|sw>C;Z=@%lgT
ze^6)`x_^2-+Ai7Ze*48!;Y}(fB|VRoC09;pDXvnYMQbVay48+cg6f8@=ns1x_`yUX
zfcI*sS&u4zy+My)w^o68;^-C@OTRmj_O-d<lj^y4qZvn4C%T9z2#r8M3xQLduTgCR
zNT33GGj4G2`nfknI=RkE*d6a|MGYzM`s1s`i$s4^=@EX`_YI!HE)Jo1{?HRnP=0tQ
zO}50$cT5-xGbxPS0O$hK4~;I$W$$!Gew<3}Wcb9d5^(1gYOYzdc&_qKPOLAr9j~Y(
z_b7Q>qjqusw$koEG3ecln0?N0O83c;PPJ<y<%-5lHESXrU(a;eFv0I~R>86|ReOVk
zscIGe<Me^OpMf6oLW!lxB`JHb!=~FWr}2V)@{<)-*r?*0eReMG*i-Ja?FX%;GO+56
z_W1HL$mS%GtfBRI8qoj@HRN8nPuKQBnIr~RyqPp01Q5pO$EdzWLy6-aeWU@I03v$b
zLFw|db7jo;*^u32X;bR?sON*oO1XRk^r}e;Kz-%`>Hb>S(2+yO^U#n%w-Kf5Evm5P
z3dQF34tcpMagq7H{5REz7Lix@(!mwaUhdx^{RR};?Ohb6AWrvVxB(<s>5)u*Wgl1h
z!@XXEo3&OqJ>(E*KJJ<u-SC-t=?FBCQA27CgQllv$$5E;M&siX5=;|UJdqrVtgWnw
zqx-R{wl0)SLL9l8CVb#XO1y$-8O{nBM_x}y6HBSOj2l)Fy6)<(2vsTj6@yI8nN>5I
zCqj$ZI^GlMC)*eqraNZKZq<^ni^FNy5|iHvHR^P!r+eg*s6NgxE|NEn+_r51Vnr{*
z?vulFCC{tQpH98a`2xPTj)|VfF}@`}x2uYxf8X2b7ZMf7seirfB<yM!_D<~B6<jCi
zvDwl5YbVYx|45PeuF^C6`}S8bAFg(i+LG&0hrVsGVbuA=Rn%eZ!Q`CLS(1lmZz0~k
z%zilh^`2agbq{ChC3#KIy{i}KsM~{QC?|w$+6s>!gNcpZ84%_(UewYinS4wi2zP2*
zL@wSL5hnGxQWun2ZJE>h?I>Vpu_I<#57KNk9&U#|_>}Z`uY@0OTyiK*ypW<GkpK3L
zOrIs_5keGb|Gc9gn$be?^?jaN>xpp7<*ISznoqraod@xo>tX0D_=Zg^0>7;I%<k^v
zWMsOkw9Z*pnk4)rFZt#n?je(sy{$cRG`Xr;A__kWm1gh{m{?q_)`$MoM2jV8v>Oo7
zDKIhY4f`EyTG2Ha&Vc(}Pat&XItC?Yv9eHbx$I172QwbM@hV#j7y_KlN&5bGa2p_4
z^5|;1mux}`7MBfvXTbX*icy!He3nU(>;h&Ie{z=f<N*zBlD_}SItZF;%T=`CrI{01
zVzWft|EQ}eyrFLm2ulYI8pBN0^~t<zAAjXi`o$8}`O{v8oV=zGWQ@3B2a6z;E7?s)
z92;U+7KPwbqDLD9&nzuj@Z;XGx7Ej8MdsgDX=zCWQNz*#(sff0^<!{VM*<FMO4SFp
z;v``~jb{)>7cZj3ZR-5qj)o^^*wEJc9(dRp*&ow*{>{XA#V@|5U;je!dS?E}t{)*<
zoC+q;eR=h)5$TC;?>4*QY#smp*kj*BNG04MSA>SD>H{`9o?JJJ-jKY<R><3p3#B%o
z(f&lDb>cH=a|E#9GfkVbRIPCAvL|S>zWnHgO6w?rA)|0FGOBsB%?qx(laEZ{5;kst
zq%jwzysjWASuFV*tUN-$wOz!FNm%@oM_I^M6=-dD4$0tA{ykiMe3Ye$wgsG8EAIXz
zR4>zR`Ae%bu+K1oF_=m!i!3`Y2?oMZih@=uV25Wr;MH+M(Z3>Q5PehVa`sV3<&bpG
z;cTGk+a=jLPibk}*puT7=E#?=EXs~Bz5iMm7MU$c*drZ+DOiFeuAAtuoT|9%1_KTF
zQat9y_F_WhIk6#je_GVR!A3|jl3$?aWdL}lPA21JBHU~N#vq##?|1pfuGwBzLI6e1
zcJ$m5<JVD;(x{;JmCX65pSsl$sH6umxtMoe4nn)WCA@KCrQ?x|n=V@tk^{HjzhW<;
zj3_hsx42zNxgJOhxsE<+`w%VsRAP<H*I2M1i=AsNpyfe<F%ple`?}D#KG>Q}C&Z@c
z#jQHxMbPIgT`TsxJ};dj;@c>SGy5(waF>p;*ig_^{3fkHEAF-u!g&(C(|Z~fM^>zP
z)l)h#+tjpS)e#X8vF9yH3bi~fn6f-o3;x;;<ahnpYHW1bNZ+;lYxgorPdoa9uJc4F
z9wdK&W6)Nz?~*WF%Dqz^bD|E^e@TMdo~u>vp^aRRuLF~`|71lbLau;FfKeaoA7;<P
zD5tTI9lO~9Uz924W;lE|8S6o_ikA`p4sWBd(O|e2Fc8Hn$rPHc!DzcGStR>60h?V9
zmmC}u+Z9U;1}%~UgJ;qjD=zu$QW`<zUSUC0?|ZpWx=N9IJvK1rd6`XTyTcs28-}a4
zSO@#hFZN{ilwr;G-#y~VP12iFGo}pPdw8yf@;aJ62pTJ@sB!`T3bnA~PG0-<Mr@%{
z+m;sX1x8!XNswnd(~tk|`#D6*x3G05xtV_PORAJOP1u2SZx*yWs0VH3TfSe4W08dl
zsE8=f=m(tSvcaJ(*E{=b^zZ2M^mUqodai(sy43JKc~&b=p`oLsTxomfrEe`wL)^in
z+j$#Fs#N~#f-2~PhX|J{w^-EN`OLhfyj70Q3%n57%A;`Su$tPVmwse^vJC05rSEv-
zbzU2)P-xbX-Q>1r+DM*=#aN{Mlb2}U8IaAwu-+&u^$Do~FQXpoml&&*!hpkVx*WC2
zw~9O1IObRIch}zZ6QtxFIl*`zvg8nqQ_pNHEiKX6tx?udobf&`vOW)mc$|!f$J?#I
z5O-m|D4cXt?|H?aXAj>JrMR#wU?Uf;=idc%@V1Yqlbna_>IHC}(?^yUtw&p$;yeq{
zO1%X==wqsC2-(v!h`ZQz7DmsFZ<lRZN{n?99X?L13eU3r#Q}UC!qNRei>duVQogWH
zr`!P_=!YzLq!&AwhiEbdf*P20iC$?J&JYNpz}eS5pfNaYaksps3&iLqQ<a48w}xq-
zFujvg(vK~D?geB9<jNg`Ki;4o`6uL$db_bR_$@SPhycyLD}GW~bj15HP|0=2bLsbJ
z2V|VyEWNFqZ|bh;UUWK7I{2xkos7l_E*)EQt5RPCOC4k$9SFj9J#R9;7N^auYvV_2
z5iG4D3@<KD6ZucCJq6&_Q@%*g@xMe$`$Yo&%*fjGrt-(Nhg{CT2rUbGpgm_9J)%qh
zl0UZTPAoQ7C6g3q*0ct&AYZZ=`hHaWF<eiiGf!2t;K|nf(2k-BjR$vA3~ZnZTVi?Q
z8?2_599>bvzA_WCL4i{5U{@NMl3)Ikt@Sec%miKNDIL~Xn>)p-BfkwJ60x_Rg2~#V
z(<7qK&G&7+GczDWG)4X>FMNN>N8w!lN#9H35QBjdF;M9_=7~vJdQU*-OiKDA&zH{p
z4TLK`3MU>bX)*_M#&rIvez{TPL&T|?kRx~F=<ve;v<8Qt3Hk}2ijm`>f1Bi=7G(iM
zVHq7AbkmmnvegY(j!;9<)daREo&5b3e5=_F=J4mw3zxG;48qoD7c8S!e%!R(FvQ9R
z>TkJ8h?1H)a>#vINMyRW@-Ul(jI8aST+@MP9lifFNP91z#lXfE&AxhR{32RD?|iF`
zu(NLM=$laf`!vIJ6zRS^+*FD*Zu1^YnF+L!!Le@hg8{K|l6hTRf|RWr>#pwWh^<>c
z3FPXGd?64L@p^*Jh&{`fZy7RrF6&L1y&?Ql(o#8#nJkXBY)BgjCy}3YXuPS(P3|4&
z#&D=pXYa&9{yjOo()l}pEgo1wzJ9GZM@lxBJIU=dWTVY7$%2x@-#|0p;zwUG=^ND+
zLJbyV3R&A-ew%GwgLu0ALBFtq$t3^y7K_U;;id0$=L2=`!fVOuc#PAer-U<2ic^R3
zD1APBXz5XizTIfLJDEwB2?%<4lO5z<Mrd{xg$fJEDr6U&NKdav-Virvma-?0(%@Nb
ze-A4gL4n=d?@!09HJi5mwzrZtClTBS@y$$5RE<OB)L^c9yb|ij(-@!GwTwz;Ohej>
zeE<MhrxSX#me}CG=N1}1w+9135kwVrsDt@Ym>s{DIdEOiIcEQhavT>R@o4$bEcbDT
z#1(b{rIh8`w?QwNC<6smhOL_!V<lLa@kLR-4}Ta95koIF7t!|QsIqU&)Ogvy{klr{
zmdvP?MVZ4RfmK}R+|K@kd4c%)PrYcJ@NLPZ>TJ`8f^Ktu&x_2sko*jP9WZO-cUWn2
za()7ffxLsQp^c|@+`)cxifj7bN^XQO7bk9baj?CHgHlX=5m%Qj!FJI$tnAoi`>TS7
zV9gZ423yN4c#xYdJT}6LaN6-@{F4Ui@mK&X(bR3DLgRWRzzdgwI^v_M)8$;6cu_w+
zu6WcfK684AstPj+k)9F0zD$PI$_B~GDrQ3XOiHnM-n0;YQ`N!Yy%oVtk@jC_#6z`T
zGYM{X1BSFn*aS%kJ#FsKJjXmYuA3#VXgid}4}Npt50<85aX9&lea`U=mL6dJAuss+
zuE5%)+nAE}K(GxBHoP)~!W2ZoOIMOi>qet5vN?7pS~6W)-cyx#uAo?ju^*g}(_lht
zCT%YNO(AsP3`4n$SxDOvLI08?kSwUE%5hhfOSxN4c_LCKDK?+r`Ycl-t|l$f-0-lG
z)q;T2I9<a2)P*?KjjoMip9(z+5q&tl+1V!|J51@PQok?ZxuXV_yCh<Yyh8tVjoY#7
z)zZz1a$8E=p<8?|K@<yOnG12k4F=~|bh@V%?%>@x7g&iYt6XxMhIHtbW&GWi3Q`&Q
zkk)%`2<1MnB7c;mP`@4gwy;?_+t;!DIa~Ap@%C0xajahy=S>2^A-F>V!9BPKhu{vu
zA-HSfB)B%g9fE6cOXJdbAh^@GL*p(}x%WRaYu1{19Ul6T>Z<;#zEk_`^V@1eoeaNK
zu}c&<2Q}v#TAks)Oa|xV>E0i&)2(TCe&VlZy;<8&-m;u;&aw9QTD)8g?VH~I*D0`@
z`cu>;9slw;T;4JePO>$OF+g{oZ11+oMO-db(WoFmGr^%gNBrek`sq(y6Ft)1n5$$h
zKdFTD(P0=jdOjTx0~@s%ohc$L8d2B5M^gH|o}n~2{o(;CITN9SP5wjtE#8p0p$96B
zZOU5yt^CQ9*(LH84fc?tX{^C(v!UP@R-c?TFvB-D^BP4$BOXa>+H)~|j{UyBkEiSV
zBDE_=Dt)>^eh}8A*?Ki;&l4VMl2IrV*=Pxw-h8ZgmmzE80ee~d3na>&OTLql+++Qn
z7qF7;e4&2%BfL|Ck>Mp571bCe3jQQWsJtF9*!X((s>+QKfvpDvxbM{QY+A~Rz1M`l
zlt15gDfeAVvdGBrlk9KxHye7p6^CyLmS)6{$n5JXEJIrhS|8fR4YZZmu!@Q(KRcyE
zzWf2}`E)gYAT$5h;+=2ScsF2;3nv&(2JLtuEnOmi8e-(|R0&vyBco2<p6{6K)h6la
z)niIQ3xUq0jJZ1oW4Vp0x_a0G<TXGTq9XY%Zm)=Ohe2`F&jVan6*Wlv?}5F*TD&Xb
zS#3i7jc_~}iqe6(TV?L3h*k6mC&b6`ueFipsU3Of9rxxeA_nZ}Xvv3xs<>Cs7f2Wq
z??K4o^Ag`-j_hT)kL>gsp#b&};PYgLmj(Bx@W?N)qPF2BWo_od5el6>RULP4x0j|{
zt8Kd2e|Fm((DT>Zr6Gk7!NSTWO{7%znJnJ7wxemfc?xYS_Qy!xvRWm}i>yWo@n7pu
zv0BTfGyakKQYHnZVtly~j|`*EB99p0KNFsyGN!?x#U;3wO@td<23vnf6Bm!(s8onm
z4_rq6F$E!%Mjfs_xA^BV^>qi%7#ofGnKXu1P<#L`pE#=I`=2HL+H&L=N#_Z0rD1t&
zCi5+yO5*JG<V)OblGpxzwXFh(I-?2hP<Z-QzUc7isaxpA%(NrZ<Q=T92$t~gzCr#j
zfTf95V1GVSToQhK4;DEbwcE|Pm-pX@@#5RaRONf@F7;e3tjf(jA?-Y=$}f6Gp&t~*
zJl`-9H#e>JFbzCC%6Y5{SbjE=`4jsxL|o|_8iPYCFRAFjhcu}3s*GvY^m0fl+(MOT
z%48s1|BDpqcdN4gb@NLq$XCO*9{OFqFcH6R;`3LdvDB*C--;yj!!wzcA4-tVKEL1Y
zVUd9gIVW0EZB9LGjIe(`{z#O(a-Hy;XY!c<l=owJ5L+xQ++;8wO2imK#?KyD)00Oe
z-2MjMde4fA+TDE89mQUvjQr{@gxyUR4}c0ZC8klgb#BB8gL6Y}iG(ZPyt)fLDTnDt
zY|B=n-b4Cq9uCWx*lkoCqsjgdQr}^9a?d_|9zF#q73<;DMbvDfGE#J7Y1Sf7HybzS
zIaRYR!jDtxM4aAS1Z;-E?;c&GghH!5ev>SD^^>P^A7K1s5K&K0NXXCsQ4tk+iSM~?
z^xR$TuNqB6+Wozo-JyNU;^IK2D-AC<UD8^&wAs>RF7-_)zVvBrB26a#G%0TD3+J)6
z>(yY~_M(?rR^-Ej-tP3YJIiXthHYo}wj5)Q8KlED78apZ{(I~XhmlbW?qhD8Ky$Ok
zt~_#5hdI;-{)_a|9q2%onm?UX#LnjK&dm{1<r*p?Z*l+Qx36lj9R8%saQFdl&XSAW
z&vNxoRu7TN+r65)l(;_X=VmNAav#YBrN@PoYTx+@o;3kmwC%B;CS`#}15r-SIu=Lr
z+%ac0tCBfe>#17F*3B<3wrHeoHuH6FF7mIx{~S}A0Wfz$*zz&51(KPpRXur9z+L@%
zNb6GU*5-$)yCc`MIklm(Gf6^Xn<_8cV=@l|z3-A1CGU?KeKEA)^96dN#Md#_ch7t-
zsraV^ET|Dbm_F-8KeyjFlGR^3=xC~b(>zeuF<6Q2Sh^36Y_7eGp{lrF{nl^TTgEM?
zp+)C>$rca_AR=h&js3j%0SuF<@m}|bL@nM8ZS7}b202lhTi=ZgI^*7wE}dWP=(bEu
z)s;mgNlBV&4#rD!HEPKgi4{x<EJoK`isLLsM&K1c@BA7LfP8;v0tj)<`#YjCs$N-<
zP_ZDST-Ajq0BZKLN>)oUgn3LxNpt8k{mTX%Z6lB%fj@zSsuV6D-hI124$yzVZN6r^
zHvTJ0>H2YQ2dKrGACLg-ici>0olC#Yr4X>*aI_-es}Zj34?T!vvM0gilopO!Ada>d
zi&uRah!z$WtybTZMIQdCdH`9FUa!`qrOksa_5N14E3P{%IuK9n*BE49H9nN0B_UW>
zO;)#m!O&uP!js==54+n(%>whd{cy87+s9VYFx!i?@oi=Qwq^U(-1b}HM6SN-QpMPa
zix~K7;$if9v^!sUOrvER^c*%k`uuLi>mbIX$6<t4X#wS0^iHA0ANVeMD*{xbphO!Y
z>ygb=@n{x>{Cds?6yxQI4|pk-YmEWRU`e6K6-2*3P0C=RSCtZj3xyLRG&L@Y7&8^}
zHW{^6Nyv4Fc-?Vi*rAyV`-+rX0}SVD3iAYOJ<=Lig*2L7a;lQJv5hlS`is}aUe>O!
zWvRxaC2QsE59e}kj(I!4+*@iq*x?iLd8*w<HP?oG>rpa4s*Ni9)=1S7)Y|tU(wSbz
zu_t$=RZ%Ux1|d;6^2b(*k)I-+r|0hB5DcTc2^2nftNi8{D%nqded+1WM~(sToE%@-
zvhl-`CKc>O?Q7*>Ca*{x;q76gzTODjlbnEOy@PM-0wgi}$@VTnaUUfl#9?~F=Lx$j
zc-jo=^qJkA-N4M{K5xyJJ*raB>OK=|SLAfL3eyhu;Ar=sF8-V2Jxk-QGSkDRXN?hq
zS_FXqi^cA?t1>utpCP`+L|k+LW1?(Y@p8jA!$?m{8@zlwdj!>fdKvKaShd)U6#IK*
z#6xJ2ah;1rA%!(=H0c7Tkg(e_bx9DJ{HzHQqnV6vvNeS7c@x)PSXZkrNcMPdDHrwu
zT(Rk`kxXE68h@!%S41Ht#Zh6f7)(_oz2{zImY9~EqB?vUEGM|Z8_<fV{CqI3wKg&`
z0x7ab_V&pe#Vx`sjVVR2iFXg5W|bKIj-wz_n-V^WoGzK9Sz*NVf(aUl?O4)T3q`5W
zHvn@(QJD2e`@1!#Ww*GfnbMiMBjCma&Sli06UH{WLN&!0C3uz8wluOIDyVt6<@BHo
z+Pjy~y@Y3P0z!Sy8szHlBJyd8P8`_gZTI+*sZl>_8H=n>k^~ghTAjGiK+m_{nHMn$
zy#_dV!|OJX^&EoY+UE;VO29(;S&K!iwpTd1`9`YNwSdKZxlTxN0Bj-8PcNz4(krha
z<)w~uF!QqqE8s*T^ES(|RA&=IDpDPsSF5=FsYjpi>$-+ad?6-3w{~F7Tb;H_tp)h&
zi(~b#vqk}k#lG<Sl>?_dZ2aPbp@eweKUL2kxu%LQXkS6CoKFQ5b37+~_`835U-)BH
zW_v9y>^8PB*D+gI2o}Y~<@cL5319WW;B9qDEsI8tUpV?M#*`Lq*~S#^)6&u|^%vLI
zx#$(-;<4O;obU9kpHU_Vr_!XK_5A$WI&KiHla(Uf(l_~d^#tVNh;T5bbsB1MhP9_n
zrqiV>3>U-AfhtLl^7?qhvS3F5QLL$EgU*Iun^`Zf|Jip}#P>XydiuEe*4ytHhEJGP
zm|xC{*(3DWOAX9avHCl2N&Q?3a^CB!&sqd2iO^<^m9urEdSDfqSXj)|xFb~A`t>th
zOYJ$m_(7{`i6^3~t2%{QD%q8N!0s{f&jqnYRHp0;#>fp>EpBSI?3lv^qGVR)t|hE;
zj-BPgo0Fq09gz;419>STo~=(U8$aKc=jSu}(vv~I4Ev!{jx9MyaR5o|F{jW}aB9)c
z)gIf<kG0fx-|F8Rx2hd&*H1`9AAIq=@i)sB+X9}9$b<w4aqnbK&*a(iE9&uT`n-Lg
zNsYSOC8&u2FgL&*8fQ{o(34Aiu7up#L{ntOT1!whpI>)KGGh0%)WN#LP0ZLmS3llL
zyy?1mF;DVb-3AhuSR(x;HRMB%Zlu`r^Ziy*%HGfn=?jc}*w=5($3=^OJuOrn+L-AX
zH$#LdfKumc5L5s7h_smpDI)mwOO=bp%q5TG0-nWWZrxcG;DXrhy`)_O&|(f7?~kpb
zr^`#W2Fghz3U@E}X-m=gPJb;GB*r<|cZ4Nxtb*2vJEDwrfX&q2K6uf{0Q9Qz?i5jn
zQJiacbc5}%1<lagk~KLQI^FIwp*`{UhV-rkz(DB?3UW#gtU&x~y?PQ#)`yrehC)o8
z&|ODEaan=n!|xheeGNglsL=19W=t>BQJHlOL-5OOr3!eA$InowW}xreXH9I(jy4N#
zqlB+cU~yRqQAjzSVlki-SOACzEWAdVdcLwqk~}#N3}Lby)?ACQIGf+!F+D^3DM#h{
zh0mAd3nY>{b&GQ{J?^0mvm4oh4ijA2K6lO!PoaX-kNdDEBM7kaEy(p`>T!z6))K3;
zlefyM=Vdi8q18!9W&>qx5v$Cdt1t4aXEj#;NVuFNQQxo1hlQ|PsBwozhv&mr8+HY)
zSo)N#B;n$3<8YkQhb9h^t<`S4(WvEo-byzaOF;OyvvSzfUImuQ;o(UUA`*nmJNO(%
z+(sqmRkTV|6`bS`SM_DO%jvuJ7;W(d2L`_EUB_rXdI~VP+J9ek7{Hh9bH$&StZ_dX
z{>@0=4}$=IcI~I8+{5a6PCkEJXMO2pwNsbN)U4c52$haja_3?>Nt~c(X82@k^1JtY
z2R`a`)U{h9gxHgnn7zt$u;5xZjq?IWUtHTL`IBQoO3zqlCz87G$%Cg8I)zkrY`?m@
z^*!RTAI&91zX$m$pP<T`nMy?5c*>&BLf(WIeRIyZCo4X1IYH)iuC)mDc1l5#QwISj
zMvf3c%T1L`wU4fa#>xE+&*aPO$RvpSSJhWTrWTFV=?~f)Pq3$3vM29Z7Hg1$HeiXf
zeRATIj?G8~_n2L^ECJ<#?pQqwqf!d1LF8Zp-Nvwy2(7V^bd@2Zq09)@&Yw~F&^YX2
ztj?#gN4!@v3S#tR;<pPn75X~hg>@IMq$Jb%Zg)?!nNO`}`yU>zx1g!#Pc~Cip6ZJW
zMg7r>kh*+smnotO-8LMo6%enI;HgzZ(~2h|)K=T<`4!f<U#J1Z^F?1wPRSZnY_i}!
z^P1jN`BSl+Ub|fls(#7}TUF~DrWCd$Fh0B69P-0H9bpryqlHDI$pLa?TtU4lo}ArK
zre`#rdPyvuq-4nVjHIA1W@Nb<IIr$_H)?Z^!=n5JUhh0|A?-Z952+hdTFo#rjHzqa
z52YkC2z=&u`B@(g9T-KS9z~3M?^kt%WAe^gP<3B=tsr>e*o`?n^Te({wJ32(&>^Cy
z)or0Xo2K9>?JGe3MaG|YkEb)jmpDaroKhK0n)Lg%s=|dspt}+sAo76h06DeL(A2W_
zDeM*|OZwULR+W>GH{N^RJxAiC3#m?JR)xVdQ{6IS(^u+yC{31?MhK<M58Za6bG4-7
z6oa8oR|`K&sk+N;6AuT9zlO8|rLpn2NfE!h@BrkL=NnY)*(lZQl5TCVFlNwAh1Gkc
zl*b1fW*yz=_;dtXrFjXQA%a|%msh9#s(%EH&XlRD-Xh^AO@CiEo-RxJOi7gj?R{4+
zHblJx)kZ2jfGwU0wQbC}x3no9z(z(CobQp8MR9Wc9$u_?np-R^uXVd^0(a}oxm{G`
zB!ha<Y6)9FLlU|3rs}S`P6>HTvSqT+0@HWUwVuZ=8;{-Y$0eWZr<<EcfSokz=6lnX
zoqD<SR>;{B4=`<Z_we?e+$jE@bL5paw&Y1ocDz6(>$treUK!rqd#CRLWjpOOdsbT1
z28$Bw#?fD;H&U+n+$#!QkKoSP?)&fED14`8gxby;pL}1l23aP6778`JuZ2$7+(n<`
zbJoEfB9V?c7v}osb@Gb<(VElNmK@u0bVBOuTv@Yqn?7aOdi}R`4X|tXylkH-GB;g~
zi!<@-i=(LSrEm1eSQ7g6dgJ}(I_(7nHA|``V-(<p0TpI?INj`tCy?E6Yko3Ow1=FE
zT&a~Oai*QnDWo-CrWbnMQ=qtBMsH5y4<VVo-gpsrzE;8zlONyFdIjR!xVNMlblsNC
zMO8P-{FIuRNuQ@nwOD`=&C6rDu%dpt&s1g8jaU3T*KUwAZ}0q)?>7}fz*9#+cM@Sv
zh^}K>WbhPL4&jz-LF+rB(NS^nh31mTg*WSpc*URDf8s`}Q*gFb$nuz;zTYP`omioa
z0bt7i{PkSUq*TqG7kh4TEyYi~-n`xqS$KWxAW0^3c2AX@6n1%uB6)r<+errOLWX=>
zf-tCazaQc)Vp~mR1-2jB{rU){VfYge3^08%rX@RywDy`IgHEaKL&JlGP9=fK{<Qn>
z=@sWp7*L#mvR=mqfF|3TPqCgeJScf=nEl<Mh&m8AX94tBEWX32Ju_ef%eL0j$ZSM{
zDQW}ww6P$yKZwraTvmqwx5`p}j&=%gJsC`XjV$||n4+CuUyo`VHDfk^X3A{XN`OXC
z+4T@o&H-Ba<jVs>>>gjSpE&<uGk5^l%c5EwJ6^y94_*pWh?wG82wmzdh*}wmTpf4<
z*=+P|OwcJmEW6W$_qwB{_Y_|{mb}!<`SSatCwJ6f06swLc$5$Ss9h#oN{FJr3?E45
zGXqw+DY;n3o0MYwn%xMQwyDdkqFa7!fW|E2u8Dtl#Ug3#g-C*{IB=}_RTjX|V;zQ-
zAXhIyE(Zp|Z$){rBwl0Us)F7ExgwP4BtoASD(&zsy2e$tX;Cq@i}Ql06hqSK{4-m?
zkjRGU{qZk34x<-yQPj`w!xr&l5ZZ!}ZE?x`e$2k>_Gbw)*8wgC^7Igc*On$j-;qUp
zH>Ak!LfC$^<}G9dGIu9cg%NYP0nmdxET?(?9n-x?eAyo)9qsF6hupsiuZSqRXFEK<
zM@l7IJ`FWA--N-ShCyfVj|}HPl8*W=+aS*ztY2PjCo6|d9IcKB_vm9?1zr3)fP70e
zP8LDh*C}=zE|*nVRUyu|9-+fZ=Kds=vO1me6cpJ0c=^DGI)ZrW#zDuQ(;x*s3wsAZ
zD?;~onV(skT`jz|jm}9kUG_m7{vTN}$r55wB+#7io_(=^ydtaSP@Q~a-GOU?PougB
z4G#$7`rFzQj_R}aBe(9G9qx)x8EI(|ajU1hHMljy$3Df&UcPYZu{C+5!@#VtFXgAH
z$6cPlqeys6oYP{&N@Vl9#Dykv!QgE9#P9K=okBSQ+Px9Cvh<W=K!7zl+{K1aZYF??
zx_^iT0f0UibP6FNZf<TOeg{HyA|d^aO2aD@0+v)dYjcw`R`o(^o=*ZI^Ztj8Lbr3G
zCshGYJ)-fLDQ@EMR=D%?z(yl!RnMYhd(r)&q`~<jsXIPDYu{OUj(&I$rZ8E*@8$c;
z9XuEkyn|Hx@lM&BEL!j}oNeu16e8QBe||1M74zpYV6^q)<mX?erI4(<EXsmOF7$k}
z<SPB3WgsCu_Ui}ibmcMSby6g7;%nM&8475@IZV=IHagRa=vUku0^bt?(<IyR)Zo+`
zOR25TLa4UdY*I>ExMeehxh@8!%{%%0<%D@&A*p=kj%~-c%;l8?@~Y4PyB;nOJfVC9
zV%?Nxg)FMWM4$Jtj1gyJGx5O*QYqrdU>+`A_h$0^`&EK@+)F8bf+0|Mc!;>KNFv&(
zGl_%#I-O)SFrshg=aEq58nL+<!5;fI={rQ0XFsNvIj#}~``Wp*MV26Edh1^H7jk@k
zV+7ILK89wpy-nA=(xT?d=<+8u>CckE3@qb`Q>A^nzvY4%NNyP^7+&S*nrG6EX2-Et
zsAuECLP%_*_l8<kIsEWb3sPucG_#}fA(9ATR01r5#O3Gv@AO6^E~)ltXoN|Ymku1<
zu<62#U=NH-Jc>TBF`loy-2bN(&#Htw;krrr#iRD(lw+^?P2?m;e&~V!cV(E5F5%7U
zE&~HAYhS9I&yRo(@x6=QKPpD0`R}Hur%OtI$~=qZv%78beUa}U2GB?Sk(#!P_{DUT
z?Bcy8;gr_3-Hb|Yi1D7x3wXB4Y|;jr3?(~!>&aOuv4eu}z}g8aE-2}rIhCkTh=4U>
ze*8zCGqgL?n}Hgt;}Qc&-_SZq1ZV8G6y{W{M|<dHbBZ)?b()LelIHI=-@bpo@fFe@
z+VVQ_Qb)>ROVZMOIUW;Jo|vSr&p)p_v5EmS*jT0BQEIN1{qn8UFuJ9}$B%c~v*wzR
zR==nLk`mQ?c^imiXl{vumG1Genf>?Kc0R?8xalZo>s<Dw)8xIUa`u!^>;7QicNx98
z6R}uP-~2@%a;l-@_l`fuDb;=SCf?!0yPfZUobVv50l$?e^L+pydbW;7H7m`JqJy}V
zd4E~IzkS5eaSlCTAM-xEaGFXaCqAl2#w*U3!I*q}n^b5EFmYdMXjjf|i1kRDEcF_E
zFJY6Y5R<glWMP!btX1#9M48O09_9jo5P54DJ-fOU`kGVHneEkl5gSD@A1n9?v9Uj3
zV{_p#lJQSVB^LZ#t4m<~LKHzF^+0bZ^rEP8V(4^Fc|~ZW-dMD<@1zKo=_wS!LpW37
z<3ILbgtN%Wct|o7c4zrxW$&>wJ72T?xb;$fG|rw)!fDu56XeLq1q$-=MA-{lM>^H#
z(utz9#!m@v()OPz-rO9DXHD3FBW_|FSg%~iU!BL~Tqq(PA;;{jwZq(6SzkUI{!8f^
z=U7w$f_=nltuVtU<ETUT+kqKonF>SoCFx9m9h|-wf>_w6*kYVAm{1{(-Zx5k0A-6l
zQA&y388-M{L^+*6`TdVCt;_Yw!-i4ndR(!Jy~<-r-GYcIn4*to`_GMOEv_E-3o|y=
z$#@JhdxK`7o98(f*Xws(5sRnGlLfE%TK{>_sB$y+;rmv)l`ByV#(#cj{eo~8c^di^
zjDX7)GsCXm8KW8~_JFRpU(WKg+tF6-DCs|(Q9m%_D+l<cl@5{&zxi<YTB0SJ&HWLp
zwG5~LevDLZ+t~)}VlThDwXIuCK94FB*>D}XvXA)6k?-d(3zTi~*Ae6w($;+Gl=aP#
z=`jdpsU^NPK+#CUYX++ktabP4HqDttYH=^FdF<3L2V8eVdTz}x*F9e>?UvH1{vv!+
ze3bQhf%7qUZEE_KU*F#}TUq|sK<LEmS#$LsTQ5i@cL68O=i3**2RFB#sa7to<l(t%
z*Lp>>#WzYff`3<@N&PU-o8m)y=L-!1lz7DAl{lK=s6QP6xgz<0`@IyIh`MTOp;>g`
zD+3{C$ZR6Vjgu7jimp!d-5os%2^Ddm1lZSLLOd!6HT8l%%N0xd4M<avb^5CjyUuIY
zdYOa#m<_s20(%NZcIyW^Jv#BWIOBI_2i+X}Y}wxX$$ji2-S*^$%^t=APnGZKDaF<X
z$=SXV_Fd0DHhQ*;ZH7Pl$v84LBu>jSw_$u)%^iQquvaM<;9rf|443*8W{*$fR2?I0
z(f=U)Z%1~)3^4gVnJJ6aI*|vK?F%F(YMb=_5nC)w0EWQ{WzwVL<1g<%rM`H)zX7wX
zC+<Q7O{~ksef59X%Zpo2%*0fV$_^)+v?-G;ek5EB84Nx)BqDT?ACIrQ9vdFs+R?pB
z=+>Yf2t(y0EYEkbHGZxO0gL+}_!%fT1Rax(R#ERB{H_>ZFX#9<Q;Hb-c>>M<V9Al+
z)_>x|`4yPcpb7Dv<m3PKMHLP%uQ^*#@RPW8w6#j%9|6)La`$X8`o7WJr_}f#d|QmI
z*{QkAaWf$p(L8)C-F=IY8M?Wbhz7gxkWD7V=5!YA(5<rCwDtawMYVd?xK%7_fop=?
zc^86UJ^1`+r`D6Tj?vn$_}5J&%CYb3n-cm$(DF)eC|E^MW<c^vEMMOLtjE~u_A<})
z>YlRK>t9tpaBFjvbf!xXfzK481}{0(KXCtx#>f|LjNo(6dhNFzQHB0@=wBglJ+Vq#
zwP1|$@amu){>Lz?haf`w-9Dn7+*kO%0&V=AK)KbFtHxS^4@K7_OH9#`WoJw>7<xV|
zlZol77r$aTw>m@D3=e$0f%Hgj%^MJw@evRHmWYEoPRk?&-LbIE6(!r2#5uq2^{_0T
zAH85#^O7Um!&P7v-@oiKprx6`XRkCE3h&*BS_if$p4cCJ)3cxN@(K;adMp%|4s2{y
zjEurE4@>wWBsgJhgNWZ+5x6RSoqFTOx+Z@)c8EJ#I1282*xHaQE{=7wwfpb#d}P-T
ztH&M7HD%BGCSx(D)!!8~;=4Hb#Z1aJCHl+`m9^t{bi3m2kojL2cywhaaNn~6KV~$G
zm`bKcauSoa>3psEQyfxAiO-HT*Hi%zR+<o`qmF!k+)_pHU#KO~;%jv<fMoLAFP}BL
zJ=?lj>?wDGZJ2wm=3u1O;gu*#s?NNTa+aXb;=bssO&7v2`uw>}@86Y;Znij14YihV
z=dk&dQleR@7hOB;TH`$!rt>gw=gYIh-Fi9X>MsjK<h_6L2%vbnGZtMsztQn+y--0X
zX`?&~I}B>=np9zT0`=ypU!DdP(N;eFkBn(2?|nG12TiH!IY!bp8|y)J9_98~ojj9J
zfnC#cVe%2wRJ`z~?_u|5Y-nfzsB3D}nT;8u>@OrqzCCy|8>xm=Y$M!ly?8vAAks|@
z!G5()(g;jI69U<W!|)Lx38ksYrDHV^ZORWIr11gca_*wYlg=h&(J~<5>e(YM7LPQB
z*Uvf-ht`;ln?bGLi!zY^5hyq-SAnz><c8u&U!s`o<W7kFu2seE+1)!Ko&>FU5k7mb
z13lP6WKv%Afe4L%V(@jUn@Mt5WOEDNe@n8()zM6pJhfqspK1WOUtGYfvlR=W{dk_#
z&)!WSU@iG7gVPdxr<lp7`bfk(FsUpW0|aCkUe9xU$;u3Py7jgLER!tGM@hgo^qu0J
z5@+%0jAm6o8!J30?KylEc3s(ZnbH<&s2D3-?0~q<^2x+6sZD#D-CF<(h29<R0uf!8
zd`wJees=|b=mbNY%!nC3%>wBks3^1H__iBVO1L`h0!1b*@qC2?n5eR-W55vkkf_aX
zQ2TjS{o5^ni+*^ro`YO}+wFFS<{yA5V~17QerLlCT(7s*&O@5+K}-jbjWOHBNDRe|
zp9k0OT&8bUygKm4+N&|kwPtT>7S0BOt~V@2+XqC?WNC5vjy5+I4lQe~)_gNPm*Q;x
zLv)RMyQ=^bY~;XToE3>t)Snkn#_qgvdPZB)xEx9eM*T2PKkjX|%I;dt7<$8*l5V%-
zAykYE+4m0`jiPu7cuASvEgTe{tKaHx{tjZHYLe0bwu^Eg@r+L)OQ4~rF@|?xi5l(d
z=9|eO-$kl*8)<r9%fSHqSv~`^;pa#!5&dtM_znIQGX-i4BVKTFbRv3jk1J+agR4sY
z(?g`ZQ_oM(Mg%eE>8hFXM$k3v(oYZz(V>Ws2i<Hk0&2P|`Yt-xXkgr|ou^1v(#qT(
zJx^i${kmIMp!<!d1A|DG5%?FSw()qL8h)`I8U%+KH^jn+ydD_f<6ZV@fw$jJsC#o3
zU%f8A0IshaB41FDz0Ni@vQRdcb-YMl=T&T9Kk0`afVFbI+qgcZxKRitu{q7i!RjTA
zC0yM?`s92t2J7nFO}II13s_B1)-rjDw*cCo9DZ=Ao6!_lclFaz2d(KKfT!p5AiJ7}
z|I>OsY6qMgvmOKi;4Ag*a%^1i;Y6$l<0_B)<sWok-yRRlOcFQRI4XEuOCHT#94!(~
zVnv$X`L{WD$MN6nU(hNL&xYr=&6r6(yYJ4n5Vb^CPI;okrhytm3lc<tS8|-D4hEdW
zv#V1ptBHnxA5s9oru8eSW9zu++3E(m-QtoWPq!JVFn4seauWsr(TK)Mo;wG#?!woy
zeIi=r`Bz2)$6tJR?ssk&>O=F3@QRQq1;`y+uWI27{Im+0K=|tGC6CF=_Ne}HwlO<y
zoFQy2-mMh%@MSLJzKxQ-q?GK~+j9|hUS4mXM|hQDn9qKM%=GV=Y6w^JSiM2BG5<o8
zBatvUDvyZe(2fjgLT6|9%ZIZegVQMa{*9d!cyx{d4+3E}L0?m>ZLf7d&uUA*#@a<b
zZb?OjWR8g6g9e1+aKIUl3zzpLcCX@*c^H^n@b789US!ZC12Cg9yadI+v(krJTr^ok
zvW-G7lQ47|d^s#SPH~1l$v<#?{!yLpv<Uwi<UZxP(2is`F=ePk{BZsolneYNAq%<P
zVTbpd?d>RAwmmVn1Dgerh-pFS8lLgOFG9mmxdc!j{Mi@HBfGX7Qp1dw9Hu0yA4}<T
zhuHeGFTYn$Z|dsmIvuMXr!0DT0D0a`7~4onv9RHboI9&kb1$B^a<E<SQSz3l%|<W&
zB~69x=bzYER)W`dhxySz=V@RR9u$8$t<&n;0HKbL$~5$w1X>v__oa3Lb0%mW3p`vu
zV_tIIc)#Y|@060Un*w;8m8g_*$gJSr9aYZa`?I+Pj-K6Hx5X7}b#+t;q*s2fHgA*?
zP3=`VwtdxNensIxsH!rCT092@nDwg(xVhcu+{gT!rnK9^fXr}PTK{p}bHF6*US_VM
zv~9DNsY(rd5L-P`IdaDDT9p3rfnoB?!kQBS5YW`#wIhGKw3t54<h<O_q1NSdb}D1G
z7Z0Up{apTpSEFPH2C#E5p(D3t%LPCd8h>=&peqUgO*RfJJ4|S)2xy_BBXY9AcGk2w
z%cJ||bc4fXQ}&CcWpNJ6RwB#*w2Y5L?)JUi(y==jWq$?V*fKhc=USgZMx6iC0>w_I
zD_9AJ5vi+mMANnB3{<cND2>YcWP@F1qd04>#g#`JH4SFKUAs54&PAe_`<5*fnek0I
zOJ95;jZSMl$*?w0QSliCWT%+#@?@61BB$w(oQw+BsPEeC#l<XXRfj`D@s$9*?AWhW
zwbsXE-ZSqB2H1ojc+>?ifjZBj;L^u3JO9@GJq7V7OYLU#sUVunH)6}#<!d|cJX>IG
zM^41Y<KPhx>@%4Ikp(}FnY1c8hmx4wFAX85B=-O)^klC%rz}9bSJ?5>MthKHB0;c8
zU_ROfR^MQ-_^dQFP+cWgD-PkM+eHQ1<1f<89-BAX0wse!<R_mZZHDA7_gezn#1$QK
zwVF@NMp~iD+m-#6=j9XXUO+M?d#3lDF5kuo8i%*tef~SV7<h+ZOVU3D&NhygP_p8&
z*FBX6bqla_g!La?5+}W)lzmS~jReV=L&Mh1M<^y9>0ua@5yZ;EYb|ynlUSl^#pr@v
zc0|Hi%N~muk9U{yi}lu%Q(0M=t*t_Sm5IPSY{}vK@#X(GLv#LiDw&N<5KHYEPn?pU
zRbpnE+_edXyGdmq&2I&KKLlW`JbUsJFzW>E-!b~$t@+Ti8O%D6jPey;SN9Y(IqzI7
zjz;oFjzFUbiewDot(UJKu3}lr#}t<>MTKsG3`^_gE@)Kq#|a>XPGfnw`;*%aXI09>
zjb;3CpxYdHrDg#e?>8%}k-O{FE#bXL=(w=8^Z;y;T_Ow<3e4nY^N93FdaQU^HUMcX
zgkcokB_zdX6F?>Rx0pMUvFeK^{vAf<f^1`IFX)SBWso!`;;)Qgs1~fBFQQGrC1OMn
z+wbnvJKk@)q*J91DYY9!G`m6Hx6JV^K%)dom)pPT4RD71|KVuS^Nau3Lra6IB4qn)
zYCMien02cE0j6WS1~_oX%YP8ocI*0={5F%1P-lg>+)7z)0Gz!Vxv?mc&~bo)_wRcd
zk#K^;{YYs(Bu_HL8t6!~`qnxaaIAQ5m>c|4$kd6g4p65pMHEy2L(ctukyCD><X=v|
zxVZjEA`R-5{vXNLo3^O^zw`X}RKXGI{}q(Lr&){Hzg%A|SeU-9>PjCY<B*V^QCXwE
zAIeNh%8#<LiCF7@<q5!}ewa3iVLX;e0<gtgv-u6`Y>1Ot^|mSHdit9RL%WeJYnIX8
zjl}35zq?Jzz?Bjr?i0B`tTOqJ`4nv*RLTYvkV4bbNji<b_{Yya9LE98sMn(Dojz!1
zD&sm|*B4gk%Z{S*(#0!uVA|rmK%==g%Ibdy=ll!StLbrqKh8Jr<UTdupK{!M*=i>e
z@}|6?_<-LQdKl6w=0lZSN1C2-`?N{!GxJ|OTHjS?Z>b59a6I4=!o$ZejZ;D1<t#y2
zlV$m?7luDf^2Yk*>&=(1&cCXLbe@Qh!tIZ>*16u(Z8IkT)oYCbNW24$wYgLDOsCb8
z15?Cv18#O~2iz#bJNq=}LOw5r*!;0b19y)0zrsMY<iBudj4bXHs`5|77NQoDnt?>S
z$xHEr(dtUU^DH-Ro#U%YdC0Y-r(qXN|KtwYu$X)rC7=!fC;!J*9;`JVJ{bjqZX)Qi
z6RAbaNV<2iO*W-%zJ{WX80mw@2>MhtCW5zY)pUNn)&bb^?--P%8a!TkDn${nh`ZJ$
zrc1OF11Xr(Pb=V8f_@c**)8QMKvCN+A6_^b*%H$Q-UkZb&<I?*J63xW!<NHZc?c#L
z09e5K&18-aYx6}x$4hQ)e<0!pC!q0c_IaY~Wsp%*+vv_n+9XTJ<@Wl5jRT!xdV#}n
z(~f^ss|ERmnI4b(z6K1+?tu=;;`>=y+86MAZ}jlQJG;sTf`xM1&g>%E6NO?IG&d8`
z(3k^I7kMh)Zxt2H7st!dfe%FDr>Gi<l|2t3nmCoJ3vom<cz{F6T|vC)yMl+GGlb(?
zw-OAfh{>O=`q%nM9eaUV=Fg{S=Ku-u%9hj4S6Hk6LYx-F-;IKwL%Z2y&c{Syq6-|W
z++E<O-@LHH7Eim9Y>2=yXgNuyOfWFdTc-6}AN=qylo}q*`^ocs1p9%-MO3|-q!0Y@
znw0-1L-+Bc4ZFQ0a-CsT1PJB_kS{RWivf*9#=wAFe1j2N#ERQdo|+^EFd<-j{bC4~
zzzCn!HtWhm1p=+YG|Lan7sI87nd&*e%f5g7TO{XpVdJmJfwD+I3d3aX{CB&+RW8oh
ztCfJCSve*Kndedt%LOC{ZLcGsKw9>EqA4?n`q>@0zVV4V1ev3Rq5$Nfrg~x;^lnd9
zjP#zQp4%2*po)65NT%8C-*|hRYNEpfOgP(XgGR|JF?W-_vZFVgPRUs*EHO^{Bz>%L
zL+@MjzFNC!Ac=Wa9{X}0uy{I%fzkz)Q?LewjQWZxW7e!#{e1vn(B#kHk3P*e^~Sd!
zhDU4bQ-FY2B9TcpPu5=Y$(xo{cu%2Xpmnq7(g%u1t6-Qr`|@#jv-8G<g;;fVP%~Vx
z4$~XwLHMi%1p5WVC97nHs&Sx?+IEk=%BVS5Wxu<Kq#|pa9|WFIv;<MPPNoRdm{CKj
zoV5j6IxV#%4OA)_8{D!pTE;7ZYQ7KF#3C8MDEV#FCjcpz-ZIKrjF(D==$d5$Mm-x9
zT;{ujo=pU*Z|XO*yb!!l$k}V4v*HtunViaeV}X=G&f2#&ka^%)tI(U2LT&>&)n5T{
z+?UkHt;l0^e1$Q$oUG@9*GsN`vjjRaWO2L5$uv5aLUglTbd_WmX6=V>TB?PrjFBdi
zLI^7E!K+r}2SHw=>D=;@0>B{ug!P~0X>8}Mk=Cw{YkT{_?)~Gg*(t+0YiT?O{fg9I
zh*BESn%=#D>CTmUY>ib=b_?AKpZk&@`Gqm7v;SPJmjRRfaw7)Assxc{un{r$c0q)}
zumm(1#Y6k8aI*`$UkahKxg}9@RsMsgVWxw8hw(B9p#!aG(2Xbz#uSjkia~PF-{o4E
zQ?4Bf;w^`ewzBFNrFD=~v^3J_Af>HAsE>J}@EBOzecSo9C6P2QPO*ak{O7gsH&Kxf
zXmB>2puv{IZ&{%1z@;U9Q4PJPi+kJCnZu?B>R1_yRxD-V)9`?Lb2$JyeGypawC*fZ
zw*0r)SMF#2%t!eb=WTx_$`&i+8Bl!28=XD$M^n9KvZdInzsM2xlB_Y{1?F<qKSqzH
zFTkQg(FSx=W-71`=m$oTVr^0E<{AxsW;c}xf_as76nOYzHL}>9U{b-s!#|EFr(#QZ
zvPFb=alu&(9u;$gF4aLtXBIol?&%EZfs+gjd2@rb(LI=?fM~pW%Z`C`@Qq!RmxUF1
znRA#Z*xcFrjkZz>=A@hHcXwHnwE?`gF1H(Dm0m|wyfkK}gYSJ{-h%<`2M1mRz^V<s
z>AEw|g1|#|2J5}D6?ln`&p(Q78T$*-A%*ZBu&e7gU6W4)T91!C(&~6*Q?4a%Vfn+4
z$pr6~5pzqhk~xqk(Tl`BbZBdPpz0?thy2d;AkK84e8_S{eX!^2T9=Fxgs*}YaaTcO
zdpBY?!iWcPCw!iDKU&t>l?}_gNO^>0o_?DMH^Ud$J-$H3zUPZ(fpV}-MvPj?;Qp;d
z_%SXob1Pj@@sfcoI4-5fD`HR6K81$m>m^bq?fU0_C;0>hyAH2~J-+Mi;RouTxtdi<
zAK*<2uznBXq26D1X^Q3q=NNDhh~Dpc>N}f@X5KGbWL{0b_PsCX=DVCj^}PntAvC7)
zlygM<84ZH21oFDDp>N4Tejo}qEWH-I2qr)LLA0PT=VgJ^mOuJb^pQghyYoYB54?y$
zEgAtTZfTqbkw;3V3hGd|?7}=K`hKgoE8DE{4+0{G6t3XVQOpMi*#Y-t7LN3t(U1;|
z<cJO=-aO*gxN%~7D&9-l?yL7Vi$B~i+B`rvS+y+tquq6!2r}OmgDzJchKTyW3MmA|
zUC`L4)7=fLN~5YtFAy=FIQ;N^`aKvrEKhQ}_OMk_RRyq&MYEq~&29!YXN@~veJ+Y1
z7kEUDrkFhCq5{+m%tK!pD(v?-D81_p6$W~dD}ML+Ao$b3@Bx5#Vq`XGB(d!k#v7IJ
z_ZQu~ZCrE!Ua;IS_@J@mr0W8#cy3+e+^A|E4uM&^vncC4b!Nk6s7b~$;rRwxM<?nC
zY6_}LZbh6@CfJ!PvSPhpBIhjiNaEzEexW8X!cC~LP%;C3Um9U7gOVp0Q~UV$-UZTF
znim9n<p<x2O54fyKTwlx#UKE2qTUsg=sE?RW;<X@<&k3O&<3Zz4j`=v=o=<mey_lJ
zbHDzJU9o7Hc!_?auc#hpMzn(yX_$N@%6x~vSzsF;XntU)OXh&b`R~zmU*7>2)dAI^
zAO#^{Cv83T)*T^0rpv_v`Finq^yC`nq3slu&A&X`;4B<5a<Fl}#Lg9+Ej~-ZkHPGJ
z0ob3`)+~*tRVP&wJo-5ZR|4f^o{{s54#TjtHP#--l6POyXAH@+bp+#r1wS9riMG#y
zE{mQllzs!a_rJoD8|09|NU&%+oc?ho0OY}Bl0FEi0}91y#2wVB+7|rCGICjh!@V0!
zY{Hc1JAOqD@R967=N#{KRngZ@e`SJx6ma#2CERCUK4EhH$uVdRL$@>tP?*QEuHZ1r
zQ%@Y*89cMIO$H)ChnIgNr!x=f)7ABpnuz`G@jmT1Xp?!aicK&G5#iD*2$n~F`sbgw
z&vKGt8Yeh=FRRbHNBIQD2o2m+KYP|B^eMHFBIXawX~ao&4PWS!j1&v!*1n^6N$u;C
zL=M3gG-PG-SPhz#Pis0bZaJSLGwJk35$TblR!G?C^UV|-Zu^y=gg3!T4tPx`M=%@9
zCr4BTvaudL>%MKRfe4r_EqjqSPK#dVem4!v+JQdkcCf}6lYduyG+Zoa0tFS+HN$6<
za;bGZl;+*MYL>cMcPa78k3lu19iVRD0q?`gwo>8bp5P^n&@rp{PRFqe#(%!%#V1Pl
zIYLkda(=fB|G@W(>c-BEcErqeXg+BbH0bSG5Aw590%$@e8ONisjlVkhdv@jiZ)OGU
z%vG!mK_fixEqA%7G(25Or)^VR=x%}z!U(UHrAhCn0ISM8Ag{Gk7fce%=vot}%kQiY
zJc6JA)AwPH!gu>(b<e2x8xq-Wi)VMjSgHS|Ev$1ZB{LR{t?i{*fApoF-b1Y5sh+oj
z>i-G8*U-p5eXMipjwmk430gm?0>Qwrr<zMwTujtSLC3ZiSRy<UvBXc>qAmKdLC!(<
zc%jT;!%RBhNhJ}A0LW>hR(@@oIdY%nQfq7L1((rXQcBW3$2DcZ#XCjE%@U60hrBv>
zn-Aywk5g5}!*)al-zLsJ9SWP*2TXBrT8>J(H(aALtevmY<@kOe7;;ww+5nN4TP2mH
z;~pXF?(4mS0-sHYNPAec>e>W`l)gHYt#UPrEZ()`elP4?S;}Dkt0=^<3cGyP)(g89
zxzot;S+m+3@N17$ftw7F3Q@?*lUCd9eMr=t$;+!i_EOy~r{Y1ZJQMW2ankpi4*|3>
zAnxQOrDG|Bf+O?tj*0$ri}YilDaSzbDK0S4f%9C#0+q6LKHU<%jQ#poQmXgE`hz_R
z)@ie$Ildn@upi<$xYRxkp#~pbxS4ni$<N?7c|TngsJDmk8v4wOzHIlqyXF#}8GJ&b
z$h!^h(IpbFyCKl~G05IX({j{EdUtt{(r7(dRO;jEiVG0!##@x%0ZK%09JS0nRnJO_
zof{Ut?}uU`5<yzLqOQGa;Cz>}SXq?NWE91mrO=}YSi93NFXz0fUO8{l1VEef$9f!m
zj)M9YK2`WV>niLme$B_6Ck%Rxac0)Y4&*Q-Rv7G2Hf)_SRdv6@5?!(Q%$7s$9z`;~
zfLkDz`F-*G+!EOW6H>@=cwGL&8$B%4X;GLjVLND>pAl^TxoSL%NWhIAQ}p4a{*;)u
z7MP|iJE|M==iB_=GleOz`zCADmS`DKN%_cHoh(K%jJk*i0}#HlC4sG?VGy~tkD@HU
zFh~X-?3Lu@X$u584-c!hwIlc;p?3jT$?5|oT(>X5=a-zsTy}UAz9*DV*ww~sFNJ_Y
ze9m>@sU7W2jO1xm@$*l0U~*WeGVrRjpZ7?U6VC+?8~{09&>D*ux%&gVOzpl56@459
z9($_}hs4uy`O+JM{d(EN?oN;+(c@>^V(k|e^RKap7e48`kig%Cksnjq6M@e}?l#YV
zN`D4kfju<nkrjwYj=EIsGaP_dqMBPbU1tCX%wE-u-2+NbreMixz87Hx1`AT7fV3DT
z#U0`G6KW^mRj`my7_vTr=5(uEIbo^5zkIolHmY@9Mfq&5kRxKS3{(TeM0`%h-U9ZP
zgly^lH*q(=DW9+ib3hgX4oXU3rIbQSXu0e2Eq=-><bd~~lD{3*qO((MkFSypFKWlY
zO;>=DHC*z4+OGRBSy$U;zi7|86xxKf-$mCwso!sa_wKTm26Fmb`|so$uw43*3x-+4
zHPp!a7l&=wOWp>m7zRvn(N08BvfQuI;1O(^R%P`W#~RS)S65drt4@x|s}mZH%&~h&
z3bee9|L?zyx9!&Mm$Pf5YB#);PiF2qn}(KDM&&nhl;#(z_hCSr!1phUC|d)<CcXZX
z5dLZx#}X;{#q;y?e0M*Vop&9m$D907NC+MY8=?&R4TIFlS^fXZBKms>H)Y6$k5Usa
z&(B$Q2*uyezZyusrRhH4L7`A)o(Ug{Jmb+)Ro$MyQ){?9kgslUMbOkt@>lpz9Wm20
zp)Mxv1VohlgBpJ7Vp}bio(XdnCWo*;(SIWd2o~GkbT18TQN#!Q;#ciWFgdJK9zH1g
zdl2B8{*3+qP4D<tRP_I;cVM?WmyP|P4W@4R=s>Q;Z2PeQh3GpP`p7G3{Fgmw{2fid
z7Q-h2iQ}VDp_I=ll+aH*cG0mz_^AI;fhhYl2=ECKAyN8P15eg0j3!}|+ofB}Y)j>@
zJ5YEo_06M)+f($;gTNidUUr(u<lsXVfKYL6!RfLMn#nRT0BsBI*;Fqb8KjUuQnUyP
zRjoR*diqsUWctXsPZ*K{{2u(jLf3_CGK(I-?Div67CJ2;J0+fcBOQxO&8zl`OT+kS
z-Nm<&9h?_W%WRa;J;dFazD|oG=ge5v5Y>aZm&xz?XK5)~DvDqY&{ePeT1T&!egOi!
z$0+~KjfgNMT`SNu+rPM_40t#-5NCGRTCzv??`T@~Af;8x+-<23=|Fm7^?Z8BYWCH|
zN}yHzH2b?kw+_fX`9}V@+8}m-N*>@ZdW4b?;|%k=-g9gd#Cb3{Ms7Zc(=!a}eY{$7
zbOyo|#?8b<fuN{jrAq?<R`ox*X?@)^F)?usn#LBfgiu>s`=<rOiF#&+3}sSLg<zf&
zYRNTASLovQr02cYsszgo;KdJCvMDiq0NQ`>T@k4vF(mRt0%L%r%IeU5Yq1O)Z$9lK
zJq4OMt0np1GlL)Zq&P0iF@Rs%IEa_*MsOA0mBkrAcignLZz&Tj9!~x^Vw*1rYjuXz
z-21oS;!Q7W>I6^(9&tM+o@}R4-{@`n7a4O$lYeudQL-)nq^en~|Fhnc=93l+FiYgh
z0iWc*IeBb4Sr~pkl>l_Ne06Q@us_Y8g0VjTUYrP*&M&F7mNaxgT~m3r4m2#POI|X~
zPMJ*ad(ZQj0;3K`=<jjlM3auN;Mqtr8lH4nStK4#^lIS;sS`2xJ2?UV<<?&^7M;!Y
zJ$4NQj$&Nc?eA(b9WKKDFBJrSh0=o{Q=3WI)K!bngYauBS?@E-q{5O_FlQK3*g5DH
z;?xCyTgNOWN`d6ukKR-3EIC<tv_G2GGyP)u!x-m{0ptdgFt#Iz7v{@Jp4@?}O-J?<
zbvq-?-_pd8d|K>HcDW#I#2am!+^zUmZHuq$_U#9eM=Nw0*VDxfK%IA>L0IU479$R)
z=z1g<wmlGq^_`^oce%bhPVIvs22irv<0$k%H<C|xWvE+k-zYS-{Ox(R>AtDhdD{iE
zuKs_BAx@hYtxQqXi|?lA&QD%u-ewq_&fmRKg*`j<B2k8DBr@3p`t8Yb5eJ@9v~jNq
zfFP9C;)`xzDpzHC*}!iY^u-?NFVjQ&bCTEUZp|TC9VHr2>#|=5LaswCJ4!0m>O-n*
zkyw!!9-ro|H}E)kg%c*z<_Fy;KNCMibB?NX{QgGnoucHEPd1V<IkiL{u>Bj8a6{#N
z3z%+LX;;Z?es4QCF=%IBl2<Uli^2XlGnG;%jMIeNSu&4WhoI;P@XWiA`>qd(iEa-=
z+)ca;yD$rw(0+1G;_`p)zcbE$s7xj3AWV6^Y(S2!JvyQ)?B7wTqyx%a89sNpZ8>q+
ze>?Wg++3&I6<x{JT-d>(KQ+rHMakmvO*U4?&g#_KRl7v8aH^Km0)S1_hoJYvXS0|N
z!e55DU9_Ne!v{kgv1af)khC$2C?5<B=7~eM4(LU*35ypeVqwZBKK59K!wLy|?3f))
zPpk$cTr;sjJD)_gtI)^b^@808d2O(_u?CAc6+yore|pd?IYz=rJMLE-fQ&j`yyEdz
z+Jdu#Z>@|Pi9A$lIi0&AigV^p$o#sQt(HWgYaDLV8iyCh3=1`Ti%tK89T|O<xMu3q
z?$G(VfrVu@i*iXc)r8)2mtv{{r&1u+{CP^$&eR1iIjCsCu2!h&2ge*V*SvyvJCouC
zWJG4XoHrC0Ng!vU^F<b%V|DacF(^*!e#@5?PZgPE*UfiWJx*^yCPZ1ZW-R<>d#4DB
zn0p^On)I)_F>2h#?<}J#`9E=k{xkhLFJh!Za+15OS$~H6rg3`Kx2?i(Q(x_livAxb
z=JSE;dwEf;XV<L|OI;o$R7M#Kfsq{dREEmMdra%D`rRFW+y}6yf3V(+{D}{!qYdm2
z5~JT26wodrRtWmyUsZXC*W6{x?7Con;<dU8_f=nY>_H(Qao+ju0_>?TACCE#g^)Xn
zM|R4*4ucIqy?!~ZT0y*ap5Rs`U9964o@nwkpq~8ena~D26KqGZX;@!2ezioMhRGYr
zI81KnRDS{1^h-t?l800vy>9m;Ryc=qYh60x3n~E2T`kK|?jEZoipqI(6RK>kr5t^9
z;8eP|dDZ?nO_J$thuH38N6yG-GhVDrDVkI%=0mRP;Tc38FzdYdXF%mmC|YE$Vn~*y
z#~)tpIfUHQAIQc#8RY)FigBjz=?Mg04Nn;eRO1mVeVhm+pHY0r2T{;T5p$O3*herd
z8aNKeK>0OVOCx>0<e2lHfRT;Xv9THxJ^B&*S1B)cBV8Bl^-nsKiMJ0*f}Hn1T5!n_
z9k6DCS{TfT1V0$~Z@NiLdLAHA2K80=d&1jXg!t<a07J%I&1cWeu6w6$XPM%of-3T;
zEvDrA_KeZIkn?{N=wxzow2iVOfZRN_qr@umpd==qC1P1Xhy&hrxb>Z$&*K$n1(G^U
z+z3691aKn$&7@H_Ia*M=I9{Y|^SPEWG^7M9{s72fT8H{L*NNin{Qlh-u+uFrD;L^!
zGWZ|Py_t2+9Y6*HU6j$$@`Fx@6M7G(GA%mLygWp9t}m}6_up3LfU15Sbt|H04xA(n
z+H(1ywt=UemRHWnZn%9Rx(zjpOjyOU{C|@+9N7_u=ZQZ!GM+4X8j`s?Uk-2l;4|mf
zH#oa@&(|2qFgNzIoG>II53$GM9cr#&_!)dT1|NyjW!1LO?iV6V{#j@4-28u3cHYr&
zZG9gXHzAd1i7w&MB03qO%oA-S7~F{<F-D6)M6?)P5+x!^TtW08W<+mS8A9|j#$fbb
z!YE-d%IME=lid5P_kI6)*P3<yI{U1BW}mh9KHu->{Jw^rQ_mY~JUeB&3p2^jVa_00
z?KM=YXk-EcVq-qZ)o@r|Eqn0gbilKN6eM(KZXNAUf~Wi=X~bW}oIob~MQ6PsNuP)h
zLKwkjktH4FGw*$m_rYIbvgQW+D||=cZ@ZK(Jj46rcE;s|^d>lfH_}G%p0C+4pogZB
zQtMe{ZF5u(no2#%DHVQ``8w#L2#pNS&32Nsw=PKw4nQvIE*&K3{th|HQ~8bjlQ3zo
z4c2fT(5Xfss08Z4iWe>D7!9xWJD=rNA;zG*c5RWBH~bunkmnosQ$t>s$mA4c<O{`V
zP0O|}PC`rzL(OufVvjb;<9#5}KG0wd>nt}Pqj<^9+L`r*y`yeW(Z%ncRW&lW<{CKt
z=$mFd6J1{5l&qOtgPfOBXKPjISd!AiyVqBG&kd+34HZCTA&Z`>o3nVjxYw^_OuD*4
znOfXn@uHuoTvJ}s0Rxi6Hf4eZyqX-p+BrJD+4kuRc1gq$QmM=lpkDNydl%*PIPUGy
zo#G|`tE;FI(Y2k9J!h|V+u+=o&gJV=KxX2~@kxD6xiBH;O48ohE+9{p_9RF};YE?g
zuO<bT@jVk;^|Schu4)-a;`naQtsM}OUFA)8IEQQ^qvE&AeN7`r>un9?2-YB&C(rtQ
zcKjQ<zUIX4p`mOZJtuobKSm81ne)qo_<z?}1w+T5*x7yE@gMSzz8IN&lEN3nQny%5
zbK#1_R|L71XYg>HZZgX+u{^_rboM50Z4_MY-(_WOaNpdey{dApS4`Tq@5AO1I;_Lu
zwvcwjD)5<!;C8Ca2zcp3f-EuvJK_`aehn0`(JpMAZsxPK^*q}I5xJDe`4l8#E(}f1
z%VY~FmL9W`AI;7Du93%Lq%~;yC;-G-!a9`X69W{v%FOK%ga8vkEK1Xh`)yo*29`fv
zfETg5bXVbUAG`q@l8O<6{?TQptnvk<u(dOgR4@qr-h4GV0%cnvw+%??;8Z{cV~Yjv
zyWp&t-BCo>XEBvQFdNV<BUG0U+2Z&&rCJtFASk>BM2DMipvUl1d?mh2<&{l7Dm5Q8
zBxdPcnVq3@^|{K{StLiIxvD8BQpzG}#<Be~A*5LGJD_ha3>G3r(0WPeRXkp=4TsYt
zs|K@6SzOkN<X(Au@sR<3f!Ba)1ND;g&=t`QB%T<ySS2_#*|kFtiQXu9XcWjuGET3_
zVZg;pHa>b*6W-hVJ2<v$R_nod86q;H=CEs2;iw6=Hlb81f3bNS_;TpY7tBg7z=Kr+
zA#-3A@tv^?lCWsh-e-h<_2E3@@oOa~dnL7M@BVuixl|j#4iP>_6k%g{roHm^=7mIK
zgPX`1Eh~5}_%?Z_%;cyJd~^jM5oA_SQ}wTB^g$CZ*I9&SLLQL^T<I;%Q4`+kx0MOg
z!tsCV4kv-hviY)mDefH=QnR0h`wkZaRN^Ekafy45>`A!pbafZ%^lJ=Wob{w;)BmM1
z9OZxipDF_jhV@k=eXzlYN2lc2GPASKJ|pDUj|Jng{N#h?>+k!8iX9E5uMiLsfWiD7
zOH!rw8biN!Uspf8e~ZC*om<H^FLca^ibJgGMJ3lB?L84Ot!4(;1Ca^OmB*K=ZPwM8
zTw_Lb1F}31NA6;%5MErIM2~%|)9LjN9YQOR;pjVgMJp2U8~=QAkU1a~0mSvu?ek1M
zk87Nkf}RbX+cv4T{WDA}o*XfVz|ekB+c`ubpB!}k4g_^xMI6D7+kCn_0M6-C^LiJ|
zLk|Nox=rnTy_S6BKK^HUHt;5{!g-#SB}B`|`Ti*S5rC*Vssbb5lBm|!p?3`oj<kdE
zEG-XOH2?A31Y1U{V|?oqK+cqm`X=uM4@&2uf+y}wumYv0+1M})k=s?#FwQjn2(1kJ
zJ1tE0e%nf48CUKw!OJ}40c2>ky6oTU^IAMgoSHT@6_X<+giwQSI?5a+j}>c1WBX_g
zPlOI?rZ`cFWXFevzl4S)jd&JJyA3m&;3X`T=~_c+@q?g6Z(pfGW<E*Bgbtjj=cMZF
zYihkI$$D(4OLBqIi<6ul;3{k#CL!`#GqoZbU{T<V{RHmgtr+QjJjlTOK_YLnyR)3z
z<RPPj>|@jz_1x`ORq3LY-?|qeAB&5xt8B$NzmI9vwVuB~zz{!Po|nZW&?>gAF$n-8
zB0C!X5GasuN?Gib&1E=`Jg-ZSx#+ejU&=5NxV1q_B0I?U{*_U8f^QT{-x7gVJzOa-
zpTB>xIFasOVh+(<g<5xD9636;qA4Q3uQKvXTqhzBo1^7Rou(II+S%^4dup1GUfD3c
zS1a?l@5B01z=r*#`ti#^;*l@oQVE+_UsOXR%vI@OWvD>#Z*&az^s};xzKNOoACn$A
z11Ofm9I%IQ@oni3o-NJsJ(87;h=~F}Oyd}Tr|_+Blp=xEy{h24X!uSh4SX<}UrClk
zWsQq+rc`=d;6Gz&o?O1%aD2jDj&H5hh4G(7M9j_rX_L?Ib^cA5yt`C;&(^1CA!ayK
zm?c!c<%@A^6X%yhPcsCXVB}Gya*%BekVk`FSJN%oM?<=5@3s7;x->4ByDPdZY0C>n
zhxS{;d(Pi9lj3WH=zYzWX6erTNHgt>qX5Z=-%UO!01!OTWFf)53JK-uXA=}*vK%o$
zyl!al7ZEcJ9DY_4RMN`~4*K<kg!I4`N(4@LnH4~;Ir-m#hdM?=$@TAX0NB%CS3T)V
zxzc|JT(A6Z80Lq715jA2Kr;`!l6NB+wm&Eo_Lg}|fR_2^1o!rx<Q5i}Jop!8is~*q
zE>2P%CiBLAfAzJ>&IJ9J^WOXE7c-Z8#<ld5u+xX4J_G<o0s5y!_@uL~Yb*{AsxaS|
zjJtVoaZa$=q|B4)$eWNtojOEC1Bk7`k9#>eT|ZqXjL78mT)}D3*Y`=?O9lTy<?tmo
zh?mz1P4yyi=?3_{rMrp(^KeS%&)#9r!wXO&+=UP~b@{!Wl?eY}Kj}&-dUfyD?|ATP
z{0SN`SPWn9-?y?L3JlN4dj~Z=y$Dsehh{Z&%VJM}D3>8W3uYDw<DJ4+v|t-j<<ZXI
zOv-TS54)HTu#2+;%H~e!;`K@aVq5}wz^bQVmuH^T@$JBb@6qfS&q*%siEn%q{cF6m
zNDHnra>=oQAtv0K&CMdBqIVuYXG@H^#4hK0GbD;5Dmj@OY%|Codv6-3`rD{qfTh##
z{P3nV)&EqkasIu1xPQ;ENtIOs@3YYDCU+z|*ph$32U#A_*DxEU`pG{MS5R|aIN38S
zU~@N}ssfl(2Lcv*(~y~p004pgJNA5m8?K+MRmvpJ9<;RN{hpOAv!vuao6++j>tg|F
z+c9WcM;P^b^_9=}S;F29Sk?W;Ffi+^5YAHPlC%2kf{CO~{7nbJ7ouT6oG!!m`0+J>
zfcg1QWIpK?G}c%I`QNZIJtHD6);#j(vH{#YBvxlW9gXc}oL<Ldk*2%Yz>vG0T<K%n
z3YYrz8ZSX1bA1Ss|ES(zZW5Q^r^ypHE%tJ_M#hJ7@~NljGVDJKeVGjA7;9h7EuR87
z3ze%Qh%BND%)`E(sY4f#neGR<YFfAc2+M7?+{%fq)me@nwon}NI)mF7%49_2uI34&
zR>KL0EiEk%rp^4KEmY`m<Ob<9UGNXp6OgKvv7Z$1%ka>)rp(JYzKFfV^Fc{0CTX3`
zZe)p8dbjwGwdsb9kAq94N~wm*we#C}=4{qTg7PlAQ{|RZO4u?w^LK-}`S~2K{Pgte
z;tL{83p)S_YrXlwWodru{jkbTD%uKnPA>A}(PE2|yMs7I5pc8bw_(c?7$^ea0c+`q
z?$7l%F9a_F8$1=BZ3qcIc8~hl6`(NhVKfySyvNQ7??Liii0=s0Bh$p~L&oD=BQqJ&
zctw8{@r5FMFm|@)twduuCbgSlu?vSkhF-Px=JQ+gzs-x|V<pQXJb6#B-9wS@74xMh
z=Eq+@_ovuo1wHf(HQVme9|Ak-6I1K#-G!2S(8Jp|F!EO0Lx>qdJIh+8=KfSQA2~#^
zUvm1RC}gUXn)lc3H-<zt0YT4SQR`FMvwi_pVk$GOJ)OX+-4~_is7`S7r<4(m91Xjj
zw6%Y)lztkiEEJ=+q8f$uz&muN?U-V@LFNJQT*GeNu?6v9x!|Wjr134<k!kexYBx)>
zIF+_RsDq+@*szYILN091x#$3y7El~;nkfTvjW;Tbu+^3sbyq)d0tja=vfY}GdhzpP
zlaQV-i>@=9rEG47hTyY$TM-HyT*#Skld4hDh(kfE;B(wkN7r;GDGIuy6e-;aYsT=A
z=llaU`2cvPG#!XFHu`8Q<Jz}SR^-SS`M|aBU51!K&JIg}r2sMs8``ZI4}bHQA?0u>
z*dB<)M&p8Gw4yj>_sfE5B}^hC#BaGD4C=Q4D^N}*`i@INdr6j#l*icVW4p%6&+Qoh
z{fpv_08RatZ2fb34Jm#MOb+gky;Sari5bF;LJrKo6k*e^=5R5el?PpaAFK8>o0$!t
z6)G>!&+$YpPx|F9TiSGyp|FJ!#S9#KLMBf*U~fQJt6r^45VyDBHHPY88lW7=9i5jI
zqHDXjDQ(ea1jM<|rK!yjTL)~u+TDUzkuttb+BF-!ogNS)C98&}b~{JMZqX8_`z0!7
zl~WW<0@0g?`|(^yW1f!M^eBhPk&;tYJ$NJaCBCa`(OK??tpF(gJn<63Ks7*?8w%|W
zbFn5h8K)zP=@cEVyiAN}pSB+Y`Th$XQupF>kNUeLk+0Eybs?IuWNR}ZgIe-zTI{!M
zOcJNhTo&mh>OG5ARKaNL+icW;J;t51IdJMX`m9+S3I9G`K$cMe*Ud1Sp$_p&t&5Fj
zd2QmMO+9*`r&OR8jJ>>T$6~(Iolk(NI6zY3AY@e+lVlRE5<qTYPC^$^U1#DQ%yoA*
zVRaLh+^Jk?$meq=#%AC4%X9^u3LO)+JW2VWp(nP#);GKO|9WRrt0ivF4I|Sa(sY(n
zUoF`u3MIpqX0*dX%&+)g&TS;{Gv#ckdvmMK*!cb~&m~YIG#gZpv~rFF@!LDzHdBnh
z!1~m#sb8ublr<MS<kMmIGrYYKSb3_ViPljnbkz(DneO#mANJdQ0I&AWjpX2Srjv~?
zi|LC{i-GL>?azt{$argumD9=<+x{%*M>J5B|MB>+knS&gXh`DZQrF(bi?_C>`G@?`
z>)Hnrx~wmEU5T^4et$Js#UtreUHlQJ;kW6b>yxsUSdPk_9A+rtkQh-hO!=r4-}(<Q
z3x9YL<ZNU0bGgq%_RgWV{@w+#EAjq6HW7!%+si|zUtSB#SU?D{NK5yRb^Der-F0lD
z4L{9v+EhcM_9d~g%@w+BPJfk#=EZ80C=CtG_!}5-#Ij(3qdTbYVd;D3sKM@nW4VA-
zD`mb}74s2FOhT~<AHVTFwKHzz40_4Cy49)L{sPSl`%o&a^<e?iW(_PEXialh6RJ_5
HX7TDjG#JuX


