From 93a34f80f4fb7727ae94f957dca4581aa87f7e0d Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Fri, 4 Oct 2019 19:47:30 +0100 Subject: [PATCH 01/84] GPO Names and Behaviour Has Changed "Enable automatic MDM enrollment using default Azure AD credentials" is the GPO name and it has two sub options. Not sure if Device Certificate is working at the moment, but the pictures are wrong, but User Certificate is working and so the docs should at least say to use that for now --- ...-device-automatically-using-group-policy.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index ad48fe1e75..d0f4e9527f 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -106,7 +106,7 @@ Requirements: ![MDM policies](images/autoenrollment-mdm-policies.png) -4. Double-click **Auto MDM Enrollment with AAD Token**. +4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in version 1709 of Windows 10). For ADMX files from version 1903 and later select **User Credential** (support for Device Credential is coming) as the Selected Credential Type to Use. User Credential enrolls Windows 10 1709 and later once an Intune licenced user logs into the device. Device Credential will enroll the device and then assign a user later once support for this is available. ![MDM autoenrollment policy](images/autoenrollment-policy.png) @@ -153,18 +153,16 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. -> [!IMPORTANT] -> If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps: +>[!IMPORTANT] +>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps: > 1. Download: > 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or -> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) or -> 1903 --> [Administrative Templates for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495) +> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576). > 2. Install the package on the Primary Domain Controller (PDC). > 3. Navigate, depending on the version to the folder: -> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or -> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** or -> 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3** -> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** . +> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or +> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** +> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. > 5. Restart the Primary Domain Controller for the policy to be available. > This procedure will work for any future version as well. @@ -175,7 +173,6 @@ Requirements: 5. Enforce a GPO link. ## Troubleshoot auto-enrollment of devices - Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device. To collect Event Viewer logs: @@ -232,6 +229,5 @@ To collect Event Viewer logs: ### Useful Links -- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495) - [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) - [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) From 22fe43ded8c3b4d28e229db518de30e8e9d8aaef Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Mon, 7 Oct 2019 09:28:02 +0100 Subject: [PATCH 02/84] Update windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index d0f4e9527f..55a221ebed 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -106,7 +106,7 @@ Requirements: ![MDM policies](images/autoenrollment-mdm-policies.png) -4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in version 1709 of Windows 10). For ADMX files from version 1903 and later select **User Credential** (support for Device Credential is coming) as the Selected Credential Type to Use. User Credential enrolls Windows 10 1709 and later once an Intune licenced user logs into the device. Device Credential will enroll the device and then assign a user later once support for this is available. +4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in version 1709 of Windows 10). For ADMX files from version 1903 and later, select **User Credential** (support for Device Credential is coming) as the Selected Credential Type to use. User Credential enrolls Windows 10 1709 and later, once an Intune licensed user logs into the device. Device Credential will enroll the device and then assign a user later, once support for this is available. ![MDM autoenrollment policy](images/autoenrollment-policy.png) From 62190b32ae0029e68f5f4430a6cf102ede3c589e Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Mon, 7 Oct 2019 09:45:19 +0100 Subject: [PATCH 03/84] Updated GPO names to match the current version of Windows Updated GPO name and links to files. Edited instructions to include new options in GPO and removed hyperlinks to older version of ADMX files (1803) and added links to newest version (1903) --- ...10-device-automatically-using-group-policy.