From e8e89ba77de035b18d59dcf7242edde6b55a497d Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 7 May 2021 09:26:07 +0530
Subject: [PATCH 12/92] Up

---
 .../client-management/mdm/policy-csp-deviceinstallation.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index ac14df7d98..a116c0b8dc 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -94,10 +94,10 @@ ms.localizationpriority: medium
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. 
+This policy setting allows you to specify a list of plug-and-play hardware IDs and compatible IDs for devices that Windows is allowed to install. 
 
 > [!TIP]
-> Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
+> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
 
 If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 

From 1afb27049feb753e6f137b00a05964f9ec70caa8 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Fri, 7 May 2021 11:48:38 -0700
Subject: [PATCH 13/92] Created new page for Audit and Enforce WDAC

Merged Audit Events and Enforce WDAC policy pages, as well as updated the TOC2.
---
 .../TOC2.yml                                  |  12 +-
 ...s-defender-application-control-policies.md | 163 ++++++++++++++++++
 2 files changed, 169 insertions(+), 6 deletions(-)
 create mode 100644 windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
index e8a04d9f6b..6643f8980b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
@@ -37,7 +37,9 @@ landingContent:
           - text: Merging Policies
             url:  wdac-wizard-merging-policies.md
           - text: Recommended blocks 
-            url:  microsoft-recommended-block-rules.md #there are block rules and driver block rules, which link? Add both, actually.
+            url:  microsoft-recommended-block-rules.md
+          - text: Recommended driver blocks 
+            url:  microsoft-recommended-driver-block-rules.md
           - text: Example policies
             url:  example-wdac-base-policies.md
           - text: LOB Win32 apps on S Mode
@@ -83,7 +85,7 @@ landingContent:
           - text: Signed policies
             url:  use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
 		  - text: Audit and enforce policies
-            url:  audit-windows-defender-application-control-policies.md #(merge with enforce-windows-defender-application-control-policies.md)
+            url:  audit-and-enforce-windows-defender-application-control-policies.md
 		  - text: Disabling WDAC policies
             url:  disable-windows-defender-application-control-policies.md
       - linkListType: tutorial
@@ -101,13 +103,11 @@ landingContent:
         links:
           - text: Event logs (tags, IDs) 
             url:  event-id-explanations.md #(merge with event-tag-explanations.md)
-          - text: Advanced hunting
-            url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as below
       - linkListType: how-to-guide
         links:
           - text: Querying using advanced hunting
             url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as above
       - linkListType: tutorial
         links:
-          - text: Creating a policy from event logs
-            url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as above
\ No newline at end of file
+          - text: Creating a policy from event logs (video)
+            url:  querying-application-control-events-centrally-using-advanced-hunting.md #Jordan will create a video for this
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
new file mode 100644
index 0000000000..c10855446f
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -0,0 +1,163 @@
+---
+title: Use audit events to create then enforce WDAC policy rules (Windows 10)
+description: Learn how audits allow admins to discover apps, binaries, and scripts that should be added to a WDAC policy, then learn how to switch that WDAC policy from audit to enforced mode.
+keywords: security, malware
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: m365-security
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jsuther1974
+ms.reviewer: jogeurte
+ms.reviewer: v-kikl
+ms.author: dansimp
+manager: dansimp
+ms.date: 05/03/2021
+ms.technology: mde
+---
+
+# Use audit events to create WDAC policy rules
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2016 and above
+
+Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included.
+
+While a WDAC policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new WDAC policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed.
+
+## Overview of the process to create WDAC policy to allow apps using audit events
+
+> [!Note]
+> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md).
+
+To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy.
+
+1. Install and run an application not allowed by the WDAC policy but that you want to allow.
+
+2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md).
+
+   **Figure 1. Exceptions to the deployed WDAC policy**
+   ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png)
+
+3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
+
+   ```powershell
+   $PolicyName= "Lamna_FullyManagedClients_Audit"
+   $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml"
+   $EventsPolicy=$env:userprofile+"\Desktop\EventsPolicy.xml"
+   $EventsPolicyWarnings=$env:userprofile+"\Desktop\EventsPolicyWarnings.txt"
+   ```
+
+4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**.
+
+   ```powershell
+   New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings
+   ```
+
+   > [!NOTE]
+   > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of  **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md).
+
+5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)).
+
+6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level.
+
+   > [!NOTE]
+   > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the WDAC policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**.
+
+7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy.
+
+    For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md).
+
+8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.
+
+
+
+## Convert WDAC **base** policy from audit to enforced
+
+As described in [common WDAC deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+
+**Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout.
+
+Alice previously created and deployed a policy for the organization's [fully managed devices](create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode.
+
+1. Initialize the variables that will be used and create the enforced policy by copying the audit version.
+
+   ```powershell
+   $EnforcedPolicyName = "Lamna_FullyManagedClients_Enforced"
+   $AuditPolicyXML = $env:USERPROFILE+"\Desktop\Lamna_FullyManagedClients_Audit.xml"
+   $EnforcedPolicyXML = $env:USERPROFILE+"\Desktop\"+$EnforcedPolicyName+".xml"
+   cp $AuditPolicyXML $EnforcedPolicyXML
+   ```
+
+2. Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to give the new policy a unique ID, and descriptive name. Changing the ID and name lets you deploy the enforced policy side by side with the audit policy. Do this step if you plan to harden your WDAC policy over time. If you prefer to replace the audit policy in-place, you can skip this step.
+
+   ```powershell
+   $EnforcedPolicyID = Set-CIPolicyIdInfo -FilePath $EnforcedPolicyXML -PolicyName $EnforcedPolicyName -ResetPolicyID
+   $EnforcedPolicyID = $EnforcedPolicyID.Substring(11)
+   ```
+
+   > [!NOTE]
+   > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly.
+
+3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment.
+
+   ```powershell
+   Set-RuleOption -FilePath $EnforcedPolicyXML -Option 9
+   Set-RuleOption -FilePath $EnforcedPolicyXML -Option 10
+   ```
+
+4. Use Set-RuleOption to delete the audit mode rule option, which changes the policy to enforcement:
+
+   ```powershell
+   Set-RuleOption -FilePath $EnforcedPolicyXML -Option 3 -Delete
+   ```
+
+5. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary:
+
+   > [!NOTE]
+   > If you did not use -ResetPolicyID in Step 2 above, then you must replace $EnforcedPolicyID in the following command with the *PolicyID* attribute found in your base policy XML.
+
+   ```powershell
+   $EnforcedPolicyBinary = $env:USERPROFILE+"\Desktop\"+$EnforcedPolicyName+"_"+$EnforcedPolicyID+".xml"
+   ConvertFrom-CIPolicy $EnforcedPolicyXML $EnforcedPolicyBinary
+   ```
+
+## Make copies of any needed **supplemental** policies to use with the enforced base policy
+
+Since the enforced policy was given a unique PolicyID in the previous procedure, you need to duplicate any needed supplemental policies to use with the enforced policy. Supplemental policies always inherit the Audit or Enforcement mode from the base policy they modify. If you didn't reset the enforcement base policy's PolicyID, you can skip this procedure.
+
+1. Initialize the variables that will be used and create a copy of the current supplemental policy. Some variables and files from the previous procedure will also be used.
+
+   ```powershell
+   $SupplementalPolicyName = "Lamna_Supplemental1"
+   $CurrentSupplementalPolicy = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_Audit.xml"
+   $EnforcedSupplementalPolicy = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_Enforced.xml"
+   ```
+
+2. Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to give the new supplemental policy a unique ID and descriptive name, and change which base policy to supplement.
+
+   ```powershell
+   $SupplementalPolicyID = Set-CIPolicyIdInfo -FilePath $EnforcedSupplementalPolicy -PolicyName $SupplementalPolicyName -SupplementsBasePolicyID $EnforcedPolicyID -BasePolicyToSupplementPath $EnforcedPolicyXML -ResetPolicyID
+   $SupplementalPolicyID = $SupplementalPolicyID.Substring(11)
+   ```
+
+   > [!NOTE]
+   > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly.
+
+3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC supplemental policy to binary:
+
+   ```powershell
+   $EnforcedSuppPolicyBinary = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_"+$SupplementalPolicyID+".xml"
+   ConvertFrom-CIPolicy $EnforcedSupplementalPolicy $EnforcedSuppPolicyBinary
+   ```
+4. Repeat the steps above if you have other supplemental policies to update.
+
+## Deploy your enforced policy and supplemental policies
+
+Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md).
+

From 113706b774ed4a89e25fe73ccd329188bd9ee15f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 11 May 2021 11:38:00 +0530
Subject: [PATCH 14/92] updated

---
 windows/client-management/mdm/policy-csp-deviceinstallation.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index a116c0b8dc..79e777d78e 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -99,7 +99,8 @@ This policy setting allows you to specify a list of plug-and-play hardware IDs a
 > [!TIP]
 > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
 
-If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
+
 
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 

From 5fa1ea84d48db26ba375704f49a5763c6c706995 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 11 May 2021 09:47:30 -0700
Subject: [PATCH 15/92] Event ID and Tags explanation

Merged event IDs and tag explanations into one file. Updated TOC with new link.
---
 .../TOC2.yml                                  |   2 +-
 .../event-id-and-tag-explanations.md          | 153 ++++++++++++++++++
 2 files changed, 154 insertions(+), 1 deletion(-)
 create mode 100644 windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
index 6643f8980b..3db9e8ccd7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
@@ -102,7 +102,7 @@ landingContent:
       - linkListType: overview
         links:
           - text: Event logs (tags, IDs) 
-            url:  event-id-explanations.md #(merge with event-tag-explanations.md)
+            url:  event-id-and-tag-explanations.md
       - linkListType: how-to-guide
         links:
           - text: Querying using advanced hunting
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
new file mode 100644
index 0000000000..81c7794f17
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
@@ -0,0 +1,153 @@
+---
+title: Understanding Application Control event IDs  and tags (Windows 10)
+description: Learn what different Windows Defender Application Control event IDs and tags signify.
+keywords: security, malware
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: m365-security
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jsuther1974
+ms.reviewer: jogeurte
+ms.reviewer: v-kikl
+ms.author: dansimp
+manager: dansimp
+ms.date: 5/7/2021
+ms.technology: mde
+---
+
+# Understanding Application Control event IDs and tags
+
+A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events include a number of fields, which provide helpful troubleshooting information to figure out exactly what an event means.
+
+These events are generated under two locations:
+
+ - Event IDs beginning with 30 appear in Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
+
+ - Event IDs beginning with 80 appear in Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
+
+## Microsoft Windows CodeIntegrity Operational log event IDs
+
+| Event ID | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 3076 | Audit executable/dll file |
+| 3077 | Block executable/dll file |
+| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is.<br>Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
+| 3099 | Indicates that a policy has been loaded |
+
+## Microsoft Windows Applocker MSI and Script log event IDs
+
+| Event ID | Explanation |
+|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the scripthosts themselves. Note: there is no WDAC enforcement on 3rd party scripthosts. |
+| 8029 | Block script/MSI file |
+| 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
+
+## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events
+
+If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information. 
+
+| Event ID | Explanation |
+|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 3090 | Allow executable/dll file |
+| 3091 | Audit executable/dll file |
+| 3092 | Block executable/dll file |
+
+3090, 3091, and 3092 events are generated based on the status code of whether a binary passed the policy, regardless of what reputation it was given or whether it was allowed by a designated MI. The SmartLocker template which appears in the event should indicate why the binary passed/failed. Only one event is generated per binary pass/fail. If both ISG and MI are disabled, 3090, 3091, and 3092 events will not be generated.
+
+### SmartLocker template
+
+Below are the fields which help to diagnose what a 3090, 3091, or 3092 event indicates.
+
+| Name | Explanation |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| StatusCode | STATUS_SUCCESS indicates a binary passed the active WDAC policies. If so, a 3090 event is generated. If not, a 3091 event is generated if the blocking policy is in audit mode, and a 3092 event is generated if the policy is in enforce mode. |
+| ManagedInstallerEnabled | Policy trusts a MI |
+| PassesManagedInstaller | File originated from a trusted MI |
+| SmartlockerEnabled | Policy trusts the ISG |
+| PassesSmartlocker | File had positive reputation |
+| AuditEnabled | True if the policy is in audit mode, otherwise it is in enforce mode |
+
+### Enabling ISG and MI diagnostic events
+
+In order to enable 3091 audit events and 3092 block events, you must create a TestFlags regkey with a value of 0x100. You can do so using the following PowerShell command:
+
+```powershell
+reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x100
+```
+
+In order to enable 3090 allow events as well as 3091 and 3092 events, you must instead create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
+
+```powershell
+reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
+```
+
+<br />  
+
+## Event Tags
+
+Below, we have documented the values and meanings for a few useful event tags.
+
+## SignatureType
+
+Represents the type of signature which verified the image.
+
+| SignatureType Value | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 0 | Unsigned or verification has not been attempted |
+| 1 | Embedded signature |
+| 2 | Cached signature; presence of CI EA shows that file had been previously verified |
+| 4 | Un-cached catalog verified via Catalog Database or searching catalog directly |
+| 5 | Successfully verified using an EA that informs CI which catalog to try first |
+|6 | AppX / MSIX package catalog verified |
+| 7 | File was verified |
+
+## ValidatedSigningLevel
+
+Represents the signature level at which the code was verified.
+
+| ValidatedSigningLevel Value | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 0 | Signing level has not yet been checked |
+| 1 | File is unsigned |
+| 2 | Trusted by WDAC policy |
+| 3 | Developer signed code |
+| 4 | Authenticode signed |
+| 5 | Microsoft Store signed app PPL (Protected Process Light) |
+| 6 | Microsoft Store-signed |
+| 7 | Signed by an Antimalware vendor whose product is using AMPPL |
+| 8 | Microsoft signed |
+| 11 | Only used for signing of the .NET NGEN compiler |
+| 12 | Windows signed |
+| 14 | Windows Trusted Computing Base signed |
+
+## VerificationError
+
+Represents why verification failed, or if it succeeded.
+
+| VerificationError Value | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 0 | Successfully verified signature |
+| 2 | File contains shared writable sections |
+| 4 | Revoked signature |
+| 5 | Expired signature |
+| 7 | Invalid root certificate |
+| 8 | Signature was unable to be validated; generic error |
+| 9 | Signing time not trusted |
+| 12 | Not valid for a PPL (Protected Process Light) |
+| 13 | Not valid for a PP (Protected Process) |
+| 15 | Failed WHQL check |
+| 16 | Default policy signing level not met |
+| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs |
+| 18 | Custom signing level not met; returned if signature fails to match CISigners in UMCI |
+| 19 | Binary is revoked by file hash |
+| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy |
+| 21 | Failed to pass WDAC policy |
+| 22 | Not IUM (Isolated User Mode) signed; indicates trying to load a non-trustlet binary into a trustlet |
+| 23 | Invalid image hash |
+| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS |
+| 26 | Explicitly denied by WADC policy |
+| 28 | Resource page hash mismatch |

From b5117aba312c9bedb7d7ea142f6d6abd6cb252d4 Mon Sep 17 00:00:00 2001
From: Denis Gundarev <denisgun@microsoft.com>
Date: Thu, 13 May 2021 15:22:03 -0700
Subject: [PATCH 16/92] updated reference to IDD documentation

---
 windows/deployment/planning/windows-10-deprecated-features.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 9bb45ca3af..d3cf97f165 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -33,7 +33,7 @@ The features described below are no longer being actively developed, and might b
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
 | Package State Roaming (PSR) |  PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. <br>&nbsp;<br>The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 |
-| XDDM-based remote display driver  | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information about implementing a remote indirect display driver, ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | 1903 |
+| XDDM-based remote display driver  | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 |
 | Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 |
 | Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 |
 | Windows To Go | Windows To Go is no longer being developed. <br><br>The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.|  1903 |
@@ -67,4 +67,4 @@ The features described below are no longer being actively developed, and might b
 |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
 |TCPChimney | TCP Chimney Offload is no longer being developed.  See [Performance Tuning Network Adapters](/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
 |IPsec Task Offload| [IPsec Task Offload](/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 |
-|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.|
\ No newline at end of file
+|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.|

From ecf67c7cab2e9f64e737f616419f6d2ec482b8ab Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Fri, 14 May 2021 19:16:52 +0530
Subject: [PATCH 17/92] removed link

as per user report #9518, so i removed security boundary link
---
 .../applocker/applocker-overview.md                             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index b7dcbcddd8..427198ae92 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -83,7 +83,7 @@ The following are examples of scenarios in which AppLocker can be used:
 -   In addition to other measures, you need to control the access to sensitive data through app usage.
 
 > [!NOTE]
-> AppLocker is a defense-in-depth security feature and **not** a [security boundary](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](https://www.microsoft.com/msrc/windows-security-servicing-criteria) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
+> AppLocker is a defense-in-depth security feature and not a security boundary.[Windows Defender Application Control](https://www.microsoft.com/msrc/windows-security-servicing-criteria) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
 
 AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.
 

From d2ac95dd42b02c1051e2fe8e938afc1675a10bb3 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 15 May 2021 12:54:39 +0530
Subject: [PATCH 18/92] Update
 windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md

accepted

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../applocker/applocker-overview.md                            | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index 427198ae92..0a97c8aeb0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -83,7 +83,7 @@ The following are examples of scenarios in which AppLocker can be used:
 -   In addition to other measures, you need to control the access to sensitive data through app usage.
 
 > [!NOTE]
-> AppLocker is a defense-in-depth security feature and not a security boundary.[Windows Defender Application Control](https://www.microsoft.com/msrc/windows-security-servicing-criteria) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
+> AppLocker is a defense-in-depth security feature and not a security boundary. [Windows Defender Application Control](https://www.microsoft.com/msrc/windows-security-servicing-criteria) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
 
 AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.
 
@@ -143,4 +143,3 @@ For reference in your security planning, the following table identifies the base
 | [AppLocker design guide](applocker-policies-design-guide.md) | This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. |
 | [AppLocker deployment guide](applocker-policies-deployment-guide.md) | This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. |
 | [AppLocker technical reference](applocker-technical-reference.md) | This overview topic for IT professionals provides links to the topics in the technical reference. |
-

From 216136c019ef0914ac7a8dd7d50be130f2b80bfc Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sun, 16 May 2021 23:10:53 +0530
Subject: [PATCH 19/92] Update policy-csp-deviceinstallation.md

---
 .../mdm/policy-csp-deviceinstallation.md      | 166 +++++++++++++++++-
 1 file changed, 161 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 79e777d78e..60a04ba2ad 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -100,8 +100,18 @@ This policy setting allows you to specify a list of plug-and-play hardware IDs a
 > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
 
 When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
+- Prevent installation of devices for these device classes
+- Prevent installation of devices that match these device IDs
+- Prevent installation of devices that match any of these device instance IDs
 
 
+If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+> [!NOTE]
+> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
+
+Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
+
+If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
@@ -395,6 +405,142 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 
 <hr/>
 
+<!--Policy-->
+## DeviceInstallation/EnableInstallationPolicyLayering
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+Added in Windows 10, Version 2106
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:
+
+Device instance IDs > Device IDs > Device setup class > Removable devices 
+
+**Device instance IDs**
+- Prevent installation of devices using drivers that match these device instance IDs.
+- Allow installation of devices using drivers that match these device instance IDs.
+
+**Device IDs**
+- Prevent installation of devices using drivers that match these device IDs.
+- Allow installation of devices using drivers that match these device IDs.
+
+**Device setup class**
+- Prevent installation of devices using drivers that match these device setup classes.
+- Allow installation of devices using drivers that match these device setup classes.
+
+**Removable devices**
+- Prevent installation of removable devices.
+
+> [!NOTE]
+> This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored.
+
+If you disable or do not configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria*
+-   GP name: *DeviceInstall_Allow_Deny_Layered*
+-   GP path: *System/Device Installation/Device Installation Restrictions*
+-   GP ADMX file name: *deviceinstallation.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+To enable this policy, use the following SyncML. This example applies a layered order of evaluation for Allow and Prevent device installation policies across all device match criteria:
+
+- Floppy Disks, ClassGUID = {4d36e980-e325-11ce-bfc1-08002be10318}
+- CD ROMs, ClassGUID = {4d36e965-e325-11ce-bfc1-08002be10318}
+- Modems, ClassGUID = {4d36e96d-e325-11ce-bfc1-08002be10318}
+
+Enclose the class GUID within curly brackets {}. To configure multiple classes, use `&#xF000;` as a delimiter. 
+
+
+```xml
+<SyncML>
+    <SyncBody>
+        <Replace>
+            <CmdID>$CmdID$</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/EnableInstallationPolicyLayering</LocURI>
+                </Target>
+                <Meta>
+                    <Format xmlns="syncml:metinf">string</Format>
+                </Meta>
+                <Data><enabled/><Data id="AllowDenyLayered" value="1"/></Data>;
+                </Item>
+        </Replace>
+    </SyncBody>
+</SyncML>
+```
+
+To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+
+
+```txt
+>>>  [Device Installation Restrictions Policy Check]
+>>>  Section start 2018/11/15 12:26:41.659
+<<<  Section end 2018/11/15 12:26:41.751
+<<<  [Exit status: SUCCESS]
+```
+You can also change the evaluation order of device installation policy settings by using a custom profile in Intune.
+
+:::image type="content" source="images/edit-row.png" alt-text="This is a edit row image":::
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
 <!--Policy-->
 ## DeviceInstallation/PreventDeviceMetadataFromNetwork
 
@@ -520,9 +666,12 @@ ADMX Info:
 <!--Description-->
 This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.
 
-If you enable this policy setting, Windows is prevented from installing or updating the device driver for any device that is not described by either the "Allow installation of devices that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting.
+> [!NOTE]
+> This policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting to provide more granular control. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting instead of this policy setting.
 
-If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.
+If you enable this policy setting, Windows is prevented from installing or updating the driver package for any device that is not described by either the "Allow installation of devices that match any of these device IDs", the "Allow installation of devices for these device classes", or the "Allow installation of devices that match any of these device instance IDs" policy setting.
+
+If you disable or do not configure this policy setting, Windows is allowed to install or update the driver package for any device that is not described by the "Prevent installation of devices that match any of these device IDs", "Prevent installation of devices for these device classes" policy setting, "Prevent installation of devices that match any of these device instance IDs", or "Prevent installation of removable devices" policy setting.
 
 <!--/Description-->
 > [!TIP]
@@ -630,7 +779,10 @@ You can also block installation by using a custom profile in Intune.
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+> [!NOTE]
+> To enable the "Allow installation of devices that match any of these device instance IDs" policy setting to supersede this policy setting for applicable devices, enable the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting.
 
 If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
@@ -874,12 +1026,16 @@ with
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
 
-If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+> [!NOTE]
+> To enable the "Allow installation of devices that match any of these device IDs" and "Allow installation of devices that match any of these device instance IDs" policy settings to supersede this policy setting for applicable devices, enable the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting.
+
+If you enable this policy setting, Windows is prevented from installing or updating driver packages whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
 If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
 
+
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 <!--/Description-->

From bc126a70555eb8aadbe4239c226d6c5cf75aacb6 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sun, 16 May 2021 23:11:03 +0530
Subject: [PATCH 20/92] Create edit-row.png

---
 .../client-management/mdm/images/edit-row.png   | Bin 0 -> 14669 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 windows/client-management/mdm/images/edit-row.png

diff --git a/windows/client-management/mdm/images/edit-row.png b/windows/client-management/mdm/images/edit-row.png
new file mode 100644
index 0000000000000000000000000000000000000000..95be3d8a0d845d1de4c69d74a40c07e21f0c9769
GIT binary patch
literal 14669
zcmeHuc|4Tu|L>H_BS}$OBqc^<$u>eLLSxU)SduZq46<ggga>6ATa2Z`Fm{HqjHQxg
zn4#?Bwj^8jY-1hHc)s7)InVi?-|w8?@0|1BIe&PWYwl(4>$<P|bG^4aLSI*d?d0W?
zAP|TR`tX4P2y_$*0v##*<0#`B^^oi?#=j#T1{x}$;?66xjK(pC`#SeQpt2a&J=^1q
zHjCRsa}N-ROW^SD2-JZ8Hwbj+C-lL6qvzI(BXl1g)4=7G-EeqOh4Y5Slld#qXnVnX
zt}Y$N4J>|4V?TIZJ;|@8N6<E_pfEWyNe`4Gq0krKAot949`czdr3qf`?#{Mcec{F5
z!EgCK6#ST4?)CZfJVdu}Vs|74@6h>BUcQ@(Ze1Q2(sD+0Whi<?cak;y5&ZPzH4x}r
z+tLV;1OeUq5Q_r6_;?)vfz(t9M?jHbNG8xZHtGq`&CBI%Abn{#H|YJ-HpY(M|E(P<
z@(#f8V6i(+t^M2jD;%y<3BPNV<GvjemV40C3j&q$6?78jv=8is)10($l^#DI^g&<`
zP=xK&=<!ILxzL!Znf$2#V(vaIE;$+C1>HM>tVR}e?)O*?cqbgpN0(?HpCEWR*eLI;
z-^e6x3^m#){dUJw5^pKfdz}e9p!e_lMSvmib>%hs1sl!8S(}W?A}&J=swN-LIf609
z`<?J;=-QtN4xBc1$gT@ox8dE!#31_;H~7UsKVA_K)c#QgdDjAy_c&_O(%J&6|NggL
zpSKd8OfRN)elROP-}*i7BoizmAtNKe#>JH+zgE)H9FLm0aGE`JCv1802xyLfb^~an
z12rpzuOBNpB!JFz-whl+vyRp{>l|XbAEOtvJ;m8KbY+#L*XOA&A~4@R(md6<47uAi
zLwmQgP`$X`l@YuiT*K4hJ2#owxO)R9o~R6YCb9*o+ph0I87x)}(~4w~iO(m1Oc&Wi
z!cmZzNzEm$>w^ypkqVm~g06v8(prhPYH1q>H7PEBg!J91r(F=7NTSc1x{SIHuAO(E
zHxZ1wiuv`@MaXxbdqw5fO(--%WK?K9qo4d84&ID)0^%4SyND5{7f~8u($8ZUGd!|D
zbUdfgbbl#0wH?LFvp?FUm$BWKVtBA$vN`%~oLf8zHPe-z*ph1#xG*uD3O{Ik*Q(l?
z)>pK)h4kn`r|ndcavK9Wh@MkZ3i}N|O^f!Qd?cz?ir73`bl}b033c2X39jBA5imC2
z&nnq7Yut71T6gV(jco?jXFNIKQA^!LO3nU0pZF?e>)4B^lrFqx4u|02g9N1i+Emvp
z@@DYXOWyEgma%<mQ*gJ_W${#$h216~X+Q5zyc#f`jml079Cs}-igF6ltJ_(Qu_<A8
zTJoEq&M5iUIBmaV4l3kMQ$E0lA5;%_d(Vsw*Qm|WiyLUqbIF9I=UX#~tDql07rV8@
z-*O^9W@Xu-%8O_|AnW~E#~!%tT-5aHNN!__Wsj8h#fOgG1d^H4uc_OEy&3HDUq@Ci
z=pB<Kzmd(TGai9BJI*T?Zq5&M4Hqlacu&sE5ueZ;<`oYlbLXv&4Pj8cJMHX!S3vio
zGEt^hUdBDkRiZSv@I0%EFe+lFaDR+f@#AuZeT#$Erun5o;V86Cm;${k_(SFuiK=1k
zUQ)%I-^HkBRl^H89Uaa#V31`+|5WOv%z&lgZ=_+66n>MvBY!or*tLfFnknOc&1fh9
z+3GD$4jTfR#Jrv0t6R$g9vzfXBrC7zkrz?0>G3!+a&0(ZjiS>9k!p|YK4`=T?++@+
zeIG_D1n*OD;z19`RDdO3s!x~nv~|3+=>^!RTtIJs+QF>ylKx20kC(ie##QWeoyzu4
z3OUxaexzwQFX);w>E~D2o3SH#`{9AoszZCLX+=gsYpbK1bAlY0Ow^9=8T#bIS@#QN
zkWam9u_f5iCkG;=MEcm~eS2}`q>{k(vfZi^vVG(did7KM6!UBJ%NQr<MN~fr;~^Mj
zJpHTt8Iw^O(e*fPXe829$iS&)x>zH+&U=Sk(pjgpJ;<me$dTeqWlJ$&Z?SllH()8#
zMmZ2cYwH<fO~Q(zQ5>;dgM#}9?+=&{^akoy-(MmpmJCYVd9<bg`g~lw*)m9^(sENU
zxKK=G=T7f#KW(2q=qXGKx6w0JbcyNcC$+q5!5+7&wgU3^RSrxE>)nfiS>n-fkDJQC
zD^D^kwcLylk-0ySnW8ojMA}aRhCM=p({_n~>B3g~E$}<e>D8=+bsZW1Te|HWA*P^v
z(sAWFa`Y_0&9R;9iu`lWm!pA38hzVCPOjo1Azk?ZlleA?)-nbZbCKq30&Kr)1#7{9
zZCQr}WBmhv>gq{E%$335c`sh+8n5kTo6Qx*(ZgM<VKxWb^@`KUmn3ET_N<!bdFi;K
zqoBe}V+U>!i2KxkwBG-1VQ`K`HC}9-x9hah+yBy^k(s_#5Hq$nmAsg?wtB$@YHV_A
zGjQFGUAu2@Ttj0hT+1GY;AB;P{>jB)SWd#3OUsp)=-RIB@5kA~!QGzQUr(Q%pzMgB
z0=+<(p$NFgYv0k4#ncF3sd|F8+mwyF>OU6^ELX3+<OldaDy`*+4+m*<tF~}Zr=<*r
z2DK?9$oaD3aH`;G`aQkLKV%cAH$gwXl;<Pk3u_lAWX#<G9>4cl;D+Bh3L$Z6npklj
zKRz-cxzTN=r!}U=*u6I%Me;-urlKcT8S9+>MGOSxbQk#YV#V@y9@5`wl?2zu+D-o+
ze|#SIT`TZOU%nuKhWJ9kT1{~|*9(A-1iv_^2}C2k8NRdSJMaPU#eZE!FT~(#<|72r
zNi>d|7o?6n4z%>@Gk)s;a{<?AD!f?xeB&A4hAnuz&wj6J(4HhvPC54H!^@NQnA<Fq
zRTv`sco^Do?1QcdK53{z_d&{59ydW#88PJZ2gpp^)FyD_attszSsd~ifpLycIZpsf
zEr#n?#@z^T-wMhGQ^VEDDY3<S!U)bVoTU;F(B&e3-mcidTYKl!<|WV>YBY~R>hng5
z-d&mP>>A3n6!dN1@I;jQlAB;6uP-&Jy-ffwsvMtoqFmHc0Pkr2RR+rV*@8e_gY>WQ
zMDuZv1L)+tXXuERZguBRXj^LwcaPd^8b14V^hO&*2DN#e=eB00d!xT+vn$_1kMlJE
zy*QT~KPx4B{|M-;^x7uyWjukHJ}oI^<`l|4pZl7=d%~8G;?;+B#*0?^Nyg?c8Xiw{
zlkFyZPMf2(2`q|AhI@E^Xcu&n3G~q-1R0`l*WMhg#SS{dNhLtwpw{ybL4()Y2rZ#8
zO~)=gJOY}3^Iw5XD#o=T<*;>f;@`tDf1B6;bHKxPzzkxbqBs9hytGXp+YvnkQa7!V
zEmar*>!kh6?x@D$htS=BAg>p-+A(zaZ>yM~pf%NVCv&K3(UrLGyru=TU(O)viC+8P
zBQaMM{JJ|qPqB8&cjeZJF`{YCcZb^`@5M4*eShr<2Spw$<=aeX)Fm9zVVqhb4t4Jo
zoSQK+C%)eMZ_S?OcPQmcayOehL607^5#|;i_&6VYpCbHBRnr-&DQg%B*Ddsp?@QTV
zwOI1Cx6yE}$+3Itu2Y+)Fj$3p?rwYD%9w_N*|YaiRTXm#YBo40@CCDA{d6j9F7=(F
z=?16w=ay9rzOme}a|Z$JJ#~QjFaN4bH=b_s-rz~aOF5(V6HTY)C%@4R_C(IySEPb@
z_YGhN+F7kPs02O^rd1_!;iF@JhLxlC?+qk<z*P-63G(y!@XC*FDexa5)C|j>U3a?<
z2iBD7J2Q<N`=N8M(g*tG0CjnyKXK^GZD%LK+s1<?cGsond+nPK<5*HESzmx*N<hAp
ze>;75)0HPx$-&v=PbBOti7=X;mD|4*ICzZ;sf!$)6j*0Fy}o|JwIi$x!a@Kt17=cW
zo35kF_o?2$w&M0F>6}Y;ya<^6W9OP)zUG+4?CE$;J9;v%odIKa3U?hf{BApkCXSX}
zu-=)=S&rr7B%FNOV2?+Q|NcQ3Z<nL@$tJMl$-1XKE9PR>za>N~ZVy&@M(bT&a1ny$
zT;a)GKPgr*tw9_Lyw?vlH_H-hr>Y_!$V)^aEbUnME2U~1G+YbR*lzV1n0q$=ei_&4
zt@tg0OUhpscOs|1b7g|o>d=_vX?+Puj7Ry2;+gipyr+hT*byx{L_-YcCgH_bG%+9A
z6TUW5*B&R+-dW{aeK$0n^RyERbT7uW6BT<c2r?llw`1#v3Tf?iN%@hP-o7(B+?juJ
zFkzW1ndH9(5ONF+8+a5s^LhK;i&{3L9y$&AtLvH+jOS@#DFrlo0WGI^g(TrCTAoyA
zhaGw(;b<aJKfB+tzbNz8p11hQRpYU0nxaPcJkd%~?x(leckUtzgjx@&^2cW4_)TWm
zJzc3N;yd2Oq)~&h(~ge)#=9va;fdxVgI{+XFah0@d9>L?ILr(2xb1a(t*4`~05JJW
zK0jGAKeR`+XYS9FM087~>ZjZi;tCb!XI;0O;h^LmUvxCpm5MAl<(YS{yG9`QxS>#Z
zNE${v8|UF;E{=v^G?lvHYH~U4*>W`<)f5EUA`dI|;b$t&W31tNk9M<drW4lVdq(RF
zMNT($5j87G<c}*=b2Y6Mt=hh*)i0S2RCqW;bJC)X^M3V5kLB?lLC~an29Jd)jQF%&
zlIy7%65!z{Mb1+4S}>aXYTNHE;KNBy@2xvtMM^ZXOBT`a^1+XPeX1))<Le@%d$hq^
zB#5~^*=WajeH#4?(*>EGTTPeGTxYEdn91wN?@r>c(o{`cIHTkD@F-U6_?x90eI5k?
z6RS%tp=I?W?Dy<dWvEF*^-!X}WEtJsTx$`yr`M(17ZPB2dNDz%sfd)TOaH_#V|z?&
zqHm%L+UVV4&NuiqtPPT~Dt9g#xNCE%#dx$r^FF7$io2MUr-J_uc`dV6r$ICBd3=fY
zk#BG<2TTXIjHtPQLx5G0()Rf6P7yR-`(1F*h}%cgpf836H32895xDx5v%dt51n0DK
zoyfm*;&kTY49#Y{)nwgZy=-U)>3}M0zaqE?V$<jaZiv5$TsY!)2GSr|`Q%!knd<<X
zx<@%hFed|FRuNmVem^nRn80qD-Hv?77#+fEYx@->?6%NP(`Sl<o@E<K#VSewoD*`k
za&K63jYo6B<x(_8y^_lHIt`(Yn6sMu?hI`kk(U79KuXa`s)Fvag43s$lJuINXsHHo
z)+-;ZZo0&QD%U!WV+L<hu}bfE+Trg|lA;qPhI3tz#>jKZVNCr4-Bd2byR<C-R~;8^
z2~d@`nY-~Q_k~}#yqwhHQFCo*{D(AY%g3)RrHpU!q!ySNko8F=KYMN>Z!}xt;@fWn
zdmD;|CvrQt``(fZV=DvLHC-OmXpZouByxH#ishJ`dT3YaI2NwZ!Jt(#C2AkPU_0b4
z*kN;OKHY4#T!BFVC)2o`8fyPo?SOg|g7a27DrLa_H5IGzh+tjsRokV8F9P3L+!7ZD
zR(-m{hHFT4;+|>M3?b)w-1Jzu)lRvq;+N+z$lzCD{9=AVu|*craO{+q+_QFj%$2^N
z-YF)=Gs3EH3=%DX*U=4LoYvp8e`pg<hQpS;v=Y_*5~fwOjN89g?0y@LNPTd&IECAP
zw*9t0cyl@Jj;(7goXgkSidf{S=~#PT(qc9FilVu5&IF{fEu&wjDBeQiF<-0cZoQQV
z;A9hZ8<v)^IVKSPCX!q$Y1LJ&<NlpJdtI1;4KGSHgeM|^$QD$0Ly^q+Ig$=B6^ZBc
zHdb(nH)ko*(=}2*!TyU4H`_{Nj>gJ@H~g55?CBE_)t`$r!O`vYf~Hlk*~gp(WWv~X
z`j|N$$;t6(HKYHl*<27zCnE<tW%<dBjr$u16)czS@`NhatdXjn07Jcj;thyt#J)?7
z!G<{1&Vl@*b~TTI_Ryq!<J|0wdVk_3IOJ-pOo8TTHDCo5RMGVa3}I3j5wfn7-P}HE
zOTeK7WGf2YL{mCz#;^mciQ{y_?T^``g7J-GNkpxb^NMms9sTq5V_^SE^UFZ#O7=>p
z^+r(Ye&8FH2u`VVqf~sO;s~${120Gw{GyX;#=x8~Kd*|{LiV*q;=np9G-G;GQ5=oJ
zjp#2BR&VI|5r>yEh+_z>f*;Y}_`u1mu4BZjN72I2PjA85XA=ncK^=v+TaG7CQv0q%
zQ~`5;K+4*Y#GSc<0ZCwzZLyJzz@#MQ-Kz9n0>)qtgcQevtnkLo6NM!L<)U?;5nCQr
zaNv9sGdYnqdG>*#3pY35sx&D!xj-60V3tgD-&X>jl=Yf!#o;`537?yDJGToa*XK%(
z<Woqbn`FpH?qs;*<Eu62{6vk-yFAcJlTLh^IdP7hN`kWr$xkxM3e6>Ke^R7rG5XUE
zu-dX9QS8ehHeTIvYqo_k=eed&hH+S*64$yX>YsLeJ492AU)P=4UJ_eL%jQvL!H9WZ
zNFqV5FOGPiiI#0s2u$7N<O$3TD-^F%-DBoB>UgS%PKMXI!iTC~8E)p2kIq(^=Je~G
zS}@F%chnCiL=4&VbXGQO0xzPPyEg%@31&B;S!Z-q*@fHO*XZFsH7{7tFc8xjIRJj9
zXFdq}I0vqsB-L_M>?Q+CseVNo%66ey-`%nm6Wxi5{1h66WP0*c1OQ1h6tgGSfEVxD
zAlJe^`zZS@{DLYly-$gz|DOD|tfbDsWU`91_|HCyJKGfYM>i7?7v%b}>cMrX8i9ub
z+&^?RYMCALAqhM8m*{30f9#(kT&fNR634)aD&|uMu1uiEO@AqMJ>S3I{|ied9{6yB
zUa-xiIu{>q2>r6`!o<+<92i2STGL;jvGZuHHppXNDGls0_tjyKt{I_on)s+I&KlU<
z{DLiJ7X{_tN6OjEGOi%;t<ls=APRr$5PkEsaRIA$&{Q>;rB^K|slpJH>bjia&&9<6
zog_v_!R2g!zGU>94|s9$Z%tuOg0aJnxbvmd;>{`J69n&5rVFP^v10F${<EJkF17o5
z$~)iUF7VdP+OhLE?n%t;)a{cUmiIc5_^MY?lz+m;n%<vUbh!%k-qR1pZi=aEAplZH
zX3aj9*m!9_^3#0RaA2!XG>~$awTGQf9U0rpNry@G)i@liwlLp1n-zvsl`8Zgy!G_f
zOLNO~QY1$zxbp#LNRm|V0jnzd#)j>?B0Itecm$2A{)EbA6be_20_ttFJcIXJSW&ju
zJnV?%Ke{x2d>OxQ*wft~Y$Q9V6mXA2tE+a@vuYwSgrO^T&_=)en)hrhI}0<xc284M
zT<ql+OrSnr`m_q$%Bi$ol4+QCz%<E_mUR_@xvaIg)x%w4I(3?dseB!*cx#GP`L08%
zZxHUyaUIS2^&dLe6}BL4lR&RuJ6(65O)3QA=9TkH6g90!JwxVczvRq2kh%|#rYJ4%
z(cUa9#tZhDPvn#g^TTA>;3F}L(l>g#S0`+CliobAhs7Jq?O5|P1clG7g>}8Fd|mgk
zu{%+Agih8POEA?W*uF)TBDIc!FFi7L5Ugz%e$3y36p=HSz|VaBED?`_a_waIN=y&1
zEfwUnpp<}Y&apexr-Kn0h)>}=q8Jp~32_rqtPQ4ORoa-}Rn&df7KgaRpAV#WjO`HC
z!M0gW>k_sDXve<A)7(LR7GJb=PE0^DQ6vlSq@|{45~|_lm@Q7$RKaS9>M4EQr?rX%
zDJ)}4Mxk$U+@8INrv$Y5qSaGg#P!9WHGYQ*x^uG+s?6Y`E@=z!+EM1~`Z0dxI#|!N
zyoYO4Feh(citW}P=KKJ<SVU22jS1ZMqa^3E3U;*B%$gvuoegCVuJ<IQuo%v&elK~-
zUA+WPaz>kZa6cOc+fI~7?>ymX>m`<11WAiwP?E&l3L`>IPLj?yPeE`9MY^<59#2v4
z#5uh~?f=Zyr>@C5A(JyveWuK=50zOA3~xl_s0Ym=<6p!TJuKKmde~x%M1VatT|>C%
zI~J*OHcDw3qoD3pe`OPu&F}E#$nJawi{Uv3QF6Hfl=5vLFswz%eO7siF#z((_H+YS
z8=LkFkfd@&1HI?fh))!$)47Vkr#?+VMB5*QAJ`I59C9O=5gid0bhGQz?LQJ;;OfVc
z7$eL1PPofbWXc|s(bhPoPWbR>!vPbkA9p>P1YyB64wt>!MU@xVMqzU)bO<bqSmjJw
zKUuCLTIoFN7_1-~AwmE2r|&fZoae^0Zbq(k-28oP%~%-1Yz7(sbj6e>UXVkE(+d#?
zy%79Ca+3t@L3~F7!*bqkjgFV1|Io=qSY@JAuuU%K%h?J_KO%cR+u?O6$Gf1lv7Ev)
z-7-lL>Ox@Tm&?5Fx7s06R=a805n{Ny@fPObSXmcNaQ$$9ri7xncJPR0!K55inzVy}
ziOiZE{Rxu<#BOp#roj9@wJ=NxiF0584!SVT{_IG>14h&G8x^}$HX9YWBm9w=&w_k>
zfkArbi|!2Yzhph~H_p4s#@>0A_28TG3q+jV;=X@)zHvF*)AE!XJshr*ep&iADPr!0
zJSiFZJIZHD-TxQ7|39mc<*^<#zEz1ZF*!H@yc?DS;oPNn_m?4OD02tP-U9;3v8Ye0
zlMYaY<L|d=OEnI*A6Afd!zX$}8Aa8?p75-ZEsvGamBa4FqV8!kRv@Oonni<p>Zdi!
zr0xaw3my_%*~BnxCza|2QSR=OdRDj6LurxrDRl*YPpWJLc+vEIYMl3~wTpAx8&E}4
zNzorjq?f1hcHgxZ0Yc!`?=Qj`bvCN=jCoCsSfYqdp@kWAGJ<m{5ZAeG)88#&S%!~x
zRF>vhsBoeBJnii4N1woiWOxZG)@Q9bxd&C?DM%|#Vv$k7g3t!9Oi$<Dt&;Wu(udug
zE%WzR8TWj1JB@eIX_Hr1XvIMDbc*{yTSHM`_^YPrz3tE@RhXZKp3L(lr`v$=u6!7_
zEB)g9ttu}~_dyGdB$rtpxty+Cw3wo(z?wCQWHmtH{pIB9<@(rvxh<x}n}i!9?`Yy{
z`NZqImdRg)d}rtu#RUOMz-4&V(*ao$oS<-LgQn?kygk&v>|YQC9Pz#GE-a1dFR?Ia
zhd82ZLWm4y;d^!wW2q3ma`n`jNFq!=){jVR(&k8fS+v>^PKC%4oCkiq=*YiYThLsN
z%9f(O_H>bw6bD+y4#vY}eeMQL`DeGiCJ!C|<ZhCHT8-<^RAmYIu_n$tp_3CmPU>Cx
zb_Hz<gx#7s&5l5mziMYGeA6e83dA;fi}IzGJC|HGRzoNSOf@<1FVJ+w_Vn&Xb0wJ|
zH*1;1O!i)NXPUWv#$I78PFB3mf^EP+baxWa?+InVxp+|**@BL1{vM7%?6TATr*CE)
zwHtBB`4OS9^7Dl`-ao7>ANgKKO9vT4sqVWOH`p3W<<H3iPJ9{<hp3<9b(2GwDfeAc
zwB<`(86qw?O*iyxqOlKw)W7&pLLB(|cM&76iBT<-{O6EjhO<b{RjA9OTvvs9C_O<`
znP=|%o6D2X-@m-)I7bVf2t6&~!*{)5@w}LKnItSF|7gZ#MBU>$zXOmY)>wNorhorZ
z;A%&49_&!{=x@Thy`PY+^{<oco-Nn05s^{cYQY|a_*u&QGHA_k+xS|<X}6R9%xZq*
z;uYm<t>q*_UC&NrIYm~tXzHlmGHn`OMR}5maw79D$Kcp3P8;jK@kU*84=G*$CQOZm
zla^Fl@x+qt&z4%iRs6?U_}uTu1y>yxQ}u7P2kpE}ezOe@Ic+aU`Pi^RYBh9ySk9D!
z<Qx|xd16MH@kPC(?XB7|d)hg(ezxv;MaHN{H0rTz{uC;+B433J7?_+|Z|m6p{NCJt
zz`}CSstc+0L}b#V4XY(=N3Pav*g>ud2`JC?TYstu$c(npYN)(Vz|F@8^}fTP^lW@4
z@Kx(|&o>pj0w%$*<GmmDk?|8M>Cis74gsh7Ue!i0!4Rz@$;pBaMf16+$%txb8mmQ9
zAh?x~Qe24LPVCAe$`xUCfy2q-OOs7f#Uee-sL1*ehl)euTWv+u6V*-v%+j<xiI|ty
zzdF(m*7n0?mFFZt%{`_Qg*>JeB@kJ<?=A%KM@XMH<&dJicBWo6@Y2*J91qFpwGaag
znC=8#HSLk3VnZmeQ;eeZ(tDQ8(4h#mIOHP}Auk<r|5C0~@OEchyx(zZe1}hTd&S8R
z1JY!{sLMdLwe0M-r4N+5_@vn);|5k2Roh*+)>9-w{6~@U5G~)aT4UWz)|~`|-=t}}
zI~6Q5B}xZ(>%QSl;MG8y*0#v9;)|+`MzK<Q_0k*elFHtNgYphA>&rEz&t?t$({Ga@
zjYdkptX8Gci;Z~w0@=H)e_KiddvpSMq+tm8uWChUS}k6bj88+x<Ff;P^q8`4+}6@P
z>sJUV5k|e0w;MwC$RNmY{-|@a{SINTb*wv&OK_c<UWlC4ykP2b-f*6F{nXuY*$<~-
zvSQMfd3lZ=(^h{BZCwub<|=o*^z#^##`%YcJ$?bhOcLQoC^Ho-uEU%thuLM@Hi{i-
zgJTwGwDCx5>PbHS#8eLDCdA#DFr`}gYcM_g46DHFidzalT0%dE8O_K8=$s)wg&(7O
zn>*(QFjVGUYbt`3bb41e;3?_#vI#!osr;t-yGvD2S3lqUXHAfw)s(PE%x}3#7nNhw
zq|-&W*9_*kt4MRu{%L#eZ>92h(Jgo+qu0+cX~9#25*Kg*aXl3-C48cnwsCFWkATDP
z?KovvWQ#lQJaM(RhYba|pG8-FJl3LO{llI~h6Kqpiv*sa2%$pGdbkEjvyM!PqT|HX
z+tBoOCK)Q22Rw_`e6Xgi0V%WG9YPkcu{3g{p`_6;7#Z;{e&|;7F({))o+JukUEvHF
zt57n6;#OIuj9Ai^!}g;KTDA8wwnS@@7>3ZN^IBOpull5N*`neN$uJl{U@3iKUiNX;
zn5)z*A5QA73{Pk3srZ(CO1Y~!%1rokv$~Fnrv#T}{He`wWK(Ls6tKtcW&r`n)Pua*
z_Q?_$_T8g&lClgh9Ck<3aIz-@svydJw^k1)Cqd|VptT>Fe~^aMdJ9-`Qy*AO5Z1#2
z2r0DlRmwF~uC&im4&LGz)a-=}e3EpY$MCeXN_p)<X+1Xo0`x8MTW<Bua=Zy-Z6Uho
zCSWi@c&}Q?v?Iik1qSxEgfJyx(1wZ6w^peL(_Tu&P=#S61~qqa@Vqrk!VO3YTX!@3
z9j{RhvICqXf6?hncPyJgnIJ`MP0s?6DS*>4dAyO-#u)WE!`#kkf_31X5M(?;QFJM}
zZ&E64Gs?Le;m|c&KjM!Pyq{h3;Y~hdlVRiPekS!NkRNJ2BAWK=i4gsWPpT0?1RP87
zq7inH4som#swn~2r?gB5{-#bVNCXf_x|$-1i=5I<q8^ZBsSP)Gp^aF7M0qE&L%IW|
z<?W9jMOhWZtLh9OF!F{4%L#0lXZXZ9^1ZGX0nWp$WEYhpWAuJt9d(A^UUl_tLH(GC
z4*{pR?y~?N8gcDdx+f19@wpf_7Ge?Ex9CyMei6A+u44_>V-X#YStp+wMXyF3r(UIO
zq8S+Aie3`MIDY_(jG>zicL^9B5$ANg&bwjBoE*_V<Be*wIT(*m0G7@M5%;o^(Bax<
z%L$S`?PtPU-3jSqqK3&B>k<0iv`j9<?*(D5@JM}@H19YNOWwOT9d_R-adPw6D<mhH
zk9J8JxF-XVnYPtR=B)Knky)$Bvp4PKZYM#;WoriywF&a>4?TKH0$aIG`cL}Bjzv5<
zuUfPIN~NW@jMoVt11gvLD?*!v{3v>)Kgt=eBh$Nr*!=pomjC+R^I}Al#kXMG2IqL>
z^s9{8gj~}{K)wP%u9*F-ESOR&pHE_C32sD{qAx$+j*9eaUDySWSTDJoZZR$mhL!c$
z{w^Y;XED@Spw<QX@kGB>hO}_LZHqsAk6yHK9&38+nRT_^d$Om|($R_9#d{(Q_}5fU
z#kSaP`$XBr;jKq`s=dz2*pJMPc0x3q-gDVU)$n)s4oW<4FUvcWA>=a!?w`f^o6eoE
zU48h_XuMfH*ckttvE>AVw@3U<uh<P^c8KA@OMz0M(UrT)JozRh2Ej)}Yire!e!W%s
zAWdv5^M?E7*G4Kt{oe-29WdAW4UBAO-Lq-wP!&h-I6Ix_JN^qYuaQi1Dy5HZN<>|G
zMjLeggJFRQc>MTFIQi#RwA|dyLlHxfc9~(Rd6BMo9olBiSN++p121af(efulyBD6s
z)Q2&kvz4R<&*9n2TCG*ZT9CV>w);ZfC-U^B^I$sLRWn!VLs<uV_*B1>p&VR{)58;~
z5al7NiCE>9q;&n`<VnNDWM?}DLPRd}q*r-3+x^YM(vKlON)~bm+7}<&YF7@>Ne<7*
zuTG6<a)rYTZYIbdUS9bSl6!U`<IbZ>4~DVUVId!O%Nx?l2u*G6D)0TCj&3aph&h)M
zYfc22=}zadMn#vo25eT^V5rHN2gPp~N=v(%bpyS~!TKO3(?PgtHELjAbtp{^#hx~F
z*uO$Y0!u^{B^`@!K_*`!S5`1kc$65vNrBViFGRo1q|{iPFpi72<!iUFvY*vQJ*{*9
zwtfcte!1U8c5#qZJaD7ihhdd5fXH=^-cYqC3*XmeTBHp1-bth-wC-=rxTa-fY_-eo
z&-xk*;SXrTSqP*9*xK*s{Sis1#>i-)(n`pzptjw~sV~ADRySe-?aH3R{BS~y`_^XR
z0Bo-@uykPfbnh9|?-wL)+_R9H-fEN!veDc$>}lnp=fFR==cbP}K9Cm*41sgrubz(H
z%V=0?ad4gWU0L$a*lyDyoXk_5&eKXB$e@SSpPSWk8ph(=W&gnI99@XGA>926<CZUL
zm|`BMQd8Rg<cNu0DfIAG_bUNN+A)4Rcf9DMbgH3+FaW>VZ<jm56>^Hx<#w{>=OLG_
z45hWbT$lI~1OCy;0xOV+phs^Xm(<>>oDm}oP%0wjB9+)se|hbA*1Z$~;N}Gv2?<)3
zsST-Dgd1tFP&N>YeFJFwLGNtOM{ZNOEORXVhNoo{UR%lo0dGPtNaZA0gg`zC!=r1P
zBQ@`&Yu}<kMp_WCiwHRPl!`b9B4%%5z#&>YWmY~!C-QKrv{0v8^=u`lVt_Ah7B0hJ
zxJg(D>3u0;7$I5W-TOyj1o=_bbKga(hVh#sF!1FWET1jZ-Ij~fRlI(S-pU)8-T65F
zuSsD~fPV6HCFq5|9ysB#T(y1f92(Z~7BG6ZxHx*N8Pa3dPzvL8%m+B^WD4uak1lXQ
zZ}|I@PY;+RqWl<oLBhwx^KS>W4@c1igW?e0Kl)fc6Roy;f;pfQ`ULuxMKqZHJMzQJ
zp=X%o&o)h`Bn=#Z>CUo{T^)94J@5dfSb8}nOU$abhj*u}rFSBF`gB^bZuuw@e}v?L
zPKc@>v@5yJ(CPE`((ej*G%^S|;}VJ<?&CZQak=^@Z4O74m9en$$V4GkEg5IhT`|2Q
zwQ;V!S^uw1d_ZqAX@N5a&i%9fikFVa&Q%QY%dAV?qnj6O{(8u>ozb7<8JqqmH6duN
zC58M_<AZ*x>ExeyMn@05bVfDeT2cS-Rmi=Nbk^ao>hXV&jQo!$3jVXo!e60G{bYuW
z!4No>YG&5{nHjjzW7y}^cQxo1Lk;nY3qjEaB@T7yNi*WX=m#gS&z&V#7^U<-q2|`!
zE-#W-_-?$U>@;(EJw7hPVByr6fm%4`%AJuSx`uPc>*9s^UkaWdi)XS5r0DLyihi2U
z36S4zEEapnCLPKUTFbw1sp$!ReFqi`{$8}$x_Bv8V_#KTQY|>T<DAHvl52$zToGR+
zSz5XLEiL^!*J*abW^^Y|!?3FUyR?AevvSm8w+lmXOSiON?Tbg1Cw`dq5F}@8C2>5)
zXa#aYDVObmy_dzJML9|3w?YhEOQw&5Co$c%ri-I~zo`%(w<_(rz~@hQ>*HCSS6Iy7
zZjcE>{P7jsshw1eG2(x$$A9MBrV`wqKLy<Eb#yJcAppF&;q%Lk$0F4xRLD?Yd|?5n
zClLGfMT*Vw@}ibn>-dD_)@j{sYFlRw2*VB72jw|B;(e12Eo(g?mYUnF_Ctk<msl^i
zT0fsHNN!M#)E*SR_VK(uFxg-oY?;>tH-st;{$=LR^|)|2@BDu3Y##i>$}r-j6gZa2
zLEY5e!uyn7Y7)b9s@yZE(s6uTd%0M95z6TGpGpcHMkCi{mAe&x_{Un!IX)84t@p{6
zBy?bt)23t-$y^&9ai^a8l-PH@Da4>+`DXf2E;9nJ%jx1Z;l5M^$FFSP9ITi!;CUyd
zey;TF`RrtCdAK?P;;$PTD2%N#hZ$0<C;{T$I#)~;vXZ0qqDi;VMelUlfS~Qp@9{1+
z_K73m(WV#N%PE`vqf&f}eOj^XVa_*PhiJBaAN*Q1^Mid0Vt(b6|7suq9@j}TAQnFo
z&lX|REXur?sp!zZ=?tBTXKo{09=C@^R2(KM+)iD+9U^C*@7%jm>Pe{aYCcSpEdE%Y
zop%YKC1qS#ZkS1l8HN|U_;Zd7+2-%qe)4oKEq%bjS8lsKfh9j{4xat<^RdKy5udqI
z7WTB$Ud01ifm%I@5z?6`)^O&Hbm97>f`p2-4+4n-i3xt{K7+&_!UgvXl<2&(4}nk1
zM4b50WKx9s@zs5uxj?CTP35MZx$H}IS1OBj8q_X7hZ1V`y|m7|=LZ`ufBb%qJH;2S
zM!#H;(pE?!Y%{Gg48Fcm&6Yez^A7DcVWts9?8}A5)97p4X>Mwq5Qe4ytx_%Y<H^Ks
zu5@iDB3OuW`rV!NrplpbjLDKo2j`D^7nFLA<TtzMy&4U0YR{-3ctrzW)0MxW1`J$r
zPz_?zc646sd`DeA+hYcF4s2MoC#7klnM#V0S}_Nc3$d4K(-i}!xAjKAHaQRLNTx*4
zpY~K_ydH5cL3H-Xj0{H6TQ??Ua>nk0JGMJKQ_vab*3BI4;)vPd_mD`k7$~lc{Tjo^
zY<im^?&s8}KO?ufx(ORMn&s%RO3n9lKwCm>3C9<p)J{jG*I%S1H^2~+uP&zH@f4{I
zT?BqHP50IBk2%l>@n^u7!&}(bs~yuRa#Vzm!KinpS(MSx_0%02io4%7i_h?F?0S{s
ziZg>-{N@aD&1pIA)D1POxqaz0=ZpriZ$I;o0e8B1`HC05lZqV`;c>j*hO;9dJU4bF
zSS9T}m>xI^iO#|6gz9T)`E%GMU16OrM~h2lGja--b5a6MatmhFUIXC$Z)(3FSv8~<
z>u=;vo?#VN38N-;*1VV#yfR9XGi~wUQH7E(rrc&l#4D~OTlY}0C!i@OGSXmygcOge
z5_X6ApC3C4C-HY>0Y(%7%~`8=LE)LEO@x;XDtii!VH2M1w;GjJvwBHpyDN3FH*Q*0
zjOur9s4B5<%3Nrg&*7pYwxIOwxxhY&^HyjSstC#?6p~ow?5fv}^qZJ>9l`4;jm^1#
z<VBKJW_fSN%`zx_;W5a2zhY?W>ouQ_*H?}rj&Ze9Ada&oVmp<R)am&^!uEXw72WdB
z)s*$eDq6ZYCodoc{8l#6sj1~QOYT~CKfDDcR&P{_Bb#{DOhC>f8}2jAav+2}M=zX7
z&89kxX-AF*2jcS^o?)~L+Hl%zr*NB^*ySSaMdPu{<_Q!?UlFlAS?aeWkWYg2#YB>C
zkc4FlwCpnVK1a?7ZZ4m46$p!}bF(5r6r@kRW_w+yen}rOR7l+Df+WInI!BjWJRV6@
zdtg7_!k|`lypqMH?j`DFq|iiPzI8m_g>LiBZyqr~&+6p-pkdG$lsp7^60uZ8-L>7>
zbE$QwV!yNqeiYOSRB5Z=j<pZbfAYRJ<4qqICpIh9+ouB^7|+A%@?~n+6_)){FxLX#
zBrLpcV6KIY-$iYlR5kK|67=Iyh-_p3MxD0(g@sv~&(NMH80fv4G~5KPW%fOfdwm;V
zFhQC6V7GgLoG2SAQp(p3GPhKP^P^@qe0Z6@v|BJ*)-UGcOwm+J_Dh-i5IF)>U97R_
zh<;i#M!0z1^s_iqp7|PQ4`Wea1Qp`IYFyN37<8e4vRXSc)buEK^T~2iopcIp@1n|7
zY(A+5j8j*}rpURi`)X9)y+i1*EHH8~!$)>Nq!yW_KM%H9gVwvCnx@l!)56;?A8n;&
zmkf9JjE(h)&OjZ7U<q!LOohWIGP)pfJ;5Wpg?j7qpN@iOFGSD2PEuneU{a!G*VIF=
z=kEylkj(n4R`lFnH;!SgEu0u&d|x-kIRw|L-c3!S@TcEvaG*cVE{ZEYLE8uudPfrW
zZQV0&jsDQoZ6^$@6UaB>iXAFH*%X}0j33sAFz8kDfExjI#ywKjC!_T2!_h6R_qXEx
zSMYxx@=R6*VDk05gL5qX8qLaT<tpPpN(TS>K5#gUO~p#3x9fee=P!FP(IG}0;tvKJ
z`!`~V|B_NXY?kgIJNDWkF9Z&c;1&ZGN($`{&?W+OJrubF>9F5Y_QSNM?DJvFky{xc
zk5ym3`}}<eeOn_g6SXHS3%Sc+xwa9E+*e-X(o=_p#&_SL)BA6-x0zZQg&PvK>yP%9
z-(CyDI!Q#m0mvpvodkGNY?Hbg!)y_WL(#^1svXy6_GVgWnCIxr^ch-m7bN1!W(la5
zR{@fUkVZ&$C;ZOr>}`j`GCZ%C^fg{EtJS-vboiq<XY_rO(2(1=u8>6IP?E1#4=!oU
zSdM+DIq?%gMZ)sv;x2xo&~HP*>L&{?93C*civnjFscZ$)_{}Rx(N*N&TUJVdrN1G$
zanu^eND!9gKIGSdF>-w4%F0ar?1!VnFg3N}1c!q&_1M15U9AdD%((O@G^Hxv8SN`O
z$iHYYU(>|=;Lte|Nk@TGXp74-N8-MkEzt=-yi-LIzoY4{LrY_*k`~5<@XdSR4eW_8
z8@rq{^Egx)B&pbVlJX-yMrbod@M_7$%Y%jnaY-z9*Vt1P!UP55VV<PMQL#$zXl6a-
zepeE*L&=B*Y4#6&g0M2Bq;?c}XjZ8nDSz9j_KKB3-oNU<Kr)G4V|@7!2kT!9t^fUI
z1tZw9J&hqT!VQd*_b|duf2AN^Oflw#HiKXg2oOfD;VR<_4)>h=M+}0oC+EaJb&%bE
z%tywNZ^syK@-XK5zmuH(H>T*{a<%_|>)%tx|Ids@kt9%DGtGEO?yo8KH>0*GuqotU
zqBL;sZ*WEcM_?4buFfExR+DB5l8VMfCX3@$|LQxBZ~jN4<$ooC{x{y)`#)o*mhL2h
oLnToEV%5L#wjj}GdH>*eH8Yc0#MMs5E07?ln(l*QmB+9C3z7T%#{d8T

literal 0
HcmV?d00001


From 5747f729ecdd653c691a89a2158363319878d75d Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 17 May 2021 11:30:47 +0530
Subject: [PATCH 21/92] Update policy-csp-deviceinstallation.md

---
 windows/client-management/mdm/policy-csp-deviceinstallation.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 60a04ba2ad..7212d2497c 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -30,6 +30,9 @@ ms.localizationpriority: medium
   <dd>
     <a href="#deviceinstallationallowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
   </dd>
+ <dd>
+    <a href="#deviceinstallationenableinstallationpolicylayering">DeviceInstallation/EnableInstallationPolicyLayering</a>
+  </dd>
   <dd>
     <a href="#deviceinstallationpreventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
   </dd>

From 344f5bb97ccd5ddc8e2c13fab30d4bacf8e7a2d2 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 17 May 2021 10:00:09 -0700
Subject: [PATCH 22/92] Update
 windows/deployment/planning/windows-10-deprecated-features.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 windows/deployment/planning/windows-10-deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index d3cf97f165..492f0d70e7 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -33,7 +33,7 @@ The features described below are no longer being actively developed, and might b
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
 | Package State Roaming (PSR) |  PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. <br>&nbsp;<br>The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 |
-| XDDM-based remote display driver  | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 |
+| XDDM-based remote display driver  | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver, check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 |
 | Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 |
 | Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 |
 | Windows To Go | Windows To Go is no longer being developed. <br><br>The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.|  1903 |

From c04791063c19a5a607c355d9c9b38f4218006af0 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 17 May 2021 17:56:14 -0700
Subject: [PATCH 23/92] Updated existing pages and merged others

1. Added missing event tags from event-tag-explanations.
2. Corrected MD errors in event-tags and event-id files.
3. Added missing event tag to combined event-id-and-tag file and ensured there are no MD errors.
4. Edited WDAC and AppLocker overview file for grammar.
5. Combined audit WDAC policies file with enforce WDAC policies file.
6. Updated TOC2, which will replace the main TOC.
---
 .../TOC2.yml                                  |  4 ++--
 ...s-defender-application-control-policies.md |  6 ++---
 .../event-id-and-tag-explanations.md          | 23 +++++++++++-------
 .../event-id-explanations.md                  | 12 +++++-----
 .../event-tag-explanations.md                 | 13 ++++++++--
 .../wdac-and-applocker-overview.md            | 24 +++++++++----------
 6 files changed, 48 insertions(+), 34 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
index 3db9e8ccd7..474b426029 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
@@ -106,8 +106,8 @@ landingContent:
       - linkListType: how-to-guide
         links:
           - text: Querying using advanced hunting
-            url:  querying-application-control-events-centrally-using-advanced-hunting.md #same as above
+            url:  querying-application-control-events-centrally-using-advanced-hunting.md
       - linkListType: tutorial
         links:
           - text: Creating a policy from event logs (video)
-            url:  querying-application-control-events-centrally-using-advanced-hunting.md #Jordan will create a video for this
\ No newline at end of file
+            url:   #Jordan will create a video for this
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index c10855446f..31f6314425 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -19,7 +19,7 @@ ms.date: 05/03/2021
 ms.technology: mde
 ---
 
-# Use audit events to create WDAC policy rules
+## Use audit events to create WDAC policy rules and Convert **base** policy from audits to enforced
 
 **Applies to:**
 
@@ -75,8 +75,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 
 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.
 
-
-
 ## Convert WDAC **base** policy from audit to enforced
 
 As described in [common WDAC deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
@@ -155,9 +153,9 @@ Since the enforced policy was given a unique PolicyID in the previous procedure,
    $EnforcedSuppPolicyBinary = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_"+$SupplementalPolicyID+".xml"
    ConvertFrom-CIPolicy $EnforcedSupplementalPolicy $EnforcedSuppPolicyBinary
    ```
+
 4. Repeat the steps above if you have other supplemental policies to update.
 
 ## Deploy your enforced policy and supplemental policies
 
 Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md).
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
index 81c7794f17..9b21c840e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
@@ -19,15 +19,15 @@ ms.date: 5/7/2021
 ms.technology: mde
 ---
 
-# Understanding Application Control event IDs and tags
+## Understanding Application Control event IDs and tags
 
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events include a number of fields, which provide helpful troubleshooting information to figure out exactly what an event means.
 
 These events are generated under two locations:
 
- - Event IDs beginning with 30 appear in Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
+- Event IDs beginning with 30 appear in Applications and Services logs | Microsoft | Windows | CodeIntegrity | Operational
 
- - Event IDs beginning with 80 appear in Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
+- Event IDs beginning with 80 appear in Applications and Services logs | Microsoft | Windows | AppLocker | MSI and Script
 
 ## Microsoft Windows CodeIntegrity Operational log event IDs
 
@@ -35,7 +35,7 @@ These events are generated under two locations:
 |----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 3076 | Audit executable/dll file |
 | 3077 | Block executable/dll file |
-| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is.<br>Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
+| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
 | 3099 | Indicates that a policy has been loaded |
 
 ## Microsoft Windows Applocker MSI and Script log event IDs
@@ -48,7 +48,7 @@ These events are generated under two locations:
 
 ## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events
 
-If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information. 
+If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information.
 
 | Event ID | Explanation |
 |----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -84,9 +84,7 @@ In order to enable 3090 allow events as well as 3091 and 3092 events, you must i
 ```powershell
 reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
 ```
-
-<br />  
-
+  
 ## Event Tags
 
 Below, we have documented the values and meanings for a few useful event tags.
@@ -100,6 +98,7 @@ Represents the type of signature which verified the image.
 | 0 | Unsigned or verification has not been attempted |
 | 1 | Embedded signature |
 | 2 | Cached signature; presence of CI EA shows that file had been previously verified |
+| 3 | Cached catalog verified via Catalog Database or searching catalog directly |
 | 4 | Un-cached catalog verified via Catalog Database or searching catalog directly |
 | 5 | Successfully verified using an EA that informs CI which catalog to try first |
 |6 | AppX / MSIX package catalog verified |
@@ -131,14 +130,20 @@ Represents why verification failed, or if it succeeded.
 | VerificationError Value | Explanation |
 |----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 0 | Successfully verified signature |
+| 1 | File has an invalid hash |
 | 2 | File contains shared writable sections |
+| 3 | File is not signed|
 | 4 | Revoked signature |
 | 5 | Expired signature |
+| 6 | File is signed using a weak hashing algorithm which does not meet the minimum policy |
 | 7 | Invalid root certificate |
 | 8 | Signature was unable to be validated; generic error |
 | 9 | Signing time not trusted |
+| 10 | The file must be signed using page hashes for this scenario |
+| 11 | Page hash mismatch |
 | 12 | Not valid for a PPL (Protected Process Light) |
 | 13 | Not valid for a PP (Protected Process) |
+| 14 | The signature is missing the required ARM EKU |
 | 15 | Failed WHQL check |
 | 16 | Default policy signing level not met |
 | 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs |
@@ -149,5 +154,7 @@ Represents why verification failed, or if it succeeded.
 | 22 | Not IUM (Isolated User Mode) signed; indicates trying to load a non-trustlet binary into a trustlet |
 | 23 | Invalid image hash |
 | 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS |
+| 25 | Anti-cheat policy violation |
 | 26 | Explicitly denied by WADC policy |
+| 27 | The signing chain appears to be tampered/invalid |
 | 28 | Resource page hash mismatch |
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index b464707f61..8aab0d3c1b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -18,13 +18,13 @@ ms.date: 3/17/2020
 ms.technology: mde
 ---
 
-# Understanding Application Control events
+## Understanding Application Control events
 
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events are generated under two locations:
 
- - Event IDs beginning with 30 appear in Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
+- Event IDs beginning with 30 appear in Applications and Services logs | Microsoft | Windows | CodeIntegrity | Operational
 
- - Event IDs beginning with 80 appear in Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
+- Event IDs beginning with 80 appear in Applications and Services logs | Microsoft | Windows | AppLocker | MSI and Script
 
 ## Microsoft Windows CodeIntegrity Operational log event IDs
 
@@ -32,7 +32,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 |----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 3076 | Audit executable/dll file |
 | 3077 | Block executable/dll file |
-| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is.<br>Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
+| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
 | 3099 | Indicates that a policy has been loaded |
 
 ## Microsoft Windows Applocker MSI and Script log event IDs
@@ -45,7 +45,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 
 ## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events
 
-If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information. 
+If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information.
 