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 55a221ebed..9160c8b88e 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -153,17 +153,16 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. ->[!IMPORTANT] ->If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps: +> [!IMPORTANT] +> If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1903 or version 1809. To fix the issue, follow these steps: > 1. Download: -> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or +> 1903 -->[Administrative Templates for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495) or > 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576). -> 2. Install the package on the Primary Domain Controller (PDC). +> 2. Install the package. > 3. Navigate, depending on the version to the folder: -> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or +> 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3**, or > 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** -> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. -> 5. Restart the Primary Domain Controller for the policy to be available. +> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** or **%windir%\sysvol\domain_name\policies\PolicyDefinitions** if an Group Policy Central Store exists. > This procedure will work for any future version as well. 1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. @@ -226,8 +225,9 @@ To collect Event Viewer logs: - [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx) - [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx) - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) +- [Group Policy Central Store](https://support.microsoft.com/en-gb/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) ### Useful Links -- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) +- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495) - [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) From 909f55ab308f20690191e21d81a95c7f4ffd85e9 Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Mon, 7 Oct 2019 09:48:14 +0100 Subject: [PATCH 04/84] 1709 or later References to 1709 updated (apart from one) to "1709 or later" to be correct --- ...-a-windows-10-device-automatically-using-group-policy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 9160c8b88e..4c9e0ec81a 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -37,7 +37,7 @@ The auto-enrollment relies on the presence of an MDM service and the Azure Activ When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. -In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/). +In Windows 10, version 1709 or later, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/). For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices. @@ -90,7 +90,7 @@ You may contact your domain administrators to verify if the group policy has bee This procedure is only for illustration purposes to show how the new auto-enrollment policy works. It is not recommended for the production environment in the enterprise. For bulk deployment, you should use the [Group Policy Management Console process](#configure-the-auto-enrollment-for-a-group-of-devices). Requirements: -- AD-joined PC running Windows 10, version 1709 +- AD-joined PC running Windows 10, version 1709 or later - Enterprise has MDM service already configured - Enterprise AD must be registered with Azure AD @@ -148,7 +148,7 @@ Requirements: ## Configure the auto-enrollment for a group of devices Requirements: -- AD-joined PC running Windows 10, version 1709 +- AD-joined PC running Windows 10, version 1709 or later - Enterprise has MDM service already configured (with Intune or a third party service provider) - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. From 79e500a3914918ce871172270791440086cef4f9 Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Mon, 7 Oct 2019 17:43:56 +0100 Subject: [PATCH 05/84] Update enroll-a-windows-10-device-automatically-using-group-policy.md --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 4c9e0ec81a..ee37cbf744 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -230,4 +230,4 @@ To collect Event Viewer logs: ### Useful Links - [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495) -- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) +- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) From 764463f940765e76f604eb330456bd8d4f01700b Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Mon, 7 Oct 2019 18:01:50 +0100 Subject: [PATCH 06/84] Update windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index ee37cbf744..7459beee1f 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -162,7 +162,7 @@ Requirements: > 3. Navigate, depending on the version to the folder: > 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3**, or > 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** -> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** or **%windir%\sysvol\domain_name\policies\PolicyDefinitions** if an Group Policy Central Store exists. +> 4. Copy the policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** or **%windir%\sysvol\domain_name\policies\PolicyDefinitions** if a Group Policy Central Store exists. > This procedure will work for any future version as well. 1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. From 229b88c69e457baca35468ae5bb4c55aee87ed50 Mon Sep 17 00:00:00 2001 From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com> Date: Tue, 22 Oct 2019 09:02:28 +0100 Subject: [PATCH 07/84] Update windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 30f5348c1a..e7ceb4f502 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -235,7 +235,7 @@ To collect Event Viewer logs: - [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx) - [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx) - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) -- [Group Policy Central Store](https://support.microsoft.com/en-gb/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) +- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) ### Useful Links From 70582898fb5bfae15799a98d6a4042dff384b45a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 15 Dec 2019 17:49:59 +0530 Subject: [PATCH 08/84] added new policy changes in 1903 added the group policy settings changes from 1809 to may 1903 , under system and windows components --- .../new-policies-for-windows-10.