 | Event ID | Explanation |
 |----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -75,7 +75,7 @@ In order to enable 3091 audit events and 3092 block events, you must create a Te
 ```powershell
 reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x100
 ```
-    
+
 In order to enable 3090 allow events as well as 3091 and 3092 events, you must instead create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
 
 ```powershell
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index 6ee1d70486..e4a1e510ea 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -18,7 +18,7 @@ ms.date: 8/27/2020
 ms.technology: mde
 ---
 
-# Understanding Application Control event tags
+## Understanding Application Control event tags
 
 Windows Defender Application Control (WDAC) events include a number of fields which provide helpful troubleshooting information to figure out exactly what an event means. Below, we have documented the values and meanings for a few useful event tags.
 
@@ -31,9 +31,10 @@ Represents the type of signature which verified the image.
 | 0 | Unsigned or verification has not been attempted |
 | 1 | Embedded signature |
 | 2 | Cached signature; presence of CI EA shows that file had been previously verified |
+| 3 | Cached catalog verified via Catalog Database or searching catalog directly |
 | 4 | Un-cached catalog verified via Catalog Database or searching catalog directly |
 | 5 | Successfully verified using an EA that informs CI which catalog to try first |
-|6 | AppX / MSIX package catalog verified |
+| 6 | AppX / MSIX package catalog verified |
 | 7 | File was verified |
 
 ## ValidatedSigningLevel
@@ -62,14 +63,20 @@ Represents why verification failed, or if it succeeded.
 | VerificationError Value | Explanation |
 |----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 0 | Successfully verified signature |
+| 1 | File has an invalid hash |
 | 2 | File contains shared writable sections |
+| 3 | File is not signed|
 | 4 | Revoked signature |
 | 5 | Expired signature |
+| 6 | File is signed using a weak hashing algorithm which does not meet the minimum policy |
 | 7 | Invalid root certificate |
 | 8 | Signature was unable to be validated; generic error |
 | 9 | Signing time not trusted |
+| 10 | The file must be signed using page hashes for this scenario |
+| 11 | Page hash mismatch |
 | 12 | Not valid for a PPL (Protected Process Light) |
 | 13 | Not valid for a PP (Protected Process) |
+| 14 | The signature is missing the required ARM EKU |
 | 15 | Failed WHQL check |
 | 16 | Default policy signing level not met |
 | 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs |
@@ -80,5 +87,7 @@ Represents why verification failed, or if it succeeded.
 | 22 | Not IUM (Isolated User Mode) signed; indicates trying to load a non-trustlet binary into a trustlet |
 | 23 | Invalid image hash |
 | 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS |
+| 25 | Anti-cheat policy violation |
 | 26 | Explicitly denied by WADC policy |
+| 27 | The signing chain appears to be tampered/invalid |
 | 28 | Resource page hash mismatch |
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 03f0eb6f0d..0897007f32 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -19,18 +19,18 @@ ms.custom: asr
 ms.technology: mde
 ---
 
-# Windows Defender Application Control and AppLocker Overview
+## Windows Defender Application Control and AppLocker Overview
 
 **Applies to:**
 
 - Windows 10
 - Windows Server 2016 and above
 
-Windows 10 includes two technologies that can be used for application control depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
+Windows 10 includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
 
 ## Windows Defender Application Control
 
-WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows 10 clients. WDAC was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria) defined by the Microsoft Security Response Center (MSRC).
+WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows 10 clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).
 
 WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on:
 
@@ -41,21 +41,21 @@ WDAC policies apply to the managed computer as a whole and affects all users of
 - The [path from which the app or file is launched](select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
 - The process that launched the app or binary
 
-Note that prior to Windows 10, version 1709, Windows Defender Application Control was known as configurable code integrity (CCI). WDAC was also one of the features which comprised the now-defunct term 'Device Guard'.
+Note that prior to Windows 10 version 1709, Windows Defender Application Control was known as configurable code integrity (CCI). WDAC was also one of the features that comprised the now-defunct term "Device Guard."
 
 ### WDAC System Requirements
 
-WDAC policies can be created on any client edition of Windows 10 build 1903+ or on Windows Server 2016 and above.
+WDAC policies can be created on any client edition of Windows 10 build 1903+, or on Windows Server 2016 and above.
 
-WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
+WDAC policies can be applied to devices running any edition of Windows 10, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, e.g. Intune; a management interface, e.g. Configuration Manager; or a script host, e.g. PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
-For more information on which individual WDAC features are available on which WDAC builds, see [WDAC feature availability](feature-availability.md).
+For more information on which individual WDAC features are available on specific WDAC builds, see [WDAC feature availability](feature-availability.md).
 
 ## AppLocker
 
-AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature.
+AppLocker was introduced with Windows 7, and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end-users from running unapproved software on their computers but does not meet the servicing criteria for being a security feature.
 
-AppLocker policies can apply to all users on a computer or to individual users and groups. AppLocker rules can be defined based on:
+AppLocker policies can apply to all users on a computer, or to individual users and groups. AppLocker rules can be defined based on:
 
 - Attributes of the codesigning certificate(s) used to sign an app and its binaries
 - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
@@ -68,13 +68,13 @@ AppLocker policies can be deployed using Group Policy or MDM.
 
 ## Choose when to use WDAC or AppLocker
 
-Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements.
+Generally, it is recommended that customers, who are able to implement application control using WDAC rather than AppLocker, do so. WDAC is undergoing continual improvements, and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements.
 
-In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when:
+However, in some cases, AppLocker may be the more appropriate technology for your organization. AppLocker is best when:
 
 - You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
 - You need to apply different policies for different users or groups on shared computers.
 - You do not want to enforce application control on application files such as DLLs or drivers.
 
-AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where it is important to prevent some users from running specific apps.
+AppLocker can also be deployed as a complement to WDAC to add user or group-specific rules for shared device scenarios, where it is important to prevent some users from running specific apps.
 As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions.

From 878d041fad0a101b7a29a7470d2e752ec06c76f8 Mon Sep 17 00:00:00 2001
From: "jogeurte@microsoft.com" <jogeurte@microsoft.com>
Date: Tue, 18 May 2021 15:23:52 -0700
Subject: [PATCH 24/92] updated guidance for signed policy deployment in the
 script md file. #9495

---
 .../deployment/deploy-wdac-policies-with-script.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 3aed014401..a0308dfadc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -52,6 +52,20 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
    & $RefreshPolicyTool
    ```
 
+### Deploying signed policies
+
+In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](deploy-windows-defender-application-control-policies-using-intune.md) or the [Application Control CSP](#Deploying-multiple-policies-via-ApplicationControl-CSP) will handle this step automatically. 
+
+1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: 
+```powershell
+mountvol J: /S
+J:
+mkdir J:\EFI\Microsoft\Boot\CiPolicies\Active
+```
+
+2. Copy the signed policy binary as `{PolicyGUID}.cip` to J:\EFI\Microsoft\Boot\CiPolicies\Active
+3. Reboot the system.
+
 ## Script-based deployment process for Windows 10 versions earlier than 1903
 
 1. Initialize the variables to be used by the script.

From 8d499af45ea8eaac46d881b2511d7eef6c9fc775 Mon Sep 17 00:00:00 2001
From: "jogeurte@microsoft.com" <jogeurte@microsoft.com>
Date: Tue, 18 May 2021 15:37:48 -0700
Subject: [PATCH 25/92] Updated the enforcement doc which has the binary in xml

Additionally, removed a note which is directly under the instructions on how to get the PolicyID.
---
 .../enforce-windows-defender-application-control-policies.md  | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
index 784baf06c2..6c3b04eb5a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
@@ -52,8 +52,6 @@ Alice previously created and deployed a policy for the organization's [fully man
    $EnforcedPolicyID = $EnforcedPolicyID.Substring(11)
    ```
 
-   > [!NOTE]
-   > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly.
 
 3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment.
 
@@ -74,7 +72,7 @@ Alice previously created and deployed a policy for the organization's [fully man
    > If you did not use -ResetPolicyID in Step 2 above, then you must replace $EnforcedPolicyID in the following command with the *PolicyID* attribute found in your base policy XML.
 
    ```powershell
-   $EnforcedPolicyBinary = $env:USERPROFILE+"\Desktop\"+$EnforcedPolicyName+"_"+$EnforcedPolicyID+".xml"
+   $EnforcedPolicyBinary = $env:USERPROFILE+"\Desktop\"+$EnforcedPolicyID+".cip"
    ConvertFrom-CIPolicy $EnforcedPolicyXML $EnforcedPolicyBinary
    ```
 

From 5e1be4d679c6dc264b91e186d0a62361400eced1 Mon Sep 17 00:00:00 2001
From: "jogeurte@microsoft.com" <jogeurte@microsoft.com>
Date: Tue, 18 May 2021 16:02:45 -0700
Subject: [PATCH 26/92] Updated steps for a signed wdac policy and noted the
 nuance for uefi lock

---
 ...r-application-control-against-tampering.md | 46 +++++++++++++------
 1 file changed, 31 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index a654d57870..be2010c6e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -37,7 +37,7 @@ Before signing WDAC policies for the first time, be sure to enable rule options
 
 To sign a WDAC policy with SignTool.exe, you need the following components:
 
--   SignTool.exe, found in the Windows SDK (Windows 7 or later)
+-   SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk/) (Windows 7 or later)
 
 -   The binary format of the WDAC policy that you generated in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) or another WDAC policy that you have created
 
@@ -47,26 +47,29 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 
 1. Initialize the variables that will be used:
 
-   `$CIPolicyPath=$env:userprofile+"\Desktop\"`
-    
-   `$InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
-    
-   `$CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
+   ```powershell
+   $CIPolicyPath=$env:userprofile+"\Desktop\"
+   $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"
+   ```
 
    > [!NOTE]
-   > This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are signing another policy, be sure to update the **$CIPolicyPath** and **$CIPolicyBin** variables with the correct information.
+   > This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are signing another policy, be sure to update the **$CIPolicyPath** variable with the correct information.
 
 2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 
 3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later.
 
 4. Navigate to your desktop as the working directory:
-
-   `cd $env:USERPROFILE\Desktop`
+ 
+   ```powershell
+   cd $env:USERPROFILE\Desktop
+   ```
 
 5. Use [Add-SignerRule](/powershell/module/configci/add-signerrule) to add an update signer certificate to the WDAC policy:
 
-   `Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update`
+   ```powershell
+   Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update
+   ```
 
    > [!NOTE]
    > *&lt;Path to exported .cer certificate&gt;* should be  the full path to the certificate that you exported in   step 3.
@@ -74,17 +77,30 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 
 6. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option:
 
-   `Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete`
+    ```powershell
+   Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete
+   ```
 
-7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format:
+7. Reset the policy ID and use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format:
 
-   `ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin`
+   ```powershell
+   $PolicyID= Set-CIPolicyIdInfo -FilePath $InitialCIPolicy  -ResetPolicyID
+   $PolicyID = $PolicyID.Substring(11)
+   $CIPolicyBin = $env:userprofile + "\Desktop\" + $PolicyID + ".cip"
+   ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin
+   ```
 
 8. Sign the WDAC policy by using SignTool.exe:
 
-   `<Path to signtool.exe> sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin`
+   ```powershell
+    <Path to signtool.exe> sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin
+   ```
 
    > [!NOTE]
    > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
 
-9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
\ No newline at end of file
+9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
+
+
+> [!NOTE]
+   > The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
\ No newline at end of file

From 1a5cbd6c594ef58a03da6744c434c1727661105e Mon Sep 17 00:00:00 2001
From: "jogeurte@microsoft.com" <jogeurte@microsoft.com>
Date: Tue, 18 May 2021 16:05:43 -0700
Subject: [PATCH 27/92] Small edit of the final binary filename/extension

---
 ...ct-windows-defender-application-control-against-tampering.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index be2010c6e5..7b136fa662 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -99,7 +99,7 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
    > [!NOTE]
    > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
 
-9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
+9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
 
 
 > [!NOTE]

From 315eb8726f7b7a8d5348921730f7f0d1f7dc6ac2 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 19 May 2021 16:33:06 +0500
Subject: [PATCH 28/92] Addition of note

As this tool PCPTool is a visual studio solution so users need to build it before running the tool. Updated this informaiton.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9425
---
 .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
index 6424a91e8b..fc64b1cfee 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
@@ -94,6 +94,9 @@ To find the PCR information, go to the end of the file.
 
 ## Use PCPTool to decode Measured Boot logs
 
+> [!NOTE]
+> PCPTool is a visual studio solution and need to build the executeable before using this tool.
+
 PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file.
 
 To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions.
@@ -111,4 +114,4 @@ where the variables represent the following values:
 
 The content of the XML file resembles the following.
 
-![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg)
\ No newline at end of file
+![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg)

From a3cf1338c7557c7f026dfa4570a534ea434fe356 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 19 May 2021 19:59:50 +0530
Subject: [PATCH 29/92] Update policy-csp-deviceinstallation.md

---
 windows/client-management/mdm/policy-csp-deviceinstallation.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 7212d2497c..6bb69b6346 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -103,11 +103,9 @@ This policy setting allows you to specify a list of plug-and-play hardware IDs a
 > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
 
 When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
-- Prevent installation of devices for these device classes
 - Prevent installation of devices that match these device IDs
 - Prevent installation of devices that match any of these device instance IDs
 
-
 If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
 > [!NOTE]
 > The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.

From e01060927aa57cfe7feedd1b4d6fa1210a835b4e Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 19 May 2021 20:13:07 +0530
Subject: [PATCH 30/92] Update policy-csp-deviceinstallation.md

---
 .../mdm/policy-csp-deviceinstallation.md      | 42 +++++++++++++++----
 1 file changed, 33 insertions(+), 9 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 6bb69b6346..9a9ca55915 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -113,6 +113,7 @@ If the "Apply layered order of evaluation for Allow and Prevent device installat
 Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
 
 If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
@@ -215,17 +216,31 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 
 > [!div class = "checklist"]
 > * Device
-
+Added in Windows 10, version 1903. Also available in Windows 10, version 1809.
 <hr/>
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1903. Also available in Windows 10, version 1809. This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install.
 
-If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+> [!TIP]
+> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
+
+When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
+- Prevent installation of devices that match any of these device instance IDs
+ 
+If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
+> [!NOTE]
+> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
+
+Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
+
+If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
+
 Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 <!--/Description-->
@@ -327,20 +342,30 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. 
+This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is allowed to install. 
 
 > [!TIP]
-> Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
+> This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions.
 
-If you enable this policy setting, Windows is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
 
-This setting allows device installation based on the serial number of a removable device if that number is in the hardware ID.
+- Prevent installation of devices for these device classes
+- Prevent installation of devices that match these device IDs
+- Prevent installation of devices that match any of these device instance IDs
+
+If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
+> [!NOTE]
+> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
+
+Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
+
+If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
-
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
@@ -1036,7 +1061,6 @@ If you enable this policy setting, Windows is prevented from installing or updat
 
 If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
 
-
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 <!--/Description-->

From 8eb663502c57c6ed3a5a3d7db50d904f07d0809f Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Wed, 19 May 2021 08:43:49 -0700
Subject: [PATCH 31/92] Update
 windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...-windows-defender-application-control-against-tampering.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 7b136fa662..e2566ae779 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -37,7 +37,7 @@ Before signing WDAC policies for the first time, be sure to enable rule options
 
 To sign a WDAC policy with SignTool.exe, you need the following components:
 
--   SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk/) (Windows 7 or later)
+-   SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk/) (Windows 7 or later)
 
 -   The binary format of the WDAC policy that you generated in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) or another WDAC policy that you have created
 
@@ -103,4 +103,4 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 
 
 > [!NOTE]
-   > The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
\ No newline at end of file
+   > The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 

From cd644020c1802336d263881896eda53d04437d85 Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Wed, 19 May 2021 09:15:56 -0700
Subject: [PATCH 32/92] Update
 windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 ...ct-windows-defender-application-control-against-tampering.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index e2566ae779..498c736696 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -103,4 +103,4 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 
 
 > [!NOTE]
-   > The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
+> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 

From 4d86080190cda85fa0532af5f4eb69e95ad2c561 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 19 May 2021 21:47:56 +0500
Subject: [PATCH 33/92] Update
 windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
index fc64b1cfee..bab9c21e3e 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
@@ -95,7 +95,7 @@ To find the PCR information, go to the end of the file.
 ## Use PCPTool to decode Measured Boot logs
 
 > [!NOTE]
-> PCPTool is a visual studio solution and need to build the executeable before using this tool.
+> PCPTool is a Visual Studio solution, but you need to build the executable before you can start using this tool.
 
 PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file.
 

From 44a1e12b9d5208b4b18861fc3b064e0e59653abf Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Wed, 19 May 2021 17:32:36 -0500
Subject: [PATCH 34/92] Update security-compliance-toolkit-10.md

Updating versions supported.
---
 .../security-compliance-toolkit-10.md            | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 3662667af2..2a578d07ab 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -28,13 +28,13 @@ The SCT enables administrators to effectively manage their enterprise’s Group
 The Security Compliance Toolkit consists of:
 
 - Windows 10 security baselines
-    - Windows 10 Version 20H2 (October 2020 Update)
-    - Windows 10 Version 2004 (May 2020 Update)
-    - Windows 10 Version 1909 (November 2019 Update)
-    - Windows 10 Version 1809 (October 2018 Update)
-    - Windows 10 Version 1803 (April 2018 Update)
-    - Windows 10 Version 1607 (Anniversary Update)
-    - Windows 10 Version 1507
+    - Windows 10, Version 21H1 (May 2021 Update)
+    - Windows 10, Version 20H2 (October 2020 Update)
+    - Windows 10, Version 2004 (May 2020 Update)
+    - Windows 10, Version 1909 (November 2019 Update)
+    - Windows 10, Version 1809 (October 2018 Update)
+    - Windows 10, Version 1607 (Anniversary Update)
+    - Windows 10, Version 1507
 
 - Windows Server security baselines
     - Windows Server 2019
@@ -42,7 +42,7 @@ The Security Compliance Toolkit consists of:
     - Windows Server 2012 R2
 
 - Microsoft Office security baseline
-    - Microsoft 365 Apps for enterprise (Sept 2019)
+    - Microsoft 365 Apps for enterprise, Version 2104
 
 - Microsoft Edge security baseline
     - Version 88

From 64ce542cb728735a9c83b76cf9f84ddc6e01b5f9 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 20 May 2021 14:49:46 +0530
Subject: [PATCH 35/92] Update policy-ddf-file.md

---
 .../client-management/mdm/policy-ddf-file.md  | 84516 ----------------
 1 file changed, 84516 deletions(-)

diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index de9a8618a9..dde8b3089c 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -32,84519 +32,3 @@ You can view various Policy DDF files by clicking the following links:
 - [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
 
 You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the DDF for Windows 10, version 20H2.
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
-<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
-  <VerDTD>1.2</VerDTD>
-  <Node>
-    <NodeName>Policy</NodeName>
-    <Path>./User/Vendor/MSFT</Path>
-    <DFProperties>
-      <AccessType>
-        <Get />
-      </AccessType>
-      <DFFormat>
-        <node />
-      </DFFormat>
-      <Occurrence>
-        <One />
-      </Occurrence>
-      <Scope>
-        <Permanent />
-      </Scope>
-      <DFType>
-        <MIME>com.microsoft/10.0/MDM/Policy</MIME>
-      </DFType>
-    </DFProperties>
-    <Node>
-      <NodeName>Config</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Add />
-          <Delete />
-          <Get />
-        </AccessType>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <ZeroOrOne />
-        </Occurrence>
-        <Scope>
-          <Dynamic />
-        </Scope>
-        <DFType>
-          <DDFName></DDFName>
-        </DFType>
-      </DFProperties>
-      <Node>
-        <NodeName>ApplicationManagement</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePrivateStoreOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>AttachmentManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DoNotPreserveZoneInformation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideZoneInfoMechanism</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NotifyAntivirusPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Authentication</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowEAPCertSSO</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Autoplay</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowAutoplayForNonVolumeDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultAutoRunBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffAutoPlay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Browser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddressBarDropdown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutofill</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBrowser</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCookies</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you configure how your company deals with cookies.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeveloperTools</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDoNotTrack</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlashClickToRun</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScreenMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
-
-If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
-
-If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInPrivate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftCompatibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
-
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
-
-If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPasswordManager</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPopups</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrelaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrinting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
-
-If enabled, printing is allowed.
-
-If disabled, printing is not allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSavingHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
-
-If enabled or not configured, the browsing history is saved and visible in the History pane.
-
-If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchEngineCustomization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
-
-If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
-If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
-
-This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchSuggestionsinAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSideloadingOfExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSmartScreen</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWebContentOnNewTabPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
-
-If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
-
-If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
-
-If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlwaysEnableBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClearBrowsingDataOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureAdditionalSearchEngines</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allows you to add up to 5 additional search engines for MDM-enrolled devices.
-
-If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
-
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureFavoritesBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
-
-If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
-
-If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
-
-If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
-
-By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
-
-When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
-
-If Enabled AND:
-- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
-- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
-- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
-- Hide home button is selected, the home button is hidden in Microsoft Edge.
-
-Default setting: Disabled or not configured
-Related policies:
-- Set Home Button URL
-- Unlock Home Button</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
-
-You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
-
-If enabled and set to 0 (Default or not configured):
-- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
-- If it’s one of many apps, Microsoft Edge runs as normal.
-If enabled and set to 1:
-- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
-- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
-
-If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
-
-If you set this policy to 0, Microsoft Edge does not use an idle timer.
-
-If disabled or not configured, the default value is 5 minutes.
-
-If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
-
-If enabled, you can choose one of the following options:
-- Start page: the Start page loads ignoring the Configure Start Pages policy.
-- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
-- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
-- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
-
-When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
-
-If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
-
-Default setting: A specific page or pages (default)
-Related policies:
--Disable Lockdown of Start Pages
--Configure Start Pages</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableLockdownOfStartPages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
-
-If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Start Pages
-- Configure Open Microsoft Edge With</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableExtendedBooksTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseSiteListServiceUrl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FirstRunURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configure first run URL.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HomePages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
-
-If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
-
-      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
-
-If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
-
-Version 1703 or later:
-If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
-
-Version 1809:
-If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Open Microsoft Edge With
-- Disable Lockdown of Start Pages</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockdownFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
-
-If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAccessToAboutFlagsInMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventCertErrorOverrides</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
-
-If enabled, overriding certificate errors are not allowed.
-
-If disabled or not configured, overriding certificate errors are allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventFirstRunPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventLiveTileDataCollection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverride</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverrideForFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventTurningOffRequiredExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
-
-When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs).  For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe  prevents a user from turning off the OneNote Web Clipper and Office Online extension.
-
-When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
-
-If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
-
-If disabled or not configured, extensions defined as part of this policy get ignored.
-
-Default setting:  Disabled or not configured
-Related policies: Allow Developer Tools
-Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent using localhost IP address for WebRTC</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProvisionFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
-
-If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SendIntranetTraffictoInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultSearchEngine</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
-
-If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
-
-If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees.  If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetHomeButtonURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
-
-If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
-
-Default setting: Blank or not configured
-Related policy: Configure Home Button</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetNewTabPageURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
-
-If enabled, you can set the default New Tab page URL.
-
-If disabled or not configured, the default Microsoft Edge new tab page is used.
-
-Default setting:  Disabled or not configured
-Related policy: Allow web content on New Tab page</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
-
-If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
-
-If disabled or not configured, the default app behavior occurs and no additional page displays.
-
-Default setting: Disabled or not configured
-Related policies:
--Configure the Enterprise Mode Site List
--Send all intranet sites to Internet Explorer 11</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SyncFavoritesBetweenIEAndMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnlockHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
-
-If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
-
-If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
-
-Default setting: Disabled or not configured
-Related policy:
--Configure Home Button
--Set Home Button URL</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UseSharedFolderForBooks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialsUI</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePasswordReveal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Desktop</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PreventUserRedirectionOfProfileFolders</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Display</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnablePerProcessDpi</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Education</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowGraphingCalculator</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don&apos;t configure this policy setting, users will be able to access graphing functionality.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DefaultPrinterName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy sets user&apos;s default printer</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAddingNewPrinters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Boolean that specifies whether or not to prevent user to install new printers</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrinterNames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy provisions per-user network printers</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>EnterpriseCloudPrint</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CloudPrinterDiscoveryEndPoint</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy provisions per-user discovery end point to discover cloud printers</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudPrintOAuthAuthority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Authentication endpoint for acquiring OAuth tokens</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudPrintOAuthClientId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudPrintResourceId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DiscoveryMaxPrinterLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Defines the maximum number of printers that should be queried from discovery end point</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MopriaDiscoveryResourceId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Experience</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowTailoredExperiencesWithDiagnosticData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowThirdPartySuggestionsInWindowsSpotlight</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlight</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlightOnActionCenter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlightOnSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlightWindowsWelcomeExperience</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureWindowsSpotlightOnLockScreen</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>InternetExplorer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AddSearchProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowActiveXFiltering</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAddOnList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutoComplete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCertificateAddressMismatchWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeletingBrowsingHistoryOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedSuggestionsInAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeFromToolsMenu</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorer7PolicyList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorerStandardsMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOneWordEntry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSiteToZoneAssignmentList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsLockedDownTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSoftwareWhenSignatureIsInvalid</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSuggestedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckServerCertificateRevocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckSignaturesOnDownloadedPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConsistentMimeHandlingInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableActiveXVersionListAutoDownload</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAdobeFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarnings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarningsAboutUncommonFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCompatView</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableConfiguringHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCrashDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCustomerExperienceImprovementProgramParticipation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeletingUserVisitedWebsites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnclosureDownloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEncryptionSupport</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFeedsBackgroundSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFirstRunWizard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFlipAheadFeature</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableGeolocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableHomePageChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableIgnoringCertificateErrors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableInPrivateBrowsing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProcessesInEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProxyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSearchProviderChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecondaryHomePageChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecuritySettingsCheck</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWebAddressAutoComplete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowActiveXControlsInProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControlsOnSpecificDomains</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllLocalSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllNetworkPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MimeSniffingSafetyFeatureInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MKProtocolSecurityRestrictionInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NewTabDefaultPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NotificationBarInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventManagingSmartScreenFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventPerUserInstallationOfActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProtectionFromZoneElevationInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemoveRunThisTimeButtonForOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictActiveXInstallInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowActiveScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowBinaryAndScriptBehaviors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowMETAREFRESH</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunActiveXControlsAndPlugins</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptingOfJavaApplets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneTurnOnProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictFileDownloadInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScriptedWindowSecurityRestrictionsInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SearchProviderList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyUseOfActiveXInstallerService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>KioskBrowser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BlockedUrlExceptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockedUrls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DefaultURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableEndSessionButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableNavigationButtons</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestartOnIdleTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Multitasking</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BrowserAltTabBlowout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configures the inclusion of Edge tabs into Alt-Tab.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Notifications</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowNotificationMirroring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowTileNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Printers</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PointAndPrintRestrictions_User</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Privacy</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePrivacyExperience</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Security</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Settings</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureTaskbarCalendar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PageVisibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Start</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisableContextMenus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ForceStartSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideAppList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideFrequentlyUsedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HidePeopleBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentJumplists</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentlyAddedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StartLayout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>System</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsPowerShell</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-    </Node>
-    <Node>
-      <NodeName>Result</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Get />
-        </AccessType>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <One />
-        </Occurrence>
-        <Scope>
-          <Permanent />
-        </Scope>
-        <DFType>
-          <DDFName></DDFName>
-        </DFType>
-      </DFProperties>
-      <Node>
-        <NodeName>ApplicationManagement</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MSI.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MSI~AT~WindowsComponents~MSI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AlwaysInstallElevated</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePrivateStoreOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RequirePrivateStoreOnly</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>AttachmentManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DoNotPreserveZoneInformation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AttachmentManager.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AttachmentManager~AT~WindowsComponents~AM_AM</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AM_MarkZoneOnSavedAtttachments</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideZoneInfoMechanism</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AttachmentManager.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AttachmentManager~AT~WindowsComponents~AM_AM</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AM_RemoveZoneInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NotifyAntivirusPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AttachmentManager.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AttachmentManager~AT~WindowsComponents~AM_AM</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AM_CallIOfficeAntiVirus</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Authentication</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowEAPCertSSO</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Autoplay</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowAutoplayForNonVolumeDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AutoPlay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AutoPlay~AT~WindowsComponents~AutoPlay</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoAutoplayfornonVolume</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultAutoRunBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AutoPlay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AutoPlay~AT~WindowsComponents~AutoPlay</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoAutorun</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffAutoPlay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AutoPlay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AutoPlay~AT~WindowsComponents~AutoPlay</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Autorun</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Browser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddressBarDropdown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowAddressBarDropdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutofill</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowAutofill</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBrowser</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCookies</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description>This setting lets you configure how your company deals with cookies.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CookiesListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Cookies</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeveloperTools</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDeveloperTools</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDoNotTrack</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDoNotTrack</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowExtensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFlash</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlashClickToRun</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFlashClickToRun</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScreenMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
-
-If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
-
-If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFullScreenMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInPrivate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowInPrivate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftCompatibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
-
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
-
-If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCVList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPasswordManager</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPasswordManager</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPopups</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPopups</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrelaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPrelaunch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrinting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
-
-If enabled, printing is allowed.
-
-If disabled, printing is not allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPrinting</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSavingHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
-
-If enabled or not configured, the browsing history is saved and visible in the History pane.
-
-If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSavingHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchEngineCustomization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
-
-If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
-If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
-
-This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSearchEngineCustomization</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchSuggestionsinAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSearchSuggestionsinAddressBar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSideloadingOfExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSideloadingOfExtensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSmartScreen</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSmartScreen</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowTabPreloading</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWebContentOnNewTabPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
-
-If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
-
-If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
-
-If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowWebContentOnNewTabPage</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlwaysEnableBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AlwaysEnableBooksLibrary</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClearBrowsingDataOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowClearingBrowsingDataOnExit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureAdditionalSearchEngines</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Allows you to add up to 5 additional search engines for MDM-enrolled devices.
-
-If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
-
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureAdditionalSearchEngines_Prompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureAdditionalSearchEngines</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureFavoritesBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
-
-If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
-
-If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
-
-If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureFavoritesBar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
-
-By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
-
-When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
-
-If Enabled AND:
-- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
-- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
-- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
-- Hide home button is selected, the home button is hidden in Microsoft Edge.
-
-Default setting: Disabled or not configured
-Related policies:
-- Set Home Button URL
-- Unlock Home Button</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureHomeButtonDropdown</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureHomeButton</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
-
-You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
-
-If enabled and set to 0 (Default or not configured):
-- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
-- If it’s one of many apps, Microsoft Edge runs as normal.
-If enabled and set to 1:
-- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
-- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureKioskMode_TextBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureKioskMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>5</DefaultValue>
-            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
-
-If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
-
-If you set this policy to 0, Microsoft Edge does not use an idle timer.
-
-If disabled or not configured, the default value is 5 minutes.
-
-If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1440"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureKioskResetAfterIdleTimeout_TextBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureKioskResetAfterIdleTimeout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
-
-If enabled, you can choose one of the following options:
-- Start page: the Start page loads ignoring the Configure Start Pages policy.
-- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
-- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
-- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
-
-When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
-
-If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
-
-Default setting: A specific page or pages (default)
-Related policies:
--Disable Lockdown of Start Pages
--Configure Start Pages</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureOpenEdgeWithListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureOpenEdgeWith</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ZonesListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureTelemetryForMicrosoft365Analytics</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableLockdownOfStartPages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
-
-If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Start Pages
-- Configure Open Microsoft Edge With</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisableLockdownOfStartPagesListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableLockdownOfStartPages</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableExtendedBooksTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableExtendedBooksTelemetry</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EnterSiteListPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseModeSiteList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseSiteListServiceUrl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FirstRunURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Configure first run URL.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HomePages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
-
-If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
-
-      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
-
-If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
-
-Version 1703 or later:
-If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
-
-Version 1809:
-If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Open Microsoft Edge With
-- Disable Lockdown of Start Pages</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>HomePagesPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HomePages</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockdownFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
-
-If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LockdownFavorites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAccessToAboutFlagsInMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventAccessToAboutFlagsInMicrosoftEdge</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventCertErrorOverrides</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
-
-If enabled, overriding certificate errors are not allowed.
-
-If disabled or not configured, overriding certificate errors are allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventCertErrorOverrides</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventFirstRunPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventFirstRunPage</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventLiveTileDataCollection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventLiveTileDataCollection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverride</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverride</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverrideForFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverrideForFiles</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventTurningOffRequiredExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
-
-When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs).  For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe  prevents a user from turning off the OneNote Web Clipper and Office Online extension.
-
-When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
-
-If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
-
-If disabled or not configured, extensions defined as part of this policy get ignored.
-
-Default setting:  Disabled or not configured
-Related policies: Allow Developer Tools
-Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PreventTurningOffRequiredExtensions_Prompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventTurningOffRequiredExtensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Prevent using localhost IP address for WebRTC</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HideLocalHostIPAddress</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProvisionFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
-
-If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfiguredFavoritesPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfiguredFavorites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SendIntranetTraffictoInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SendIntranetTraffictoInternetExplorer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultSearchEngine</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
-
-If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
-
-If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees.  If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetDefaultSearchEngine_Prompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetDefaultSearchEngine</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetHomeButtonURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
-
-If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
-
-Default setting: Blank or not configured
-Related policy: Configure Home Button</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetHomeButtonURLPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetHomeButtonURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetNewTabPageURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
-
-If enabled, you can set the default New Tab page URL.
-
-If disabled or not configured, the default Microsoft Edge new tab page is used.
-
-Default setting:  Disabled or not configured
-Related policy: Allow web content on New Tab page</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetNewTabPageURLPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetNewTabPageURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
-
-If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
-
-If disabled or not configured, the default app behavior occurs and no additional page displays.
-
-Default setting: Disabled or not configured
-Related policies:
--Configure the Enterprise Mode Site List
--Send all intranet sites to Internet Explorer 11</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShowMessageWhenOpeningSitesInInternetExplorer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SyncFavoritesBetweenIEAndMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SyncFavoritesBetweenIEAndMicrosoftEdge</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnlockHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
-
-If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
-
-If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
-
-Default setting: Disabled or not configured
-Related policy:
--Configure Home Button
--Set Home Button URL</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UnlockHomeButton</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UseSharedFolderForBooks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UseSharedFolderForBooks</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialsUI</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePasswordReveal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>credui.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>CredUI~AT~WindowsComponents~CredUI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePasswordReveal</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Desktop</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PreventUserRedirectionOfProfileFolders</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>desktop.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>desktop~AT~Desktop</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePersonalDirChange</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Display</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnablePerProcessDpi</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisplayGlobalPerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Education</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowGraphingCalculator</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don&apos;t configure this policy setting, users will be able to access graphing functionality.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Programs.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Programs~AT~WindowsComponents~Calculator</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowGraphingCalculator</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DefaultPrinterName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy sets user&apos;s default printer</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAddingNewPrinters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Boolean that specifies whether or not to prevent user to install new printers</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Printing.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Printing~AT~ControlPanel~CplPrinters</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoAddPrinter</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrinterNames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy provisions per-user network printers</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>EnterpriseCloudPrint</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CloudPrinterDiscoveryEndPoint</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy provisions per-user discovery end point to discover cloud printers</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudPrintOAuthAuthority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Authentication endpoint for acquiring OAuth tokens</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudPrintOAuthClientId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudPrintResourceId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DiscoveryMaxPrinterLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>20</DefaultValue>
-            <Description>Defines the maximum number of printers that should be queried from discovery end point</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="65535"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MopriaDiscoveryResourceId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Experience</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowTailoredExperiencesWithDiagnosticData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableTailoredExperiencesWithDiagnosticData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowThirdPartySuggestionsInWindowsSpotlight</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableThirdPartySuggestions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlight</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWindowsSpotlightFeatures</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlightOnActionCenter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWindowsSpotlightOnActionCenter</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlightOnSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWindowsSpotlightOnSettings</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsSpotlightWindowsWelcomeExperience</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWindowsSpotlightWindowsWelcomeExperience</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureWindowsSpotlightOnLockScreen</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureWindowsSpotlight</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>InternetExplorer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AddSearchProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AddSearchProvider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowActiveXFiltering</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TurnOnActiveXFiltering</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAddOnList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AddonManagement_AddOnList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutoComplete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictFormSuggestPW</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCertificateAddressMismatchWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyWarnCertMismatch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeletingBrowsingHistoryOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DBHDisableDeleteOnExit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_EnableEnhancedProtectedMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedSuggestionsInAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowServicePoweredQSA</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeFromToolsMenu</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseModeEnable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseModeSiteList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorer7PolicyList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CompatView_UsePolicyList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorerStandardsMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CompatView_IntranetSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyInternetZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyIntranetZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLocalMachineZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyInternetZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyIntranetZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLocalMachineZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyRestrictedSitesZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOneWordEntry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UseIntranetSiteForOneWordEntry</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSiteToZoneAssignmentList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Zonemaps</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsLockedDownTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTrustedSitesZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSoftwareWhenSignatureIsInvalid</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_InvalidSignatureBlock</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyRestrictedSitesZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSuggestedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableSuggestedSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTrustedSitesZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckServerCertificateRevocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_CertificateRevocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckSignaturesOnDownloadedPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_DownloadSignatures</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConsistentMimeHandlingInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryConsistentMimeHandling</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableActiveXVersionListAutoDownload</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VersionListAutomaticDownloadDisable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAdobeFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableFlashInIE</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarnings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableSafetyFilterOverride</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarningsAboutUncommonFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableSafetyFilterOverrideForAppRepUnknown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCompatView</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CompatView_DisableList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableConfiguringHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCrashDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AddonManagement_RestrictCrashDetection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCustomerExperienceImprovementProgramParticipation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SQM_DisableCEIP</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeletingUserVisitedWebsites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DBHDisableDeleteHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnclosureDownloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~RSS_Feeds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Downloading_of_Enclosures</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEncryptionSupport</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_SetWinInetProtocols</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFeedsBackgroundSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~RSS_Feeds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Background_Syncing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFirstRunWizard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoFirstRunCustomise</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFlipAheadFeature</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_DisableFlipAhead</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableGeolocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>GeolocationDisable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableHomePageChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictHomePage</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableIgnoringCertificateErrors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoCertError</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableInPrivateBrowsing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableInPrivateBrowsing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProcessesInEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_EnableEnhancedProtectedMode64Bit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProxyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictProxy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSearchProviderChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoSearchProvider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecondaryHomePageChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SecondaryHomePages</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecuritySettingsCheck</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Security_Settings_Check</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWebAddressAutoComplete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictWebAddressSuggest</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowActiveXControlsInProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_DisableEPMCompat</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VerMgmtDisable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControlsOnSpecificDomains</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VerMgmtDomainAllowlist</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllLocalSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_IncludeUnspecifiedLocalSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllNetworkPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_UNCAsIntranet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowPasteViaScript_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDropOrPasteFiles_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_XAML_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowTDCControl_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_WebBrowserControl_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyWindowsRestrictionsURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_ScriptStatusBar_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadSignedActiveX_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadUnsignedActiveX_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTurnOnXSSFilter_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyMimeSniffingURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_TurnOnProtectedMode_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_LocalPathForUpload_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLaunchAppsAndFilesInIFRAME_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLogon_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicySignedFrameworkComponentsURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_UnsafeFiles_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyBlockPopupWindows_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MimeSniffingSafetyFeatureInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MKProtocolSecurityRestrictionInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NewTabDefaultPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NewTabAction</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NotificationBarInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventManagingSmartScreenFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Managing_Safety_Filter_IE9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventPerUserInstallationOfActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePerUserActiveXInstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProtectionFromZoneElevationInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemoveRunThisTimeButtonForOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VerMgmtDisableRunThisTime</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictActiveXInstallInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_11</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowActiveScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyActiveScripting_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowBinaryAndScriptBehaviors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyBinaryBehaviors_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowPasteViaScript_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDropOrPasteFiles_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFileDownload_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_XAML_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowMETAREFRESH</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowMETAREFRESH_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowTDCControl_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_WebBrowserControl_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyWindowsRestrictionsURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_ScriptStatusBar_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadSignedActiveX_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadUnsignedActiveX_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTurnOnXSSFilter_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyMimeSniffingURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_LocalPathForUpload_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLaunchAppsAndFilesInIFRAME_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLogon_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunActiveXControlsAndPlugins</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyRunActiveXControls_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicySignedFrameworkComponentsURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXMarkedSafe_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptingOfJavaApplets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptingOfJavaApplets_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_UnsafeFiles_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneTurnOnProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_TurnOnProtectedMode_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyBlockPopupWindows_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictFileDownloadInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_12</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScriptedWindowSecurityRestrictionsInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SearchProviderList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SpecificSearchProvider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyUseOfActiveXInstallerService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>OnlyUseAXISForActiveXInstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>KioskBrowser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BlockedUrlExceptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockedUrls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DefaultURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableEndSessionButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableNavigationButtons</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestartOnIdleTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="1440"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Multitasking</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BrowserAltTabBlowout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Configures the inclusion of Edge tabs into Alt-Tab.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="1,2,3,4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>multitasking.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AltTabFilterDropdown</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>multitasking~AT~WindowsComponents~MULTITASKING</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MultiTaskingAltTabFilter</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Notifications</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowNotificationMirroring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WPN.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WPN~AT~StartMenu~NotificationsCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoNotificationMirroring</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowTileNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WPN.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WPN~AT~StartMenu~NotificationsCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoTileNotification</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Printers</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PointAndPrintRestrictions_User</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Printing.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Printing~AT~ControlPanel~CplPrinters</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PointAndPrint_Restrictions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Privacy</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePrivacyExperience</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>OOBE.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OOBE~AT~WindowsComponents~OOBE</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePrivacyExperience</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Security</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Settings</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureTaskbarCalendar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Taskbar.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Taskbar~AT~StartMenu~TPMCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureTaskbarCalendar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PageVisibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>ControlPanel.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SettingsPageVisibilityBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>ControlPanel~AT~ControlPanel</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SettingsPageVisibility</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Start</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisableContextMenus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableContextMenusInStart</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ForceStartSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ForceStartSize</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideAppList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideFrequentlyUsedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoFrequentUsedPrograms</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HidePeopleBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HidePeopleBar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentJumplists</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoRecentDocsHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentlyAddedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HideRecentlyAddedApps</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StartLayout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LockedStartLayout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>System</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowTelemetry</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowTelemetry</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsPowerShell</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>PowerShellExecutionPolicy.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>PowerShellExecutionPolicy~AT~WindowsComponents~PowerShell</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableScriptBlockLogging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-    </Node>
-  </Node>
-  <Node>
-    <NodeName>Policy</NodeName>
-    <Path>./Device/Vendor/MSFT</Path>
-    <DFProperties>
-      <AccessType>
-        <Get />
-      </AccessType>
-      <DFFormat>
-        <node />
-      </DFFormat>
-      <Occurrence>
-        <One />
-      </Occurrence>
-      <Scope>
-        <Permanent />
-      </Scope>
-      <DFType>
-        <MIME>com.microsoft/10.0/MDM/Policy</MIME>
-      </DFType>
-    </DFProperties>
-    <Node>
-      <NodeName>ConfigOperations</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Add />
-          <Delete />
-          <Get />
-        </AccessType>
-        <Description>Policy CSP ConfigOperations</Description>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <ZeroOrOne />
-        </Occurrence>
-        <Scope>
-          <Dynamic />
-        </Scope>
-        <DFType>
-          <DDFName></DDFName>
-        </DFType>
-      </DFProperties>
-      <Node>
-        <NodeName>ADMXInstall</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <Description>Win32 App ADMX Ingestion</Description>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>*</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-            </AccessType>
-            <Description>Win32 App Name</Description>
-            <DFFormat>
-              <node />
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <DDFName></DDFName>
-            </DFType>
-          </DFProperties>
-          <Node>
-            <NodeName>Properties</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Add />
-                <Delete />
-                <Get />
-              </AccessType>
-              <Description>Properties of Win32 App ADMX Ingestion</Description>
-              <DFFormat>
-                <node />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFType>
-                <DDFName></DDFName>
-              </DFType>
-            </DFProperties>
-            <Node>
-              <NodeName>*</NodeName>
-              <DFProperties>
-                <AccessType>
-                  <Add />
-                  <Delete />
-                  <Get />
-                </AccessType>
-                <Description>Setting Type of Win32 App. Policy Or Preference</Description>
-                <DFFormat>
-                  <node />
-                </DFFormat>
-                <Occurrence>
-                  <ZeroOrOne />
-                </Occurrence>
-                <Scope>
-                  <Dynamic />
-                </Scope>
-                <DFType>
-                  <DDFName></DDFName>
-                </DFType>
-              </DFProperties>
-              <Node>
-                <NodeName>*</NodeName>
-                <DFProperties>
-                  <AccessType>
-                    <Add />
-                    <Delete />
-                    <Get />
-                  </AccessType>
-                  <Description>Unique ID of ADMX file</Description>
-                  <DFFormat>
-                    <node />
-                  </DFFormat>
-                  <Occurrence>
-                    <ZeroOrOne />
-                  </Occurrence>
-                  <Scope>
-                    <Dynamic />
-                  </Scope>
-                  <DFType>
-                    <DDFName></DDFName>
-                  </DFType>
-                </DFProperties>
-                <Node>
-                  <NodeName>Version</NodeName>
-                  <DFProperties>
-                    <AccessType>
-                      <Add />
-                      <Delete />
-                      <Get />
-                      <Replace />
-                    </AccessType>
-                    <Description>Version of ADMX file</Description>
-                    <DFFormat>
-                      <chr />
-                    </DFFormat>
-                    <Occurrence>
-                      <ZeroOrOne />
-                    </Occurrence>
-                    <Scope>
-                      <Dynamic />
-                    </Scope>
-                    <DFType>
-                      <DDFName></DDFName>
-                    </DFType>
-                  </DFProperties>
-                </Node>
-              </Node>
-            </Node>
-          </Node>
-          <Node>
-            <NodeName>*</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Add />
-                <Delete />
-                <Get />
-              </AccessType>
-              <Description>Setting Type of Win32 App. Policy Or Preference</Description>
-              <DFFormat>
-                <node />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFType>
-                <DDFName></DDFName>
-              </DFType>
-            </DFProperties>
-            <Node>
-              <NodeName>*</NodeName>
-              <DFProperties>
-                <AccessType>
-                  <Add />
-                  <Delete />
-                  <Get />
-                  <Replace />
-                </AccessType>
-                <Description>Unique ID of ADMX file</Description>
-                <DFFormat>
-                  <chr />
-                </DFFormat>
-                <Occurrence>
-                  <ZeroOrOne />
-                </Occurrence>
-                <Scope>
-                  <Dynamic />
-                </Scope>
-                <DFType>
-                  <DDFName></DDFName>
-                </DFType>
-              </DFProperties>
-            </Node>
-          </Node>
-        </Node>
-      </Node>
-    </Node>
-    <Node>
-      <NodeName>Config</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Add />
-          <Delete />
-          <Get />
-        </AccessType>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <ZeroOrOne />
-        </Occurrence>
-        <Scope>
-          <Dynamic />
-        </Scope>
-        <DFType>
-          <DDFName></DDFName>
-        </DFType>
-      </DFProperties>
-      <Node>
-        <NodeName>AboveLock</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowActionCenterNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCortanaAboveLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowToasts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Accounts</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddingNonMicrosoftAccountsManually</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftAccountConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftAccountSignInAssistant</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainNamesForEmailSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ActiveXControls</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ApprovedInstallationSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ApplicationDefaults</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DefaultAssociationsConfiguration</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableAppUriHandlers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enables web-to-app linking, which allows apps to be launched with a http(s) URI</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ApplicationManagement</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAllTrustedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAppStoreAutoUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeveloperUnlock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowGameDVR</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSharedUserAppData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStore</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ApplicationRestrictions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockNonAdminUserInstall</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableStoreOriginatedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LaunchAppAfterLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MSIAllowUserControlOverInstall</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePrivateStoreOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictAppDataToSystemVolume</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictAppToSystemVolume</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleForceRestartForUpdateFailures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>AppRuntime</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowMicrosoftAccountsToBeOptional</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>AppVirtualization</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAppVClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDynamicVirtualization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPackageCleanup</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPackageScripts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPublishingRefreshUX</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowReportingServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRoamingFileExclusions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRoamingRegistryExclusions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStreamingAutoload</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClientCoexistenceAllowMigrationmode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntegrationAllowRootGlobal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntegrationAllowRootUser</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer1</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer2</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer3</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer4</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer5</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowCertificateFilterForClient_SSL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowHighCostLaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowLocationProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowPackageInstallationRoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowPackageSourceRoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowReestablishmentInterval</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowReestablishmentRetries</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingSharedContentStoreMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingSupportBranchCache</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingVerifyCertificateRevocationList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>VirtualComponentsAllowList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Audit</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AccountLogon_AuditCredentialValidation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by validation tests on user account logon credentials.
-
-Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogon_AuditKerberosAuthenticationService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
-
-If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogon_AuditKerberosServiceTicketOperations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
-
-If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogon_AuditOtherAccountLogonEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
-
-Currently, there are no events in this subcategory.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditAccountLockout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out.
-
-If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-
-Logon events are essential for understanding user activity and to detect potential attacks.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditGroupMembership</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows you to audit the group memberhsip information in the user&apos;s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
-
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditIPsecExtendedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
-
-If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditIPsecMainMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
-
-If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditIPsecQuickMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
-
-If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.If
- you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditLogoff</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
-
-If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions.
-If you do not configure this policy setting, no audit event is generated when a logon session is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by user account logon attempts on the computer.
-Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. The following events are included:
-    Successful logon attempts.
-    Failed logon attempts.
-    Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command.
-    Security identifiers (SIDs) were filtered and not allowed to log on.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditNetworkPolicyServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
-If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts.
-If you do not configure this policy settings, IAS and NAP user access requests are not audited.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditOtherLogonLogoffEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting such as the following:
-    Terminal Services session disconnections.
-    New Terminal Services sessions.
-    Locking and unlocking a workstation.
-    Invoking a screen saver.
-    Dismissal of a screen saver.
-    Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration.
-    Access to a wireless network granted to a user or computer account.
-    Access to a wired 802.1x network granted to a user or computer account.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditSpecialLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by special logons such as the following :
-    The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
-    A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121697).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditUserDeviceClaims</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows you to audit user and device claims information in the user&apos;s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
-
-User claims are added to a logon token when claims are included with a user&apos;s account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device&apos;s computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on.
-
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditApplicationGroupManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to application groups such as the following:
-    Application group is created, changed, or deleted.
-    Member is added or removed from an application group.
-
-If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an application group changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditComputerAccountManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a computer account changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditDistributionGroupManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to distribution groups such as the following:
-    Distribution group is created, changed, or deleted.
-    Member is added or removed from a distribution group.
-    Distribution group type is changed.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a distribution group changes.
-
-Note: Events in this subcategory are logged only on domain controllers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditOtherAccountManagementEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following:
-    The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration.
-    The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack.
-    Changes to the Default Domain Group Policy under the following Group Policy paths:
-Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
-Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditSecurityGroupManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to security groups such as the following:
-    Security group is created, changed, or deleted.
-    Member is added or removed from a security group.
-    Group type is changed.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a security group changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditUserAccountManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit changes to user accounts. Events include the following:
-    A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked.
-    A user account’s password is set or changed.
-    A security identifier (SID) is added to the SID History of a user account.
-    The Directory Services Restore Mode password is configured.
-    Permissions on administrative user accounts are changed.
-    Credential Manager credentials are backed up or restored.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when a user account changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditDPAPIActivity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
-
-If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditPNPActivity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit when plug and play detects an external device.
-
-If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category.
-If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditProcessCreation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
-
-If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a process is created.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditProcessTermination</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated when a process ends. 
-
-If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a process ends.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditRPCEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit inbound remote procedure call (RPC) connections.
-
-If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditTokenRightAdjusted</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by adjusting the privileges of a token.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDetailedDirectoryServiceReplication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDirectoryServiceAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. 
-
-Only AD DS objects with a matching system access control list (SACL) are logged.
-
-Events in this subcategory are similar to the Directory Service Access events available in previous versions of Windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDirectoryServiceChanges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
-
-When possible, events logged in this subcategory indicate the old and new values of the object’s properties.
-
-Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
-
-Note: Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema.
-
-If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
-If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDirectoryServiceReplication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
-
-If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication.
-If you do not configure this policy setting, no audit event is generated during AD DS replication.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditApplicationGenerated</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
-Events in this subcategory include:
-    Creation of an application client context.
-    Deletion of an application client context.
-    Initialization of an application client context.
-    Other application operations using the Windows Auditing APIs.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditCentralAccessPolicyStaging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object.
-
-If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows:
-1) Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access.
-2) Failure audits when configured records access attempts when:
-   a) The current central access policy does not grant access but the proposed policy grants access.
-   b) A principal requests the maximum access rights they are allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy.
-
-Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditCertificationServices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations.
-AD CS operations include the following:
-    AD CS startup/shutdown/backup/restore.
-    Changes to the certificate revocation list (CRL).
-    New certificate requests.
-    Issuing of a certificate.
-    Revocation of a certificate.
-    Changes to the Certificate Manager settings for AD CS.
-    Changes in the configuration of AD CS.
-    Changes to a Certificate Services template.
-    Importing of a certificate.
-    Publishing of a certification authority certificate is to Active Directory Domain Services.
-    Changes to the security permissions for AD CS.
-    Archival of a key.
-    Importing of a key.
-    Retrieval of a key.
-    Starting of Online Certificate Status Protocol (OCSP) Responder Service.
-    Stopping of Online Certificate Status Protocol (OCSP) Responder Service.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditDetailedFileShare</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share.  Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
-
-If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
-
-Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared files and folders on the system is audited.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFileShare</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit attempts to access a shared folder.
-
-If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
-
-Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared folders on the system is audited.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFileSystem</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see https://go.microsoft.com/fwlink/?LinkId=122083.
-
-If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
-
-Note: You can set a SACL on a file system object using the Security tab in that object&apos;s Properties dialog box.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFilteringPlatformConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included:
-    The Windows Firewall Service blocks an application from accepting incoming connections on the network.
-    The WFP allows a connection.
-    The WFP blocks a connection.
-    The WFP permits a bind to a local port.
-    The WFP blocks a bind to a local port.
-    The WFP allows a connection.
-    The WFP blocks a connection.
-    The WFP permits an application or service to listen on a port for incoming connections.
-    The WFP blocks an application or service to listen on a port for incoming connections.
-
-If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked.
-If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFilteringPlatformPacketDrop</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditHandleManipulation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
-
-If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
-
-Note: Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditKernelObject</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. 
-Only kernel objects with a matching system access control list (SACL) generate security audit events.
-
-Note: The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditOtherObjectAccessEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. 
-For scheduler jobs, the following are audited:
-    Job created.
-    Job deleted.
-    Job enabled.
-    Job disabled.
-    Job updated.
-For COM+ objects, the following are audited:
-    Catalog object added.
-    Catalog object updated.
-    Catalog object deleted.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditRegistry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
-
-If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
-
-Note: You can set a SACL on a registry object using the Permissions dialog box.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditRemovableStorage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
-
-If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-
-If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditSAM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
-SAM objects include the following:
-    SAM_ALIAS -- A local group.
-    SAM_GROUP -- A group that is not a local group.
-    SAM_USER – A user account.
-    SAM_DOMAIN – A domain.
-    SAM_SERVER – A computer account.
-If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
-Note: Only the System Access Control List (SACL) for SAM_SERVER can be modified.
-Volume: High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121698).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditAuthenticationPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to the authentication policy such as the following:
-    Creation of forest and domain trusts.
-    Modification of forest and domain trusts.
-    Removal of forest and domain trusts.
-    Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy.
-    Granting of any of the following user rights to a user or group:
-        Access This Computer From the Network.
-        Allow Logon Locally.
-        Allow Logon Through Terminal Services.
-        Logon as a Batch Job.
-        Logon a Service.
-    Namespace collision. For example, when a new trust has the same name as an existing namespace name.
-
-If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
-
-Note: The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditAuthorizationPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to the authorization policy such as the following:
-    Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
-    Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
-    Changes in the Encrypted File System (EFS) policy.
-    Changes to the Resource attributes of an object.
-    Changes to the Central Access Policy (CAP) applied to an object.
-
-If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when the authorization policy changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditFilteringPlatformPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: 
-    IPsec services status.
-    Changes to IPsec policy settings.
-    Changes to Windows Firewall policy settings.
-    Changes to WFP providers and engine.
-
-If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a change occurs to the WFP.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditMPSSVCRuleLevelPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following:
-    Reporting of active policies when Windows Firewall service starts.
-    Changes to Windows Firewall rules.
-    Changes to Windows Firewall exception list.
-    Changes to Windows Firewall settings.
-    Rules ignored or not applied by Windows Firewall Service.
-    Changes to Windows Firewall Group Policy settings.
-
-If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditOtherPolicyChangeEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following:
-    Trusted Platform Module (TPM) configuration changes.
-    Kernel-mode cryptographic self tests.
-    Cryptographic provider operations.
-    Cryptographic context operations or modifications.
-    Applied Central Access Policies (CAPs) changes.
-    Boot Configuration Data (BCD) modifications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit changes in the security audit policy settings such as the following:
-    Settings permissions and audit settings on the Audit Policy object.
-    Changes to the system audit policy.
-    Registration of security event sources.
-    De-registration of security event sources.
-    Changes to the per-user audit settings.
-    Changes to the value of CrashOnAuditFail.
-    Changes to the system access control list on a file system or registry object.
-    Changes to the Special Groups list.
-
-Note: System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object&apos;s SACL is configured for auditing of DACL/Owner change.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrivilegeUse_AuditNonSensitivePrivilegeUse</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
-The following privileges are non-sensitive:
-        Access Credential Manager as a trusted caller.
-        Access this computer from the network.
-        Add workstations to domain.
-        Adjust memory quotas for a process.
-        Allow log on locally.
-        Allow log on through Terminal Services.
-        Bypass traverse checking.
-        Change the system time.
-        Create a pagefile.
-        Create global objects.
-        
-        Create permanent shared objects.
-        Create symbolic links.
-        Deny access this computer from the network.
-        Deny log on as a batch job.
-        Deny log on as a service.
-        Deny log on locally.
-        Deny log on through Terminal Services.
-        Force shutdown from a remote system.
-        Increase a process working set.
-        Increase scheduling priority.
-        Lock pages in memory.
-        Log on as a batch job.
-        Log on as a service.
-        Modify an object label.
-        Perform volume maintenance tasks.
-        Profile single process.
-        Profile system performance.
-        Remove computer from docking station.
-        Shut down the system.
-        Synchronize directory service data.
-
-If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls.
-If you do not configure this policy setting, no audit event is generated when a non-sensitive privilege is called.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrivilegeUse_AuditOtherPrivilegeUseEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Not used.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrivilegeUse_AuditSensitivePrivilegeUse</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following:
-    A privileged service is called.
-    One of the following privileges are called:
-        Act as part of the operating system.
-        Back up files and directories.
-        Create a token object.
-        Debug programs.
-        Enable computer and user accounts to be trusted for delegation.
-        Generate security audits.
-        Impersonate a client after authentication.
-        Load and unload device drivers.
-        Manage auditing and security log.
-        Modify firmware environment values.
-        Replace a process-level token.
-        Restore files and directories.
-        Take ownership of files or other objects.
-
-If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made.
-</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditIPsecDriver</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by the IPsec filter driver such as the following:
-    Startup and shutdown of the IPsec services.
-    Network packets dropped due to integrity check failure.
-    Network packets dropped due to replay check failure.
-    Network packets dropped due to being in plaintext.
-    Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated.
-    Inability to process IPsec filters.
-
-If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditOtherSystemEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit any of the following events:
-    Startup and shutdown of the Windows Firewall service and driver.
-    Security policy processing by the Windows Firewall Service.
-    Cryptography key file and migration operations.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditSecurityStateChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events:
-    Startup and shutdown of the computer.
-    Change of system time.
-    Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditSecuritySystemExtension</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events related to security system extensions or services such as the following:
-    A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM.
-    A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account.
-If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditSystemIntegrity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:
-    Events that could not be written to the event log because of a problem with the auditing system.
-    A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
-    The detection of a Remote Procedure Call (RPC) that compromises system integrity.
-    The detection of a hash value of an executable file that is not valid as determined by Code Integrity.
-    Cryptographic operations that compromise system integrity.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Authentication</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAadPasswordReset</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether password reset is enabled for AAD accounts.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFastReconnect</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSecondaryAuthenticationDevice</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureWebcamAccessDomainNames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies a list of domains that are allowed to access the webcam in CXH-based authentication scenarios.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableFastFirstSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether new non-admin AAD accounts should auto-connect to pre-created candidate local accounts</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableWebSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether web-based sign in is allowed for logging in to Windows</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreferredAadTenantDomainName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies the preferred domain among available domains in the AAD tenant.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Autoplay</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowAutoplayForNonVolumeDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultAutoRunBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffAutoPlay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Bitlocker</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EncryptionMethod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>BITS</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BandwidthThrottlingEndTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BandwidthThrottlingStartTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BandwidthThrottlingTransferRate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CostedNetworkBehaviorBackgroundPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CostedNetworkBehaviorForegroundPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>JobInactivityTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Bluetooth</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAdvertising</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDiscoverableMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrepairing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPromptedProximalConnections</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalDeviceName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ServicesAllowedList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetMinimumEncryptionKeySize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Browser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddressBarDropdown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutofill</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBrowser</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCookies</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you configure how your company deals with cookies.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeveloperTools</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDoNotTrack</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlashClickToRun</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScreenMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
-
-If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
-
-If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInPrivate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftCompatibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
-
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
-
-If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPasswordManager</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPopups</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrelaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrinting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
-
-If enabled, printing is allowed.
-
-If disabled, printing is not allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSavingHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
-
-If enabled or not configured, the browsing history is saved and visible in the History pane.
-
-If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchEngineCustomization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
-
-If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
-If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
-
-This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchSuggestionsinAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSideloadingOfExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSmartScreen</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWebContentOnNewTabPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
-
-If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
-
-If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
-
-If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlwaysEnableBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClearBrowsingDataOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureAdditionalSearchEngines</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allows you to add up to 5 additional search engines for MDM-enrolled devices.
-
-If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
-
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureFavoritesBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
-
-If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
-
-If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
-
-If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
-
-By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
-
-When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
-
-If Enabled AND:
-- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
-- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
-- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
-- Hide home button is selected, the home button is hidden in Microsoft Edge.
-
-Default setting: Disabled or not configured
-Related policies:
-- Set Home Button URL
-- Unlock Home Button</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
-
-You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
-
-If enabled and set to 0 (Default or not configured):
-- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
-- If it’s one of many apps, Microsoft Edge runs as normal.
-If enabled and set to 1:
-- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
-- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
-
-If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
-
-If you set this policy to 0, Microsoft Edge does not use an idle timer.
-
-If disabled or not configured, the default value is 5 minutes.
-
-If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
-
-If enabled, you can choose one of the following options:
-- Start page: the Start page loads ignoring the Configure Start Pages policy.
-- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
-- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
-- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
-
-When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
-
-If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
-
-Default setting: A specific page or pages (default)
-Related policies:
--Disable Lockdown of Start Pages
--Configure Start Pages</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableLockdownOfStartPages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
-
-If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Start Pages
-- Configure Open Microsoft Edge With</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableExtendedBooksTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseSiteListServiceUrl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FirstRunURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configure first run URL.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HomePages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
-
-If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
-
-      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
-
-If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
-
-Version 1703 or later:
-If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
-
-Version 1809:
-If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Open Microsoft Edge With
-- Disable Lockdown of Start Pages</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockdownFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
-
-If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAccessToAboutFlagsInMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventCertErrorOverrides</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
-
-If enabled, overriding certificate errors are not allowed.
-
-If disabled or not configured, overriding certificate errors are allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventFirstRunPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventLiveTileDataCollection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverride</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverrideForFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventTurningOffRequiredExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
-
-When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs).  For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe  prevents a user from turning off the OneNote Web Clipper and Office Online extension.
-
-When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
-
-If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
-
-If disabled or not configured, extensions defined as part of this policy get ignored.
-
-Default setting:  Disabled or not configured
-Related policies: Allow Developer Tools
-Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent using localhost IP address for WebRTC</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProvisionFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
-
-If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SendIntranetTraffictoInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultSearchEngine</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
-
-If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
-
-If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees.  If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetHomeButtonURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
-
-If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
-
-Default setting: Blank or not configured
-Related policy: Configure Home Button</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetNewTabPageURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
-
-If enabled, you can set the default New Tab page URL.
-
-If disabled or not configured, the default Microsoft Edge new tab page is used.
-
-Default setting:  Disabled or not configured
-Related policy: Allow web content on New Tab page</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
-
-If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
-
-If disabled or not configured, the default app behavior occurs and no additional page displays.
-
-Default setting: Disabled or not configured
-Related policies:
--Configure the Enterprise Mode Site List
--Send all intranet sites to Internet Explorer 11</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SyncFavoritesBetweenIEAndMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnlockHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
-
-If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
-
-If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
-
-Default setting: Disabled or not configured
-Related policy:
--Configure Home Button
--Set Home Button URL</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UseSharedFolderForBooks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Camera</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowCamera</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Cellular</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>LetAppsAccessCellularData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access cellular data.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCellularData_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCellularData_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCellularData_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowAppCellularAccessUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Connectivity</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowBluetooth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCellularData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCellularDataRoaming</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowConnectedDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowNFC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPhonePCLinking</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUSBConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVPNOverCellular</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVPNRoamingOverCellular</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DiablePrintingOverHTTP</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDownloadingOfPrintDriversOverHTTP</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowNetworkConnectivityActiveTests</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HardenedUNCPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProhibitInstallationAndConfigurationOfNetworkBridge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ControlPolicyConflict</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>MDMWinsOverGP</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC. Setting the value to 0 (zero) or deleting the policy will remove the GP policy blocks restore the saved GP policies.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialProviders</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowPINLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockPicturePassword</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAutomaticReDeploymentCredentials</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialsDelegation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>RemoteHostAllowsDelegationOfNonExportableCredentials</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialsUI</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePasswordReveal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnumerateAdministrators</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Cryptography</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowFipsAlgorithmPolicy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TLSCipherSuites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DataProtection</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowDirectMemoryAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LegacySelectiveWipeID</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DataUsage</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>SetCost3G</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetCost4G</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Defender</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowArchiveScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBehaviorMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCloudProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEmailScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScanOnMappedNetworkDrives</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScanRemovableDriveScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIntrusionPreventionSystem</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIOAVProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOnAccessProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRealtimeMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScanningNetworkFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScriptScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUserUIAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AttackSurfaceReductionOnlyExclusions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AttackSurfaceReductionRules</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AvgCPULoadFactor</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckForSignaturesBeforeRunningScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudBlockLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudExtendedTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ControlledFolderAccessAllowedApplications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ControlledFolderAccessProtectedFolders</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DaysToRetainCleanedMalware</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCatchupFullScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCatchupQuickScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableControlledFolderAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableLowCPUPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableNetworkProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludedExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludedPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludedProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PUAProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RealTimeScanDirection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScanParameter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleQuickScanTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleScanDay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleScanTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SecurityIntelligenceLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SignatureUpdateFallbackOrder</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SignatureUpdateFileSharesSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SignatureUpdateInterval</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SubmitSamplesConsent</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ThreatSeverityDefaultAction</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeliveryOptimization</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DOAbsoluteMaxCacheSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOAllowVPNPeerCaching</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOCacheHost</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOCacheHostSource</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayBackgroundDownloadFromHttp</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayCacheServerFallbackBackground</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayCacheServerFallbackForeground</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayForegroundDownloadFromHttp</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODownloadMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOGroupId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOGroupIdSource</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxBackgroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxCacheAge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxCacheSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxForegroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinBackgroundQos</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinBatteryPercentageAllowedToUpload</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinDiskSizeAllowedToPeer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinFileSizeToCache</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinRAMAllowedToPeer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOModifyCacheDrive</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMonthlyUploadDataCap</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOPercentageMaxBackgroundBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOPercentageMaxForegroundBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DORestrictPeerSelectionBy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOSetHoursToLimitBackgroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOSetHoursToLimitForegroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceGuard</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureSystemGuardLaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Secure Launch configuration: 0 - Unmanaged, configurable by Administrative user, 1 - Enables Secure Launch if supported by hardware, 2 - Disables Secure Launch.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableVirtualizationBasedSecurity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Turns On Virtualization Based Security(VBS)</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LsaCfgFlags</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePlatformSecurityFeatures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceHealthMonitoring</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowDeviceHealthMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable 4Nines device health monitoring on devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigDeviceHealthMonitoringScope</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which types of events are monitored.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigDeviceHealthMonitoringUploadDestination</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which destinations are in-scope for monitored events to be uploaded.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceInstallation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowInstallationOfMatchingDeviceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInstallationOfMatchingDeviceInstanceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInstallationOfMatchingDeviceSetupClasses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventDeviceMetadataFromNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfMatchingDeviceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfMatchingDeviceInstanceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfMatchingDeviceSetupClasses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceLock</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowIdleReturnWithoutPassword</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether the user must input a PIN or password when the device resumes from an idle state.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSimpleDevicePassword</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlphanumericDevicePasswordRequired</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DevicePasswordEnabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether device lock is enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DevicePasswordExpiration</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies when the password expires (in days).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DevicePasswordHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies how many passwords can be stored in the history that can’t be used.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnforceLockScreenAndLogonImage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnforceLockScreenProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxDevicePasswordFailedAttempts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxInactivityTimeDeviceLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxInactivityTimeDeviceLockWithExternalDisplay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Sets the maximum timeout value for the external display.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MinDevicePasswordComplexCharacters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MinDevicePasswordLength</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies the minimum number or characters required in the PIN or password.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MinimumPasswordAge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
-
-The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
-
-Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventEnablingLockScreenCamera</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventLockScreenSlideShow</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      <Node>
-        <NodeName>Display</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePerProcessDpiForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnablePerProcessDpi</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnablePerProcessDpiForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffGdiDPIScalingForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnGdiDPIScalingForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DmaGuard</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DeviceEnumerationPolicy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ErrorReporting</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CustomizeConsentSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWindowsErrorReporting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisplayErrorNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotSendAdditionalData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventCriticalErrorDisplay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>EventLogService</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ControlEventLogBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaximumFileSizeApplicationLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaximumFileSizeSecurityLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaximumFileSizeSystemLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Experience</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowClipboardHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allows history of clipboard items to be stored in memory.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCopyPaste</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCortana</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeviceDiscovery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFindMyDevice</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowManualMDMUnenrollment</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSaveAsOfOfficeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScreenCapture</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSharingOfOfficeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSIMErrorDialogPromptWhenNoSIM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSyncMySettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTaskSwitcher</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVoiceRecording</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsConsumerFeatures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsTips</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCloudOptimizedContent</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotShowFeedbackNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotSyncBrowserSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user. 
-                        Related policy: PreventUsersFromTurningOnBrowserSyncing
-                        0 (default) = allow syncing, 2 = disable syncing</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventUsersFromTurningOnBrowserSyncing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices.  When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
-                        Related policy: DoNotSyncBrowserSettings
-                        1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowLockOnUserTile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Shows or hides lock from the user tile menu.
-If you enable this policy setting, the lock option will be shown in the User Tile menu.
-
-If you disable this policy setting, the lock option will never be shown in the User Tile menu.
-
-If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ExploitGuard</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ExploitProtectionSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>FactoryComposer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BackgroundImagePath</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>OEMVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserToSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UWPLaunchOnBoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>FileExplorer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>TurnOffDataExecutionPreventionForExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffHeapTerminationOnCorruption</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Games</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAdvancedGamingServices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Handwriting</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PanelDefaultModeDocked</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>InternetExplorer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AddSearchProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowActiveXFiltering</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAddOnList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCertificateAddressMismatchWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeletingBrowsingHistoryOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedSuggestionsInAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeFromToolsMenu</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFallbackToSSL3</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorer7PolicyList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorerStandardsMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOneWordEntry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSiteToZoneAssignmentList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsLockedDownTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSoftwareWhenSignatureIsInvalid</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSuggestedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckServerCertificateRevocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckSignaturesOnDownloadedPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConsistentMimeHandlingInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAdobeFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarnings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarningsAboutUncommonFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCompatView</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableConfiguringHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCrashDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCustomerExperienceImprovementProgramParticipation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeletingUserVisitedWebsites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnclosureDownloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEncryptionSupport</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFeedsBackgroundSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFirstRunWizard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFlipAheadFeature</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableGeolocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableIgnoringCertificateErrors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableInPrivateBrowsing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProcessesInEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProxyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSearchProviderChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecondaryHomePageChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecuritySettingsCheck</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableUpdateCheck</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWebAddressAutoComplete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowActiveXControlsInProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowUsersToAddSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowUsersToChangePolicies</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControlsOnSpecificDomains</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllLocalSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllNetworkPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MimeSniffingSafetyFeatureInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MKProtocolSecurityRestrictionInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NewTabDefaultPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NotificationBarInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventManagingSmartScreenFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventPerUserInstallationOfActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProtectionFromZoneElevationInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemoveRunThisTimeButtonForOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictActiveXInstallInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowActiveScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowBinaryAndScriptBehaviors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowMETAREFRESH</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunActiveXControlsAndPlugins</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptingOfJavaApplets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneTurnOnProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictFileDownloadInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScriptedWindowSecurityRestrictionsInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SearchProviderList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SecurityZonesUseOnlyMachineSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyUseOfActiveXInstallerService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Kerberos</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowForestSearchOrder</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>KerberosClientSupportsClaimsCompoundArmor</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireKerberosArmoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireStrictKDCValidation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetMaximumContextTokenSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UPNNameHints</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal.
-                
-                This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>KioskBrowser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BlockedUrlExceptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockedUrls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DefaultURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableEndSessionButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableNavigationButtons</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestartOnIdleTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LanmanWorkstation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnableInsecureGuestLogons</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Licensing</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowWindowsEntitlementReactivation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowKMSClientOnlineAVSValidation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LocalPoliciesSecurityOptions</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>Accounts_BlockMicrosoftAccounts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting prevents users from adding new Microsoft accounts on this computer.
-
-If you select the &quot;Users can’t add Microsoft accounts&quot; option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
-
-If you select the &quot;Users can’t add or log on with Microsoft accounts&quot; option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
-
-If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_EnableAdministratorAccountStatus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This security setting determines whether the local Administrator account is enabled or disabled.
-
-Notes
-
-If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
-Disabling the Administrator account can become a maintenance issue under certain circumstances. 
-
-Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts.  If the computer is domain joined the disabled administrator will not be enabled.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_EnableGuestAccountStatus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This security setting determines if the Guest account is enabled or disabled.
-
-Default: Disabled.
-
-Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Accounts: Limit local account use of blank passwords to console logon only
-
-This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer&apos;s keyboard.
-
-Default: Enabled.
-
-
-Warning:
-
-Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
-If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
-
-Notes
-
-This setting does not affect logons that use domain accounts.
-It is possible for applications that use remote interactive logons to bypass this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_RenameAdministratorAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Accounts: Rename administrator account
-
-This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
-
-Default: Administrator.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_RenameGuestAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Accounts: Rename guest account
-
-This security setting determines whether a different account name is associated with the security identifier (SID) for the account &quot;Guest.&quot; Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
-
-Default: Guest.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_AllowedToFormatAndEjectRemovableMedia</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Devices: Allowed to format and eject removable media
-
-This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
-
-Administrators
-Administrators and Interactive Users
-
-Default: This policy is not defined and only Administrators have this ability.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_AllowUndockWithoutHavingToLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Devices: Allow undock without having to log on
-This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
-Default: Enabled.
-
-Caution
-Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Devices: Prevent users from installing printer drivers when connecting to shared printers
-
-For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
-
-Default on servers: Enabled.
-Default on workstations: Disabled
-
-Notes
-
-This setting does not affect the ability to add a local printer.
-This setting does not affect Administrators.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Devices: Restrict CD-ROM access to locally logged-on user only
-
-This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.
-
-If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network.
-
-Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive Logon:Display user information when the session is locked
-User display name, domain and user names (1)
-User display name only (2)
-Do not display user information (3)
-Domain and user names only (4)</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DoNotDisplayLastSignedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Don&apos;t display last signed-in
-This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
-If this policy is enabled, the username will not be shown.
-
-If this policy is disabled, the username will be shown.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DoNotDisplayUsernameAtSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Don&apos;t display username at sign-in
-This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
-If this policy is enabled, the username will not be shown.
-
-If this policy is disabled, the username will be shown.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DoNotRequireCTRLALTDEL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Do not require CTRL+ALT+DEL
-
-This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
-
-If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users&apos; passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
-
-If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
-
-Default on domain-computers: Enabled: At least Windows  8/Disabled: Windows 7 or earlier.
-Default on stand-alone computers: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_MachineInactivityLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Machine inactivity limit.
-
-Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
-
-Default: not enforced.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_MessageTextForUsersAttemptingToLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Message text for users attempting to log on
-
-This security setting specifies a text message that is displayed to users when they log on.
-
-This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
-
-Default: No message.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Message title for users attempting to log on
-
-This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on.
-
-Default: No message.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_SmartCardRemovalBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Interactive logon: Smart card removal behavior
-
-This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
-
-The options are:
-
- No Action
- Lock Workstation
- Force Logoff
- Disconnect if a Remote Desktop Services session 
-
-If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
-
-If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed.
-
-If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation.
-
-Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
-
-Default: This policy is not defined, which means that the system treats it as No action.
-
-On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft network client: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB client component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
-
-If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-
-Default: Disabled.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft network client: Digitally sign communications (if server agrees)
-
-This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
-
-If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
-
-Default: Enabled.
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft network client: Send unencrypted password to connect to third-party SMB servers
-
-If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.
-
-Sending unencrypted passwords is a security risk.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft network server: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB server component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
-
-If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
-
-Default:
-
-Disabled for member servers.
-Enabled for domain controllers.
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
-If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy:
-Microsoft network server: Digitally sign communications (if server agrees)
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
-HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft network server: Digitally sign communications (if client agrees)
-
-This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
-
-If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
-
-Default: Enabled on domain controllers only.
-
-Important
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network access: Do not allow anonymous enumeration of SAM accounts
-
-This security setting determines what additional permissions will be granted for anonymous connections to the computer.
-
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust.
-
-This security option allows additional restrictions to be placed on anonymous connections as follows:
-
-Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
-Disabled: No additional restrictions. Rely on default permissions.
-
-Default on workstations: Enabled.
-Default on server:Enabled.
-
-Important
-
-This policy has no impact on domain controllers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network access: Do not allow anonymous enumeration of SAM accounts and shares
-
-This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
-
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network access: Restrict anonymous access to Named Pipes and Shares
-
-When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
-
-Network access: Named pipes that can be accessed anonymously
-Network access: Shares that can be accessed anonymously
-Default: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network access: Restrict clients allowed to make remote calls to SAM
-
-This policy setting allows you to restrict remote rpc connections to SAM.
-
-If not selected, the default security descriptor will be used.
-
-This policy is supported on at least Windows Server 2016.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Allow Local System to use computer identity for NTLM
-
-This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.
-
-If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.
-
-If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.
-
-By default, this policy is enabled on Windows 7 and above.
-
-By default, this policy is disabled on Windows Vista.
-
-This policy is supported on at least Windows Vista or Windows Server 2008.
-
-Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_AllowPKU2UAuthenticationRequests</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Allow PKU2U authentication requests to this computer to use online identities.
-
-This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Do not store LAN Manager hash value on next password change
-
-This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
-
-
-Default on Windows Vista and above: Enabled
-Default on Windows XP: Disabled.
-
-Important
-
-Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_LANManagerAuthenticationLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security LAN Manager authentication level
-
-This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
-
-Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
-
-Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
-
-Important
-
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
-
-Default:
-
-Windows 2000 and windows XP: send LM and NTLM responses
-
-Windows Server 2003: Send NTLM response only
-
-Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
-
-This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-
-Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
-Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
-
-Default:
-
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
-
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
-
-This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-
-Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
-Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
-
-Default:
-
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
-
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
-
-This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  &quot;Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers&quot; policy setting is configured.
-
-If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
-
-If you do not configure this policy setting, no exceptions will be applied.
-
-The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Restrict NTLM: Audit Incoming NTLM Traffic
-
-This policy setting allows you to audit incoming NTLM traffic.
-
-If you select &quot;Disable&quot;, or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
-
-If you select &quot;Enable auditing for domain accounts&quot;, the server will log events for NTLM pass-through authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all domain accounts&quot; option.
-
-If you select &quot;Enable auditing for all accounts&quot;, the server will log events for all NTLM authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all accounts&quot; option.
-
-This policy is supported on at least Windows 7 or Windows Server 2008 R2.
-
-Note: Audit events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Restrict NTLM: Incoming NTLM traffic
-
-This policy setting allows you to deny or allow incoming NTLM traffic.
-
-If you select &quot;Allow all&quot; or do not configure this policy setting, the server will allow all NTLM authentication requests.
-
-If you select &quot;Deny all domain accounts,&quot; the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
-
-If you select &quot;Deny all accounts,&quot; the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
-
-This policy is supported on at least Windows 7 or Windows Server 2008 R2.
-
-Note: Block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
-
-This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
-
-If you select &quot;Allow all&quot; or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
-
-If you select &quot;Audit all,&quot; the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
-
-If you select &quot;Deny all,&quot; the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the &quot;Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication&quot; policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
-
-This policy is supported on at least Windows 7 or Windows Server 2008 R2.
-
-Note: Audit and block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Shutdown: Allow system to be shut down without having to log on
-
-This security setting determines whether a computer can be shut down without having to log on to Windows.
-
-When this policy is enabled, the Shut Down command is available on the Windows logon screen.
-
-When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
-
-Default on workstations: Enabled.
-Default on servers: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Shutdown_ClearVirtualMemoryPageFile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Shutdown: Clear virtual memory pagefile
-
-This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
-
-Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile.
-
-When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
-
-This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
-
-• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting, the prompts appear on the interactive user&apos;s desktop instead of the secure desktop.
-
-• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
-
-This policy setting controls the behavior of the elevation prompt for administrators.
-
-The options are:
-
-• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
-
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user&apos;s highest available privilege.
-
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
-
-• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
-
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Behavior of the elevation prompt for standard users
-This policy setting controls the behavior of the elevation prompt for standard users.
-
-The options are:
-
-• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
-
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Detect application installations and prompt for elevation
-
-This policy setting controls the behavior of application installation detection for the computer.
-
-The options are:
-
-Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Only elevate executable files that are signed and validated
-
-This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
-
-The options are:
-
-• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
-
-• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Only elevate UIAccess applications that are installed in secure locations
-
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
-
-- …\Program Files\, including subfolders
-- …\Windows\system32\
-- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
-
-Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
-
-The options are:
-
-• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
-
-• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_RunAllAdministratorsInAdminApprovalMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
-
-• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
-
-• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Switch to the secure desktop when prompting for elevation
-
-This policy setting controls whether the elevation request prompt is displayed on the interactive user&apos;s desktop or the secure desktop.
-
-The options are:
-
-• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-
-• Disabled: All elevation requests go to the interactive user&apos;s desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_UseAdminApprovalMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Use Admin Approval Mode for the built-in Administrator account
-
-This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
-
-The options are:
-
-• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
-
-• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>User Account Control: Virtualize file and registry write failures to per-user locations
-
-This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
-
-The options are:
-
-• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
-
-• Disabled: Applications that write data to protected locations fail.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LocalUsersAndGroups</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>Configure</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This Setting allows an administrator to manage local groups on a Device.
-                            Possible settings:
-                            1. Update Group Membership: Update a group and add and/or remove members though the &apos;U&apos; action.
-                            When using Update, existing group members that are not specified in the policy remain untouched.
-                            2. Replace Group Membership: Restrict a group by replacing group membership through the &apos;R&apos; action.
-                            When using Replace, existing group membership is replaced by the list of members specified in
-                            the add member section. This option works in the same way as a Restricted Group and any group
-                            members that are not specified in the policy are removed.
-                            Caution: If the same group is configured with both Replace and Update, then Replace will win.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LockDown</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowEdgeSwipe</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Maps</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowOfflineMapsDownloadOverMeteredConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableOfflineMapsAutoUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Messaging</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowMessageSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft&apos;s cloud services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMMS</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to enable or disable the sending and receiving cellular MMS messages.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRCS</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>MixedReality</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AADGroupMembershipCacheValidityInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BrightnessButtonDisabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FallbackDiagnostics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrophoneDisabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>VolumeButtonDisabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>MSSecurityGuide</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureSMBV1ClientDriver</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureSMBV1Server</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableStructuredExceptionHandlingOverwriteProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>WDigestAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>MSSLegacy</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IPSourceRoutingProtectionLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IPv6SourceRoutingProtectionLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>NetworkIsolation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnterpriseCloudResources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseInternalProxyServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseIPRange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseIPRangesAreAuthoritative</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseNetworkDomainNames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseProxyServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseProxyServersAreAuthoritative</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NeutralResources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Notifications</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowCloudNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Power</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowStandbyStatesWhenSleepingOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStandbyWhenSleepingPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisplayOffTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisplayOffTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnergySaverBatteryThresholdOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
-
-If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level.
-
-If you disable or do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnergySaverBatteryThresholdPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
-
-If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level.
-
-If you disable or do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HibernateTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HibernateTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePasswordWhenComputerWakesOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePasswordWhenComputerWakesPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectLidCloseActionOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectLidCloseActionPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectPowerButtonActionOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the power button. 
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectPowerButtonActionPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the power button. 
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectSleepButtonActionOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the sleep button.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectSleepButtonActionPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the sleep button.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StandbyTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StandbyTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffHybridSleepOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off hybrid sleep.
-
-If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
-
-If you do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffHybridSleepPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off hybrid sleep.
-
-If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
-
-If you do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnattendedSleepTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
-
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended.  If you specify 0 seconds, Windows does not automatically transition to sleep.
-
-If you disable or do not configure this policy setting, users control this setting.
-
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The &quot;Prevent enabling lock screen slide show&quot; policy setting can be used to disable the slide show feature.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnattendedSleepTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
-
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended.  If you specify 0 seconds, Windows does not automatically transition to sleep.
-
-If you disable or do not configure this policy setting, users control this setting.
-
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The &quot;Prevent enabling lock screen slide show&quot; policy setting can be used to disable the slide show feature.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Printers</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PointAndPrintRestrictions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishPrinters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Privacy</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutoAcceptPairingAndPrivacyConsentPrompts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCrossDeviceClipboard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allows syncing of Clipboard across devices under the same Microsoft account.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInputPersonalization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAdvertisingId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisablePrivacyExperience</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableActivityFeed</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access account information.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the movement of the user&apos;s head, hands, motion controllers, and other tracked objects, while the apps are running in the background.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user&apos;s movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user&apos;s movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the calendar.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access call history.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the camera.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access contacts.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access email.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the eye tracker.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access location.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can read or send messages (text or MMS).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the microphone.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access motion data.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access notifications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can make phone calls</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps have access to control radios.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access tasks.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access trusted devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;trusted devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsActivateWithVoice</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can be activated by voice.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsActivateWithVoiceAboveLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can be activated by voice while the system is locked.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can run in the background.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;Communicate with unpaired wireless devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishUserActivities</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allows apps/system to publish &apos;User Activities&apos; into ActivityFeed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UploadUserActivities</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Allows ActivityFeed to upload published &apos;User Activities&apos;.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteAssistance</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CustomizeWarningMessages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SessionLogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SolicitedRemoteAssistance</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnsolicitedRemoteAssistance</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteDesktopServices</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowUsersToConnectRemotely</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClientConnectionEncryptionLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowDriveRedirection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowPasswordSaving</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PromptForPasswordUponConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireSecureRPCCommunication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteManagement</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowBasicAuthentication_Client</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBasicAuthentication_Service</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCredSSPAuthenticationClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCredSSPAuthenticationService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRemoteServerManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUnencryptedTraffic_Client</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUnencryptedTraffic_Service</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowDigestAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowNegotiateAuthenticationClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowNegotiateAuthenticationService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowStoringOfRunAsCredentials</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyChannelBindingTokenHardeningLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedHosts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnCompatibilityHTTPListener</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnCompatibilityHTTPSListener</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteProcedureCall</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>RestrictUnauthenticatedRPCClients</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RPCEndpointMapperClientAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteShell</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowRemoteShellAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxConcurrentUsers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyIdleTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaxMemory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaxProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaxRemoteShells</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyShellTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RestrictedGroups</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureGroupMembership</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
-Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Search</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowCloudSearch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCortanaInAAD</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This features allows you to show the cortana opt-in page during Windows Setup</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFindMyFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This feature allows you to disable find my files completely on the machine</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIndexingEncryptedStoresOrItems</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchToUseLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStoringImagesFromVisionSearch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUsingDiacritics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsIndexer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlwaysUseAutoLangDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBackoff</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableRemovableDriveIndexing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotUseWebResults</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventIndexingLowDiskSpaceMB</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventRemoteQueries</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SafeSearchPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Security</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddProvisioningPackage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowManualRootCertificateInstallation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRemoveProvisioningPackage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AntiTheftMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClearTPMIfNotReady</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureWindowsPasswords</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Configures the use of passwords for Windows features</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireDeviceEncryption</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireProvisioningPackageSignature</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireRetrieveHealthCertificateOnBoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ServiceControlManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>SvchostProcessMitigation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Settings</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutoPlay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDataSense</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDateTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEditDeviceName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLanguage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOnlineTips</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPowerSleep</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRegion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSignInOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVPN</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWorkplace</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowYourAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PageVisibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>SmartScreen</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnableAppInstallControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableSmartScreenInShell</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventOverrideForFilesInShell</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Speech</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowSpeechModelUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Start</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowPinnedFolderDocuments</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderFileExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderHomeGroup</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderMusic</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderPersonalFolder</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderPictures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderVideos</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableContextMenus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ForceStartSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideAppList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideChangeAccountSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Change account settings&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideFrequentlyUsedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideHibernate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Hibernate&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Lock&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HidePowerButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides the power button from appearing in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentJumplists</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentlyAddedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRestart</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Restart/Update and restart&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideShutDown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Shut down/Update and shut down&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSignOut</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Sign out&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSleep</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Sleep&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSwitchAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides &quot;Switch account&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideUserTile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enabling this policy hides the user tile from appearing in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ImportEdgeAssets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NoPinningToTaskbar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StartLayout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Storage</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowDiskHealthModelUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStorageSenseGlobal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStorageSenseTemporaryFilesCleanup</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseCloudContentDehydrationThreshold</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseDownloadsCleanupThreshold</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseGlobalCadence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseRecycleBinCleanupThreshold</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnhancedStorageDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemovableDiskDenyWriteAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting &quot;Deny write access to drives not protected by BitLocker,&quot; which is located in &quot;Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives.&quot;</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>System</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowBuildPreview</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCommercialDataPipeline</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeviceNameInDiagnosticData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.  If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEmbeddedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowExperimentation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFontProviders</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStorageCard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUserToResetPhone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BootStartDriverInitialization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureMicrosoft365UploadEndpoint</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryOptInChangeNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryOptInSettingsUx</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeviceDelete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDiagnosticDataViewer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDirectXDatabaseUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This group policy allows control over whether the DirectX Database Updater task will be run on the system.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnterpriseAuthProxy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableOneDriveFileSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Microsoft Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSystemRestore</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FeedbackHubAlwaysSaveDiagnosticsLocally</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LimitEnhancedDiagnosticDataWindowsAnalytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you&apos;re not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you&apos;ve set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you&apos;ll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don&apos;t configure this policy setting, you&apos;ll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don&apos;t configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TelemetryProxy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffFileHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off File History.
-
-If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
-
-If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>SystemServices</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureHomeGroupListenerServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureHomeGroupProviderServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxAccessoryManagementServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxLiveAuthManagerServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxLiveGameSaveServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxLiveNetworkingServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TaskManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowEndTask</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether non-administrators can use Task Manager to end tasks - enabled (1) or disabled (0). Default: enabled</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TaskScheduler</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnableXboxGameSaveTask</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TextInput</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowHardwareKeyboardTextSuggestions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIMELogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIMENetworkAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInputPanel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseIMESurrogatePairCharacters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseIVSCharacters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseNonPublishingStandardGlyph</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseUserDictionary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowKeyboardTextSuggestions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLanguageFeaturesUninstall</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLinguisticDataCollection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureJapaneseIMEVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows the IT admin to configure the Microsoft Japanese IME version in the desktop.
-The following list shows the supported values:
-0 (default) – The new Microsoft Japanese IME is on by default. Allow to control Microsoft Japanese IME version to use.
-1 - The previous version of Microsoft Japanese IME is always selected.  Not allowed to control Microsoft Japanese IME version to use.
-2 - The new Microsoft Japanese IME is always selected.  Not allowed to control Microsoft Japanese IME version to use.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureSimplifiedChineseIMEVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows the IT admin to configure the Microsoft Simplified Chinese IME version in the desktop.
-The following list shows the supported values:
-0 (default) – The new Microsoft Simplified Chinese IME is on by default. Allow to control Microsoft Simplified Chinese IME version to use.
-1 - The previous version of Microsoft Simplified Chinese IME is always selected.  Not allowed to control Microsoft Simplified Chinese IME version to use.
-2 - The new Microsoft Simplified Chinese IME is always selected.  Not allowed to control Microsoft Simplified Chinese IME version to use.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTraditionalChineseIMEVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows the IT admin to configure the Microsoft Traditional Chinese IME version in the desktop.
-The following list shows the supported values:
-0 (default) – The new Microsoft Traditional Chinese IME is on by default. Allow to control Microsoft Traditional Chinese IME version to use.
-1 - The previous version of Microsoft Traditional Chinese IME is always selected.  Not allowed to control Microsoft Traditional Chinese IME version to use.
-2 - The new Microsoft Traditional Chinese IME is always selected.  Not allowed to control Microsoft Traditional Chinese IME version to use.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableTouchKeyboardAutoInvokeInDesktopMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeJapaneseIMEExceptJIS0208</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeJapaneseIMEExceptJIS0208andEUDC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeJapaneseIMEExceptShiftJIS</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ForceTouchKeyboardDockedState</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardDictationButtonAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardEmojiButtonAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardFullModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardHandwritingModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardNarrowModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardSplitModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardWideModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TimeLanguageSettings</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowSet24HourClock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTimeZone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies the time zone to be applied to the device.  This is the standard Windows name for the target time zone.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Troubleshooting</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowRecommendations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting applies recommended troubleshooting for known problems on the device and lets administrators configure how it&apos;s applied to their domains/IT environments.
-Not configuring this policy setting will allow the user to configure if and how recommended troubleshooting is applied.
-
-Enabling this policy allows you to configure how recommended troubleshooting is applied on the user&apos;s device. You can select from one of the following values:
-0 = Turn this feature off.
-1 = Turn this feature off but still apply critical troubleshooting.
-2 = Notify users when recommended troubleshooting is available, then allow the user to run or ignore it.
-3 = Run recommended troubleshooting automatically and notify the user after it&apos;s been successfully run.
-4 = Run recommended troubleshooting automatically without notifying the user.
-5 = Allow the user to choose their own recommended troubleshooting settings.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Update</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ActiveHoursEnd</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ActiveHoursMaxRange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ActiveHoursStart</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutoUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutoWindowsUpdateDownloadOverMeteredNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMUUpdateService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowNonMicrosoftSignedUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUpdateService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutomaticMaintenanceWakeUp</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to configure Automatic Maintenance wake up policy.
-
-The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect.
-
-If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required.
-
-If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartDeadlinePeriodInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartDeadlinePeriodInDaysForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartNotificationSchedule</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartRequiredNotificationDismissal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BranchReadinessLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineForQualityUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineGracePeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineNoAutoReboot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureFeatureUpdateUninstallPeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Enable enterprises/IT admin to configure feature update uninstall period</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferFeatureUpdatesPeriodInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferQualityUpdatesPeriodInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferUpdatePeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferUpgradePeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetectionFrequency</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDualScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Do not allow update deferral policies to cause scans against Windows Update</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWUfBSafeguards</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartDeadline</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartDeadlineForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartSnoozeSchedule</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartSnoozeScheduleForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartTransitionSchedule</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartTransitionScheduleForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeWUDriversInQualityUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FillEmptyContentUrls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IgnoreMOAppDownloadLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IgnoreMOUpdateDownloadLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ManagePreviewBuilds</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseDeferrals</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseFeatureUpdatesStartTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseQualityUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseQualityUpdatesStartTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PhoneUpdateRestrictions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireDeferUpgrade</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireUpdateApproval</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallDay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallEveryWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallFirstWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallFourthWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallSecondWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallThirdWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleImminentRestartWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleRestartWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetAutoRestartNotificationDisable</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDisablePauseUXAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDisableUXWUAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetEDURestart</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetProxyBehaviorForUpdateDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TargetReleaseVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UpdateNotificationLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UpdateServiceUrl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UpdateServiceUrlAlternate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>UserRights</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AccessCredentialManagerAsTrustedCaller</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users&apos; saved credentials might be compromised if this privilege is given to other entities.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccessFromNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ActAsPartOfTheOperatingSystem</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocalLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. </Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BackupFilesAndDirectories</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ChangeSystemTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreateGlobalObjects</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users&apos; sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreatePageFile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreatePermanentSharedObjects</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreateSymbolicLinks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren&apos;t designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type &apos;fsutil behavior set symlinkevaluation /?&apos; at the command line to get more information about fsutil and symbolic links.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreateToken</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DebugPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DenyAccessFromNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DenyLocalLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DenyRemoteDesktopServicesLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableDelegation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>GenerateSecurityAudits</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ImpersonateClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
-1) The access token that is being impersonated is for this user.
-2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
-3) The requested level is less than Impersonate, such as Anonymous or Identify.
-Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncreaseSchedulingPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LoadUnloadDeviceDrivers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockMemory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ManageAuditingAndSecurityLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ManageVolume</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ModifyFirmwareEnvironment</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ModifyObjectLabel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProfileSingleProcess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can use performance monitoring tools to monitor the performance of system processes.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemoteShutdown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestoreFilesAndDirectories</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TakeOwnership</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Wifi</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutoConnectToWiFiSenseHotspots</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetSharing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowManualWiFiConfiguration</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWiFi</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWiFiDirect</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>WLANScanMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsConnectionManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsDefenderSecurityCenter</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CompanyName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAccountProtectionUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAppBrowserUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableClearTpmButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeviceSecurityUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnhancedNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFamilyUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableHealthUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableNetworkUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableTpmFirmwareUpdateWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableVirusUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowExploitProtectionOverride</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Email</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableCustomizedToasts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableInAppCustomization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRansomwareDataRecovery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSecureBoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideTPMTroubleshooting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideWindowsSecurityNotificationAreaControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Phone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>URL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsInkWorkspace</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowSuggestedAppsInWindowsInkWorkspace</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsInkWorkspace</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsLogon</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutomaticRestartSignOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigAutomaticRestartSignOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableLockScreenAppNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DontDisplayNetworkSelectionUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableFirstLogonAnimation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time.  This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later.  It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.
-
-If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation.
-
-If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services.
-
-If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation.
-
-Note: The first sign-in animation will not be shown on Server, so this policy will have no effect.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnumerateLocalUsersOnDomainJoinedComputers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideFastUserSwitching</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsPowerShell</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WirelessDisplay</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowMdnsAdvertisement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMdnsDiscovery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionFromPC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows you to turn off projection from a PC.
-                            If you set it to 0, your PC cannot discover or project to other devices.
-                            If you set it to 1, your PC can discover and project to other devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionFromPCOverInfrastructure</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy allows you to turn off projection from a PC over infrastructure.
-                            If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct.
-                            If you set it to 1, your PC can discover and project to other devices over infrastructure.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionToPC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off projection to a PC
-                            If you set it to 0, your PC isn&apos;t discoverable and can&apos;t be projected to
-                            If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionToPCOverInfrastructure</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to turn off projection to a PC over infrastructure.
-                            If you set it to 0, your PC cannot be discoverable and can&apos;t be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
-                            If you set it to 1, your PC can be discoverable and can be projected to over infrastructure.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUserInputFromWirelessDisplayReceiver</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePinForPairing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>This policy setting allows you to require a pin for pairing.
-                            If you set this to 0, a pin isn&apos;t required for pairing.
-                            If you set this to 1, the pairing ceremony for new devices will always require a PIN.
-                            If you set this to 2, all pairings will require PIN.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
-    </Node>
-    <Node>
-      <NodeName>Result</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Get />
-        </AccessType>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <One />
-        </Occurrence>
-        <Scope>
-          <Permanent />
-        </Scope>
-        <DFType>
-          <DDFName></DDFName>
-        </DFType>
-      </DFProperties>
-      <Node>
-        <NodeName>AboveLock</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowActionCenterNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCortanaAboveLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCortanaAboveLock</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowToasts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Accounts</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddingNonMicrosoftAccountsManually</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftAccountConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftAccountSignInAssistant</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainNamesForEmailSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ActiveXControls</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ApprovedInstallationSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ActiveXInstallService.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ActiveXInstallService~AT~WindowsComponents~AxInstSv</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ApprovedActiveXInstallSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ApplicationDefaults</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DefaultAssociationsConfiguration</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsExplorer.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DefaultAssociationsConfiguration_TextBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsExplorer~AT~WindowsComponents~WindowsExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DefaultAssociationsConfiguration</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableAppUriHandlers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Enables web-to-app linking, which allows apps to be launched with a http(s) URI</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>GroupPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>GroupPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableAppUriHandlers</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ApplicationManagement</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAllTrustedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AppxDeploymentAllowAllTrustedApps</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAppStoreAutoUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableAutoInstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeveloperUnlock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDevelopmentWithoutDevLicense</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowGameDVR</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>GameDVR.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>GameDVR~AT~WindowsComponents~GAMEDVR</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowGameDVR</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSharedUserAppData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSharedLocalAppData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStore</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ApplicationRestrictions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockNonAdminUserInstall</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BlockNonAdminUserInstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableStoreOriginatedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableStoreApps</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LaunchAppAfterLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MSIAllowUserControlOverInstall</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MSI.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MSI~AT~WindowsComponents~MSI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableUserControl</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MSI.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MSI~AT~WindowsComponents~MSI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AlwaysInstallElevated</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePrivateStoreOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RequirePrivateStoreOnly</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictAppDataToSystemVolume</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictAppDataToSystemVolume</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictAppToSystemVolume</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableDeploymentToNonSystemVolumes</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleForceRestartForUpdateFailures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-  <xs:simpleType name="recurrence" final="restriction">
-    <xs:restriction base="xs:string">
-        <xs:enumeration value="None" />
-        <xs:enumeration value="Daily" />
-        <xs:enumeration value="Weekly" />
-        <xs:enumeration value="Monthly" />
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="daysOfWeek" final="restriction">
-    <xs:restriction base="xs:unsignedByte">
-      <xs:minInclusive value="1" />
-      <xs:maxInclusive value="127" />
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="daysOfMonth" final="restriction">
-    <xs:restriction base="xs:unsignedInt">
-      <xs:minInclusive value="1" />
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:element name="ForceRestart">
-    <xs:complexType>
-      <xs:attribute name="StartDateTime" type="xs:dateTime" use="required"/> 
-      <xs:attribute name="Recurrence" type="recurrence" use="required"/> 
-      <xs:attribute name="RunIfTaskIsMissed" type="xs:boolean" use="required"/> 
-      <xs:attribute name="DaysOfWeek" type="daysOfWeek"/> 
-      <xs:attribute name="DaysOfMonth" type="daysOfMonth"/> 
-    </xs:complexType>
-  </xs:element>
-</xs:schema>]]></MSFT:XMLSchema>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>AppRuntime</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowMicrosoftAccountsToBeOptional</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AppXRuntime.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AppXRuntime~AT~WindowsComponents~AppXRuntime</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AppxRuntimeMicrosoftAccountsOptional</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>AppVirtualization</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAppVClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableAppV</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDynamicVirtualization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Virtualization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Virtualization_JITVEnable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPackageCleanup</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_PackageManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PackageManagement_AutoCleanupEnable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPackageScripts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Scripting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scripting_Enable_Package_Scripts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPublishingRefreshUX</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Publishing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Enable_Publishing_Refresh_UX</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowReportingServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Reporting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Reporting_Server_Policy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRoamingFileExclusions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Integration</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Integration_Roaming_File_Exclusions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRoamingRegistryExclusions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Integration</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Integration_Roaming_Registry_Exclusions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStreamingAutoload</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Steaming_Autoload</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClientCoexistenceAllowMigrationmode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Client_Coexistence</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Client_Coexistence_Enable_Migration_mode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntegrationAllowRootGlobal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Integration</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Integration_Root_User</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntegrationAllowRootUser</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Integration</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Integration_Root_Global</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer1</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Publishing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Publishing_Server1_Policy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer2</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Publishing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Publishing_Server2_Policy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer3</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Publishing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Publishing_Server3_Policy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer4</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Publishing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Publishing_Server4_Policy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishingAllowServer5</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Publishing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Publishing_Server5_Policy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowCertificateFilterForClient_SSL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Certificate_Filter_For_Client_SSL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowHighCostLaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Allow_High_Cost_Launch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowLocationProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Location_Provider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowPackageInstallationRoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Package_Installation_Root</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowPackageSourceRoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Package_Source_Root</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowReestablishmentInterval</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Reestablishment_Interval</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingAllowReestablishmentRetries</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Reestablishment_Retries</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingSharedContentStoreMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Shared_Content_Store_Mode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingSupportBranchCache</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Support_Branch_Cache</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StreamingVerifyCertificateRevocationList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Streaming</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Streaming_Verify_Certificate_Revocation_List</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>VirtualComponentsAllowList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>appv.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>appv~AT~System~CAT_AppV~CAT_Virtualization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Virtualization_JITVAllowList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Audit</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AccountLogon_AuditCredentialValidation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by validation tests on user account logon credentials.
-
-Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Credential Validation</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogon_AuditKerberosAuthenticationService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
-
-If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Kerberos Authentication Service</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogon_AuditKerberosServiceTicketOperations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
-
-If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Kerberos Service Ticket Operations</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogon_AuditOtherAccountLogonEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
-
-Currently, there are no events in this subcategory.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Logon</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other Account Logon Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditAccountLockout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out.
-
-If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-
-Logon events are essential for understanding user activity and to detect potential attacks.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Account Lockout</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditGroupMembership</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy allows you to audit the group memberhsip information in the user&apos;s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
-
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Group Membership</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditIPsecExtendedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
-
-If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit IPsec Extended Mode</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditIPsecMainMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
-
-If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit IPsec Main Mode</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditIPsecQuickMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
-
-If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.If
- you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit IPsec Quick Mode</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditLogoff</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
-
-If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions.
-If you do not configure this policy setting, no audit event is generated when a logon session is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Logoff</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by user account logon attempts on the computer.
-Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. The following events are included:
-    Successful logon attempts.
-    Failed logon attempts.
-    Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command.
-    Security identifiers (SIDs) were filtered and not allowed to log on.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Logon</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditNetworkPolicyServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
-If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts.
-If you do not configure this policy settings, IAS and NAP user access requests are not audited.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Network Policy Server</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditOtherLogonLogoffEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting such as the following:
-    Terminal Services session disconnections.
-    New Terminal Services sessions.
-    Locking and unlocking a workstation.
-    Invoking a screen saver.
-    Dismissal of a screen saver.
-    Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration.
-    Access to a wireless network granted to a user or computer account.
-    Access to a wired 802.1x network granted to a user or computer account.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other Logon Logoff Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditSpecialLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by special logons such as the following :
-    The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
-    A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121697).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Special Logon</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountLogonLogoff_AuditUserDeviceClaims</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy allows you to audit user and device claims information in the user&apos;s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
-
-User claims are added to a logon token when claims are included with a user&apos;s account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device&apos;s computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on.
-
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Logon/Logoff</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit User Device Claims</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditApplicationGroupManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to application groups such as the following:
-    Application group is created, changed, or deleted.
-    Member is added or removed from an application group.
-
-If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an application group changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Application Group Management</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditComputerAccountManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a computer account changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Computer Account Management</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditDistributionGroupManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to distribution groups such as the following:
-    Distribution group is created, changed, or deleted.
-    Member is added or removed from a distribution group.
-    Distribution group type is changed.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a distribution group changes.
-
-Note: Events in this subcategory are logged only on domain controllers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Distributio Group Management</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditOtherAccountManagementEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following:
-    The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration.
-    The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack.
-    Changes to the Default Domain Group Policy under the following Group Policy paths:
-Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
-Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other Account Management Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditSecurityGroupManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to security groups such as the following:
-    Security group is created, changed, or deleted.
-    Member is added or removed from a security group.
-    Group type is changed.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a security group changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Security Group Management</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccountManagement_AuditUserAccountManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit changes to user accounts. Events include the following:
-    A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked.
-    A user account’s password is set or changed.
-    A security identifier (SID) is added to the SID History of a user account.
-    The Directory Services Restore Mode password is configured.
-    Permissions on administrative user accounts are changed.
-    Credential Manager credentials are backed up or restored.
-
-If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when a user account changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Account Management</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit User Account Management</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditDPAPIActivity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
-
-If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit DPAPI Activity</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditPNPActivity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit when plug and play detects an external device.
-
-If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category.
-If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit PNP Activity</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditProcessCreation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
-
-If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a process is created.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Process Creation</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditProcessTermination</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated when a process ends. 
-
-If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a process ends.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Process Termination</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditRPCEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit inbound remote procedure call (RPC) connections.
-
-If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit RPC Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetailedTracking_AuditTokenRightAdjusted</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by adjusting the privileges of a token.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Detailed Tracking</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Token Right Adjusted</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDetailedDirectoryServiceReplication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Detailed Directory Service Replication</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDirectoryServiceAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. 
-
-Only AD DS objects with a matching system access control list (SACL) are logged.
-
-Events in this subcategory are similar to the Directory Service Access events available in previous versions of Windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Directory Service Access</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDirectoryServiceChanges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
-
-When possible, events logged in this subcategory indicate the old and new values of the object’s properties.
-
-Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
-
-Note: Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema.
-
-If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
-If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Directory Service Changes</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DSAccess_AuditDirectoryServiceReplication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
-
-If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication.
-If you do not configure this policy setting, no audit event is generated during AD DS replication.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~DS Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Directory Service Replication</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditApplicationGenerated</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
-Events in this subcategory include:
-    Creation of an application client context.
-    Deletion of an application client context.
-    Initialization of an application client context.
-    Other application operations using the Windows Auditing APIs.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Application Generated</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditCentralAccessPolicyStaging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object.
-
-If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows:
-1) Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access.
-2) Failure audits when configured records access attempts when:
-   a) The current central access policy does not grant access but the proposed policy grants access.
-   b) A principal requests the maximum access rights they are allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy.
-
-Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Central Access Policy Staging</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditCertificationServices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations.
-AD CS operations include the following:
-    AD CS startup/shutdown/backup/restore.
-    Changes to the certificate revocation list (CRL).
-    New certificate requests.
-    Issuing of a certificate.
-    Revocation of a certificate.
-    Changes to the Certificate Manager settings for AD CS.
-    Changes in the configuration of AD CS.
-    Changes to a Certificate Services template.
-    Importing of a certificate.
-    Publishing of a certification authority certificate is to Active Directory Domain Services.
-    Changes to the security permissions for AD CS.
-    Archival of a key.
-    Importing of a key.
-    Retrieval of a key.
-    Starting of Online Certificate Status Protocol (OCSP) Responder Service.
-    Stopping of Online Certificate Status Protocol (OCSP) Responder Service.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Certification Services</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditDetailedFileShare</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share.  Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
-
-If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
-
-Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared files and folders on the system is audited.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Detailed File Share</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFileShare</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit attempts to access a shared folder.
-
-If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
-
-Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared folders on the system is audited.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit File Share</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFileSystem</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see https://go.microsoft.com/fwlink/?LinkId=122083.
-
-If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
-
-Note: You can set a SACL on a file system object using the Security tab in that object&apos;s Properties dialog box.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit File System</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFilteringPlatformConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included:
-    The Windows Firewall Service blocks an application from accepting incoming connections on the network.
-    The WFP allows a connection.
-    The WFP blocks a connection.
-    The WFP permits a bind to a local port.
-    The WFP blocks a bind to a local port.
-    The WFP allows a connection.
-    The WFP blocks a connection.
-    The WFP permits an application or service to listen on a port for incoming connections.
-    The WFP blocks an application or service to listen on a port for incoming connections.
-
-If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked.
-If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Filtering Platform Connection</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditFilteringPlatformPacketDrop</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Filtering Platform Packet Drop</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditHandleManipulation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
-
-If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
-
-Note: Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Handle Manipulation</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditKernelObject</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. 
-Only kernel objects with a matching system access control list (SACL) generate security audit events.
-
-Note: The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Kernel Object</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditOtherObjectAccessEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. 
-For scheduler jobs, the following are audited:
-    Job created.
-    Job deleted.
-    Job enabled.
-    Job disabled.
-    Job updated.
-For COM+ objects, the following are audited:
-    Catalog object added.
-    Catalog object updated.
-    Catalog object deleted.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other Object Access Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditRegistry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
-
-If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
-
-Note: You can set a SACL on a registry object using the Permissions dialog box.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Registry</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditRemovableStorage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
-
-If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-
-If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Removable Storage</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ObjectAccess_AuditSAM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
-SAM objects include the following:
-    SAM_ALIAS -- A local group.
-    SAM_GROUP -- A group that is not a local group.
-    SAM_USER – A user account.
-    SAM_DOMAIN – A domain.
-    SAM_SERVER – A computer account.
-If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
-Note: Only the System Access Control List (SACL) for SAM_SERVER can be modified.
-Volume: High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=121698).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Object Access</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit SAM</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditAuthenticationPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to the authentication policy such as the following:
-    Creation of forest and domain trusts.
-    Modification of forest and domain trusts.
-    Removal of forest and domain trusts.
-    Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy.
-    Granting of any of the following user rights to a user or group:
-        Access This Computer From the Network.
-        Allow Logon Locally.
-        Allow Logon Through Terminal Services.
-        Logon as a Batch Job.
-        Logon a Service.
-    Namespace collision. For example, when a new trust has the same name as an existing namespace name.
-
-If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
-
-Note: The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Authentication Policy Change</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditAuthorizationPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to the authorization policy such as the following:
-    Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
-    Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
-    Changes in the Encrypted File System (EFS) policy.
-    Changes to the Resource attributes of an object.
-    Changes to the Central Access Policy (CAP) applied to an object.
-
-If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when the authorization policy changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Authorization Policy Change</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditFilteringPlatformPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: 
-    IPsec services status.
-    Changes to IPsec policy settings.
-    Changes to Windows Firewall policy settings.
-    Changes to WFP providers and engine.
-
-If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a change occurs to the WFP.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Filtering Platform Policy Change</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditMPSSVCRuleLevelPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following:
-    Reporting of active policies when Windows Firewall service starts.
-    Changes to Windows Firewall rules.
-    Changes to Windows Firewall exception list.
-    Changes to Windows Firewall settings.
-    Rules ignored or not applied by Windows Firewall Service.
-    Changes to Windows Firewall Group Policy settings.
-
-If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit MPSSVC Rule Level Policy Change</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditOtherPolicyChangeEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following:
-    Trusted Platform Module (TPM) configuration changes.
-    Kernel-mode cryptographic self tests.
-    Cryptographic provider operations.
-    Cryptographic context operations or modifications.
-    Applied Central Access Policies (CAPs) changes.
-    Boot Configuration Data (BCD) modifications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other Policy Change Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PolicyChange_AuditPolicyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit changes in the security audit policy settings such as the following:
-    Settings permissions and audit settings on the Audit Policy object.
-    Changes to the system audit policy.
-    Registration of security event sources.
-    De-registration of security event sources.
-    Changes to the per-user audit settings.
-    Changes to the value of CrashOnAuditFail.
-    Changes to the system access control list on a file system or registry object.
-    Changes to the Special Groups list.
-
-Note: System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object&apos;s SACL is configured for auditing of DACL/Owner change.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Policy Change</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Policy Change</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrivilegeUse_AuditNonSensitivePrivilegeUse</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
-The following privileges are non-sensitive:
-        Access Credential Manager as a trusted caller.
-        Access this computer from the network.
-        Add workstations to domain.
-        Adjust memory quotas for a process.
-        Allow log on locally.
-        Allow log on through Terminal Services.
-        Bypass traverse checking.
-        Change the system time.
-        Create a pagefile.
-        Create global objects.
-        
-        Create permanent shared objects.
-        Create symbolic links.
-        Deny access this computer from the network.
-        Deny log on as a batch job.
-        Deny log on as a service.
-        Deny log on locally.
-        Deny log on through Terminal Services.
-        Force shutdown from a remote system.
-        Increase a process working set.
-        Increase scheduling priority.
-        Lock pages in memory.
-        Log on as a batch job.
-        Log on as a service.
-        Modify an object label.
-        Perform volume maintenance tasks.
-        Profile single process.
-        Profile system performance.
-        Remove computer from docking station.
-        Shut down the system.
-        Synchronize directory service data.
-
-If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls.
-If you do not configure this policy setting, no audit event is generated when a non-sensitive privilege is called.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Privilege Use</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Non Sensitive Privilege Use</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrivilegeUse_AuditOtherPrivilegeUseEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Not used.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Privilege Use</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other Privilege Use Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PrivilegeUse_AuditSensitivePrivilegeUse</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following:
-    A privileged service is called.
-    One of the following privileges are called:
-        Act as part of the operating system.
-        Back up files and directories.
-        Create a token object.
-        Debug programs.
-        Enable computer and user accounts to be trusted for delegation.
-        Generate security audits.
-        Impersonate a client after authentication.
-        Load and unload device drivers.
-        Manage auditing and security log.
-        Modify firmware environment values.
-        Replace a process-level token.
-        Restore files and directories.
-        Take ownership of files or other objects.
-
-If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made.
-</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~Privilege Use</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Sensitive Privilege Use</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditIPsecDriver</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by the IPsec filter driver such as the following:
-    Startup and shutdown of the IPsec services.
-    Network packets dropped due to integrity check failure.
-    Network packets dropped due to replay check failure.
-    Network packets dropped due to being in plaintext.
-    Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated.
-    Inability to process IPsec filters.
-
-If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit IPsec Driver</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditOtherSystemEvents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This policy setting allows you to audit any of the following events:
-    Startup and shutdown of the Windows Firewall service and driver.
-    Security policy processing by the Windows Firewall Service.
-    Cryptography key file and migration operations.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Other System Events</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditSecurityStateChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events:
-    Startup and shutdown of the computer.
-    Change of system time.
-    Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Security State Change</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditSecuritySystemExtension</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to audit events related to security system extensions or services such as the following:
-    A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM.
-    A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account.
-If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit Security System Extension</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>System_AuditSystemIntegrity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:
-    Events that could not be written to the event log because of a problem with the auditing system.
-    A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
-    The detection of a Remote Procedure Call (RPC) that compromises system integrity.
-    The detection of a hash value of an executable file that is not valid as determined by Code Integrity.
-    Cryptographic operations that compromise system integrity.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Advanced Audit Policy Configuration~System Audit Policies~System</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Audit System Integrity</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Authentication</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAadPasswordReset</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether password reset is enabled for AAD accounts.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFastReconnect</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSecondaryAuthenticationDevice</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeviceCredential.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>DeviceCredential~AT~WindowsComponents~MSSecondaryAuthFactorCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureWebcamAccessDomainNames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Specifies a list of domains that are allowed to access the webcam in CXH-based authentication scenarios.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableFastFirstSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether new non-admin AAD accounts should auto-connect to pre-created candidate local accounts</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableWebSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether web-based sign in is allowed for logging in to Windows</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreferredAadTenantDomainName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Specifies the preferred domain among available domains in the AAD tenant.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Autoplay</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowAutoplayForNonVolumeDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AutoPlay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AutoPlay~AT~WindowsComponents~AutoPlay</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoAutoplayfornonVolume</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultAutoRunBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AutoPlay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AutoPlay~AT~WindowsComponents~AutoPlay</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoAutorun</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffAutoPlay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>AutoPlay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>AutoPlay~AT~WindowsComponents~AutoPlay</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Autorun</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Bitlocker</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EncryptionMethod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>6</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="3,4,6,7"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>BITS</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BandwidthThrottlingEndTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>17</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BITS_BandwidthLimitSchedTo</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BITS_MaxBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BandwidthThrottlingStartTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>8</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BITS_BandwidthLimitSchedFrom</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BITS_MaxBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BandwidthThrottlingTransferRate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1000</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967200"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BITS_MaxTransferRateText</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BITS_MaxBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CostedNetworkBehaviorBackgroundPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="5"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BITS_TransferPolicyNormalPriorityValue</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BITS_SetTransferPolicyOnCostedNetwork</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CostedNetworkBehaviorForegroundPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="5"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BITS_TransferPolicyForegroundPriorityValue</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BITS_SetTransferPolicyOnCostedNetwork</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>JobInactivityTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>90</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="999"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BITS_Job_Timeout_Time</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BITS_Job_Timeout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Bluetooth</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAdvertising</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDiscoverableMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrepairing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPromptedProximalConnections</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalDeviceName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ServicesAllowedList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetMinimumEncryptionKeySize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="16"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Browser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddressBarDropdown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowAddressBarDropdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutofill</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowAutofill</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBrowser</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCookies</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description>This setting lets you configure how your company deals with cookies.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CookiesListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Cookies</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeveloperTools</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDeveloperTools</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDoNotTrack</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDoNotTrack</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowExtensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFlash</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFlashClickToRun</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFlashClickToRun</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScreenMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
-
-If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
-
-If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFullScreenMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInPrivate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowInPrivate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMicrosoftCompatibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
-
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
-
-If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCVList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPasswordManager</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPasswordManager</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPopups</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPopups</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrelaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPrelaunch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPrinting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
-
-If enabled, printing is allowed.
-
-If disabled, printing is not allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowPrinting</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSavingHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
-
-If enabled or not configured, the browsing history is saved and visible in the History pane.
-
-If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSavingHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchEngineCustomization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
-
-If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
-If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
-
-This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSearchEngineCustomization</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchSuggestionsinAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSearchSuggestionsinAddressBar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSideloadingOfExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSideloadingOfExtensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSmartScreen</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSmartScreen</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowTabPreloading</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWebContentOnNewTabPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
-
-If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
-
-If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
-
-If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowWebContentOnNewTabPage</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlwaysEnableBooksLibrary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AlwaysEnableBooksLibrary</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClearBrowsingDataOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowClearingBrowsingDataOnExit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureAdditionalSearchEngines</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Allows you to add up to 5 additional search engines for MDM-enrolled devices.
-
-If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
-
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureAdditionalSearchEngines_Prompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureAdditionalSearchEngines</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureFavoritesBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
-
-If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
-
-If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
-
-If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureFavoritesBar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
-
-By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
-
-When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
-
-If Enabled AND:
-- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
-- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
-- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
-- Hide home button is selected, the home button is hidden in Microsoft Edge.
-
-Default setting: Disabled or not configured
-Related policies:
-- Set Home Button URL
-- Unlock Home Button</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureHomeButtonDropdown</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureHomeButton</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
-
-You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
-
-If enabled and set to 0 (Default or not configured):
-- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
-- If it’s one of many apps, Microsoft Edge runs as normal.
-If enabled and set to 1:
-- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
-- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureKioskMode_TextBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureKioskMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>5</DefaultValue>
-            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
-
-If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
-
-If you set this policy to 0, Microsoft Edge does not use an idle timer.
-
-If disabled or not configured, the default value is 5 minutes.
-
-If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1440"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureKioskResetAfterIdleTimeout_TextBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureKioskResetAfterIdleTimeout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
-
-If enabled, you can choose one of the following options:
-- Start page: the Start page loads ignoring the Configure Start Pages policy.
-- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
-- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
-- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
-
-When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
-
-If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
-
-Default setting: A specific page or pages (default)
-Related policies:
--Disable Lockdown of Start Pages
--Configure Start Pages</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureOpenEdgeWithListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureOpenEdgeWith</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ZonesListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureTelemetryForMicrosoft365Analytics</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableLockdownOfStartPages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
-
-If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Start Pages
-- Configure Open Microsoft Edge With</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisableLockdownOfStartPagesListBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableLockdownOfStartPages</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableExtendedBooksTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableExtendedBooksTelemetry</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EnterSiteListPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseModeSiteList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseSiteListServiceUrl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FirstRunURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Configure first run URL.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HomePages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
-
-If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
-
-      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
-
-If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
-
-Version 1703 or later:
-If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
-
-Version 1809:
-If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
-
-Supported devices: Domain-joined or MDM-enrolled
-Related policy:
-- Configure Open Microsoft Edge With
-- Disable Lockdown of Start Pages</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>HomePagesPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HomePages</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockdownFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
-
-If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LockdownFavorites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAccessToAboutFlagsInMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventAccessToAboutFlagsInMicrosoftEdge</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventCertErrorOverrides</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
-
-If enabled, overriding certificate errors are not allowed.
-
-If disabled or not configured, overriding certificate errors are allowed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventCertErrorOverrides</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventFirstRunPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventFirstRunPage</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventLiveTileDataCollection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventLiveTileDataCollection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverride</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverride</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventSmartScreenPromptOverrideForFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverrideForFiles</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventTurningOffRequiredExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
-
-When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs).  For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe  prevents a user from turning off the OneNote Web Clipper and Office Online extension.
-
-When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
-
-If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
-
-If disabled or not configured, extensions defined as part of this policy get ignored.
-
-Default setting:  Disabled or not configured
-Related policies: Allow Developer Tools
-Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
-- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PreventTurningOffRequiredExtensions_Prompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventTurningOffRequiredExtensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Prevent using localhost IP address for WebRTC</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HideLocalHostIPAddress</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProvisionFavorites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
-
-If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
-
-Important
-Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfiguredFavoritesPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfiguredFavorites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SendIntranetTraffictoInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SendIntranetTraffictoInternetExplorer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDefaultSearchEngine</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
-
-If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
-
-If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees.  If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
-
-Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetDefaultSearchEngine_Prompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetDefaultSearchEngine</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetHomeButtonURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
-
-If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
-
-Default setting: Blank or not configured
-Related policy: Configure Home Button</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetHomeButtonURLPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetHomeButtonURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetNewTabPageURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
-
-If enabled, you can set the default New Tab page URL.
-
-If disabled or not configured, the default Microsoft Edge new tab page is used.
-
-Default setting:  Disabled or not configured
-Related policy: Allow web content on New Tab page</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetNewTabPageURLPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetNewTabPageURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
-
-If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
-
-If disabled or not configured, the default app behavior occurs and no additional page displays.
-
-Default setting: Disabled or not configured
-Related policies:
--Configure the Enterprise Mode Site List
--Send all intranet sites to Internet Explorer 11</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShowMessageWhenOpeningSitesInInternetExplorer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SyncFavoritesBetweenIEAndMicrosoftEdge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SyncFavoritesBetweenIEAndMicrosoftEdge</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnlockHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
-
-If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
-
-If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
-
-Default setting: Disabled or not configured
-Related policy:
--Configure Home Button
--Set Home Button URL</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UnlockHomeButton</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UseSharedFolderForBooks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UseSharedFolderForBooks</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Camera</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowCamera</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Camera.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Camera~AT~WindowsComponents~L_Camera_GroupPolicyCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>L_AllowCamera</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Cellular</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>LetAppsAccessCellularData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access cellular data.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCellularData_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCellularData_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCellularData_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowAppCellularAccessUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXBacked>wwansvc.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~UISettings_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShowAppCellularAccessUI</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Connectivity</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowBluetooth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCellularData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCellularDataRoaming</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WCM.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WCM~AT~Network~WCM_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WCM_DisableRoaming</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowConnectedDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowNFC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPhonePCLinking</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>grouppolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>grouppolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>enableMMX</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUSBConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVPNOverCellular</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVPNRoamingOverCellular</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DiablePrintingOverHTTP</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ICM.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ICM~AT~System~InternetManagement~InternetManagement_Settings</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableHTTPPrinting_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDownloadingOfPrintDriversOverHTTP</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ICM.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ICM~AT~System~InternetManagement~InternetManagement_Settings</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWebPnPDownload_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ICM.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ICM~AT~System~InternetManagement~InternetManagement_Settings</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShellPreventWPWDownload_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowNetworkConnectivityActiveTests</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>ICM.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>ICM~AT~System~InternetManagement~InternetManagement_Settings</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoActiveProbe</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HardenedUNCPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>networkprovider.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>NetworkProvider~AT~Network~Cat_NetworkProvider</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_HardenedPaths</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProhibitInstallationAndConfigurationOfNetworkBridge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>NetworkConnections.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>NetworkConnections~AT~Network~NetworkConnections</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NC_AllowNetBridge_NLA</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ControlPolicyConflict</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>MDMWinsOverGP</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC. Setting the value to 0 (zero) or deleting the policy will remove the GP policy blocks restore the saved GP policies.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialProviders</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowPINLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>credentialproviders.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>CredentialProviders~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDomainPINLogon</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockPicturePassword</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>credentialproviders.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>CredentialProviders~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>BlockDomainPicturePassword</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAutomaticReDeploymentCredentials</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialsDelegation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>RemoteHostAllowsDelegationOfNonExportableCredentials</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>CredSsp.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>CredSsp~AT~System~CredentialsDelegation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowProtectedCreds</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>CredentialsUI</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePasswordReveal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>credui.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>CredUI~AT~WindowsComponents~CredUI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePasswordReveal</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnumerateAdministrators</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>credui.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>CredUI~AT~WindowsComponents~CredUI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnumerateAdministrators</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Cryptography</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowFipsAlgorithmPolicy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TLSCipherSuites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DataProtection</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowDirectMemoryAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LegacySelectiveWipeID</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DataUsage</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>SetCost3G</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXBacked>wwansvc.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetCost3G</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetCost4G</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXBacked>wwansvc.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetCost4G</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Defender</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowArchiveScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableArchiveScanning</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBehaviorMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RealtimeProtection_DisableBehaviorMonitoring</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCloudProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SpynetReporting</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Spynet</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SpynetReporting</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEmailScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableEmailScanning</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScanOnMappedNetworkDrives</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableScanningMappedNetworkDrivesForFullScan</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFullScanRemovableDriveScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableRemovableDriveScanning</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIntrusionPreventionSystem</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIOAVProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RealtimeProtection_DisableIOAVProtection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOnAccessProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RealtimeProtection_DisableOnAccessProtection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRealtimeMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableRealtimeMonitoring</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScanningNetworkFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableScanningNetworkFiles</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScriptScanning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUserUIAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ClientInterface</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UX_Configuration_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AttackSurfaceReductionOnlyExclusions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitGuard_ASR_ASROnlyExclusions</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ASR</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitGuard_ASR_ASROnlyExclusions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AttackSurfaceReductionRules</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitGuard_ASR_Rules</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ASR</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitGuard_ASR_Rules</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AvgCPULoadFactor</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>50</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_AvgCPULoadFactor</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_AvgCPULoadFactor</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckForSignaturesBeforeRunningScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CheckForSignaturesBeforeRunningScan</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CheckForSignaturesBeforeRunningScan</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudBlockLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="6"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MpCloudBlockLevel</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~MpEngine</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MpEngine_MpCloudBlockLevel</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CloudExtendedTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="50"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MpBafsExtendedTimeout</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~MpEngine</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MpEngine_MpBafsExtendedTimeout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ControlledFolderAccessAllowedApplications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitGuard_ControlledFolderAccess_AllowedApplications</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ControlledFolderAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitGuard_ControlledFolderAccess_AllowedApplications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ControlledFolderAccessProtectedFolders</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitGuard_ControlledFolderAccess_ProtectedFolders</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ControlledFolderAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitGuard_ControlledFolderAccess_ProtectedFolders</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DaysToRetainCleanedMalware</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="90"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Quarantine_PurgeItemsAfterDelay</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Quarantine</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Quarantine_PurgeItemsAfterDelay</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCatchupFullScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_DisableCatchupFullScan</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableCatchupFullScan</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCatchupQuickScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_DisableCatchupQuickScan</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_DisableCatchupQuickScan</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableControlledFolderAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ControlledFolderAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableLowCPUPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_LowCpuPriority</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_LowCpuPriority</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableNetworkProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitGuard_EnableNetworkProtection</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_NetworkProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitGuard_EnableNetworkProtection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludedExtensions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Exclusions_PathsList</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Exclusions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Exclusions_Paths</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludedPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Exclusions_ExtensionsList</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Exclusions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Exclusions_Extensions</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludedProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Exclusions_ProcessesList</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Exclusions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Exclusions_Processes</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PUAProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Root_PUAProtection</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Root_PUAProtection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RealTimeScanDirection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>RealtimeProtection_RealtimeScanDirection</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RealtimeProtection_RealtimeScanDirection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScanParameter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_ScanParameters</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_ScanParameters</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleQuickScanTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>120</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1380"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_ScheduleQuickScantime</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_ScheduleQuickScantime</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleScanDay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="8"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_ScheduleDay</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_ScheduleDay</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleScanTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>120</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1380"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Scan_ScheduleTime</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Scan_ScheduleTime</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SecurityIntelligenceLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SignatureUpdate_SharedSignaturesLocation</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SignatureUpdate_SharedSignaturesLocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SignatureUpdateFallbackOrder</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SignatureUpdate_FallbackOrder</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SignatureUpdate_FallbackOrder</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SignatureUpdateFileSharesSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SignatureUpdate_DefinitionUpdateFileSharesSources</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SignatureUpdate_DefinitionUpdateFileSharesSources</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SignatureUpdateInterval</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>8</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="24"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SignatureUpdate_SignatureUpdateInterval</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SignatureUpdate_SignatureUpdateInterval</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SubmitSamplesConsent</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SubmitSamplesConsent</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Spynet</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SubmitSamplesConsent</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ThreatSeverityDefaultAction</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Threats_ThreatSeverityDefaultActionList</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Threats</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Threats_ThreatSeverityDefaultAction</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeliveryOptimization</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DOAbsoluteMaxCacheSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>10</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AbsoluteMaxCacheSize</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AbsoluteMaxCacheSize</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOAllowVPNPeerCaching</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowVPNPeerCaching</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowVPNPeerCaching</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOCacheHost</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CacheHost</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CacheHost</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOCacheHostSource</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CacheHostSource</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CacheHostSource</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayBackgroundDownloadFromHttp</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DelayBackgroundDownloadFromHttp</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DelayBackgroundDownloadFromHttp</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayCacheServerFallbackBackground</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2592000"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DelayCacheServerFallbackBackground</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DelayCacheServerFallbackBackground</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayCacheServerFallbackForeground</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2592000"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DelayCacheServerFallbackForeground</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DelayCacheServerFallbackForeground</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODelayForegroundDownloadFromHttp</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DelayForegroundDownloadFromHttp</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DelayForegroundDownloadFromHttp</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DODownloadMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,2,3,99,100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DownloadMode</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DownloadMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOGroupId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>GroupId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>GroupId</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOGroupIdSource</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>GroupIdSource</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>GroupIdSource</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxBackgroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MaxBackgroundDownloadBandwidth</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxBackgroundDownloadBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxCacheAge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>259200</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MaxCacheAge</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxCacheAge</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxCacheSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>20</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MaxCacheSize</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxCacheSize</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMaxForegroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MaxForegroundDownloadBandwidth</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxForegroundDownloadBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinBackgroundQos</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>500</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MinBackgroundQos</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MinBackgroundQos</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinBatteryPercentageAllowedToUpload</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MinBatteryPercentageAllowedToUpload</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MinBatteryPercentageAllowedToUpload</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinDiskSizeAllowedToPeer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>32</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="100000"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MinDiskSizeAllowedToPeer</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MinDiskSizeAllowedToPeer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinFileSizeToCache</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>100</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="100000"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MinFileSizeToCache</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MinFileSizeToCache</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMinRAMAllowedToPeer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>4</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="100000"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MinRAMAllowedToPeer</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MinRAMAllowedToPeer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOModifyCacheDrive</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>%SystemDrive%</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ModifyCacheDrive</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ModifyCacheDrive</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOMonthlyUploadDataCap</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>20</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>MonthlyUploadDataCap</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MonthlyUploadDataCap</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOPercentageMaxBackgroundBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PercentageMaxBackgroundBandwidth</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PercentageMaxBackgroundBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOPercentageMaxForegroundBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PercentageMaxForegroundBandwidth</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PercentageMaxForegroundBandwidth</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DORestrictPeerSelectionBy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>RestrictPeerSelectionBy</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictPeerSelectionBy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOSetHoursToLimitBackgroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-                <xs:simpleType name="hours">
-                    <xs:restriction base="xs:integer">
-                        <xs:minInclusive value="0"/>
-                        <xs:maxInclusive value="23"/>
-                    </xs:restriction>
-                </xs:simpleType>
-                <xs:simpleType name="percent">
-                    <xs:restriction base="xs:integer">
-                        <xs:minInclusive value="0"/>
-                        <xs:maxInclusive value="100"/>
-                    </xs:restriction>
-                </xs:simpleType>
-                <xs:element name="Range">
-                    <xs:complexType mixed="true">
-                        <xs:sequence>
-                            <xs:element
-                                name="RangeStartTime"
-                                type="hours"
-                            />
-                            <xs:element
-                                name="RangeEndTime"
-                                type="hours"
-                            />
-                            <xs:element
-                                name="PercentageMaxDownloadBandwidthIn"
-                                type="percent"
-                            />
-                            <xs:element
-                                name="PercentageMaxDownloadBandwidthOut"
-                                type="percent"
-                            />
-                        </xs:sequence>
-                    </xs:complexType>
-                </xs:element>
-            </xs:schema>]]></MSFT:XMLSchema>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DOSetHoursToLimitForegroundDownloadBandwidth</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-                <xs:simpleType name="hours">
-                    <xs:restriction base="xs:integer">
-                        <xs:minInclusive value="0"/>
-                        <xs:maxInclusive value="23"/>
-                    </xs:restriction>
-                </xs:simpleType>
-                <xs:simpleType name="percent">
-                    <xs:restriction base="xs:integer">
-                        <xs:minInclusive value="0"/>
-                        <xs:maxInclusive value="100"/>
-                    </xs:restriction>
-                </xs:simpleType>
-                <xs:element name="Range">
-                    <xs:complexType mixed="true">
-                        <xs:sequence>
-                            <xs:element
-                                name="RangeStartTime"
-                                type="hours"
-                            />
-                            <xs:element
-                                name="RangeEndTime"
-                                type="hours"
-                            />
-                            <xs:element
-                                name="PercentageMaxDownloadBandwidthIn"
-                                type="percent"
-                            />
-                            <xs:element
-                                name="PercentageMaxDownloadBandwidthOut"
-                                type="percent"
-                            />
-                        </xs:sequence>
-                    </xs:complexType>
-                </xs:element>
-            </xs:schema>]]></MSFT:XMLSchema>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceGuard</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureSystemGuardLaunch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Secure Launch configuration: 0 - Unmanaged, configurable by Administrative user, 1 - Enables Secure Launch if supported by hardware, 2 - Disables Secure Launch.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SystemGuardDrop</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableVirtualizationBasedSecurity</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Turns On Virtualization Based Security(VBS)</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LsaCfgFlags</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CredentialIsolationDrop</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePlatformSecurityFeatures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="1,3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>RequirePlatformSecurityFeaturesDrop</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceHealthMonitoring</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowDeviceHealthMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable 4Nines device health monitoring on devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigDeviceHealthMonitoringScope</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which types of events are monitored.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigDeviceHealthMonitoringUploadDestination</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which destinations are in-scope for monitored events to be uploaded.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceInstallation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowInstallationOfMatchingDeviceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_IDs_Allow</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInstallationOfMatchingDeviceInstanceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_Instance_IDs_Allow</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInstallationOfMatchingDeviceSetupClasses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_Classes_Allow</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventDeviceMetadataFromNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>DeviceSetup.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceMetadata_PreventDeviceMetadataFromNetwork</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_Unspecified_Deny</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfMatchingDeviceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_IDs_Deny</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfMatchingDeviceInstanceIDs</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_Instance_IDs_Deny</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventInstallationOfMatchingDeviceSetupClasses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceInstall_Classes_Deny</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DeviceLock</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowIdleReturnWithoutPassword</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Specifies whether the user must input a PIN or password when the device resumes from an idle state.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSimpleDevicePassword</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlphanumericDevicePasswordRequired</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description>Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DevicePasswordEnabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Specifies whether device lock is enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DevicePasswordExpiration</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies when the password expires (in days).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="730"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DevicePasswordHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies how many passwords can be stored in the history that can’t be used.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="50"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnforceLockScreenAndLogonImage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnforceLockScreenProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxDevicePasswordFailedAttempts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="999"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxInactivityTimeDeviceLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="999"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxInactivityTimeDeviceLockWithExternalDisplay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Sets the maximum timeout value for the external display.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="999"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MinDevicePasswordComplexCharacters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MinDevicePasswordLength</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>4</DefaultValue>
-            <Description>Specifies the minimum number or characters required in the PIN or password.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="4" high="18"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MinimumPasswordAge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
-
-The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
-
-Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="998"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Account Policies~Password Policy</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Minimum password age</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventEnablingLockScreenCamera</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ControlPanelDisplay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ControlPanelDisplay~AT~ControlPanel~Personalization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CPL_Personalization_NoLockScreenCamera</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventLockScreenSlideShow</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ControlPanelDisplay.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ControlPanelDisplay~AT~ControlPanel~Personalization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CPL_Personalization_NoLockScreenSlideshow</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      <Node>
-        <NodeName>Display</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisablePerProcessDpiForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisplayDisablePerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnablePerProcessDpi</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisplayGlobalPerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnablePerProcessDpiForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisplayEnablePerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffGdiDPIScalingForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisplayTurnOffGdiDPIScalingPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisplayTurnOffGdiDPIScaling</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnGdiDPIScalingForApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisplayTurnOnGdiDPIScalingPrompt</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisplayTurnOnGdiDPIScaling</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>DmaGuard</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DeviceEnumerationPolicy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>dmaguard.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>dmaguard~AT~System~DmaGuard</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DmaGuardEnumerationPolicy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ErrorReporting</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CustomizeConsentSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ErrorReporting.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WerConsentCustomize_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWindowsErrorReporting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ErrorReporting.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WerDisable_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisplayErrorNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ErrorReporting.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PCH_ShowUI</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotSendAdditionalData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ErrorReporting.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WerNoSecondLevelData_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventCriticalErrorDisplay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ErrorReporting.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WerDoNotShowUI</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>EventLogService</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ControlEventLogBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>eventlog.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Channel_Log_Retention_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaximumFileSizeApplicationLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>eventlog.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Channel_LogMaxSize_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaximumFileSizeSecurityLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>eventlog.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Security</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Channel_LogMaxSize_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaximumFileSizeSystemLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>eventlog.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>EventLog~AT~WindowsComponents~EventLogCategory~EventLog_System</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Channel_LogMaxSize_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Experience</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowClipboardHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allows history of clipboard items to be stored in memory.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowClipboardHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCopyPaste</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCortana</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCortana</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeviceDiscovery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFindMyDevice</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>FindMy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>FindMy~AT~WindowsComponents~FindMyDeviceCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>FindMy_AllowFindMyDeviceConfig</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowManualMDMUnenrollment</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSaveAsOfOfficeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScreenCapture</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSharingOfOfficeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSIMErrorDialogPromptWhenNoSIM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSyncMySettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTaskSwitcher</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVoiceRecording</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsConsumerFeatures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWindowsConsumerFeatures</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsTips</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableSoftLanding</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCloudOptimizedContent</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableCloudOptimizedContent</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotShowFeedbackNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>FeedbackNotifications.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>FeedbackNotifications~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DoNotShowFeedbackNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotSyncBrowserSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user. 
-                        Related policy: PreventUsersFromTurningOnBrowserSyncing
-                        0 (default) = allow syncing, 2 = disable syncing</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>SettingSync.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>SettingSync~AT~WindowsComponents~SettingSync</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWebBrowserSettingSync</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventUsersFromTurningOnBrowserSyncing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices.  When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
-                        Related policy: DoNotSyncBrowserSettings
-                        1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>SettingSync.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CheckBox_UserOverride</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>SettingSync~AT~WindowsComponents~SettingSync</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableWebBrowserSettingSync</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ShowLockOnUserTile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Shows or hides lock from the user tile menu.
-If you enable this policy setting, the lock option will be shown in the User Tile menu.
-
-If you disable this policy setting, the lock option will never be shown in the User Tile menu.
-