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index da5cc3e5c8..12fc040cdd 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -25,6 +25,33 @@ ms.topic: reference Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/100591). +## New Group Policy settings in Windows 10, version 1903 + +The following Group Policy settings were added in Windows 10, version 1903: + +**System** + +- System\Service Control Manager Access\Security Securty\Enable svchost.exe migitation options +- System\Storage Sense\Allow Storage Sense +- System\Storage Sense\Allow Storage Sense Temporary Files cleanup +- System\Storage Sense\Configure Storage Sense +- System\Storage Sense\Configure Storage Sense Cloud content dehydration threshold +- System\Storage Sense\Configure Storage Sense Recycle Bin cleanup threshold +- System\Storage Sense\Configure Storage Sense Downloads cleanup threshold +- System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Troubleshooting:Allow users to access recommended troubleshooting for known problems + + +**Windows Components** + +- Windows Components\App Privacy\Let Windows apps activate with voice +- Windows Components\App Privacy\Let Windows apps activate with voice while the system is locked +- Windows Components\Data Collection and Preview Builds\Allow commercial data pipeline +- Windows Components\Data Collection and Preview Builds\Configure collection of browsing data for Desktop Analytics +- Windows Components\Data Collection and Preview Builds\Configure diagnostic data upload endpoint for Desktop Analytics +- Windows Components\Delivery Optimization\Delay background download Cache Server fallback (in seconds) +- Windows Components\Delivery Optimization\Delay Foreground download Cache Server fallback (in seconds) +- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use WDDM graphics display driver for Remote Desktop Connections +- Windows Components\Windows Logon Options\Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot ## New Group Policy settings in Windows 10, version 1809 From fe0b76895cd40694645086ccd32fe733d8aeb027 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 16 Dec 2019 07:37:29 +0530 Subject: [PATCH 09/84] Update windows/client-management/new-policies-for-windows-10.md accepted Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/new-policies-for-windows-10.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 12fc040cdd..8b4d14515d 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -31,7 +31,7 @@ The following Group Policy settings were added in Windows 10, version 1903: **System** -- System\Service Control Manager Access\Security Securty\Enable svchost.exe migitation options +- System\Service Control Manager Settings\Security Settings\Enable svchost.exe mitigation options - System\Storage Sense\Allow Storage Sense - System\Storage Sense\Allow Storage Sense Temporary Files cleanup - System\Storage Sense\Configure Storage Sense @@ -523,4 +523,3 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId= - From c61d125833622c011b3e83a73eced39c0a841e7b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 11 Jan 2020 20:05:06 +0530 Subject: [PATCH 10/84] added two titles with corresponding links and location of tools i added the following tools **Recovery Drive with website link*& **Registry Editor with website link** added the sentences **Below tools are located under C:\Windows\Sytem32\** --- .../client-management/administrative-tools-in-windows-10.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 35c0f225b0..883afe3b41 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -29,7 +29,7 @@ The tools in the folder might vary depending on which edition of Windows you are ![Screenshot of folder of admin tools](images/admin-tools-folder.png) -These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list links to documentation for each tool. +These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list links to documentation for each tool.Below tools are located under C:\Windows\Sytem32\ @@ -43,6 +43,8 @@ These tools were included in previous versions of Windows and the associated doc - [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494) - [Performance Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708495) - [Print Management](https://go.microsoft.com/fwlink/p/?LinkId=708496) +- [Recovery Drive](https://support.microsoft.com/en-us/help/4026852/windows-create-a-recovery-drive) +- [Registry Editor](https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry) - [Resource Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708497) - [Services](https://go.microsoft.com/fwlink/p/?LinkId=708498) - [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499) From 8eab7420a97e7a8e5bedd0cd15f8da5a89b6c3b8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 11 Jan 2020 22:39:27 +0530 Subject: [PATCH 11/84] Update windows/client-management/administrative-tools-in-windows-10.md Thanks sir . I accepted Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../client-management/administrative-tools-in-windows-10.