-If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsExplorer.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsExplorer~AT~WindowsExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShowLockOption</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ExploitGuard</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ExploitProtectionSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>ExploitGuard.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ExploitProtection_Name</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>ExploitGuard~AT~WindowsComponents~WindowsDefenderExploitGuard~ExploitProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExploitProtection_Name</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>FactoryComposer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BackgroundImagePath</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>OEMVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>unset; partners can set via settings customization!</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserToSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UWPLaunchOnBoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>FileExplorer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>TurnOffDataExecutionPreventionForExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Explorer.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Explorer~AT~WindowsExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoDataExecutionPrevention</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffHeapTerminationOnCorruption</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Explorer.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Explorer~AT~WindowsExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoHeapTerminationOnCorruption</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Games</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAdvancedGamingServices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Handwriting</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PanelDefaultModeDocked</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Handwriting.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Handwriting~AT~WindowsComponents~Handwriting</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PanelDefaultModeDocked</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>InternetExplorer</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AddSearchProvider</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AddSearchProvider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowActiveXFiltering</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TurnOnActiveXFiltering</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAddOnList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AddonManagement_AddOnList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCertificateAddressMismatchWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyWarnCertMismatch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeletingBrowsingHistoryOnExit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DBHDisableDeleteOnExit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_EnableEnhancedProtectedMode</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnhancedSuggestionsInAddressBar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowServicePoweredQSA</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeFromToolsMenu</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseModeEnable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEnterpriseModeSiteList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseModeSiteList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFallbackToSSL3</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_EnableSSL3Fallback</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorer7PolicyList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CompatView_UsePolicyList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetExplorerStandardsMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CompatView_IntranetSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyInternetZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyIntranetZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLocalMachineZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownInternetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyInternetZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownIntranetZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyIntranetZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownLocalMachineZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLocalMachineZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLockedDownRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyRestrictedSitesZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOneWordEntry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UseIntranetSiteForOneWordEntry</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSiteToZoneAssignmentList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Zonemaps</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsLockedDownTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTrustedSitesZoneLockdownTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSoftwareWhenSignatureIsInvalid</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_InvalidSignatureBlock</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowsRestrictedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyRestrictedSitesZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSuggestedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableSuggestedSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTrustedSitesZoneTemplate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTrustedSitesZoneTemplate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckServerCertificateRevocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_CertificateRevocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CheckSignaturesOnDownloadedPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_DownloadSignatures</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConsistentMimeHandlingInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryConsistentMimeHandling</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAdobeFlash</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableFlashInIE</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarnings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableSafetyFilterOverride</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBypassOfSmartScreenWarningsAboutUncommonFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableSafetyFilterOverrideForAppRepUnknown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCompatView</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CompatView_DisableList</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableConfiguringHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCrashDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AddonManagement_RestrictCrashDetection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableCustomerExperienceImprovementProgramParticipation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SQM_DisableCEIP</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeletingUserVisitedWebsites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DBHDisableDeleteHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnclosureDownloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~RSS_Feeds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Downloading_of_Enclosures</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEncryptionSupport</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_SetWinInetProtocols</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFeedsBackgroundSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~RSS_Feeds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Background_Syncing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFirstRunWizard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoFirstRunCustomise</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFlipAheadFeature</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_DisableFlipAhead</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableGeolocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>GeolocationDisable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableIgnoringCertificateErrors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoCertError</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableInPrivateBrowsing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableInPrivateBrowsing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProcessesInEnhancedProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_EnableEnhancedProtectedMode64Bit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableProxyChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictProxy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSearchProviderChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoSearchProvider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecondaryHomePageChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SecondaryHomePages</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSecuritySettingsCheck</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Security_Settings_Check</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableUpdateCheck</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoUpdateCheck</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWebAddressAutoComplete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestrictWebAddressSuggest</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowActiveXControlsInProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Advanced_DisableEPMCompat</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowUsersToAddSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Security_zones_map_edit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowUsersToChangePolicies</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Security_options_edit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VerMgmtDisable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotBlockOutdatedActiveXControlsOnSpecificDomains</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VerMgmtDomainAllowlist</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllLocalSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_IncludeUnspecifiedLocalSites</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncludeAllNetworkPaths</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_UNCAsIntranet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowPasteViaScript_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDropOrPasteFiles_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_XAML_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowTDCControl_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_WebBrowserControl_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyWindowsRestrictionsURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_ScriptStatusBar_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadSignedActiveX_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadUnsignedActiveX_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTurnOnXSSFilter_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyMimeSniffingURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneEnableProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_TurnOnProtectedMode_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_LocalPathForUpload_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLaunchAppsAndFilesInIFRAME_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLogon_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicySignedFrameworkComponentsURLaction_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_UnsafeFiles_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InternetZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyBlockPopupWindows_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownInternetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownIntranetZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_4</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownLocalMachineZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownRestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockedDownTrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MimeSniffingSafetyFeatureInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MKProtocolSecurityRestrictionInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_3</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NewTabDefaultPage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NewTabAction</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NotificationBarInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_10</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventManagingSmartScreenFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Disable_Managing_Safety_Filter_IE9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventPerUserInstallationOfActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePerUserActiveXInstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProtectionFromZoneElevationInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_9</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemoveRunThisTimeButtonForOutdatedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VerMgmtDisableRunThisTime</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictActiveXInstallInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_11</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowActiveScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyActiveScripting_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowBinaryAndScriptBehaviors</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyBinaryBehaviors_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowCopyPasteViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowPasteViaScript_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDropOrPasteFiles_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFileDownload_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowLoadingOfXAMLFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_XAML_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowMETAREFRESH</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowMETAREFRESH_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowTDCControl_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_WebBrowserControl_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptInitiatedWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyWindowsRestrictionsURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUpdatesToStatusBarViaScript</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_ScriptStatusBar_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadSignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadSignedActiveX_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneDownloadUnsignedActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDownloadUnsignedActiveX_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableCrossSiteScriptingFilter</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyTurnOnXSSFilter_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneEnableMIMESniffing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyMimeSniffingURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_LocalPathForUpload_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLaunchAppsAndFilesInIFRAME_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneLogonOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyLogon_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunActiveXControlsAndPlugins</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyRunActiveXControls_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicySignedFrameworkComponentsURLaction_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXMarkedSafe_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneScriptingOfJavaApplets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptingOfJavaApplets_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_UnsafeFiles_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneTurnOnProtectedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_TurnOnProtectedMode_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictedSitesZoneUsePopupBlocker</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyBlockPopupWindows_7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestrictFileDownloadInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_12</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScriptedWindowSecurityRestrictionsInternetExplorerProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_8</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SearchProviderList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SpecificSearchProvider</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SecurityZonesUseOnlyMachineSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Security_HKLM_only</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyUseOfActiveXInstallerService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>OnlyUseAXISForActiveXInstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAccessToDataSources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAccessDataSourcesAcrossDomains_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarActiveXURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowAutomaticPromptingForFileDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNotificationBarDownloadURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowFontDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyFontDownload_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowLessPrivilegedSites</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyZoneElevationURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowNETFrameworkReliantComponents</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUnsignedFrameworkComponentsURLaction_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowScriptlets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_AllowScriptlets_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowSmartScreenIE</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_Policy_Phishing_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneAllowUserDataPersistence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyUserdataPersistence_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyAntiMalwareCheckingOfActiveXControls_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneInitializeAndScriptActiveXControls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyScriptActiveXNotMarkedSafe_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneJavaPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedSitesZoneNavigateWindowsAndFrames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IZ_PolicyNavigateSubframesAcrossDomains_5</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Kerberos</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowForestSearchOrder</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Kerberos.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Kerberos~AT~System~kerberos</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ForestSearch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>KerberosClientSupportsClaimsCompoundArmor</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Kerberos.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Kerberos~AT~System~kerberos</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableCbacAndArmor</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireKerberosArmoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Kerberos.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Kerberos~AT~System~kerberos</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ClientRequireFast</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireStrictKDCValidation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Kerberos.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Kerberos~AT~System~kerberos</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ValidateKDC</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetMaximumContextTokenSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Kerberos.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Kerberos~AT~System~kerberos</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxTokenSize</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UPNNameHints</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal.
-                
-                This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>KioskBrowser</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>BlockedUrlExceptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BlockedUrls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DefaultURL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableEndSessionButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableHomeButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableNavigationButtons</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestartOnIdleTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="1440"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LanmanWorkstation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnableInsecureGuestLogons</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>LanmanWorkstation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>LanmanWorkstation~AT~Network~Cat_LanmanWorkstation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_EnableInsecureGuestLogons</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Licensing</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowWindowsEntitlementReactivation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>AVSValidationGP.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AVSValidationGP~AT~WindowsComponents~SoftwareProtectionPlatform</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowWindowsEntitlementReactivation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowKMSClientOnlineAVSValidation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>AVSValidationGP.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AVSValidationGP~AT~WindowsComponents~SoftwareProtectionPlatform</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoAcquireGT</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LocalPoliciesSecurityOptions</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>Accounts_BlockMicrosoftAccounts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting prevents users from adding new Microsoft accounts on this computer.
-
-If you select the &quot;Users can’t add Microsoft accounts&quot; option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
-
-If you select the &quot;Users can’t add or log on with Microsoft accounts&quot; option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
-
-If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Accounts: Block Microsoft accounts</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_EnableAdministratorAccountStatus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This security setting determines whether the local Administrator account is enabled or disabled.
-
-Notes
-
-If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
-Disabling the Administrator account can become a maintenance issue under certain circumstances. 
-
-Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts.  If the computer is domain joined the disabled administrator will not be enabled.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Accounts: Administrator account status</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_EnableGuestAccountStatus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This security setting determines if the Guest account is enabled or disabled.
-
-Default: Disabled.
-
-Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Accounts: Guest account status</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Accounts: Limit local account use of blank passwords to console logon only
-
-This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer&apos;s keyboard.
-
-Default: Enabled.
-
-
-Warning:
-
-Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
-If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
-
-Notes
-
-This setting does not affect logons that use domain accounts.
-It is possible for applications that use remote interactive logons to bypass this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Accounts: Limit local account use of blank passwords to console logon only</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_RenameAdministratorAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>Administrator</DefaultValue>
-            <Description>Accounts: Rename administrator account
-
-This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
-
-Default: Administrator.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Accounts: Rename administrator account</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Accounts_RenameGuestAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>Guest</DefaultValue>
-            <Description>Accounts: Rename guest account
-
-This security setting determines whether a different account name is associated with the security identifier (SID) for the account &quot;Guest.&quot; Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
-
-Default: Guest.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Accounts: Rename guest account</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_AllowedToFormatAndEjectRemovableMedia</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Devices: Allowed to format and eject removable media
-
-This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
-
-Administrators
-Administrators and Interactive Users
-
-Default: This policy is not defined and only Administrators have this ability.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Devices: Allowed to format and eject removable media</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_AllowUndockWithoutHavingToLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Devices: Allow undock without having to log on
-This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
-Default: Enabled.
-
-Caution
-Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Devices: Allow undock without having to log on</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Devices: Prevent users from installing printer drivers when connecting to shared printers
-
-For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
-
-Default on servers: Enabled.
-Default on workstations: Disabled
-
-Notes
-
-This setting does not affect the ability to add a local printer.
-This setting does not affect Administrators.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Devices: Prevent users from installing printer drivers</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Devices: Restrict CD-ROM access to locally logged-on user only
-
-This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.
-
-If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network.
-
-Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Devices: Restrict CD-ROM access to locally logged-on user only</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Interactive Logon:Display user information when the session is locked
-User display name, domain and user names (1)
-User display name only (2)
-Do not display user information (3)
-Domain and user names only (4)</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Display user information when the session is locked</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DoNotDisplayLastSignedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Interactive logon: Don&apos;t display last signed-in
-This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
-If this policy is enabled, the username will not be shown.
-
-If this policy is disabled, the username will be shown.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Don't display last signed-in</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DoNotDisplayUsernameAtSignIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Interactive logon: Don&apos;t display username at sign-in
-This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
-If this policy is enabled, the username will not be shown.
-
-If this policy is disabled, the username will be shown.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Don't display username at sign-in</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_DoNotRequireCTRLALTDEL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Interactive logon: Do not require CTRL+ALT+DEL
-
-This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
-
-If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users&apos; passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
-
-If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
-
-Default on domain-computers: Enabled: At least Windows  8/Disabled: Windows 7 or earlier.
-Default on stand-alone computers: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Do not require CTRL+ALT+DEL</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_MachineInactivityLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Interactive logon: Machine inactivity limit.
-
-Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
-
-Default: not enforced.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="599940"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Machine inactivity limit</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_MessageTextForUsersAttemptingToLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Interactive logon: Message text for users attempting to log on
-
-This security setting specifies a text message that is displayed to users when they log on.
-
-This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
-
-Default: No message.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Message text for users attempting to log on</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Interactive logon: Message title for users attempting to log on
-
-This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on.
-
-Default: No message.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Message title for users attempting to log on</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>InteractiveLogon_SmartCardRemovalBehavior</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Interactive logon: Smart card removal behavior
-
-This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
-
-The options are:
-
- No Action
- Lock Workstation
- Force Logoff
- Disconnect if a Remote Desktop Services session 
-
-If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
-
-If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed.
-
-If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation.
-
-Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
-
-Default: This policy is not defined, which means that the system treats it as No action.
-
-On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Interactive logon: Smart card removal behavior</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Microsoft network client: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB client component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
-
-If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-
-Default: Disabled.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Microsoft network client: Digitally sign communications (always)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Microsoft network client: Digitally sign communications (if server agrees)
-
-This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
-
-If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
-
-Default: Enabled.
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Microsoft network client: Digitally sign communications (if server agrees)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Microsoft network client: Send unencrypted password to connect to third-party SMB servers
-
-If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.
-
-Sending unencrypted passwords is a security risk.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Microsoft network client: Send unencrypted password to third-party SMB servers</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Microsoft network server: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB server component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
-
-If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
-
-Default:
-
-Disabled for member servers.
-Enabled for domain controllers.
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
-If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy:
-Microsoft network server: Digitally sign communications (if server agrees)
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
-HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Microsoft network server: Digitally sign communications (always)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Microsoft network server: Digitally sign communications (if client agrees)
-
-This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
-
-If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
-
-Default: Enabled on domain controllers only.
-
-Important
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Microsoft network server: Digitally sign communications (if client agrees)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Network access: Do not allow anonymous enumeration of SAM accounts
-
-This security setting determines what additional permissions will be granted for anonymous connections to the computer.
-
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust.
-
-This security option allows additional restrictions to be placed on anonymous connections as follows:
-
-Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
-Disabled: No additional restrictions. Rely on default permissions.
-
-Default on workstations: Enabled.
-Default on server:Enabled.
-
-Important
-
-This policy has no impact on domain controllers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network access: Do not allow anonymous enumeration of SAM accounts</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Network access: Do not allow anonymous enumeration of SAM accounts and shares
-
-This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
-
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network access: Do not allow anonymous enumeration of SAM accounts and shares</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Network access: Restrict anonymous access to Named Pipes and Shares
-
-When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
-
-Network access: Named pipes that can be accessed anonymously
-Network access: Shares that can be accessed anonymously
-Default: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network access: Restrict anonymous access to Named Pipes and Shares</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Network access: Restrict clients allowed to make remote calls to SAM
-
-This policy setting allows you to restrict remote rpc connections to SAM.
-
-If not selected, the default security descriptor will be used.
-
-This policy is supported on at least Windows Server 2016.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network access: Restrict clients allowed to make remote calls to SAM</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Network security: Allow Local System to use computer identity for NTLM
-
-This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.
-
-If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.
-
-If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.
-
-By default, this policy is enabled on Windows 7 and above.
-
-By default, this policy is disabled on Windows Vista.
-
-This policy is supported on at least Windows Vista or Windows Server 2008.
-
-Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Allow Local System to use computer identity for NTLM</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_AllowPKU2UAuthenticationRequests</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Network security: Allow PKU2U authentication requests to this computer to use online identities.
-
-This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Allow PKU2U authentication requests to this computer to use online identities.</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Network security: Do not store LAN Manager hash value on next password change
-
-This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
-
-
-Default on Windows Vista and above: Enabled
-Default on Windows XP: Disabled.
-
-Important
-
-Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Do not store LAN Manager hash value on next password change</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_LANManagerAuthenticationLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>Network security LAN Manager authentication level
-
-This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
-
-Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
-
-Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
-
-Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
-
-Important
-
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
-
-Default:
-
-Windows 2000 and windows XP: send LM and NTLM responses
-
-Windows Server 2003: Send NTLM response only
-
-Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: LAN Manager authentication level</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>536870912</DefaultValue>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
-
-This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-
-Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
-Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
-
-Default:
-
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
-
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,524288,536870912,537395200"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>536870912</DefaultValue>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
-
-This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-
-Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
-Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
-
-Default:
-
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
-
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,524288,536870912,537395200"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
-
-This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  &quot;Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers&quot; policy setting is configured.
-
-If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
-
-If you do not configure this policy setting, no exceptions will be applied.
-
-The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Network security: Restrict NTLM: Audit Incoming NTLM Traffic
-
-This policy setting allows you to audit incoming NTLM traffic.
-
-If you select &quot;Disable&quot;, or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
-
-If you select &quot;Enable auditing for domain accounts&quot;, the server will log events for NTLM pass-through authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all domain accounts&quot; option.
-
-If you select &quot;Enable auditing for all accounts&quot;, the server will log events for all NTLM authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all accounts&quot; option.
-
-This policy is supported on at least Windows 7 or Windows Server 2008 R2.
-
-Note: Audit events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Audit Incoming NTLM Traffic</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Network security: Restrict NTLM: Incoming NTLM traffic
-
-This policy setting allows you to deny or allow incoming NTLM traffic.
-
-If you select &quot;Allow all&quot; or do not configure this policy setting, the server will allow all NTLM authentication requests.
-
-If you select &quot;Deny all domain accounts,&quot; the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
-
-If you select &quot;Deny all accounts,&quot; the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
-
-This policy is supported on at least Windows 7 or Windows Server 2008 R2.
-
-Note: Block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Incoming NTLM traffic</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
-
-This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
-
-If you select &quot;Allow all&quot; or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
-
-If you select &quot;Audit all,&quot; the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
-
-If you select &quot;Deny all,&quot; the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the &quot;Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication&quot; policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
-
-This policy is supported on at least Windows 7 or Windows Server 2008 R2.
-
-Note: Audit and block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Shutdown: Allow system to be shut down without having to log on
-
-This security setting determines whether a computer can be shut down without having to log on to Windows.
-
-When this policy is enabled, the Shut Down command is available on the Windows logon screen.
-
-When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
-
-Default on workstations: Enabled.
-Default on servers: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Shutdown: Allow system to be shut down without having to log on</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Shutdown_ClearVirtualMemoryPageFile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Shutdown: Clear virtual memory pagefile
-
-This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
-
-Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile.
-
-When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
-
-Default: Disabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Shutdown: Clear virtual memory pagefile</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
-
-This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
-
-• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting, the prompts appear on the interactive user&apos;s desktop instead of the secure desktop.
-
-• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>5</DefaultValue>
-            <Description>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
-
-This policy setting controls the behavior of the elevation prompt for administrators.
-
-The options are:
-
-• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
-
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user&apos;s highest available privilege.
-
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
-
-• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
-
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>User Account Control: Behavior of the elevation prompt for standard users
-This policy setting controls the behavior of the elevation prompt for standard users.
-
-The options are:
-
-• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
-
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Behavior of the elevation prompt for standard users</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>User Account Control: Detect application installations and prompt for elevation
-
-This policy setting controls the behavior of application installation detection for the computer.
-
-The options are:
-
-Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Detect application installations and prompt for elevation</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>User Account Control: Only elevate executable files that are signed and validated
-
-This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
-
-The options are:
-
-• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
-
-• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Only elevate executables that are signed and validated</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>User Account Control: Only elevate UIAccess applications that are installed in secure locations
-
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
-
-- …\Program Files\, including subfolders
-- …\Windows\system32\
-- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
-
-Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
-
-The options are:
-
-• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
-
-• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Only elevate UIAccess applications that are installed in secure locations</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_RunAllAdministratorsInAdminApprovalMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
-
-• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
-
-• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Run all administrators in Admin Approval Mode</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>User Account Control: Switch to the secure desktop when prompting for elevation
-
-This policy setting controls whether the elevation request prompt is displayed on the interactive user&apos;s desktop or the secure desktop.
-
-The options are:
-
-• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-
-• Disabled: All elevation requests go to the interactive user&apos;s desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Switch to the secure desktop when prompting for elevation</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_UseAdminApprovalMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>User Account Control: Use Admin Approval Mode for the built-in Administrator account
-
-This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
-
-The options are:
-
-• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
-
-• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Admin Approval Mode for the Built-in Administrator account</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>User Account Control: Virtualize file and registry write failures to per-user locations
-
-This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
-
-The options are:
-
-• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
-
-• Disabled: Applications that write data to protected locations fail.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>User Account Control: Virtualize file and registry write failures to per-user locations</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LocalUsersAndGroups</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>Configure</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This Setting allows an administrator to manage local groups on a Device.
-                            Possible settings:
-                            1. Update Group Membership: Update a group and add and/or remove members though the &apos;U&apos; action.
-                            When using Update, existing group members that are not specified in the policy remain untouched.
-                            2. Replace Group Membership: Restrict a group by replacing group membership through the &apos;R&apos; action.
-                            When using Replace, existing group membership is replaced by the list of members specified in
-                            the add member section. This option works in the same way as a Restricted Group and any group
-                            members that are not specified in the policy are removed.
-                            Caution: If the same group is configured with both Replace and Update, then Replace will win.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">
-                          <xs:simpleType name="name">
-                            <xs:restriction base="xs:string">
-                              <xs:maxLength value="255" />
-                            </xs:restriction>
-                          </xs:simpleType>
-                          <xs:element name="accessgroup">
-                            <xs:complexType>
-                                <xs:sequence>
-                                    <xs:element name="group" minOccurs="1" maxOccurs="1">
-                                      <xs:annotation>
-                                        <xs:documentation>Group Configuration Action</xs:documentation>
-                                      </xs:annotation>
-                                      <xs:complexType>
-                                        <xs:attribute name="action" type="name" use="required"/>
-                                      </xs:complexType>
-                                    </xs:element>
-                                    <xs:element name="add" minOccurs="0" maxOccurs="unbounded">
-                                      <xs:annotation>
-                                        <xs:documentation>Group Member to Add</xs:documentation>
-                                      </xs:annotation>
-                                      <xs:complexType>
-                                        <xs:attribute name="member" type="name" use="required"/>
-                                      </xs:complexType>
-                                    </xs:element>
-                                    <xs:element name="remove" minOccurs="0" maxOccurs="unbounded">
-                                      <xs:annotation>
-                                        <xs:documentation>Group Member to Remove</xs:documentation>
-                                      </xs:annotation>
-                                      <xs:complexType>
-                                        <xs:attribute name="member" type="name" use="required"/>
-                                      </xs:complexType>
-                                    </xs:element>
-                                    <xs:element name="property" minOccurs="0" maxOccurs="unbounded">
-                                      <xs:annotation>
-                                        <xs:documentation>Group property to configure</xs:documentation>
-                                      </xs:annotation>
-                                      <xs:complexType>
-                                        <xs:attribute name="desc" type="name" use="required"/>
-                                        <xs:attribute name="value" type="name" use="required"/>
-                                      </xs:complexType>
-                                    </xs:element>
-                                  </xs:sequence>
-                              <xs:attribute name="desc" type="name" use="required"/>
-                            </xs:complexType>
-                          </xs:element>
-                          <xs:element name="GroupConfiguration">
-                            <xs:complexType>
-                              <xs:sequence>
-                                <xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
-                                  <xs:annotation>
-                              <xs:documentation>Local Group Configuration</xs:documentation>
-                            </xs:annotation>
-                                </xs:element>
-                              </xs:sequence>
-                            </xs:complexType>
-                          </xs:element>
-                      </xs:schema]]></MSFT:XMLSchema>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>LockDown</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowEdgeSwipe</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>EdgeUI.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>EdgeUI~AT~WindowsComponents~EdgeUI</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowEdgeSwipe</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Maps</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowOfflineMapsDownloadOverMeteredConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableOfflineMapsAutoUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WinMaps.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WinMaps~AT~WindowsComponents~Maps</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TurnOffAutoUpdate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Messaging</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowMessageSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft&apos;s cloud services.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>messaging.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>messaging~AT~WindowsComponents~Messaging_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowMessageSync</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMMS</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to enable or disable the sending and receiving cellular MMS messages.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRCS</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>MixedReality</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AADGroupMembershipCacheValidityInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="60"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BrightnessButtonDisabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FallbackDiagnostics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MicrophoneDisabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>VolumeButtonDisabled</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>MSSecurityGuide</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_SecGuide_0201_LATFP</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureSMBV1ClientDriver</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_SecGuide_0002_SMBv1_ClientDriver</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureSMBV1Server</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_SecGuide_0001_SMBv1_Server</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableStructuredExceptionHandlingOverwriteProtection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_SecGuide_0102_SEHOP</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_SecGuide_0101_WDPUA</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>WDigestAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_SecGuide_0202_WDigestAuthn</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>MSSLegacy</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_MSS_EnableICMPRedirect</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_MSS_NoNameReleaseOnDemand</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IPSourceRoutingProtectionLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_MSS_DisableIPSourceRouting</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IPv6SourceRoutingProtectionLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Pol_MSS_DisableIPSourceRoutingIPv6</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>NetworkIsolation</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnterpriseCloudResources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>WF_NetIsolation_EnterpriseCloudResourcesBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_EnterpriseCloudResources</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseInternalProxyServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>WF_NetIsolation_Intranet_ProxiesBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_Intranet_Proxies</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseIPRange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>WF_NetIsolation_PrivateSubnetBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_PrivateSubnet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseIPRangesAreAuthoritative</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_Authoritative_Subnet</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseNetworkDomainNames</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseProxyServers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>WF_NetIsolation_Domain_ProxiesBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_Domain_Proxies</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnterpriseProxyServersAreAuthoritative</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_Authoritative_Proxies</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NeutralResources</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>WF_NetIsolation_NeutralResourcesBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WF_NetIsolation_NeutralResources</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Notifications</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>DisallowCloudNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WPN.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WPN~AT~StartMenu~NotificationsCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoCloudNotification</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Power</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowStandbyStatesWhenSleepingOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowStandbyStatesDC_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStandbyWhenSleepingPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowStandbyStatesAC_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisplayOffTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerVideoSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VideoPowerDownTimeOutDC_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisplayOffTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerVideoSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VideoPowerDownTimeOutAC_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnergySaverBatteryThresholdOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
-
-If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level.
-
-If you disable or do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EnterEsBattThreshold</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~EnergySaverSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EsBattThresholdDC</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnergySaverBatteryThresholdPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
-
-If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level.
-
-If you disable or do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EnterEsBattThreshold</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~EnergySaverSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EsBattThresholdAC</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HibernateTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCHibernateTimeOut_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HibernateTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACHibernateTimeOut_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePasswordWhenComputerWakesOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCPromptForPasswordOnResume_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePasswordWhenComputerWakesPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACPromptForPasswordOnResume_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectLidCloseActionOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SelectDCSystemLidAction</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCSystemLidAction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectLidCloseActionPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SelectACSystemLidAction</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACSystemLidAction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectPowerButtonActionOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the power button. 
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SelectDCPowerButtonAction</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCPowerButtonAction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectPowerButtonActionPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the power button. 
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SelectACPowerButtonAction</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACPowerButtonAction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectSleepButtonActionOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the sleep button.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SelectDCSleepButtonAction</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCSleepButtonAction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SelectSleepButtonActionPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting specifies the action that Windows takes when a user presses the sleep button.
-
-Possible actions include:
-0 - Take no action
-1 - Sleep
-2 - Hibernate
-3 - Shut down
-
-If you enable this policy setting, you must select the desired action.
-
-If you disable this policy setting or do not configure it, users can see and change this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SelectACSleepButtonAction</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACSleepButtonAction_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StandbyTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCStandbyTimeOut_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StandbyTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACStandbyTimeOut_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffHybridSleepOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to turn off hybrid sleep.
-
-If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
-
-If you do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DCStandbyWithHiberfileEnable_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffHybridSleepPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to turn off hybrid sleep.
-
-If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
-
-If you do not configure this policy setting, users control this setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ACStandbyWithHiberfileEnable_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnattendedSleepTimeoutOnBattery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
-
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended.  If you specify 0 seconds, Windows does not automatically transition to sleep.
-
-If you disable or do not configure this policy setting, users control this setting.
-
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The &quot;Prevent enabling lock screen slide show&quot; policy setting can be used to disable the slide show feature.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EnterUnattendedSleepTimeOut</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UnattendedSleepTimeOutDC</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnattendedSleepTimeoutPluggedIn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
-
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended.  If you specify 0 seconds, Windows does not automatically transition to sleep.
-
-If you disable or do not configure this policy setting, users control this setting.
-
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The &quot;Prevent enabling lock screen slide show&quot; policy setting can be used to disable the slide show feature.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Power.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EnterUnattendedSleepTimeOut</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UnattendedSleepTimeOutAC</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Printers</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>PointAndPrintRestrictions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Printing.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Printing~AT~ControlPanel~CplPrinters</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PointAndPrint_Restrictions_Win7</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishPrinters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>Printing2.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Printing2~AT~Printers</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PublishPrinters</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Privacy</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutoAcceptPairingAndPrivacyConsentPrompts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCrossDeviceClipboard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allows syncing of Clipboard across devices under the same Microsoft account.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCrossDeviceClipboard</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInputPersonalization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:StartOSVerison>10.0.10240</MSFT:StartOSVerison>
-            <MSFT:ADMXMapped>Globalization.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Globalization~AT~ControlPanel~RegionalOptions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowInputPersonalization</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAdvertisingId</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>UserProfiles.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>UserProfiles~AT~System~UserProfiles</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableAdvertisingId</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisablePrivacyExperience</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>OOBE.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OOBE~AT~WindowsComponents~OOBE</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisablePrivacyExperience</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableActivityFeed</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableActivityFeed</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access account information.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessAccountInfo_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access the movement of the user&apos;s head, hands, motion controllers, and other tracked objects, while the apps are running in the background.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the user&apos;s movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the user&apos;s movements while the apps are running in the background. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access the calendar.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCalendar_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access call history.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCallHistory_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access the camera.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCamera_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCamera_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCamera_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessCamera_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessCamera_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access contacts.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessContacts_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessContacts_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessContacts_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessContacts_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessContacts_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access email.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessEmail_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessEmail_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessEmail_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessEmail_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessEmail_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access the eye tracker.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessGazeInput_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access location.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessLocation_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessLocation_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessLocation_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessLocation_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessLocation_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can read or send messages (text or MMS).</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMessaging_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access the microphone.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMicrophone_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access motion data.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMotion_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMotion_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMotion_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessMotion_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessMotion_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access notifications.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessNotifications_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can make phone calls</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessPhone_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessPhone_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessPhone_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessPhone_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessPhone_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps have access to control radios.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessRadios_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessRadios_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessRadios_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessRadios_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessRadios_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access tasks.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTasks_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTasks_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTasks_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTasks_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTasks_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can access trusted devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsAccessTrustedDevices_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;trusted devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsActivateWithVoice</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can be activated by voice.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsActivateWithVoice_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsActivateWithVoice</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsActivateWithVoiceAboveLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can be activated by voice while the system is locked.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsActivateWithVoiceAboveLock_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsActivateWithVoiceAboveLock</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsGetDiagnosticInfo_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can run in the background.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsRunInBackground_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsRunInBackground_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsRunInBackground_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsRunInBackground_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsRunInBackground_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_Enum</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices_ForceAllowTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices_ForceDenyTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LetAppsSyncWithDevices_UserInControlOfTheseApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;Communicate with unpaired wireless devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PublishUserActivities</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allows apps/system to publish &apos;User Activities&apos; into ActivityFeed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PublishUserActivities</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UploadUserActivities</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Allows ActivityFeed to upload published &apos;User Activities&apos;.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UploadUserActivities</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteAssistance</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CustomizeWarningMessages</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>remoteassistance.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>RemoteAssistance~AT~System~RemoteAssist</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RA_Options</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SessionLogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>remoteassistance.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>RemoteAssistance~AT~System~RemoteAssist</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RA_Logging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SolicitedRemoteAssistance</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>remoteassistance.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>RemoteAssistance~AT~System~RemoteAssist</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RA_Solicit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UnsolicitedRemoteAssistance</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>remoteassistance.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>RemoteAssistance~AT~System~RemoteAssist</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RA_Unsolicit</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteDesktopServices</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowUsersToConnectRemotely</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>terminalserver.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_CONNECTIONS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TS_DISABLE_CONNECTIONS</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClientConnectionEncryptionLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>terminalserver.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TS_ENCRYPTION_POLICY</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowDriveRedirection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>terminalserver.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_REDIRECTION</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TS_CLIENT_DRIVE_M</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotAllowPasswordSaving</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>terminalserver.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_CLIENT</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TS_CLIENT_DISABLE_PASSWORD_SAVING_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PromptForPasswordUponConnection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>terminalserver.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TS_PASSWORD</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireSecureRPCCommunication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>terminalserver.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TS_RPC_ENCRYPTION</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteManagement</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowBasicAuthentication_Client</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowBasic_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowBasicAuthentication_Service</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowBasic_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCredSSPAuthenticationClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRMClient</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCredSSP_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCredSSPAuthenticationService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCredSSP_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRemoteServerManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowAutoConfig</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUnencryptedTraffic_Client</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowUnencrypted_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUnencryptedTraffic_Service</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowUnencrypted_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowDigestAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisallowDigest</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowNegotiateAuthenticationClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisallowNegotiate_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowNegotiateAuthenticationService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisallowNegotiate_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowStoringOfRunAsCredentials</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableRunAs</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyChannelBindingTokenHardeningLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CBTHardeningLevel_1</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TrustedHosts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TrustedHosts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnCompatibilityHTTPListener</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HttpCompatibilityListener</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOnCompatibilityHTTPSListener</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteManagement.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HttpsCompatibilityListener</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteProcedureCall</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>RestrictUnauthenticatedRPCClients</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>rpc.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>RPC~AT~System~Rpc</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RpcRestrictRemoteClients</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RPCEndpointMapperClientAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>rpc.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>RPC~AT~System~Rpc</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RpcEnableAuthEpResolution</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RemoteShell</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowRemoteShellAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowRemoteShellAccess</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>MaxConcurrentUsers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxConcurrentUsers</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyIdleTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IdleTimeout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaxMemory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxMemoryPerShellMB</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaxProcesses</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxProcessesPerShell</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyMaxRemoteShells</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>MaxShellsPerUser</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SpecifyShellTimeout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WindowsRemoteShell.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WindowsRemoteShell~AT~WindowsComponents~WinRS</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShellTimeOut</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>RestrictedGroups</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureGroupMembership</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
-Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">
-                        <xs:simpleType name="member_name">
-                          <xs:restriction base="xs:string">
-                            <xs:maxLength value="255" />
-                          </xs:restriction>
-                        </xs:simpleType>
-                        <xs:element name="accessgroup">
-                          <xs:complexType>
-                            <xs:sequence>
-                              <xs:element name="member" minOccurs="0" maxOccurs="unbounded">
-                                <xs:annotation>
-                                  <xs:documentation>Restricted Group Member</xs:documentation>
-                                </xs:annotation>
-                                <xs:complexType>
-                                  <xs:attribute name="name" type="member_name" use="required"/>
-                                </xs:complexType>
-                              </xs:element>
-                            </xs:sequence>
-                            <xs:attribute name="desc" type="member_name" use="required"/>
-                          </xs:complexType>
-                        </xs:element>
-                        <xs:element name="groupmembership">
-                          <xs:complexType>
-                            <xs:sequence>
-                              <xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
-                                <xs:annotation>
-                                  <xs:documentation>Restricted Group</xs:documentation>
-                                </xs:annotation>
-                              </xs:element>
-                            </xs:sequence>
-                          </xs:complexType>
-                        </xs:element>
-                      </xs:schema>]]></MSFT:XMLSchema>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Search</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowCloudSearch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowCloudSearch_Dropdown</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCloudSearch</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCortanaInAAD</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This features allows you to show the cortana opt-in page during Windows Setup</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCortanaInAAD</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFindMyFiles</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This feature allows you to disable find my files completely on the machine</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowFindMyFiles</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIndexingEncryptedStoresOrItems</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowIndexingEncryptedStoresOrItems</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSearchToUseLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSearchToUseLocation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStoringImagesFromVisionSearch</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUsingDiacritics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowUsingDiacritics</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsIndexer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AlwaysUseAutoLangDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AlwaysUseAutoLangDetection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableBackoff</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableBackoff</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableRemovableDriveIndexing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableRemovableDriveIndexing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DoNotUseWebResults</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DoNotUseWebResults</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventIndexingLowDiskSpaceMB</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>StopIndexingOnLimitedHardDriveSpace</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventRemoteQueries</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventRemoteQueries</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SafeSearchPermissions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Security</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAddProvisioningPackage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowManualRootCertificateInstallation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRemoveProvisioningPackage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AntiTheftMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ClearTPMIfNotReady</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>TPM.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>TPM~AT~System~TPMCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ClearTPMIfNotReady_Name</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureWindowsPasswords</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description>Configures the use of passwords for Windows features</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireDeviceEncryption</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireProvisioningPackageSignature</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireRetrieveHealthCertificateOnBoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>ServiceControlManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>SvchostProcessMitigation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>ServiceControlManager.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>ServiceControlManager~AT~System~ServiceControlManagerCat~ServiceControlManagerSecurityCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SvchostProcessMitigationEnable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Settings</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutoPlay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDataSense</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDateTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEditDeviceName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLanguage</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowOnlineTips</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>ControlPanel.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CheckBox_AllowOnlineTips</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>ControlPanel~AT~ControlPanel</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowOnlineTips</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPowerSleep</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowRegion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowSignInOptions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowVPN</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWorkplace</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowYourAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PageVisibilityList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>ControlPanel.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SettingsPageVisibilityBox</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>ControlPanel~AT~ControlPanel</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SettingsPageVisibility</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>SmartScreen</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnableAppInstallControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureAppInstallControl</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableSmartScreenInShell</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShellConfigureSmartScreen</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventOverrideForFilesInShell</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ShellConfigureSmartScreen_Dropdown</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ShellConfigureSmartScreen</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Speech</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowSpeechModelUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Speech.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Speech~AT~WindowsComponents~Speech</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSpeechModelUpdate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Start</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowPinnedFolderDocuments</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderDownloads</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderFileExplorer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderHomeGroup</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderMusic</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderPersonalFolder</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderPictures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowPinnedFolderVideos</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>65535</DefaultValue>
-            <Description>This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableContextMenus</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableContextMenusInStart</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ForceStartSize</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ForceStartSize</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideAppList</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideChangeAccountSettings</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Change account settings&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideFrequentlyUsedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoFrequentUsedPrograms</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideHibernate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Hibernate&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideLock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Lock&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HidePowerButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides the power button from appearing in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentJumplists</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NoRecentDocsHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRecentlyAddedApps</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HideRecentlyAddedApps</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRestart</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Restart/Update and restart&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideShutDown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Shut down/Update and shut down&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSignOut</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Sign out&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSleep</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Sleep&quot; from appearing in the power button in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSwitchAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides &quot;Switch account&quot; from appearing in the user tile in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideUserTile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides the user tile from appearing in the start menu.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ImportEdgeAssets</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>NoPinningToTaskbar</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>StartLayout</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LockedStartLayout</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Storage</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowDiskHealthModelUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageHealth.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageHealth~AT~System~StorageHealth</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SH_AllowDiskHealthModelUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStorageSenseGlobal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageSense.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageSense~AT~System~StorageSense</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SS_AllowStorageSenseGlobal</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStorageSenseTemporaryFilesCleanup</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageSense.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageSense~AT~System~StorageSense</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SS_AllowStorageSenseTemporaryFilesCleanup</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseCloudContentDehydrationThreshold</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="365"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageSense.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageSense~AT~System~StorageSense</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SS_ConfigStorageSenseCloudContentDehydrationThreshold</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseDownloadsCleanupThreshold</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="365"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageSense.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageSense~AT~System~StorageSense</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SS_ConfigStorageSenseDownloadsCleanupThreshold</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseGlobalCadence</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1,7,30"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageSense.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageSense~AT~System~StorageSense</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SS_ConfigStorageSenseGlobalCadence</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigStorageSenseRecycleBinCleanupThreshold</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>30</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="365"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>StorageSense.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>StorageSense~AT~System~StorageSense</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SS_ConfigStorageSenseRecycleBinCleanupThreshold</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnhancedStorageDevices</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>enhancedstorage.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>EnhancedStorage~AT~System~EnStorDeviceAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TCGSecurityActivationDisabled</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemovableDiskDenyWriteAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting &quot;Deny write access to drives not protected by BitLocker,&quot; which is located in &quot;Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives.&quot;</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>RemovableStorage.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>RemovableDisks_DenyWrite_Access_2</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>RemovableStorage~AT~System~DeviceAccess</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RemovableDisks_DenyWrite_Access_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>System</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowBuildPreview</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>AllowBuildPreview.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>AllowBuildPreview~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowBuildPreview</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowCommercialDataPipeline</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowCommercialDataPipeline</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowCommercialDataPipeline</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowDeviceNameInDiagnosticData</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.  If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowDeviceNameInDiagnosticData</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowDeviceNameInDiagnosticData</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowEmbeddedMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowExperimentation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowFontProviders</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>GroupPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>GroupPolicy~AT~Network~NetworkFonts</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableFontProviders</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Sensors.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Sensors~AT~LocationAndSensors</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableLocation_2</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowStorageCard</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTelemetry</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowTelemetry</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowTelemetry</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUserToResetPhone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BootStartDriverInitialization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>earlylauncham.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>EarlyLaunchAM~AT~System~ELAMCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>POL_DriverLoadPolicy_Name</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureMicrosoft365UploadEndpoint</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureMicrosoft365UploadEndpoint</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureMicrosoft365UploadEndpoint</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryOptInChangeNotification</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureTelemetryOptInChangeNotification</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureTelemetryOptInChangeNotification</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTelemetryOptInSettingsUx</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureTelemetryOptInSettingsUx</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureTelemetryOptInSettingsUx</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeviceDelete</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisableDeviceDelete</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableDeviceDelete</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDiagnosticDataViewer</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisableDiagnosticDataViewer</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableDiagnosticDataViewer</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDirectXDatabaseUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This group policy allows control over whether the DirectX Database Updater task will be run on the system.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>GroupPolicy.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>GroupPolicy~AT~Network~DirectXDatabase</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableDirectXDatabaseUpdate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnterpriseAuthProxy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DisableEnterpriseAuthProxy</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableEnterpriseAuthProxy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableOneDriveFileSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Microsoft Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>SkyDrive.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>SkyDrive~AT~WindowsComponents~OneDrive</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventOnedriveFileSync</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableSystemRestore</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>systemrestore.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>SystemRestore~AT~System~SR</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SR_DisableSR</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FeedbackHubAlwaysSaveDiagnosticsLocally</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LimitEnhancedDiagnosticDataWindowsAnalytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you&apos;re not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you&apos;ve set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you&apos;ll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don&apos;t configure this policy setting, you&apos;ll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don&apos;t configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>LimitEnhancedDiagnosticDataWindowsAnalytics</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>LimitEnhancedDiagnosticDataWindowsAnalytics</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TelemetryProxy</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>TelemetryProxyName</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TelemetryProxy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TurnOffFileHistory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to turn off File History.
-
-If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
-
-If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>FileHistory.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>FileHistory~AT~WindowsComponents~FileHistory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableFileHistory</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>SystemServices</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ConfigureHomeGroupListenerServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>HomeGroup Listener</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureHomeGroupProviderServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>HomeGroup Provider</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxAccessoryManagementServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Xbox Accessory Management Service</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxLiveAuthManagerServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Xbox Live Auth Manager</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxLiveGameSaveServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Xbox Live Game Save</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureXboxLiveNetworkingServiceStartupMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Xbox Live Networking Service</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TaskManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowEndTask</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This setting determines whether non-administrators can use Task Manager to end tasks - enabled (1) or disabled (0). Default: enabled</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TaskScheduler</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>EnableXboxGameSaveTask</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TextInput</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowHardwareKeyboardTextSuggestions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIMELogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowIMENetworkAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInputPanel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseIMESurrogatePairCharacters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseIVSCharacters</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseNonPublishingStandardGlyph</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowJapaneseUserDictionary</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowKeyboardTextSuggestions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLanguageFeaturesUninstall</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>TextInput.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>TextInput~AT~WindowsComponents~TextInput</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowLanguageFeaturesUninstall</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLinguisticDataCollection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>TextInput.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>TextInput~AT~WindowsComponents~TextInput</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowLinguisticDataCollection</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureJapaneseIMEVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy allows the IT admin to configure the Microsoft Japanese IME version in the desktop.
-The following list shows the supported values:
-0 (default) – The new Microsoft Japanese IME is on by default. Allow to control Microsoft Japanese IME version to use.
-1 - The previous version of Microsoft Japanese IME is always selected.  Not allowed to control Microsoft Japanese IME version to use.
-2 - The new Microsoft Japanese IME is always selected.  Not allowed to control Microsoft Japanese IME version to use.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>EAIME.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>EAIME~AT~WindowsComponents~L_IME</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>L_ConfigureJapaneseImeVersion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureSimplifiedChineseIMEVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy allows the IT admin to configure the Microsoft Simplified Chinese IME version in the desktop.
-The following list shows the supported values:
-0 (default) – The new Microsoft Simplified Chinese IME is on by default. Allow to control Microsoft Simplified Chinese IME version to use.
-1 - The previous version of Microsoft Simplified Chinese IME is always selected.  Not allowed to control Microsoft Simplified Chinese IME version to use.
-2 - The new Microsoft Simplified Chinese IME is always selected.  Not allowed to control Microsoft Simplified Chinese IME version to use.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>EAIME.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>EAIME~AT~WindowsComponents~L_IME</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>L_ConfigureSimplifiedChineseImeVersion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTraditionalChineseIMEVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy allows the IT admin to configure the Microsoft Traditional Chinese IME version in the desktop.
-The following list shows the supported values:
-0 (default) – The new Microsoft Traditional Chinese IME is on by default. Allow to control Microsoft Traditional Chinese IME version to use.
-1 - The previous version of Microsoft Traditional Chinese IME is always selected.  Not allowed to control Microsoft Traditional Chinese IME version to use.
-2 - The new Microsoft Traditional Chinese IME is always selected.  Not allowed to control Microsoft Traditional Chinese IME version to use.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>EAIME.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>EAIME~AT~WindowsComponents~L_IME</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>L_ConfigureTraditionalChineseImeVersion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableTouchKeyboardAutoInvokeInDesktopMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeJapaneseIMEExceptJIS0208</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeJapaneseIMEExceptJIS0208andEUDC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeJapaneseIMEExceptShiftJIS</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ForceTouchKeyboardDockedState</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardDictationButtonAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardEmojiButtonAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardFullModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardHandwritingModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardNarrowModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardSplitModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TouchKeyboardWideModeAvailability</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>TimeLanguageSettings</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowSet24HourClock</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureTimeZone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Specifies the time zone to be applied to the device.  This is the standard Windows name for the target time zone.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Troubleshooting</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowRecommendations</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting applies recommended troubleshooting for known problems on the device and lets administrators configure how it&apos;s applied to their domains/IT environments.
-Not configuring this policy setting will allow the user to configure if and how recommended troubleshooting is applied.
-
-Enabling this policy allows you to configure how recommended troubleshooting is applied on the user&apos;s device. You can select from one of the following values:
-0 = Turn this feature off.
-1 = Turn this feature off but still apply critical troubleshooting.
-2 = Notify users when recommended troubleshooting is available, then allow the user to run or ignore it.
-3 = Run recommended troubleshooting automatically and notify the user after it&apos;s been successfully run.
-4 = Run recommended troubleshooting automatically without notifying the user.
-5 = Allow the user to choose their own recommended troubleshooting settings.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MSDT.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MSDT~AT~System~Troubleshooting~WdiScenarioCategory</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TroubleshootingAllowRecommendations</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Update</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ActiveHoursEnd</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>17</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ActiveHoursEndTime</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ActiveHours</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ActiveHoursMaxRange</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>18</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="8" high="18"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ActiveHoursMaxRange</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ActiveHoursMaxRange</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ActiveHoursStart</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>8</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ActiveHoursStartTime</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ActiveHours</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutoUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>6</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="6"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoUpdateMode</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowAutoWindowsUpdateDownloadOverMeteredNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowAutoWindowsUpdateDownloadOverMeteredNetwork</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMUUpdateService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowMUUpdateServiceId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowNonMicrosoftSignedUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUpdateService</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutomaticMaintenanceWakeUp</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to configure Automatic Maintenance wake up policy.
-
-The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect.
-
-If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required.
-
-If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>msched.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>msched~AT~WindowsComponents~MaintenanceScheduler</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WakeUpPolicy</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartDeadlinePeriodInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>7</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoRestartDeadline</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoRestartDeadline</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartDeadlinePeriodInDaysForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>7</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoRestartDeadlineForFeatureUpdates</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoRestartDeadline</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartNotificationSchedule</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>15</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="15,30,60,120,240"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoRestartNotificationSchd</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoRestartNotificationConfig</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AutoRestartRequiredNotificationDismissal</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoRestartRequiredNotificationDismissal</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoRestartRequiredNotificationDismissal</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BranchReadinessLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>16</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="2,4,8,16"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>BranchReadinessLevelId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>7</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureDeadlineForFeatureUpdates</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureDeadlineForFeatureUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineForQualityUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>7</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureDeadlineForQualityUpdates</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureDeadlineForQualityUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineGracePeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="7"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureDeadlineGracePeriod</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureDeadlineGracePeriod</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureDeadlineNoAutoReboot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ConfigureDeadlineNoAutoReboot</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigureDeadlineNoAutoReboot</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigureFeatureUpdateUninstallPeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>10</DefaultValue>
-            <Description>Enable enterprises/IT admin to configure feature update uninstall period</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="60"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferFeatureUpdatesPeriodInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="365"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DeferFeatureUpdatesPeriodId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferQualityUpdatesPeriodInDays</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DeferQualityUpdatesPeriodId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferQualityUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferUpdatePeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DeferUpdatePeriodId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DeferUpgradePeriod</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="8"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DeferUpgradePeriodId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DetectionFrequency</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>22</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="22"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DetectionFrequency_Hour2</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DetectionFrequency_Title</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDualScan</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Do not allow update deferral policies to cause scans against Windows Update</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableDualScan</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableWUfBSafeguards</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartDeadline</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>14</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EngagedRestartDeadline</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartDeadlineForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>14</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EngagedRestartDeadlineForFeatureUpdates</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartSnoozeSchedule</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EngagedRestartSnoozeSchedule</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartSnoozeScheduleForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EngagedRestartSnoozeScheduleForFeatureUpdates</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartTransitionSchedule</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>7</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EngagedRestartTransitionSchedule</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EngagedRestartTransitionScheduleForFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>7</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>EngagedRestartTransitionScheduleForFeatureUpdates</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ExcludeWUDriversInQualityUpdate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ExcludeWUDriversInQualityUpdate</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>FillEmptyContentUrls</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CorpWUFillEmptyContentUrls</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IgnoreMOAppDownloadLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IgnoreMOUpdateDownloadLimit</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ManagePreviewBuilds</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ManagePreviewBuildsId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ManagePreviewBuilds</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseDeferrals</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PauseDeferralsId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseFeatureUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PauseFeatureUpdatesId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseFeatureUpdatesStartTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PauseFeatureUpdatesStartId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseQualityUpdates</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PauseQualityUpdatesId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferQualityUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PauseQualityUpdatesStartTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>PauseQualityUpdatesStartId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferQualityUpdates</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PhoneUpdateRestrictions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>4</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireDeferUpgrade</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>DeferUpgradePeriodId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequireUpdateApproval</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallDay</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="7"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoUpdateSchDay</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallEveryWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoUpdateSchEveryWeek</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallFirstWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoUpdateSchFirstWeek</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallFourthWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ScheduledInstallFourthWeek</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallSecondWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ScheduledInstallSecondWeek</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallThirdWeek</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>ScheduledInstallThirdWeek</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduledInstallTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>3</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoUpdateSchTime</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleImminentRestartWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>15</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="15,30,60"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>RestartWarn</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestartWarnRemind</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ScheduleRestartWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>4</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="2,4,8,12,24"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>RestartWarnRemind</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RestartWarnRemind</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetAutoRestartNotificationDisable</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AutoRestartNotificationSchd</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutoRestartNotificationDisable</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDisablePauseUXAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetDisablePauseUXAccess</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetDisableUXWUAccess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetDisableUXWUAccess</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetEDURestart</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>SetEDURestart</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>SetProxyBehaviorForUpdateDetection</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>SetProxyBehaviorForUpdateDetection</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TargetReleaseVersion</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>TargetReleaseVersionId</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>TargetReleaseVersion</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UpdateNotificationLevel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>UpdateNotificationLevel</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UpdateServiceUrl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>CorpWSUS</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CorpWUURL_Name</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>UpdateServiceUrlAlternate</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>CorpWUContentHost_Name</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>UserRights</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AccessCredentialManagerAsTrustedCaller</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users&apos; saved credentials might be compromised if this privilege is given to other entities.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Access Credential Manager ase a trusted caller</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AccessFromNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Access this computer from the network</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ActAsPartOfTheOperatingSystem</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Act as part of the operating system</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowLocalLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. </Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Allow log on locally</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>BackupFilesAndDirectories</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Back up files and directories</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ChangeSystemTime</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Change the system time</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreateGlobalObjects</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users&apos; sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Create global objects</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreatePageFile</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Create a pagefile</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreatePermanentSharedObjects</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Create permanent shared objects</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreateSymbolicLinks</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren&apos;t designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type &apos;fsutil behavior set symlinkevaluation /?&apos; at the command line to get more information about fsutil and symbolic links.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Create symbolic links</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>CreateToken</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Create a token object</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DebugPrograms</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Debug programs</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DenyAccessFromNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Deny access to this computer from the network</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DenyLocalLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Deny log on as a service</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DenyRemoteDesktopServicesLogOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Deny log on through Remote Desktop Services</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableDelegation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Enable computer and user accounts to be trusted for delegation</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>GenerateSecurityAudits</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Generate security audits</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ImpersonateClient</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
-1) The access token that is being impersonated is for this user.
-2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
-3) The requested level is less than Impersonate, such as Anonymous or Identify.
-Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Impersonate a client after authentication</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>IncreaseSchedulingPriority</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Increase scheduling priority</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LoadUnloadDeviceDrivers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Load and unload device drivers</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LockMemory</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Lock pages in memory</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ManageAuditingAndSecurityLog</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Manage auditing and security log</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ManageVolume</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Perform volume maintenance tasks</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ModifyFirmwareEnvironment</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Modify firmware environment values</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ModifyObjectLabel</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Modify an object label</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ProfileSingleProcess</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can use performance monitoring tools to monitor the performance of system processes.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Profile single process</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RemoteShutdown</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Force shutdown from a remote system</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RestoreFilesAndDirectories</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Restore files and directories</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TakeOwnership</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description>This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.</Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
-            <MSFT:GPDBMappedName>Take ownership of files or other objects</MSFT:GPDBMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>Wifi</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutoConnectToWiFiSenseHotspots</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>wlansvc.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>wlansvc~AT~Network~WlanSvc_Category~WlanSettings_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WiFiSense</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowInternetSharing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>NetworkConnections.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>NetworkConnections~AT~Network~NetworkConnections</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>NC_ShowSharedAccessUI</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowManualWiFiConfiguration</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWiFi</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWiFiDirect</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>WLANScanMode</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1000"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>HighestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsConnectionManager</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WCM.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WCM~AT~Network~WCM_Category</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>WCM_BlockNonDomain</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsDefenderSecurityCenter</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>CompanyName</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_CompanyName</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseCustomization_CompanyName</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAccountProtectionUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~AccountProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AccountProtection_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableAppBrowserUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~AppBrowserProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AppBrowserProtection_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableClearTpmButton</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceSecurity_DisableClearTpmButton</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableDeviceSecurityUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceSecurity_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableEnhancedNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~Notifications</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Notifications_DisableEnhancedNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableFamilyUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~FamilyOptions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>FamilyOptions_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableHealthUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DevicePerformanceHealth</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DevicePerformanceHealth_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableNetworkUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~FirewallNetworkProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>FirewallNetworkProtection_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~Notifications</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Notifications_DisableNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableTpmFirmwareUpdateWarning</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceSecurity_DisableTpmFirmwareUpdateWarning</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableVirusUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~VirusThreatProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VirusThreatProtection_UILockdown</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisallowExploitProtectionOverride</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~AppBrowserProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AppBrowserProtection_DisallowExploitProtectionOverride</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Email</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_Email</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseCustomization_Email</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableCustomizedToasts</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseCustomization_EnableCustomizedToasts</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableInAppCustomization</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseCustomization_EnableInAppCustomization</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideRansomwareDataRecovery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~VirusThreatProtection</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>VirusThreatProtection_HideRansomwareRecovery</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideSecureBoot</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceSecurity_HideSecureBoot</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideTPMTroubleshooting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DeviceSecurity_HideTPMTroubleshooting</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideWindowsSecurityNotificationAreaControl</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~Systray</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>Systray_HideSystray</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>Phone</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_Phone</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseCustomization_Phone</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>URL</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_URL</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnterpriseCustomization_URL</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsInkWorkspace</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowSuggestedAppsInWindowsInkWorkspace</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsInkWorkspace.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WindowsInkWorkspace~AT~WindowsComponents~WindowsInkWorkspace</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowSuggestedAppsInWindowsInkWorkspace</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsInkWorkspace</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>2</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WindowsInkWorkspace.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXMappedElement>AllowWindowsInkWorkspaceDropdown</MSFT:ADMXMappedElement>
-            <MSFT:ADMXCategory>WindowsInkWorkspace~AT~WindowsComponents~WindowsInkWorkspace</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowWindowsInkWorkspace</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsLogon</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowAutomaticRestartSignOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WinLogon.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WinLogon~AT~WindowsComponents~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AutomaticRestartSignOn</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>ConfigAutomaticRestartSignOn</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>WinLogon.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>WinLogon~AT~WindowsComponents~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>ConfigAutomaticRestartSignOn</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableLockScreenAppNotifications</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>logon.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DisableLockScreenAppNotifications</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DontDisplayNetworkSelectionUI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>logon.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>DontDisplayNetworkSelectionUI</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnableFirstLogonAnimation</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time.  This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later.  It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.
-
-If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation.
-
-If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services.
-
-If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation.
-
-Note: The first sign-in animation will not be shown on Server, so this policy will have no effect.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Logon.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableFirstLogonAnimation</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>EnumerateLocalUsersOnDomainJoinedComputers</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>logon.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnumerateLocalUsers</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>HideFastUserSwitching</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>Logon.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>HideFastUserSwitching</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WindowsPowerShell</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue></DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <chr/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXBacked>PowerShellExecutionPolicy.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>PowerShellExecutionPolicy~AT~WindowsComponents~PowerShell</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>EnableScriptBlockLogging</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>WirelessDisplay</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName></DDFName>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>AllowMdnsAdvertisement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowMdnsDiscovery</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionFromPC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy allows you to turn off projection from a PC.
-                            If you set it to 0, your PC cannot discover or project to other devices.
-                            If you set it to 1, your PC can discover and project to other devices.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionFromPCOverInfrastructure</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy allows you to turn off projection from a PC over infrastructure.
-                            If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct.
-                            If you set it to 1, your PC can discover and project to other devices over infrastructure.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionToPC</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to turn off projection to a PC
-                            If you set it to 0, your PC isn&apos;t discoverable and can&apos;t be projected to
-                            If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>WirelessDisplay.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WirelessDisplay~AT~WindowsComponents~Connect</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>AllowProjectionToPC</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowProjectionToPCOverInfrastructure</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows you to turn off projection to a PC over infrastructure.
-                            If you set it to 0, your PC cannot be discoverable and can&apos;t be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
-                            If you set it to 1, your PC can be discoverable and can be projected to over infrastructure.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowUserInputFromWirelessDisplayReceiver</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePinForPairing</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This policy setting allows you to require a pin for pairing.
-                            If you set this to 0, a pin isn&apos;t required for pairing.
-                            If you set this to 1, the pairing ceremony for new devices will always require a PIN.
-                            If you set this to 2, all pairings will require PIN.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
-            <MSFT:ADMXMapped>WirelessDisplay.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>WirelessDisplay~AT~WindowsComponents~Connect</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RequirePinForPairing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-      </Node>
-    </Node>
-  </Node>
-</MgmtTree>
-
-```

From 9e8ef858da6197620ea2c6e77c6ba7fa3a6d7d64 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 20 May 2021 15:47:02 +0100
Subject: [PATCH 36/92] Update
 basic-level-windows-diagnostic-events-and-fields-1903.md

---
 .../basic-level-windows-diagnostic-events-and-fields-1903.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
index c06281ee61..7f1681e846 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -7023,7 +7023,7 @@ The following fields are available:
 - **ScenarioId**  Indicates the update scenario.
 - **SessionId**  Unique value for each update attempt.
 - **UpdateId**  Unique ID for each update.
-- **Version**  Version of update
+- **Version**  Version of update.
 
 
 ### Update360Telemetry.UpdateAgentOneSettings

From 6ae73515243ffa2be999d1be9c910e70fed145f2 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Thu, 20 May 2021 11:15:00 -0700
Subject: [PATCH 37/92] authorized apps merged configure managed installer

1. Created new page that merged "Authorize apps installed by a managed installer" with Configure a WDAC managed installer.
2. Updated TOC2 with merged file name.
---
 .../TOC2.yml                                  |   2 +-
 ...-apps-deployed-with-a-managed-installer.md | 194 ++++++++++++++++++
 2 files changed, 195 insertions(+), 1 deletion(-)
 create mode 100644 windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
index 474b426029..bb66da245a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
@@ -74,7 +74,7 @@ landingContent:
       - linkListType: how-to-guide (written)
         links:
           - text: Allow managed installer and configure managed installer rules
-            url:  use-windows-defender-application-control-with-managed-installer.md
+            url:  configure-authorized-apps-deployed-with-a-managed-installer.md
           - text: Allow reputable apps with ISG
             url:  use-windows-defender-application-control-with-intelligent-security-graph.md
   # Card
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
new file mode 100644
index 0000000000..3922be1e3b
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -0,0 +1,194 @@
+---
+title: Configure authorized apps deployed with a WDAC managed installer (Windows 10)
+description: Explains how to configure a custom Manged Installer.
+keywords: security, malware
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: m365-security
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jsuther1974
+ms.reviewer: isbrahm
+ms.author: dansimp
+manager: dansimp
+ms.date: 08/14/2020
+ms.technology: mde
+---
+
+## Configuring authorized apps deployed by a managed installer with AppLocker and Windows Defender Application Control
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2019
+
+Windows 10, version 1703 introduced a new option for Windows Defender Application Control (WDAC), called managed installer, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager.
+
+## How does a managed installer work?
+
+A new rule collection in AppLocker specifies binaries that are trusted by the organization as an authorized source for application deployment. When one of these binaries runs, Windows will monitor the binary's process (and processes it launches) then tag all files it writes as having originated from a managed installer. The managed installer rule collection is configured using Group Policy and can be applied with the Set-AppLockerPolicy PowerShell cmdlet. You can't currently set managed installers with the AppLocker CSP through MDM.
+
+Having defined your managed installers using AppLocker, you can then configure WDAC to trust files installed by a managed installer by adding the "Enabled:Managed Installer" option to your WDAC policy. Once that option is set, WDAC will check for managed installer origin information when determining whether or not to allow a binary to run. As long as there are no deny rules present for the file, WDAC will allow a file to run based on its managed installer origin.
+
+You should ensure that the WDAC policy allows the system/boot components and any other authorized applications that can't be deployed through a managed installer.
+
+## Security considerations with managed installer
+
+Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do.
+It is best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager (MEMCM).
+
+Users with administrator privileges, or malware running as an administrator user on the system, may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed.
+
+If a managed installer process runs in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control.
+
+Some application installers may automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files created during the first run of the application. This could result in over-authorization for executables that were not intended. To avoid that outcome, ensure that the application deployment solution used as a managed installer limits running applications as part of installation.
+
+## Known limitations with managed installer
+
+- Application control, based on managed installer, does not support applications that self-update. If an application deployed by a managed installer later updates itself, the updated application files won't include the managed installer origin information, and may not be able to run. When you rely on managed installers, you must deploy and install all application updates using a managed installer, or include rules to authorize the app in the WDAC policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
+
+- [Packaged apps (MSIX)](/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md).
+
+- Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
+
+- The managed installer heuristic doesn't authorize kernel drivers. The WDAC policy must have rules that allow the necessary drivers to run.
+
+## Configuring the managed installer
+
+Setting up managed installer tracking and application execution enforcement requires applying both an AppLocker and WDAC policy, with specific rules and options enabled.
+There are three primary steps to keep in mind:
+
+- Specify managed installers, by using the Managed Installer rule collection in AppLocker policy.
+- Enable service enforcement in AppLocker policy.
+- Enable the managed installer option in a WDAC policy.
+
+## Specify managed installers using the Managed Installer rule collection in AppLocker policy
+
+The identity of the managed installer executable(s) is specified in an AppLocker policy, in a Managed Installer rule collection.
+
+### Create Managed Installer rule collection
+
+Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerShell cmdlets allow for directly specifying rules for the Managed Installer rule collection. However, you can use a text editor to make the simple changes needed to an EXE or DLL rule collection policy, to specify Type="ManagedInstaller", so that the new rule can be imported into a GPO.
+
+1. Use [New-AppLockerPolicy](/powershell/module/applocker/new-applockerpolicy?view=win10-ps) to make an EXE rule for the file you are designating as a managed installer. Note that only EXE file types can be designated as managed installers. Below is an example using the rule type Publisher with a hash fallback but other rule types can be used as well. You may need to reformat the output for readability.
+
+    ```powershell
+    Get-ChildItem <exe filepath> | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -Xml > AppLocker_MI_PS_ISE.xml
+    ```
+
+2. Manually rename the rule collection to ManagedInstaller
+
+    Change
+
+    ```powershell
+    <RuleCollection Type="Exe" EnforcementMode="NotConfigured">
+    ```
+
+    to
+
+    ```powershell
+    <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
+    ```
+
+An example of a valid Managed Installer rule collection using Microsoft Endpoint Config Manager (MEMCM) is shown below.
+
+```xml
+<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
+    <FilePublisherRule Id="6cc9a840-b0fd-4f86-aca7-8424a22b4b93" Name="MEMCM - CCMEXEC.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+      <Conditions>
+        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="CCMEXEC.EXE">
+          <BinaryVersionRange LowSection="5.0.0.0" HighSection="*" />
+        </FilePublisherCondition>
+      </Conditions>
+    </FilePublisherRule>
+    <FilePublisherRule Id="780ae2d3-5047-4240-8a57-767c251cbb12" Name="MEMCM - CCMSETUP.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+      <Conditions>
+        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="CCMSETUP.EXE">
+          <BinaryVersionRange LowSection="5.0.0.0" HighSection="*" />
+        </FilePublisherCondition>
+      </Conditions>
+    </FilePublisherRule>
+</RuleCollection>
+```
+
+### Enable service enforcement in AppLocker policy
+
+Since many installation processes rely on services, it is typically necessary to enable tracking of services.
+Correct tracking of services requires the presence of at least one rule in the rule collection. So, a simple audit only rule will suffice. This can be added to the policy created above, which specifies your managed installer rule collection.
+
+For example:
+
+```xml
+<RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
+    <FilePathRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Dummy Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
+      <Conditions>
+        <FilePathCondition Path="%OSDRIVE%\ThisWillBeBlocked.dll" />
+      </Conditions>
+    </FilePathRule>
+    <RuleCollectionExtensions>
+      <ThresholdExtensions>
+        <Services EnforcementMode="Enabled" />
+      </ThresholdExtensions>
+      <RedstoneExtensions>
+        <SystemApps Allow="Enabled"/>
+      </RedstoneExtensions>
+    </RuleCollectionExtensions>
+  </RuleCollection>
+  <RuleCollection Type="Exe" EnforcementMode="AuditOnly">
+    <FilePathRule Id="9420c496-046d-45ab-bd0e-455b2649e41e" Name="Dummy Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
+      <Conditions>
+        <FilePathCondition Path="%OSDRIVE%\ThisWillBeBlocked.exe" />
+      </Conditions>
+    </FilePathRule>
+    <RuleCollectionExtensions>
+      <ThresholdExtensions>
+        <Services EnforcementMode="Enabled" />
+      </ThresholdExtensions>
+      <RedstoneExtensions>
+        <SystemApps Allow="Enabled"/>
+      </RedstoneExtensions>
+    </RuleCollectionExtensions>
+  </RuleCollection>
+```
+
+## Enable the managed installer option in WDAC policy
+
+In order to enable trust for the binaries laid down by managed installers, the "Enabled: Managed Installer" option must be specified in your WDAC policy.
+This can be done by using the [Set-RuleOption cmdlet](/powershell/module/configci/set-ruleoption) with Option 13.
+
+Below are steps to create a WDAC policy which allows Windows to boot and enables the managed installer option.
+
+1. Copy the DefaultWindows_Audit policy into your working folder from "C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml"
+
+2. Reset the policy ID to ensure it is in multiple policy format, and give it a different GUID from the example policies. Also, give it a friendly name to help with identification.
+
+   For example:
+
+    ```powershell
+    Set-CIPolicyIdInfo -FilePath <XML filepath> -PolicyName "<friendly name>" -ResetPolicyID
+    ```
+
+3. Set Option 13 (Enabled:Managed Installer)
+
+    ```powershell
+    Set-RuleOption -FilePath <XML filepath> -Option 13
+    ```
+
+## Set the AppLocker filter driver to autostart
+
+To enable the managed installer, you need to set the AppLocker filter driver to autostart, and start it.
+
+To do so, run the following command as an Administrator:
+
+```console
+appidtel.exe start [-mionly]
+```
+
+Specify "-mionly" if you will not use the Intelligent Security Graph (ISG).
+
+## Enabling managed installer logging events
+
+Refer to [Understanding Application Control Events](event-id-explanations.md#optional-intelligent-security-graph-isg-or-managed-installer-mi-diagnostic-events) for information on enabling optional managed installer diagnostic events.
\ No newline at end of file

From 73521cb17a1c634ad23402cca663010cd41d0464 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Thu, 20 May 2021 12:27:42 -0600
Subject: [PATCH 38/92] Fixed formatting

---
 .../mdm/diagnosticlog-csp.md                  | 66 +++++++++----------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index ef43f3c484..b9bc259616 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -136,45 +136,45 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
   - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
   - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
   - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
-          - %windir%\\system32\\certutil.exe
-          - %windir%\\system32\\dxdiag.exe
-          - %windir%\\system32\\gpresult.exe
-          - %windir%\\system32\\msinfo32.exe
-          - %windir%\\system32\\netsh.exe
-          - %windir%\\system32\\nltest.exe
-          - %windir%\\system32\\ping.exe
-          - %windir%\\system32\\powercfg.exe
-          - %windir%\\system32\\w32tm.exe
-          - %windir%\\system32\\wpr.exe
-          - %windir%\\system32\\dsregcmd.exe
-          - %windir%\\system32\\dispdiag.exe
-          - %windir%\\system32\\ipconfig.exe
-          - %windir%\\system32\\logman.exe
-          - %windir%\\system32\\tracelog.exe
-          - %programfiles%\\windows defender\\mpcmdrun.exe
-          - %windir%\\system32\\MdmDiagnosticsTool.exe
-          - %windir%\\system32\\pnputil.exe
+     - %windir%\\system32\\certutil.exe
+     - %windir%\\system32\\dxdiag.exe
+    - %windir%\\system32\\gpresult.exe
+    - %windir%\\system32\\msinfo32.exe
+    - %windir%\\system32\\netsh.exe
+    - %windir%\\system32\\nltest.exe
+    - %windir%\\system32\\ping.exe
+    - %windir%\\system32\\powercfg.exe
+    - %windir%\\system32\\w32tm.exe
+    - %windir%\\system32\\wpr.exe
+    - %windir%\\system32\\dsregcmd.exe
+    - %windir%\\system32\\dispdiag.exe
+    - %windir%\\system32\\ipconfig.exe
+    - %windir%\\system32\\logman.exe
+    - %windir%\\system32\\tracelog.exe
+    - %programfiles%\\windows defender\\mpcmdrun.exe
+    - %windir%\\system32\\MdmDiagnosticsTool.exe
+    - %windir%\\system32\\pnputil.exe
 
 - **FoldersFiles**
   - Captures log files from a given path (without recursion).
   - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log".
   - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed:
-          - %PROGRAMFILES%
-          - %PROGRAMDATA%
-          - %PUBLIC%
-          - %WINDIR%
-          - %TEMP%
-          - %TMP%
+    - %PROGRAMFILES%
+    - %PROGRAMDATA%
+    - %PUBLIC%
+    - %WINDIR%
+    - %TEMP%
+    - %TMP%
   - Additionally, only files with the following extensions are captured:
-          - .log
-          - .txt
-          - .dmp
-          - .cab
-          - .zip
-          - .xml
-          - .html
-          - .evtx
-          - .etl
+    - .log
+    - .txt
+    - .dmp
+    - .cab
+    - .zip
+    - .xml
+    - .html
+    - .evtx
+    - .etl
 
 <a href="" id="diagnosticarchive-archiveresults"></a>**DiagnosticArchive/ArchiveResults**
 Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.

From 1fa08ae6d3d4de95aaa8cd168659243b7e1284b2 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Thu, 20 May 2021 12:41:17 -0600
Subject: [PATCH 39/92] fix formatting

---
 windows/client-management/mdm/diagnosticlog-csp.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index b9bc259616..b8ffe15b74 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -136,8 +136,8 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
   - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
   - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
   - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
-     - %windir%\\system32\\certutil.exe
-     - %windir%\\system32\\dxdiag.exe
+    - %windir%\\system32\\certutil.exe
+    - %windir%\\system32\\dxdiag.exe
     - %windir%\\system32\\gpresult.exe
     - %windir%\\system32\\msinfo32.exe
     - %windir%\\system32\\netsh.exe

From d2a7d0718fe7b8174f044b5ae646f3db717535e7 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Thu, 20 May 2021 17:15:23 -0700
Subject: [PATCH 40/92] Updated language about explicit allow or deny rules

Clarified language regarding when WDAC calls the cloud to determine a binary's reputation.
---
 ...der-application-control-with-intelligent-security-graph.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index 7ad4a8467b..dcd705cd5b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -31,7 +31,9 @@ Beginning with Windows 10, version 1709, you can set an option to automatically
 
 ## How does the integration between WDAC and the Intelligent Security Graph work?
 
-The ISG uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having known good, known bad, or unknown reputation. When a binary runs on a system with WDAC enabled with the ISG option, WDAC checks the file's reputation by sending its hash and signing information to the cloud. If the ISG reports that the file has a known good reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file. Every time the binary runs, it is allowed based on its positive reputation unless there is an explicit deny rule set in the WDAC policy. Conversely, a file that has unknown or known bad reputation will be allowed if your WDAC policy explicitly allows it.
+The ISG uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good," "known bad," or "unknown" reputation. When a binary runs on a system, with WDAC enabled with the ISG option, WDAC checks the file's reputation, by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file.
+
+If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud, rendering ISG reputation information as moot.
 
 If the file with good reputation is an application installer, its reputation will pass along to any files that it writes to disk. This way, all the files needed to install and run an app inherit the positive reputation data from the installer.
 

From 9de68009d2568d04aaa2e4d87fb5d2345c7a46f7 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Thu, 20 May 2021 17:36:16 -0700
Subject: [PATCH 41/92] Updated select-types-of-rules-to-create

Created a "More information about hashes," and placed it above the "Windows Defender Application Control filename rules" section.
---
 .../select-types-of-rules-to-create.md              | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 1314fa6e21..e91bfb3d64 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -126,6 +126,19 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard
 
 You can also use the following macros when the exact volume may vary: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`.
 
+## More information about hashes 
+
+### Why does scan create 4 hash rules per XML file?
+
+(Hash Sha1, Hash Sha256, Hash Page Sha1, Hash Page Sha256)
+During validation CI will choose which hashes to calculate depending on how the file is signed.  E.g. if the file is page-hash signed the entire file would not get paged in to do a full sha256 authenticode and we would just match using the first page hash.
+
+In the cmdlets, rather than try to predict which hash CI will use, we pre calculate and use the 4 hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This is also resilient to if the signing status of the file changes and necessary for deny rules to ensure that changing/stripping the signature doesn’t result in a different hash than what was in the policy being used by CI.
+
+### Why does scan create 8 hash rules for certain XML files?
+
+Separate rules are created for UMCI and KMCI. In some cases, files which are purely user-mode or purely kernel-mode may still generate both sets, as CI cannot always precisely determine what is purely user vs. kernel mode and errs on the side of caution.
+
 ## Windows Defender Application Control filename rules
 
 File name rule levels let you specify file attributes to base a rule on. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules.

From cbca91cc1b1d3c1ca91d3be7d3256c6630866a76 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 May 2021 17:40:34 -0700
Subject: [PATCH 42/92] Update 404 link from entry in the redirect file

---
 windows/whats-new/whats-new-windows-10-version-1803.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 0f28f72c7e..b83bdda9a7 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -171,7 +171,7 @@ The new [security baseline for Windows 10 version 1803](/windows/security/threat
 
 ### Microsoft Defender Antivirus
 
-Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint.  Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/utilize-microsoft-cloud-protection-microsoft-defender-antivirus).
+Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint.  Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus).
 
 ### Windows Defender Exploit Guard
 

From 2df5eb9b63e59c3a70164fdefbe8cbcd61eef034 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 21 May 2021 18:52:04 +0530
Subject: [PATCH 43/92] Update policy-csp-deviceinstallation.md

---
 .../mdm/policy-csp-deviceinstallation.md                 | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 9a9ca55915..62ce04adc6 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -519,15 +519,6 @@ ADMX Info:
 
 <!--/SupportedValues-->
 <!--Example-->
-To enable this policy, use the following SyncML. This example applies a layered order of evaluation for Allow and Prevent device installation policies across all device match criteria:
-
-- Floppy Disks, ClassGUID = {4d36e980-e325-11ce-bfc1-08002be10318}
-- CD ROMs, ClassGUID = {4d36e965-e325-11ce-bfc1-08002be10318}
-- Modems, ClassGUID = {4d36e96d-e325-11ce-bfc1-08002be10318}
-
-Enclose the class GUID within curly brackets {}. To configure multiple classes, use `&#xF000;` as a delimiter. 
-
-
 ```xml
 <SyncML>
     <SyncBody>

From 9fe1e0eed3b40647b9e5fa3f9bb68222a000ff51 Mon Sep 17 00:00:00 2001
From: Tom Layson <83308464+TomLayson@users.noreply.github.com>
Date: Fri, 21 May 2021 09:26:50 -0700
Subject: [PATCH 44/92] Update
 manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Minor text change
---
 ...perating-system-components-to-microsoft-services.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 148b234b8b..66dc780bf0 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -9,12 +9,12 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: linque1
-ms.author: robsize
-manager: robsize
+author: tomlayson
+ms.author: tomlayson
+manager: riche
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 12/1/2020
+ms.date: 5/21/2021
 ---
 
 # Manage connections from Windows 10 operating system components to Microsoft services
@@ -1266,7 +1266,7 @@ In the **Feedback & Diagnostics** area, you can choose how often you're asked fo
 To change how frequently **Windows should ask for my feedback**:
 
 > [!NOTE]
-> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
+> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device. 
 
 
 - To change from **Automatically (Recommended)**, use the drop-down list in the UI.

From cfac9b77b9104f510a232a055df71a9772948b57 Mon Sep 17 00:00:00 2001
From: Linda Diefendorf <lidiefen@microsoft.com>
Date: Fri, 21 May 2021 10:36:43 -0700
Subject: [PATCH 45/92] Update add-unsigned-app-to-code-integrity-policy.md

Update DGSSv1 retirement date.
---
 .../add-unsigned-app-to-code-integrity-policy.md            | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
index b269d9356a..454b74a767 100644
--- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md
+++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
@@ -18,12 +18,12 @@ ms.date: 03/10/2021
 # Add unsigned app to code integrity policy
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
 > Following are the major changes we are making to the service: 
 > - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
+> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
 > The following functionality will be available via these PowerShell cmdlets:
 > - Get a CI policy
@@ -117,4 +117,4 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr
      When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
 
 6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
-7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
\ No newline at end of file
+7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).

From 431a5e5d0f76b5cea2ee8753b48068bb89ad9b25 Mon Sep 17 00:00:00 2001
From: Linda Diefendorf <lidiefen@microsoft.com>
Date: Fri, 21 May 2021 10:36:57 -0700
Subject: [PATCH 46/92] Update device-guard-signing-portal.md

Update DGSSv1 retirement date.
---
 store-for-business/device-guard-signing-portal.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md
index 19b24783d0..6ad01e0f88 100644
--- a/store-for-business/device-guard-signing-portal.md
+++ b/store-for-business/device-guard-signing-portal.md
@@ -18,12 +18,12 @@ ms.date: 10/17/2017
 # Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
 > Following are the major changes we are making to the service: 
 > - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
+> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
 > The following functionality will be available via these PowerShell cmdlets:
 > - Get a CI policy
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> For any questions, please contact us at DGSSMigration@microsoft.com.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**
@@ -72,4 +72,4 @@ Catalog and policy files have required files types.
 Signing code integrity policies and access to Device Guard portal requires the Device Guard signer role.
 
 ## Device Guard signing certificates
-All certificates generated by the Device Guard signing service are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.
\ No newline at end of file
+All certificates generated by the Device Guard signing service are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.

From 09500541cbc480fcab3883b390caf00e4d90c1a0 Mon Sep 17 00:00:00 2001
From: Linda Diefendorf <lidiefen@microsoft.com>
Date: Fri, 21 May 2021 10:37:11 -0700
Subject: [PATCH 47/92] Update
 sign-code-integrity-policy-with-device-guard-signing.md

Update DGSSv1 retirement date.
---
 .../sign-code-integrity-policy-with-device-guard-signing.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
index ef38349ddd..ffdff3f7c1 100644
--- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
@@ -18,12 +18,12 @@ ms.date: 10/17/2017
 # Sign code integrity policy with Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
 > Following are the major changes we are making to the service: 
 > - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
+> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
 > The following functionality will be available via these PowerShell cmdlets:
 > - Get a CI policy
@@ -58,4 +58,4 @@ Before you get started, be sure to review these best practices:
 4.  After the files are uploaded, click **Sign** to sign the code integrity policy.
 5.  Click **Download** to download the signed code integrity policy.
 
-    When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then resign the policy.
\ No newline at end of file
+    When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then resign the policy.

From a24427dceb743c8aa44a012e4aaf522d8d2f4049 Mon Sep 17 00:00:00 2001
From: Tom Layson <83308464+TomLayson@users.noreply.github.com>
Date: Fri, 21 May 2021 11:03:49 -0700
Subject: [PATCH 48/92] Update
 windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 66dc780bf0..f1696b311c 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1266,7 +1266,7 @@ In the **Feedback & Diagnostics** area, you can choose how often you're asked fo
 To change how frequently **Windows should ask for my feedback**:
 
 > [!NOTE]
-> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device. 
+> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
 
 
 - To change from **Automatically (Recommended)**, use the drop-down list in the UI.

From 96c2855d515c8ed90c706eea8cc752d08156188f Mon Sep 17 00:00:00 2001
From: Tom Layson <83308464+TomLayson@users.noreply.github.com>
Date: Fri, 21 May 2021 11:06:10 -0700
Subject: [PATCH 49/92] Added new Edge policy section

---
 ...system-components-to-microsoft-services.md | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 66dc780bf0..e0efa7ef4e 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -592,6 +592,48 @@ Alternatively, you can configure the following Registry keys as described:
 
 For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](/microsoft-edge/deploy/available-policies).
 
+### <a href="" id="bkmk-edgegp"></a>13.2 Microsoft Edge Enterprise
+
+For a complete list of the Microsoft Edge policies, see [Microsoft Edge and privacy: FAQ](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies). 
+
+> [!Important]
+> - The following settings are applicable to Microsoft Edge version 77 or later. 
+> - For details on supported Operating Systems see Microsoft Edge supported Operating Systems 
+> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge see Configure Microsoft Edge policy settings on Windows 
+> - Devices must be domain joined for some of the policies to take effect. 
+
+| Policy                           | Group Policy Path  | Registry Path                               |
+|----------------------------------|--------------------|---------------------------------------------|
+| **SearchSuggestEnabled**         |  Computer Configuration/Administrative Templates/Windows Component/Microsoft Edge - Enable search suggestions  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: SearchSuggestEnabled Set to 0** | 
+| **AutofillAddressEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for addresses  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: AutofillAddressEnabled Set to 0** | 
+| **AutofillCreditCardEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for credit cards  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: AutofillCreditCardEnabled Set to 0** | 
+| **ConfigureDoNotTrack**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Configure Do Not Track   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Enabled**| **REG_DWORD name: ConfigureDoNotTrack Set to 1** | 
+| **PasswordManagerEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Password manager and protection-Enable saving passwords to the password manager  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: PasswordManagerEnabled Set to 0** | 
+| **DefaultSearchProviderEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Default search provider-Enable the default search provider  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: DefaultSearchProviderEnabled Set to 0** | 
+| **HideFirstRunExperience**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Hide the First-run experience and splash screen   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Enabled**| **REG_DWORD name: HideFirstRunExperience Set to 1** | 
+| **SmartScreenEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/SmartScreen settings-Configure Microsoft Defender SmartScreen  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: SmartScreenEnabled Set to 0** | 
+| **NewTabPageLocation**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Configure the new tab page URL | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Enabled-Value “about:blank”**| **REG_SZ name: NewTabPageLocation Set to about:blank** | 
+| **RestoreOnStartup**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Action to take on startup   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: RestoreOnStartup Set to 5** | 
+| **RestoreOnStartupURLs**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Sites to open when the browser starts | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs |
+|                                  | **Set to Disabled**| **REG_SZ name: 1 Set to about:blank** |
+| **UpdateDefault**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Applications-Update policy override default   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
+|                                  | **Set to Enabled - 'Updates disabled'**| **REG_DWORD name: UpdateDefault Set to 0** | 
+| **AutoUpdateCheckPeriodMinutes**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
+|                                  | **Set to Enabled - Set Value for Minutes between update checks to 0**| **REG_DWORD name: AutoUpdateCheckPeriodMinutes Set to 0** | 
+| **Experimentation and Configuration Service** |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
+|                                  | **Set to RestrictedMode**| **REG_DWORD name: ExperimentationAndConfigurationServiceControl  Set to 0** | 
+|||
+
 ### <a href="" id="bkmk-ncsi"></a>14. Network Connection Status Indicator
 
 Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more.

From 832aff3e5a4f6e45bb0df6aabd8678686c505be2 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Fri, 21 May 2021 13:48:55 -0700
Subject: [PATCH 50/92] Update configure-md-app-guard.md

Removing rouge settings
---
 .../configure-md-app-guard.md                                  | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 208da5965e..8df3886343 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -61,6 +61,3 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
 |Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
 |Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
 |Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
-|Allow users to trust files that open in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.<p>**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Microsoft Defender Application Guard.|
-|Allow extensions in the container|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use extensions.|**Enabled.** Favorites are able to sync from the host browser to the container. Note that this doesn’t work the other way around. The favorites sync to the user’s work profile by default.<p>**Disabled.** Users are not able to access their favorites from within the Application Guard container.|
-|Allow favorites sync|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether favorites can be accessible from Application Guard container.|**Enabled.** Favorites are able to sync from the host browser to the container, but it doesn’t work the other way around. The favorites sync to the user’s work profile by default.<p>**Disabled.** Users are not able to access their favorites from within the Application Guard container.

From 77be61ed2c094991d15c5168851b43d5b04a935b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 21 May 2021 14:42:52 -0700
Subject: [PATCH 51/92] Corrected content types on code blocks

Valid types for code blocks are listed here: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=master#dev-lang
---
 ...rtificate-authentication-device-enrollment.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index f01490c427..91ff84cd45 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -14,7 +14,7 @@ ms.date: 06/26/2017
 
 # Certificate authentication device enrollment
 
-This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
+This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://go.microsoft.com/fwlink/p/?LinkId=619347).
 
 > [!Note]
 > To set up devices to use certificate authentication for enrollment, you should create a provisioning package. For more information about provisioning packages, see [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package).
@@ -31,7 +31,7 @@ For the list of enrollment scenarios not supported in Windows 10, see [Enrollme
 
 The following example shows the discovery service request.
 
-``` syntax
+```xml
 POST /EnrollmentServer/Discovery.svc HTTP/1.1
 Content-Type: application/soap+xml; charset=utf-8
 User-Agent: Windows Enrollment Client
@@ -71,7 +71,7 @@ Cache-Control: no-cache
 
 The following example shows the discovery service response.
 
-```
+```xml
 HTTP/1.1 200 OK
 Content-Length: 865
 Content-Type: application/soap+xml; charset=utf-8
@@ -111,7 +111,7 @@ http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoverySer
 
 The following example shows the policy web service request.
 
-```
+```xml
 POST /ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC HTTP/1.1
 Content-Type: application/soap+xml; charset=utf-8
 User-Agent: Windows Enrollment Client
@@ -183,7 +183,7 @@ Cache-Control: no-cache
 
 The following snippet shows the policy web service response.
 
-```
+```xml
 HTTP/1.1 200 OK
 Date: Fri, 03 Aug 2012 20:00:00 GMT
 Server: <server name here>
@@ -261,7 +261,7 @@ Content-Length: xxxx
 
 The following example shows the enrollment web service request.
 
-```
+```xml
 POST /EnrollmentServer/DeviceEnrollmentWebService.svc HTTP/1.1
 Content-Type: application/soap+xml; charset=utf-8
 User-Agent: Windows Enrollment Client
@@ -369,7 +369,7 @@ http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrol
 
 The following example shows the enrollment web service response.
 
-```
+```xml
 HTTP/1.1 200 OK
 Cache-Control: private
 Content-Length: 10231
@@ -422,7 +422,7 @@ Date: Fri, 03 Aug 2012 00:32:59 GMT
 
 The following example shows the encoded provisioning XML.
 
-```
+```xml
 <wap-provisioningdoc version="1.1">
    <characteristic type="CertificateStore">
       <characteristic type="Root">

From 7bd22fdeb383508dfc31cac8927c6227d32a57a4 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Fri, 21 May 2021 14:47:28 -0700
Subject: [PATCH 52/92] Delete TOC2.yml

---
 .../TOC2.yml                                  | 113 ------------------
 1 file changed, 113 deletions(-)
 delete mode 100644 windows/security/threat-protection/windows-defender-application-control/TOC2.yml

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml b/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
deleted file mode 100644
index bb66da245a..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/TOC2.yml
+++ /dev/null
@@ -1,113 +0,0 @@
-  
-### WDAC:Landing
-title: Application Control for Windows
-metadata:
-  title: Application Control for Windows
-  description: Landing page for Windows Defender Application Control
-# services: service
-# ms.service: microsoft-WDAC-AppLocker
-# ms.subservice: Application-Control
-# ms.topic: landing-page
-# author: Kim Klein
-# ms.author: Jordan Geurten 
-# manager: Jeffrey Sutherland
-# ms.update: 04/30/2021
-# linkListType: overview | how-to-guide | tutorial | video
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card
-  - title: Learn about Application Control
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: What is WDAC (WDAC Overview)?
-            url:  wdac-and-applocker-overview.md
-          - text: What is AppLocker?
-            url:  applocker\applocker-overview.md
-          - text: WDAC and AppLocker feature availability
-            url:  feature-availability.md  
-  # Card               
-  - title: Learn about the Design Guide
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Using code signing to simplify application control
-            url:  use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
-          - text: Merging Policies
-            url:  wdac-wizard-merging-policies.md
-          - text: Recommended blocks 
-            url:  microsoft-recommended-block-rules.md
-          - text: Recommended driver blocks 
-            url:  microsoft-recommended-driver-block-rules.md
-          - text: Example policies
-            url:  example-wdac-base-policies.md
-          - text: LOB Win32 apps on S Mode
-            url:  LOB-win32-apps-on-s.md
-      - linkListType: how-to-guide
-        links:
-          - text: Create a WDAC policy for a lightly managed device
-            url:  cardreate-wdac-policy-for-lightly-managed-devices.md
-          - text: Create a WDAC policy for a fully managed device
-            url:  create-wdac-policy-for-fully-managed-devices.md
-          - text: Create a WDAC policy for a fixed-workload
-            url:  create-initial-default-policy.md
-		  - text: Using catalog files
-            url:  deploy-catalog-files-to-support-windows-defender-application-control.md
-		  - text: WDAC Wizard tool
-            url:  wdac-wizard.md
-	  - linkListType: Tutorial (videos)
-        links:
-          - text: Using the WDAC Wizard
-            url:  video md
-          - text: Specifying custom values
-            url:  video md
-  # Card
-  - title: Learn about Policy Configuration
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Understanding policy rules
-            url:  
-		  - text: Understanding File rules
-            url:  
-      - linkListType: how-to-guide (written)
-        links:
-          - text: Allow managed installer and configure managed installer rules
-            url:  configure-authorized-apps-deployed-with-a-managed-installer.md
-          - text: Allow reputable apps with ISG
-            url:  use-windows-defender-application-control-with-intelligent-security-graph.md
-  # Card
-  - title: Learn how to deploy WDAC Policies
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Signed policies
-            url:  use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
-		  - text: Audit and enforce policies
-            url:  audit-and-enforce-windows-defender-application-control-policies.md
-		  - text: Disabling WDAC policies
-            url:  disable-windows-defender-application-control-policies.md
-      - linkListType: tutorial
-        links:
-          - text: Deployment with MDM
-            url:  deploy-windows-defender-application-control-policies-using-intune.md
-          - text: Deployment with MEMCM
-            url:  deployment/deploy-wdac-policies-with-memcm.md
-          - text: Deployment with script and refresh policy
-            url:  deployment/deploy-wdac-policies-with-script.md
-  # Card
-  - title: Learn how to monitor and reiterate WDAC Policies (operational)
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Event logs (tags, IDs) 
-            url:  event-id-and-tag-explanations.md
-      - linkListType: how-to-guide
-        links:
-          - text: Querying using advanced hunting
-            url:  querying-application-control-events-centrally-using-advanced-hunting.md
-      - linkListType: tutorial
-        links:
-          - text: Creating a policy from event logs (video)
-            url:   #Jordan will create a video for this
\ No newline at end of file

From 85168ed32565622c6c1b6d5331709661aafb3b95 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 21 May 2021 14:55:14 -0700
Subject: [PATCH 53/92] Acrolinx "provisioining"

---
 windows/deployment/upgrade/windows-10-edition-upgrades.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 71af1da585..5205193bb7 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -84,7 +84,7 @@ Use Windows Configuration Designer to create a provisioning package to upgrade a
 - To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 
 For more info about Windows Configuration Designer, see these topics:
-- [Create a provisioining package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package)
+- [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package)
 - [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package)
 
 

From f1d9dd9b5cd9b1307aa8973c07627a4981a18c21 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 21 May 2021 15:18:34 -0700
Subject: [PATCH 54/92] Corrected note styles

---
 .../upgrade/windows-10-edition-upgrades.md         | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 5205193bb7..4cc61f1954 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -26,9 +26,13 @@ With Windows 10, you can quickly upgrade from one edition of Windows 10 to ano
 
 For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
 
-The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
+The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer.
 
-Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](/configmgr/compliance/deploy-use/upgrade-windows-version) in Microsoft Endpoint Configuration Manager.
+> [!NOTE]
+> The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
+
+> [!TIP]
+> Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](/configmgr/compliance/deploy-use/upgrade-windows-version) in Microsoft Endpoint Configuration Manager.
 
 ![not supported](../images/x_blk.png) (X) = not supported</br>
 ![supported, reboot required](../images/check_grn.png) (green checkmark) = supported, reboot required</br>
@@ -122,7 +126,8 @@ If you do not have a product key, you can upgrade your edition of Windows 10 th
 
 3.  Follow the on-screen instructions.
 
-    **Note**<br>If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
+    > [!NOTE]
+    > If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
 
 ## License expiration
 
@@ -130,7 +135,8 @@ Volume license customers whose license has expired will need to change the editi
 
 Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported.  You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
 
-Note: If you are using [Windows 10 Enterprise Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
+> [!NOTE]
+> If you are using [Windows 10 Enterprise Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
 
 ### Scenario example
 

From ec3b863fc4e9c4d461f428d495040eeebf917eaa Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 21 May 2021 15:21:03 -0700
Subject: [PATCH 55/92] Changed some <td> to <th>

---
 .../upgrade/windows-10-edition-upgrades.md    | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 4cc61f1954..c9b296a9c8 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -156,21 +156,21 @@ You can move directly from Enterprise to any valid destination edition. In this
 <br>
 <table border="0" cellpadding="1">
     <tr>
-        <td colspan="10" align="center">Destination edition</td>
+        <th colspan="10" align="center">Destination edition</th>
     </tr>
     <tr>
-        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
-        <td></td>
-        <td>Home</td>
-        <td>Pro</td>
-        <td>Pro for Workstations</td>
-        <td>Pro Education</td>
-        <td>Education</td>
-        <td>Enterprise LTSC</td>
-        <td>Enterprise</td>
+        <th>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</th>
+        <th>&nbsp;</th>
+        <th>Home</th>
+        <th>Pro</th>
+        <th>Pro for Workstations</th>
+        <th>Pro Education</th>
+        <th>Education</th>
+        <th>Enterprise LTSC</th>
+        <th>Enterprise</th>
     </tr>
     <tr>
-        <td rowspan="9" nowrap="nowrap" valign="middle">Starting edition</td>
+        <th rowspan="9" nowrap="nowrap" valign="middle">Starting edition</th>
     </tr>
     <tr>
         <td>Home</td>

From 2b6d435f7e45d6cbb3dd06294680402928b41355 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 21 May 2021 17:41:06 -0700
Subject: [PATCH 56/92] Changed some <td> to <th>

---
 .../upgrade/windows-10-upgrade-paths.md       | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 57994ce79b..2b5bb70b58 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -43,17 +43,17 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
 <table border="0" cellpadding="1">
     <tr>
         <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
-        <td></td>
-        <td>Windows 10 Home</td>
-        <td>Windows 10 Pro</td>
-        <td>Windows 10 Pro Education</td>
-        <td>Windows 10 Education</td>
-        <td>Windows 10 Enterprise</td>
-        <td>Windows 10 Mobile</td>
-        <td>Windows 10 Mobile Enterprise</td>
+        <td>&nbsp;</td>
+        <th>Windows 10 Home</th>
+        <th>Windows 10 Pro</th>
+        <th>Windows 10 Pro Education</th>
+        <th>Windows 10 Education</th>
+        <th>Windows 10 Enterprise</th>
+        <th>Windows 10 Mobile</th>
+        <th>Windows 10 Mobile Enterprise</th>
     </tr>
     <tr>
-        <td rowspan="7" nowrap="nowrap">Windows 7</td>
+        <th rowspan="7" nowrap="nowrap">Windows 7</th>
     </tr>
     <tr>
         <td>Starter</td>
@@ -116,7 +116,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
     </tr>
     <tr>
-        <td rowspan="10" nowrap="nowrap">Windows 8.1</td>
+        <th rowspan="10" nowrap="nowrap">Windows 8.1</th>
     </tr>
     <tr>
         <td>(Core)</td>
@@ -209,7 +209,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
     </tr>
     <tr>
-        <td rowspan="8" nowrap="nowrap">Windows 10</td>
+        <th rowspan="8" nowrap="nowrap">Windows 10</th>
     </tr>
     <tr>
         <td>Home</td>

From e876258e88e88bb9a7c55753a370cddd901b001e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 24 May 2021 06:05:28 -0700
Subject: [PATCH 57/92] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                               | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 8df3886343..c67c087461 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 05/06/2021
+ms.date: 05/24/2021
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -27,7 +27,7 @@ Application Guard uses both network isolation and application-specific settings.
 
 ## Network isolation settings
 
-These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
+These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
 
 > [!NOTE]
 > You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy.
@@ -48,7 +48,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
 |`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
 
 ## Application-specific settings
-These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
+These settings, located at `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard`, can help you to manage your company's implementation of Application Guard.
 
 |Name|Supported versions|Description|Options|
 |-----------|------------------|-----------|-------|

From e1c3b21fbbefca7de9d69b721ff2f7f0da790833 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 24 May 2021 06:07:08 -0700
Subject: [PATCH 58/92] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index c67c087461..593984f0dc 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -52,7 +52,7 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 
 |Name|Supported versions|Description|Options|
 |-----------|------------------|-----------|-------|
-|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>-Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
+|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
 |Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
 |Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. <p>**NOTE**: This action might also block assets cached by CDNs and references to analytics sites. Add them to the trusted enterprise resources to avoid broken pages.<p>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
 |Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|

From d8b97435929ea25323d7e1447ccc181ea2b54802 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 11:09:43 -0700
Subject: [PATCH 59/92] Task ID 29550212

Made recommended edit.
---
 .../select-types-of-rules-to-create.md                 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index e91bfb3d64..000dc79659 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -126,14 +126,14 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard
 
 You can also use the following macros when the exact volume may vary: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`.
 
-## More information about hashes 
+## More information about hashes
 
-### Why does scan create 4 hash rules per XML file?
+### Why does scan create four hash rules per XML file?
 
-(Hash Sha1, Hash Sha256, Hash Page Sha1, Hash Page Sha256)
-During validation CI will choose which hashes to calculate depending on how the file is signed.  E.g. if the file is page-hash signed the entire file would not get paged in to do a full sha256 authenticode and we would just match using the first page hash.
+The PowerShell cmdlet will produce an Authenticode Sha1 Hash, Sha256 Hash, Sha1 Page Hash, Sha256 Page Hash.
+During validation CI will choose which hashes to calculate depending on how the file is signed.  For example, if the file is page-hash signed the entire file would not get paged in to do a full sha256 authenticode and we would just match using the first page hash.
 
-In the cmdlets, rather than try to predict which hash CI will use, we pre calculate and use the 4 hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This is also resilient to if the signing status of the file changes and necessary for deny rules to ensure that changing/stripping the signature doesn’t result in a different hash than what was in the policy being used by CI.
+In the cmdlets, rather than try to predict which hash CI will use, we pre-calculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This is also resilient, if the signing status of the file changes and necessary for deny rules to ensure that changing/stripping the signature doesn’t result in a different hash than what was in the policy being used by CI.
 
 ### Why does scan create 8 hash rules for certain XML files?
 

From 5e53adc4effca1e0294803f0385c8ba9c95364af Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 11:13:53 -0700
Subject: [PATCH 60/92] Task ID 33324832

Made 2 recommended edits.
---
 ...d-enforce-windows-defender-application-control-policies.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 31f6314425..04664080a7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -32,7 +32,7 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav
 
 ## Overview of the process to create WDAC policy to allow apps using audit events
 
-> [!Note]
+> [!NOTE]
 > You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md).
 
 To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy.
@@ -75,7 +75,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 
 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.
 
-## Convert WDAC **base** policy from audit to enforced
+## Convert WDAC **BASE** policy from audit to enforced
 
 As described in [common WDAC deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 

From c1ae84c81f44ae1590a5e7830745c0bc1ab65e4e Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 11:34:24 -0700
Subject: [PATCH 61/92] Task ID 33324832

Fixed primary heading size.
---
 ...and-enforce-windows-defender-application-control-policies.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 04664080a7..4b1860ea36 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -19,7 +19,7 @@ ms.date: 05/03/2021
 ms.technology: mde
 ---
 
-## Use audit events to create WDAC policy rules and Convert **base** policy from audits to enforced
+# Use audit events to create WDAC policy rules and Convert **base** policy from audits to enforced
 
 **Applies to:**
 

From 75160b732405a061f12a6869ad46e40c3280566b Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 11:38:02 -0700
Subject: [PATCH 62/92] Task ID 31558721

Removed "rendering ISG reputation as moot"
---
 ...ender-application-control-with-intelligent-security-graph.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index dcd705cd5b..082eb3a3f1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -33,7 +33,7 @@ Beginning with Windows 10, version 1709, you can set an option to automatically
 
 The ISG uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good," "known bad," or "unknown" reputation. When a binary runs on a system, with WDAC enabled with the ISG option, WDAC checks the file's reputation, by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file.
 
-If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud, rendering ISG reputation information as moot.
+If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud.
 
 If the file with good reputation is an application installer, its reputation will pass along to any files that it writes to disk. This way, all the files needed to install and run an app inherit the positive reputation data from the installer.
 

From b9fcf4421627b005f5db5268a4e90486e3260a20 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 11:40:32 -0700
Subject: [PATCH 63/92] Task ID 33324832

Fixed first heading.
---
 ...nfigure-authorized-apps-deployed-with-a-managed-installer.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index 3922be1e3b..6612e9fbf7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -18,7 +18,7 @@ ms.date: 08/14/2020
 ms.technology: mde
 ---
 
-## Configuring authorized apps deployed by a managed installer with AppLocker and Windows Defender Application Control
+# Configuring authorized apps deployed by a managed installer with AppLocker and Windows Defender Application Control
 
 **Applies to:**
 

From 84458fe2ffb40b4f2165e5e07ac62cac9e721629 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 11:46:21 -0700
Subject: [PATCH 64/92] Updated wdac-and-applocker-overview document

Restored first heading size and made suggested text edit to the WDAC System Requirements section.
---
 .../wdac-and-applocker-overview.md                            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 0897007f32..2d7ae11177 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -19,7 +19,7 @@ ms.custom: asr
 ms.technology: mde
 ---
 
-## Windows Defender Application Control and AppLocker Overview
+# Windows Defender Application Control and AppLocker Overview
 
 **Applies to:**
 
@@ -47,7 +47,7 @@ Note that prior to Windows 10 version 1709, Windows Defender Application Control
 
 WDAC policies can be created on any client edition of Windows 10 build 1903+, or on Windows Server 2016 and above.
 
-WDAC policies can be applied to devices running any edition of Windows 10, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, e.g. Intune; a management interface, e.g. Configuration Manager; or a script host, e.g. PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
+WDAC policies can be applied to devices running any edition of Windows 10, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
 For more information on which individual WDAC features are available on specific WDAC builds, see [WDAC feature availability](feature-availability.md).
 

From 087c522d61678843302f41f2abe6140ce448ab95 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 13:15:14 -0700
Subject: [PATCH 65/92] Task ID 29550212

Implemented last suggested edit to the "create eight hash rules" section.
---
 .../select-types-of-rules-to-create.md                          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 000dc79659..390b687187 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -135,7 +135,7 @@ During validation CI will choose which hashes to calculate depending on how the
 
 In the cmdlets, rather than try to predict which hash CI will use, we pre-calculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This is also resilient, if the signing status of the file changes and necessary for deny rules to ensure that changing/stripping the signature doesn’t result in a different hash than what was in the policy being used by CI.
 
-### Why does scan create 8 hash rules for certain XML files?
+### Why does scan create eight hash rules for certain XML files?
 
 Separate rules are created for UMCI and KMCI. In some cases, files which are purely user-mode or purely kernel-mode may still generate both sets, as CI cannot always precisely determine what is purely user vs. kernel mode and errs on the side of caution.
 

From 092c6bfb6c44603217a2f2d34d5d0593872c44d0 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 13:26:23 -0700
Subject: [PATCH 66/92] Task ID 33324832

Updated TOC and all articles that point to old managed installer documents with new combined managed installer link.
---
 ...lication-control-with-managed-installer.md | 59 -------------------
 1 file changed, 59 deletions(-)
 delete mode 100644 windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
deleted file mode 100644
index 66afc7f933..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Authorize apps installed by a managed installer (Windows 10)
-description: Explains how to automatically allow applications deployed and installed by a managed installer.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-ms.collection: M365-security-compliance
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: dansimp
-manager: dansimp
-ms.date: 04/20/2021
-ms.technology: mde
----
-
-# Authorize apps deployed by a managed installer
-
-**Applies to:**
-
-- Windows 10
-- Windows Server 2019
-
-Windows 10, version 1703 introduced a new option for Windows Defender Application Control (WDAC), called managed installer, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager.
-
-## How does a managed installer work?
-
-A new rule collection in AppLocker specifies binaries that are trusted by the organization as an authorized source for application deployment. When one of these binaries runs, Windows will monitor the binary's process (and processes it launches) and tag all files it writes as having originated from a managed installer. The managed installer rule collection is configured using Group Policy and can be applied with the Set-AppLockerPolicy PowerShell cmdlet. You can't currently set managed installers with the AppLocker CSP through MDM.
-
-Having defined your managed installers using AppLocker, you can then configure WDAC to trust files installed by a managed installer by adding the Enabled:Managed Installer option to your WDAC policy. Once that option is set, WDAC will check for managed installer origin information when determining whether or not to allow a binary to run. As long as there are no deny rules present for the file, WDAC will allow a file to run based on its managed installer origin.
-
-You should ensure that the WDAC policy allows the system to boot and any other authorized applications that can't be deployed through a managed installer.
-
-For an example of a managed installer use case, see [Creating a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md).
-
-## Security considerations with managed installer
-
-Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do.
-It is best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager.
-
-Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed.
-
-If a managed installer process runs in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control.
-
-Some application installers may automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files created during the first run of the application. This could result in over-authorization for executables that were not intended. To avoid that outcome, ensure that the application deployment solution used as a managed installer limits running applications as part of installation.
-
-## Known limitations with managed installer
-
-- Application control based on managed installer does not support applications that self-update. If an application deployed by a managed installer later updates itself, the updated application files won't include the managed installer origin information and may not be able to run. When you rely on managed installers, you must deploy and install all application updates using a managed installer or include rules to authorize the app in the WDAC policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
-
-- [Packaged apps (MSIX)](/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md).
-
-- Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
-
-- The managed installer heuristic doesn't authorize kernel drivers. The WDAC policy must have rules that allow the necessary drivers to run.  

From a85b27f4bfa623752f94ff6cf89c0cf1c50ec8c7 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Mon, 24 May 2021 13:42:46 -0700
Subject: [PATCH 67/92] Task ID 33324832 continued

These are the other files that were updated for this task.
---
 .../windows-defender-application-control/TOC.yml              | 4 ++--
 .../create-wdac-policy-for-fully-managed-devices.md           | 2 +-
 .../create-wdac-policy-for-lightly-managed-devices.md         | 2 +-
 .../feature-availability.md                                   | 2 +-
 .../plan-windows-defender-application-control-management.md   | 2 +-
 .../select-types-of-rules-to-create.md                        | 2 +-
 ...ws-defender-application-control-policy-design-decisions.md | 2 +-
 .../wdac-and-applocker-overview.md                            | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index eaf0d1aa66..8fa33cfe26 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -21,9 +21,9 @@
               href: select-types-of-rules-to-create.md
               items: 
                 - name: Allow apps installed by a managed installer
-                  href: use-windows-defender-application-control-with-managed-installer.md
+                  href: configure-authorized-apps-deployed-with-a-managed-installer.md
                 - name: Configure managed installer rules
-                  href: configure-wdac-managed-installer.md
+                  href: configure-authorized-apps-deployed-with-a-managed-installer.md
                 - name: Allow reputable apps with Intelligent Security Graph (ISG)
                   href: use-windows-defender-application-control-with-intelligent-security-graph.md
                 - name: Allow COM object registration
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 8399532bab..cceb8da77d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -149,7 +149,7 @@ Alice has defined a policy for Lamna's fully-managed devices that makes some tra
    Possible mitigations:
   - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
 - **Managed installer**<br>
-    See [security considerations with managed installer](use-windows-defender-application-control-with-managed-installer.md#security-considerations-with-managed-installer)
+    See [security considerations with managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md#security-considerations-with-managed-installer)
 
    Existing mitigations applied:
   - Limit who can elevate to administrator on the device.
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
index 08e82cbe13..c4dabcde4c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@@ -155,7 +155,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
   - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
   - Limit who can elevate to administrator on the device.
 - **Managed installer**<br>
-    See [security considerations with managed installer](use-windows-defender-application-control-with-managed-installer.md#security-considerations-with-managed-installer)
+    See [security considerations with managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md#security-considerations-with-managed-installer)
 
     Possible mitigations:
   - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 3f411ffb3e..16dd454c61 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -34,7 +34,7 @@ ms.technology: mde
 | Per-User and Per-User group rules | Not available (policies are device-wide)                                                                                                                                                                                                                                                                                                           | Available on Windows 8+                                                                                                                                                                                                                                                                                                           |
 | Kernel mode policies              | Available on all Windows 10 versions                                                                                                                                                                                                                                                                                                                 | Not available                                                                                                                                                                                                                                                                                                                     |
 | Per-app rules                     | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md)                                                                                                                                                                                                                                                                                                                                 | Not available                                                                                                                                                                                                                                                                                                                     |
-| Managed Installer (MI)            | [Available on 1703+](./use-windows-defender-application-control-with-managed-installer.md)                                                                                                                                                                                                                                                                                                                                 | Not available                                                                                                                                                                                                                                                                                                                |
+| Managed Installer (MI)            | [Available on 1703+](./configure-authorized-apps-deployed-with-a-managed-installer.md)                                                                                                                                                                                                                                                                                                                                 | Not available                                                                                                                                                                                                                                                                                                                |
 | Reputation-Based intelligence     | [Available on 1709+](./use-windows-defender-application-control-with-intelligent-security-graph.md)                                                                                                                                                                                                                                                                                                                                 | Not available                                                                                                                                                                                                                                                                                                                |
 | Multiple policy support           | [Available on 1903+](./deploy-multiple-windows-defender-application-control-policies.md)                                                                                                                                                                                                                                                                                                                                 | Not available                                                                                                                                                                                                                                                                        |
 | Path-based rules                  | [Available on 1903+.](./select-types-of-rules-to-create.md#more-information-about-filepath-rules) Exclusions are not supported. Runtime user-writeability check enforced by default.                                                                                                                                                                                                                                                    | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check.                                                                                                                                                                                                                                                                                |
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index 8c0156d01b..5d0dd83466 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -59,7 +59,7 @@ In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/con
 
 ### Policy rule updates
 
-As new apps are deployed or existing apps are updated by the software publisher, you may need to make revisions to your rules to ensure that these apps run correctly. Whether policy rule updates are required will depend significantly on the types of rules your policy includes. Rules based on codesigning certificates provide the most resiliency against app changes while rules based on file attributes or hash are most likely to require updates when apps change. Alternatively, if you leverage WDAC [managed installer](use-windows-defender-application-control-with-managed-installer.md) functionality and consistently deploy all apps and their updates through your managed installer, then you are less likely to need policy updates.
+As new apps are deployed or existing apps are updated by the software publisher, you may need to make revisions to your rules to ensure that these apps run correctly. Whether policy rule updates are required will depend significantly on the types of rules your policy includes. Rules based on codesigning certificates provide the most resiliency against app changes while rules based on file attributes or hash are most likely to require updates when apps change. Alternatively, if you leverage WDAC [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) functionality and consistently deploy all apps and their updates through your managed installer, then you are less likely to need policy updates.
 
 ## WDAC event management
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 390b687187..add268e0ee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -63,7 +63,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
 | **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows 10 without the proper update may have unintended results. |
 | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. |
-| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](use-windows-defender-application-control-with-managed-installer.md) |
+| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) |
 | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
 | **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.|
 | **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. NOTE: This option is only supported on Windows 10, version 1709, and above.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 9443134723..9bd69f5bee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -58,7 +58,7 @@ Organizations with well-defined, centrally-managed app management and deployment
 
 | Possible answers | Design considerations|
 | - | - |
-| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](use-windows-defender-application-control-with-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
+| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
 | Some apps are centrally managed and deployed, but teams can install additional apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can leverage managed installers to install their team-specific apps or admin-only file path rules can be used to allow apps installed by admin users. |
 | Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. |
 | Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 2d7ae11177..ce2acde0e8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -37,7 +37,7 @@ WDAC policies apply to the managed computer as a whole and affects all users of
 - Attributes of the codesigning certificate(s) used to sign an app and its binaries
 - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
 - The reputation of the app as determined by Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md)
-- The identity of the process that initiated the installation of the app and its binaries ([managed installer](use-windows-defender-application-control-with-managed-installer.md))
+- The identity of the process that initiated the installation of the app and its binaries ([managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md))
 - The [path from which the app or file is launched](select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
 - The process that launched the app or binary
 

From 3b5c9c54df8fa260903c6f57f52ef3381316ea7c Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 10:14:14 +0100
Subject: [PATCH 68/92] Update
 windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 822869ba60..530d46fc7b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -594,7 +594,7 @@ For a complete list of the Microsoft Edge policies, see [Available policies for
 
 ### <a href="" id="bkmk-edgegp"></a>13.2 Microsoft Edge Enterprise
 
-For a complete list of the Microsoft Edge policies, see [Microsoft Edge and privacy: FAQ](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies). 
+For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). 
 
 > [!Important]
 > - The following settings are applicable to Microsoft Edge version 77 or later. 

From dc5cfe6608337b409aa0175f461ab0db15e4e01d Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 10:14:34 +0100
Subject: [PATCH 69/92] Update
 windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 530d46fc7b..76ca00f7c5 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -597,7 +597,7 @@ For a complete list of the Microsoft Edge policies, see [Available policies for
 For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). 
 
 > [!Important]
-> - The following settings are applicable to Microsoft Edge version 77 or later. 
+> - The following settings are applicable to Microsoft Edge version 77 or later.
 > - For details on supported Operating Systems see Microsoft Edge supported Operating Systems 
 > - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge see Configure Microsoft Edge policy settings on Windows 
 > - Devices must be domain joined for some of the policies to take effect. 

From 1c85fc9836474ee1e41fc3c244f24ccaa306cd39 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 10:14:55 +0100
Subject: [PATCH 70/92] Update
 windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 76ca00f7c5..686300049e 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -599,7 +599,7 @@ For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile
 > [!Important]
 > - The following settings are applicable to Microsoft Edge version 77 or later.
 > - For details on supported Operating Systems see Microsoft Edge supported Operating Systems 
-> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge see Configure Microsoft Edge policy settings on Windows 
+> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge).
 > - Devices must be domain joined for some of the policies to take effect. 
 
 | Policy                           | Group Policy Path  | Registry Path                               |

From f1ffa4ff38e3c6c7eed16d700e53b7d2b7e60e53 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 10:15:07 +0100
Subject: [PATCH 71/92] Update
 windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 686300049e..c546a733d7 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -600,7 +600,7 @@ For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile
 > - The following settings are applicable to Microsoft Edge version 77 or later.
 > - For details on supported Operating Systems see Microsoft Edge supported Operating Systems 
 > - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge).
-> - Devices must be domain joined for some of the policies to take effect. 
+> - Devices must be domain joined for some of the policies to take effect.
 
 | Policy                           | Group Policy Path  | Registry Path                               |
 |----------------------------------|--------------------|---------------------------------------------|

From da8cc9c6504f7fcb51844b98a6cbb05ed5bca1fc Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 10:15:18 +0100
Subject: [PATCH 72/92] Update
 windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index c546a733d7..434a191b14 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -598,7 +598,7 @@ For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile
 
 > [!Important]
 > - The following settings are applicable to Microsoft Edge version 77 or later.
-> - For details on supported Operating Systems see Microsoft Edge supported Operating Systems 
+> - For details on supported Operating Systems, see [Microsoft Edge supported Operating Systems](/deployedge/microsoft-edge-supported-operating-systems).
 > - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge).
 > - Devices must be domain joined for some of the policies to take effect.
 

From 3f303e1e27542a1e3fe28a34fa6d832f4ff520f3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 11:28:21 +0100
Subject: [PATCH 73/92] Update policy-csp-system.md

---
 .../mdm/policy-csp-system.md                  | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 3615cb2e3f..cf6bdc3ff3 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -736,13 +736,22 @@ The following list shows the supported values for Windows 8.1:
 </tbody>
 </table>-->
 
-In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft. The following list shows the supported values for Windows 10:  
+In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft.
+
+The following list shows the supported values for Windows 10 version 1809 and older:
+
 -   0 – (**Security**) Sends information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Microsoft Defender. 
     **Note:** This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), Hololens 2, and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
 -   1 – (**Basic**) Sends the same data as a value of 0, plus additional basic device info, including quality-related data, app compatibility, and app usage data.
 -   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data.
 -   3 – (**Full**) Sends the same data as a value of 2, plus all data necessary to identify and fix problems with devices.
 
+The following list shows the supported values for  Windows 10 version 19H1 and later:
+
+-   Diagnostic data off - No Windows diagnostic data sent.
+-   Required (Basic) - Minimum data required to keep the device secure, up to date, and performing as expected.
+-   Optional (Full) - Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
+
 <!--<table style="margin-left: 20px">
 <colgroup>
 <col width="100%" />
@@ -772,13 +781,6 @@ In Windows 10, you can configure this policy setting to decide what level of dia
 </tbody>
 </table>-->
 
-
-> [!IMPORTANT]
-> If you are using Windows 8.1 MDM server and set a value of 0 using the legacy AllowTelemetry policy on a Windows 10 Mobile device, then the value is not respected and the telemetry level is silently set to level 1.
-
-
-Most restricted value is 0.
-
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
@@ -1609,7 +1611,7 @@ This policy setting, in combination with the System/AllowTelemetry
 To enable this behavior, you must complete two steps:
 <ul>
 <li>Enable this policy setting</li>
-<li>Set Allow Telemetry to level 2 (Enhanced)</li>
+<li>Set Allow Telemetry to Optional (Full)</li>
 </ul>
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.

From ca4eb87ea2af18c18f1c77b0bcf7ee9c5ecdc005 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 11:38:48 +0100
Subject: [PATCH 74/92] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index cf6bdc3ff3..f8b011b8b0 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -740,17 +740,19 @@ In Windows 10, you can configure this policy setting to decide what level of dia
 
 The following list shows the supported values for Windows 10 version 1809 and older:
 
--   0 – (**Security**) Sends information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Microsoft Defender. 
+-   0 – (**Security**) Sends information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Microsoft Defender.
     **Note:** This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), Hololens 2, and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
 -   1 – (**Basic**) Sends the same data as a value of 0, plus additional basic device info, including quality-related data, app compatibility, and app usage data.
 -   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data.
 -   3 – (**Full**) Sends the same data as a value of 2, plus all data necessary to identify and fix problems with devices.
 
+Most restricted value is 0.
+
 The following list shows the supported values for  Windows 10 version 19H1 and later:
 
--   Diagnostic data off - No Windows diagnostic data sent.
--   Required (Basic) - Minimum data required to keep the device secure, up to date, and performing as expected.
--   Optional (Full) - Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
+-   **Diagnostic data off** - No Windows diagnostic data sent.
+-   **Required (Basic)** - Minimum data required to keep the device secure, up to date, and performing as expected.
+-   **Optional (Full)** - Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
 
 <!--<table style="margin-left: 20px">
 <colgroup>

From 2814521ec755ccdcca81ce726cb9740daa4f6c01 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 11:48:28 +0100
Subject: [PATCH 75/92] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index f8b011b8b0..b0660cb9d4 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1613,7 +1613,7 @@ This policy setting, in combination with the System/AllowTelemetry
 To enable this behavior, you must complete two steps:
 <ul>
 <li>Enable this policy setting</li>
-<li>Set Allow Telemetry to Optional (Full)</li>
+<li>Set Allow Telemetry to level 2 (Enhanced)</li>
 </ul>
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.

From 38bda9b015611ebbab916c77ffc66f83e4802b7b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 14:01:20 +0100
Subject: [PATCH 76/92] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index b0660cb9d4..3998ef75f2 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1612,8 +1612,10 @@ This policy setting, in combination with the System/AllowTelemetry
  
 To enable this behavior, you must complete two steps:
 <ul>
-<li>Enable this policy setting</li>
-<li>Set Allow Telemetry to level 2 (Enhanced)</li>
+-   Enable this policy setting
+-   Set the Allow Telemetry level:
+    - For Windows 10 version 1809 and older: set Allow Telemetry to level 2 (Enhanced) 
+    - For Windows 10 version 19H1 and later: set Allow Telemetry to Telemetry to Optional (Full). 
 </ul>
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.

From 8ac219c4ef8b686109326eb9296496f333f594e4 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 14:05:16 +0100
Subject: [PATCH 77/92] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 3998ef75f2..3ca9b29e48 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1611,12 +1611,12 @@ This policy setting, in combination with the System/AllowTelemetry
  policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
  
 To enable this behavior, you must complete two steps:
-<ul>
+
 -   Enable this policy setting
 -   Set the Allow Telemetry level:
     - For Windows 10 version 1809 and older: set Allow Telemetry to level 2 (Enhanced) 
     - For Windows 10 version 19H1 and later: set Allow Telemetry to Telemetry to Optional (Full). 
-</ul>
+
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.
  

From 8faa81c72bea6f594a8828a26157afcc6a9c216b Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 25 May 2021 09:35:03 -0700
Subject: [PATCH 78/92] Task ID 23142312

Added "well-known root cert types" info to the document.
---
 .../event-tag-explanations.md                 | 31 ++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index e4a1e510ea..07690733e7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -18,7 +18,7 @@ ms.date: 8/27/2020
 ms.technology: mde
 ---
 
-## Understanding Application Control event tags
+# Understanding Application Control event tags
 
 Windows Defender Application Control (WDAC) events include a number of fields which provide helpful troubleshooting information to figure out exactly what an event means. Below, we have documented the values and meanings for a few useful event tags.
 
@@ -91,3 +91,32 @@ Represents why verification failed, or if it succeeded.
 | 26 | Explicitly denied by WADC policy |
 | 27 | The signing chain appears to be tampered/invalid |
 | 28 | Resource page hash mismatch |
+
+## Microsoft Root CAs trusted by Windows
+
+The rule means trust anything signed by a cert that chains to this root CA. Enums without values start at 0, and increment by 1 as you go down the below list.
+
+typedef enum _MINCRYPT_KNOWN_ROOT_ID {
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootNone, <mark><-- 0</mark><br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootUnknown,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootSelfsigned,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftAuthenticodeRoot,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftProductRoot1997,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftProductRoot2001,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftProductRoot2010,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftStandardRoot2011,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftCodeVerificationRoot2006,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftTestRoot1999,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftTestRoot2010,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftDMDTestRoot2005,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftDMDRoot2005,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftDMDPreviewRoot2005,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftFlightRoot2014,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftThirdPartyMarketplaceRoot,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccTestingRootCa2017,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccDevelopmentRootCa2018,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccProductRootCa2018,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccDevicesRootCa2017,<br>
+} MINCRYPT_KNOWN_ROOT_ID, *PMINCRYPT_KNOWN_ROOT_ID;<br>
+
+For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file.
\ No newline at end of file

From dadf73dea9676bac0304d2663515a50a52376dc2 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 25 May 2021 12:24:24 -0700
Subject: [PATCH 79/92] Task ID 23142312

Fine tuning Root Cert section.
---
 .../event-tag-explanations.md                 | 46 +++++++++----------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index 07690733e7..7d75cdc009 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -94,29 +94,29 @@ Represents why verification failed, or if it succeeded.
 
 ## Microsoft Root CAs trusted by Windows
 
-The rule means trust anything signed by a cert that chains to this root CA. Enums without values start at 0, and increment by 1 as you go down the below list.
+The rule means trust anything signed by a cert that chains to this root CA. Enums without values start at 0, and increment by 1 as you go down the below list.<br>
 
-typedef enum _MINCRYPT_KNOWN_ROOT_ID {
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootNone, <mark><-- 0</mark><br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootUnknown,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootSelfsigned,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftAuthenticodeRoot,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftProductRoot1997,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftProductRoot2001,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftProductRoot2010,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftStandardRoot2011,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftCodeVerificationRoot2006,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftTestRoot1999,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftTestRoot2010,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftDMDTestRoot2005,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftDMDRoot2005,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftDMDPreviewRoot2005,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftFlightRoot2014,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftThirdPartyMarketplaceRoot,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccTestingRootCa2017,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccDevelopmentRootCa2018,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccProductRootCa2018,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;MincryptKnownRootMicrosoftEccDevicesRootCa2017,<br>
-} MINCRYPT_KNOWN_ROOT_ID, *PMINCRYPT_KNOWN_ROOT_ID;<br>
+| Root ID | Root Name |
+|---|----------|
+|0| None |
+|1| Unknown |
+|2 | Self-Signed |
+|3 | Authenticode |
+|4 | Microsoft Product Root 1997 |
+|5 | Microsoft Product Root 2001 |
+|6 | Microsoft Product Root 2010 |
+|7 | Microsoft Standard Root 2011 |
+|8 | Microsoft Code Verification Root 2006 |
+|9 | Microsoft Test Root 1999 |
+|10 | Microsoft Tes\t Root 2010 |
+|11 | Microsoft DMD Test Root 2005 |
+|12 | Microsoft DMDRoot 2005 |
+|13 | Microsoft DMD Preview Root 2005 |
+|14 | Microsoft Flight Root 2014 |
+|15 | Microsoft Third Party Marketplace Root  |
+|16 | Microsoft Ecc Testing Root Ca2017 |
+|17 | Microsoft Ecc Developmen tRoot Ca 2018 |
+|18 | Microsoft Ecc Product Root Ca 2018 |
+|19 | Microsoft Ecc Devices Root Ca 2017 |
 
 For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file.
\ No newline at end of file

From f3f7fe88390d7fa20eb126fd59c874094310cc1a Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 25 May 2021 12:38:05 -0700
Subject: [PATCH 80/92] Task ID 23142312

Removed the "Enums without value start..." line and reduced the dashes in the table columns headers.
---
 .../event-tag-explanations.md                            | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index 7d75cdc009..e1ea4e1926 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -27,7 +27,7 @@ Windows Defender Application Control (WDAC) events include a number of fields wh
 Represents the type of signature which verified the image.
 
 | SignatureType Value | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 0 | Unsigned or verification has not been attempted |
 | 1 | Embedded signature |
 | 2 | Cached signature; presence of CI EA shows that file had been previously verified |
@@ -42,7 +42,7 @@ Represents the type of signature which verified the image.
 Represents the signature level at which the code was verified.
 
 | ValidatedSigningLevel Value | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 0 | Signing level has not yet been checked |
 | 1 | File is unsigned |
 | 2 | Trusted by WDAC policy |
@@ -61,7 +61,7 @@ Represents the signature level at which the code was verified.
 Represents why verification failed, or if it succeeded.
 
 | VerificationError Value | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 0 | Successfully verified signature |
 | 1 | File has an invalid hash |
 | 2 | File contains shared writable sections |
@@ -94,8 +94,7 @@ Represents why verification failed, or if it succeeded.
 
 ## Microsoft Root CAs trusted by Windows
 
-The rule means trust anything signed by a cert that chains to this root CA. Enums without values start at 0, and increment by 1 as you go down the below list.<br>
-
+The rule means trust anything signed by a cert that chains to this root CA.
 | Root ID | Root Name |
 |---|----------|
 |0| None |

From 2779009c09b56eb0226ea2cc7a7a2c020dce0fd7 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 25 May 2021 21:22:38 +0100
Subject: [PATCH 81/92] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 3ca9b29e48..416ea864c1 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1613,9 +1613,9 @@ This policy setting, in combination with the System/AllowTelemetry
 To enable this behavior, you must complete two steps:
 
 -   Enable this policy setting
--   Set the Allow Telemetry level:
-    - For Windows 10 version 1809 and older: set Allow Telemetry to level 2 (Enhanced) 
-    - For Windows 10 version 19H1 and later: set Allow Telemetry to Telemetry to Optional (Full). 
+-   Set the **AllowTelemetry** level:
+    - For Windows 10 version 1809 and older: set **AllowTelemetry** to (Enhanced) 
+    - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full). 
 
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.

From 40e95d880a415ce23e428884b318d3f3a75416d3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 26 May 2021 11:57:25 +0100
Subject: [PATCH 82/92] Create
 manage-connections-from-windows-operating-system-components-to-microsoft-services.md

---
 ...ows-operating-system-components-to-microsoft-services.md | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 434a191b14..2704df533b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -555,6 +555,8 @@ To disable the Microsoft Account Sign-In Assistant:
 
 Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682) and [Configure Microsoft Edge policy settings on Windows](/DeployEdge/configure-microsoft-edge).
 
+For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). 
+
 ### <a href="" id="bkmk-edgegp"></a>13.1 Microsoft Edge Group Policies
 
 Find the Microsoft Edge Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge**.
@@ -590,12 +592,8 @@ Alternatively, you can configure the following Registry keys as described:
 | Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation<br/>REG_DWORD: MSCompatibilityMode <br />Value: **0**|
 
 
-For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](/microsoft-edge/deploy/available-policies).
-
 ### <a href="" id="bkmk-edgegp"></a>13.2 Microsoft Edge Enterprise
 
-For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). 
-
 > [!Important]
 > - The following settings are applicable to Microsoft Edge version 77 or later.
 > - For details on supported Operating Systems, see [Microsoft Edge supported Operating Systems](/deployedge/microsoft-edge-supported-operating-systems).

From 8b81df85ba7de07a89065f78453c9bbf47c8d379 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 26 May 2021 13:02:58 +0100
Subject: [PATCH 83/92] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 416ea864c1..61558a2ca2 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1615,7 +1615,7 @@ To enable this behavior, you must complete two steps:
 -   Enable this policy setting
 -   Set the **AllowTelemetry** level:
     - For Windows 10 version 1809 and older: set **AllowTelemetry** to (Enhanced) 
-    - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full). 
+    - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
 
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.

From 1bf4abff9868c390ded6f4313b9e2d43f088b1b7 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 26 May 2021 10:22:15 -0700
Subject: [PATCH 84/92] Task ID 33123704

Deleted the merged event tags and id page to rework it under a different branch.
---
 .../event-id-and-tag-explanations.md          | 160 ------------------
 1 file changed, 160 deletions(-)
 delete mode 100644 windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
deleted file mode 100644
index 9b21c840e5..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-and-tag-explanations.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-title: Understanding Application Control event IDs  and tags (Windows 10)
-description: Learn what different Windows Defender Application Control event IDs and tags signify.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-ms.collection: M365-security-compliance
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.reviewer: v-kikl
-ms.author: dansimp
-manager: dansimp
-ms.date: 5/7/2021
-ms.technology: mde
----
-
-## Understanding Application Control event IDs and tags
-
-A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events include a number of fields, which provide helpful troubleshooting information to figure out exactly what an event means.
-
-These events are generated under two locations:
-
-- Event IDs beginning with 30 appear in Applications and Services logs | Microsoft | Windows | CodeIntegrity | Operational
-
-- Event IDs beginning with 80 appear in Applications and Services logs | Microsoft | Windows | AppLocker | MSI and Script
-
-## Microsoft Windows CodeIntegrity Operational log event IDs
-
-| Event ID | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 3076 | Audit executable/dll file |
-| 3077 | Block executable/dll file |
-| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
-| 3099 | Indicates that a policy has been loaded |
-
-## Microsoft Windows Applocker MSI and Script log event IDs
-
-| Event ID | Explanation |
-|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the scripthosts themselves. Note: there is no WDAC enforcement on 3rd party scripthosts. |
-| 8029 | Block script/MSI file |
-| 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
-
-## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events
-
-If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information.
-
-| Event ID | Explanation |
-|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 3090 | Allow executable/dll file |
-| 3091 | Audit executable/dll file |
-| 3092 | Block executable/dll file |
-
-3090, 3091, and 3092 events are generated based on the status code of whether a binary passed the policy, regardless of what reputation it was given or whether it was allowed by a designated MI. The SmartLocker template which appears in the event should indicate why the binary passed/failed. Only one event is generated per binary pass/fail. If both ISG and MI are disabled, 3090, 3091, and 3092 events will not be generated.
-
-### SmartLocker template
-
-Below are the fields which help to diagnose what a 3090, 3091, or 3092 event indicates.
-
-| Name | Explanation |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| StatusCode | STATUS_SUCCESS indicates a binary passed the active WDAC policies. If so, a 3090 event is generated. If not, a 3091 event is generated if the blocking policy is in audit mode, and a 3092 event is generated if the policy is in enforce mode. |
-| ManagedInstallerEnabled | Policy trusts a MI |
-| PassesManagedInstaller | File originated from a trusted MI |
-| SmartlockerEnabled | Policy trusts the ISG |
-| PassesSmartlocker | File had positive reputation |
-| AuditEnabled | True if the policy is in audit mode, otherwise it is in enforce mode |
-
-### Enabling ISG and MI diagnostic events
-
-In order to enable 3091 audit events and 3092 block events, you must create a TestFlags regkey with a value of 0x100. You can do so using the following PowerShell command:
-
-```powershell
-reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x100
-```
-
-In order to enable 3090 allow events as well as 3091 and 3092 events, you must instead create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
-
-```powershell
-reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
-```
-  
-## Event Tags
-
-Below, we have documented the values and meanings for a few useful event tags.
-
-## SignatureType
-
-Represents the type of signature which verified the image.
-
-| SignatureType Value | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0 | Unsigned or verification has not been attempted |
-| 1 | Embedded signature |
-| 2 | Cached signature; presence of CI EA shows that file had been previously verified |
-| 3 | Cached catalog verified via Catalog Database or searching catalog directly |
-| 4 | Un-cached catalog verified via Catalog Database or searching catalog directly |
-| 5 | Successfully verified using an EA that informs CI which catalog to try first |
-|6 | AppX / MSIX package catalog verified |
-| 7 | File was verified |
-
-## ValidatedSigningLevel
-
-Represents the signature level at which the code was verified.
-
-| ValidatedSigningLevel Value | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0 | Signing level has not yet been checked |
-| 1 | File is unsigned |
-| 2 | Trusted by WDAC policy |
-| 3 | Developer signed code |
-| 4 | Authenticode signed |
-| 5 | Microsoft Store signed app PPL (Protected Process Light) |
-| 6 | Microsoft Store-signed |
-| 7 | Signed by an Antimalware vendor whose product is using AMPPL |
-| 8 | Microsoft signed |
-| 11 | Only used for signing of the .NET NGEN compiler |
-| 12 | Windows signed |
-| 14 | Windows Trusted Computing Base signed |
-
-## VerificationError
-
-Represents why verification failed, or if it succeeded.
-
-| VerificationError Value | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0 | Successfully verified signature |
-| 1 | File has an invalid hash |
-| 2 | File contains shared writable sections |
-| 3 | File is not signed|
-| 4 | Revoked signature |
-| 5 | Expired signature |
-| 6 | File is signed using a weak hashing algorithm which does not meet the minimum policy |
-| 7 | Invalid root certificate |
-| 8 | Signature was unable to be validated; generic error |
-| 9 | Signing time not trusted |
-| 10 | The file must be signed using page hashes for this scenario |
-| 11 | Page hash mismatch |
-| 12 | Not valid for a PPL (Protected Process Light) |
-| 13 | Not valid for a PP (Protected Process) |
-| 14 | The signature is missing the required ARM EKU |
-| 15 | Failed WHQL check |
-| 16 | Default policy signing level not met |
-| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs |
-| 18 | Custom signing level not met; returned if signature fails to match CISigners in UMCI |
-| 19 | Binary is revoked by file hash |
-| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy |
-| 21 | Failed to pass WDAC policy |
-| 22 | Not IUM (Isolated User Mode) signed; indicates trying to load a non-trustlet binary into a trustlet |
-| 23 | Invalid image hash |
-| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS |
-| 25 | Anti-cheat policy violation |
-| 26 | Explicitly denied by WADC policy |
-| 27 | The signing chain appears to be tampered/invalid |
-| 28 | Resource page hash mismatch |

From 58ca97ae759646943a74b1d3fcb876fd7c63f2c5 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 26 May 2021 10:40:29 -0700
Subject: [PATCH 85/92] Updated TOC

Removed configure managed installer name and href.
---
 .../windows-defender-application-control/TOC.yml                | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 8fa33cfe26..2a9d13497a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -22,8 +22,6 @@
               items: 
                 - name: Allow apps installed by a managed installer
                   href: configure-authorized-apps-deployed-with-a-managed-installer.md
-                - name: Configure managed installer rules
-                  href: configure-authorized-apps-deployed-with-a-managed-installer.md
                 - name: Allow reputable apps with Intelligent Security Graph (ISG)
                   href: use-windows-defender-application-control-with-intelligent-security-graph.md
                 - name: Allow COM object registration

From 36673e5b5e4bc2325d6d16345265df3cc9b5a063 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 26 May 2021 10:45:33 -0700
Subject: [PATCH 86/92] Fixed title heading size

---
 .../event-id-explanations.md                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 8aab0d3c1b..26a3b3fd6a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -18,7 +18,7 @@ ms.date: 3/17/2020
 ms.technology: mde
 ---
 
-## Understanding Application Control events
+# Understanding Application Control events
 
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events are generated under two locations:
 

From 09d4ac542c2acf8ddc9bc17c4a332f66c46f50de Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 26 May 2021 13:14:27 -0700
Subject: [PATCH 87/92] Task ID 23142312

fixed editing issues in root cert section.
---
 .../event-tag-explanations.md                          | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index e1ea4e1926..bcbeab1e3e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -107,15 +107,15 @@ The rule means trust anything signed by a cert that chains to this root CA.
 |7 | Microsoft Standard Root 2011 |
 |8 | Microsoft Code Verification Root 2006 |
 |9 | Microsoft Test Root 1999 |
-|10 | Microsoft Tes\t Root 2010 |
+|10 | Microsoft Test Root 2010 |
 |11 | Microsoft DMD Test Root 2005 |
 |12 | Microsoft DMDRoot 2005 |
 |13 | Microsoft DMD Preview Root 2005 |
 |14 | Microsoft Flight Root 2014 |
 |15 | Microsoft Third Party Marketplace Root  |
-|16 | Microsoft Ecc Testing Root Ca2017 |
-|17 | Microsoft Ecc Developmen tRoot Ca 2018 |
-|18 | Microsoft Ecc Product Root Ca 2018 |
-|19 | Microsoft Ecc Devices Root Ca 2017 |
+|16 | Microsoft ECC Testing Root CA 2017 |
+|17 | Microsoft ECC Development Root CA 2018 |
+|18 | Microsoft ECC Product Root CA 2018 |
+|19 | Microsoft ECC Devices Root CA 2017 |
 
 For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file.
\ No newline at end of file

From 6136ddc0d5d380854ea01aeb2c2fe9ebb336a459 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 26 May 2021 14:06:10 -0700
Subject: [PATCH 88/92] Updated event-id-explantions

Cleaned up the table formatting.
---
 .../event-id-explanations.md                              | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 26a3b3fd6a..e0c8044cf1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -29,7 +29,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 ## Microsoft Windows CodeIntegrity Operational log event IDs
 
 | Event ID | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 3076 | Audit executable/dll file |
 | 3077 | Block executable/dll file |
 | 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
@@ -38,7 +38,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 ## Microsoft Windows Applocker MSI and Script log event IDs
 
 | Event ID | Explanation |
-|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the scripthosts themselves. Note: there is no WDAC enforcement on 3rd party scripthosts. |
 | 8029 | Block script/MSI file |
 | 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
@@ -48,7 +48,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information.
 
 | Event ID | Explanation |
-|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 3090 | Allow executable/dll file |
 | 3091 | Audit executable/dll file |
 | 3092 | Block executable/dll file |
@@ -60,7 +60,7 @@ If either the ISG or MI is enabled in a WDAC policy, you can optionally choose t
 Below are the fields which help to diagnose what a 3090, 3091, or 3092 event indicates.
 
 | Name | Explanation |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | StatusCode | STATUS_SUCCESS indicates a binary passed the active WDAC policies. If so, a 3090 event is generated. If not, a 3091 event is generated if the blocking policy is in audit mode, and a 3092 event is generated if the policy is in enforce mode. |
 | ManagedInstallerEnabled | Policy trusts a MI |
 | PassesManagedInstaller | File originated from a trusted MI |

From faee789b267ba90d691979a343b4bcf8c1432eb9 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Thu, 27 May 2021 09:37:24 -0700
Subject: [PATCH 89/92] Task ID 23142312 and 29028100

Made cosmetic changes to the certificate section in event-tags-explanation, and added a line break before the Figure 1 image in audit-and-enforce.
---
 ...s-defender-application-control-policies.md |  3 +-
 .../event-tag-explanations.md                 | 42 +++++++++----------
 2 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 4b1860ea36..b33cace078 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -41,7 +41,8 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 
 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md).
 
-   **Figure 1. Exceptions to the deployed WDAC policy**
+   **Figure 1. Exceptions to the deployed WDAC policy** <br>
+
    ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png)
 
 3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index bcbeab1e3e..76084853c5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -94,28 +94,28 @@ Represents why verification failed, or if it succeeded.
 
 ## Microsoft Root CAs trusted by Windows
 
-The rule means trust anything signed by a cert that chains to this root CA.
+The rule means trust anything signed by a certificate that chains to this root CA.
 | Root ID | Root Name |
 |---|----------|
-|0| None |
-|1| Unknown |
-|2 | Self-Signed |
-|3 | Authenticode |
-|4 | Microsoft Product Root 1997 |
-|5 | Microsoft Product Root 2001 |
-|6 | Microsoft Product Root 2010 |
-|7 | Microsoft Standard Root 2011 |
-|8 | Microsoft Code Verification Root 2006 |
-|9 | Microsoft Test Root 1999 |
-|10 | Microsoft Test Root 2010 |
-|11 | Microsoft DMD Test Root 2005 |
-|12 | Microsoft DMDRoot 2005 |
-|13 | Microsoft DMD Preview Root 2005 |
-|14 | Microsoft Flight Root 2014 |
-|15 | Microsoft Third Party Marketplace Root  |
-|16 | Microsoft ECC Testing Root CA 2017 |
-|17 | Microsoft ECC Development Root CA 2018 |
-|18 | Microsoft ECC Product Root CA 2018 |
-|19 | Microsoft ECC Devices Root CA 2017 |
+| 0| None |
+| 1| Unknown |
+| 2 | Self-Signed |
+| 3 | Authenticode |
+| 4 | Microsoft Product Root 1997 |
+| 5 | Microsoft Product Root 2001 |
+| 6 | Microsoft Product Root 2010 |
+| 7 | Microsoft Standard Root 2011 |
+| 8 | Microsoft Code Verification Root 2006 |
+| 9 | Microsoft Test Root 1999 |
+| 10 | Microsoft Test Root 2010 |
+| 11 | Microsoft DMD Test Root 2005 |
+| 12 | Microsoft DMDRoot 2005 |
+| 13 | Microsoft DMD Preview Root 2005 |
+| 14 | Microsoft Flight Root 2014 |
+| 15 | Microsoft Third Party Marketplace Root  |
+| 16 | Microsoft ECC Testing Root CA 2017 |
+| 17 | Microsoft ECC Development Root CA 2018 |
+| 18 | Microsoft ECC Product Root CA 2018 |
+| 19 | Microsoft ECC Devices Root CA 2017 |
 
 For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file.
\ No newline at end of file

From 7107ab412c37ffd773259e679092a50de0d09c0a Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 31 May 2021 18:47:32 +0530
Subject: [PATCH 90/92] Update
 windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../applocker/applocker-overview.md                             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index 0a97c8aeb0..29d54546be 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -83,7 +83,7 @@ The following are examples of scenarios in which AppLocker can be used:
 -   In addition to other measures, you need to control the access to sensitive data through app usage.
 
 > [!NOTE]
-> AppLocker is a defense-in-depth security feature and not a security boundary. [Windows Defender Application Control](https://www.microsoft.com/msrc/windows-security-servicing-criteria) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
+> AppLocker is a defense-in-depth security feature and not a [security boundary](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
 
 AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.
 

From 626b77e4ed9b834bf19a1fa8aa9be371d04c6ef3 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 31 May 2021 19:03:44 +0530
Subject: [PATCH 91/92] removed invalid link added new link

as per user report issue #9584 , so I removed invalid link and added new link
---
 windows/whats-new/ltsc/whats-new-windows-10-2019.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 74b961fb89..92a7eacf49 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -484,9 +484,9 @@ Previously, the customized taskbar could only be deployed using Group Policy or
 
 ### Windows Insider for Business
 
-We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business).
+We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://insider.windows.com/for-business).
 
-You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business#getting-started-with-windows-insider-program-for-business).
+You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://insider.windows.com/for-business).
 
 
 ### Optimize update delivery
@@ -642,4 +642,4 @@ See the following example:
 
 ## See Also
 
-[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release.
\ No newline at end of file
+[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release.

From 8ba8da2d5f4821141134ef596bef6c249dd1d714 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Tue, 1 Jun 2021 11:53:18 +0530
Subject: [PATCH 92/92] Update
 windows/whats-new/ltsc/whats-new-windows-10-2019.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 92a7eacf49..cd82d2c618 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -484,7 +484,7 @@ Previously, the customized taskbar could only be deployed using Group Policy or
 
 ### Windows Insider for Business
 
-We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://insider.windows.com/for-business).
+We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (Azure AD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://insider.windows.com/for-business).
 
 You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://insider.windows.com/for-business).