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 883afe3b41..d4caf190cb 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -29,7 +29,7 @@ The tools in the folder might vary depending on which edition of Windows you are ![Screenshot of folder of admin tools](images/admin-tools-folder.png) -These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list links to documentation for each tool.Below tools are located under C:\Windows\Sytem32\ +These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders. @@ -65,4 +65,3 @@ These tools were included in previous versions of Windows and the associated doc - From 391ff06cfa8ccc1896220078377d566f6c44cf7b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 12 Jan 2020 15:17:01 +0530 Subject: [PATCH 12/84] Update windows/client-management/administrative-tools-in-windows-10.md ok accepted Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/administrative-tools-in-windows-10.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index d4caf190cb..0ecc65a84f 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -44,7 +44,7 @@ These tools were included in previous versions of Windows and the associated doc - [Performance Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708495) - [Print Management](https://go.microsoft.com/fwlink/p/?LinkId=708496) - [Recovery Drive](https://support.microsoft.com/en-us/help/4026852/windows-create-a-recovery-drive) -- [Registry Editor](https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry) +- [Registry Editor](https://docs.microsoft.com/windows/win32/sysinfo/registry) - [Resource Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708497) - [Services](https://go.microsoft.com/fwlink/p/?LinkId=708498) - [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499) @@ -64,4 +64,3 @@ These tools were included in previous versions of Windows and the associated doc - From 90252b31f7ac8b1654b056bd4d8d27213ea10b06 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 12 Jan 2020 15:18:15 +0530 Subject: [PATCH 13/84] Update windows/client-management/administrative-tools-in-windows-10.md I tested on my laptop. so the files are under system32 , not in sub folder Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/administrative-tools-in-windows-10.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 0ecc65a84f..6320e35cdf 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -29,7 +29,7 @@ The tools in the folder might vary depending on which edition of Windows you are ![Screenshot of folder of admin tools](images/admin-tools-folder.png) -These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders. +These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders. @@ -63,4 +63,3 @@ These tools were included in previous versions of Windows and the associated doc - From a2a9672a248a3a8a2b53ad04aa97d5c53a0858d8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 13 Jan 2020 01:20:03 +0530 Subject: [PATCH 14/84] Update windows/client-management/administrative-tools-in-windows-10.md accepted Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/administrative-tools-in-windows-10.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 6320e35cdf..91bc510d5f 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -43,7 +43,7 @@ These tools were included in previous versions of Windows and the associated doc - [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494) - [Performance Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708495) - [Print Management](https://go.microsoft.com/fwlink/p/?LinkId=708496) -- [Recovery Drive](https://support.microsoft.com/en-us/help/4026852/windows-create-a-recovery-drive) +- [Recovery Drive](https://support.microsoft.com/help/4026852/windows-create-a-recovery-drive) - [Registry Editor](https://docs.microsoft.com/windows/win32/sysinfo/registry) - [Resource Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708497) - [Services](https://go.microsoft.com/fwlink/p/?LinkId=708498) @@ -62,4 +62,3 @@ These tools were included in previous versions of Windows and the associated doc - From 3bcacc95afa83a3dc958710d720e0c6816882843 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 25 Jan 2020 21:57:26 +0500 Subject: [PATCH 15/84] Update hello-hybrid-aadj-sso-base.md --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 54e4021adc..e9b63900ff 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -290,6 +290,8 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted 5. In the **Enterprise Root Certificate** blade, click **Assignments**. In the **Include** tab, select **All Devices** from the **Assign to** list. Click **Save**. ![Intune Profile assignment](images/aadj/intune-device-config-enterprise-root-assignment.png) 6. Sign out of the Microsoft Azure Portal. +> [!NOTE] +> After the creation, the **supported platform** parameter of the profile will have value "Windows 8.1 and later", as the certificate configuration for Windows 8.1 and Windows 10 is the same. ## Configure Windows Hello for Business Device Enrollment From e03af423faf9b650141e6d2692881766db8354de Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 27 Jan 2020 11:14:20 +0500 Subject: [PATCH 16/84] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index e9b63900ff..7c5404142f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -291,7 +291,7 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted ![Intune Profile assignment](images/aadj/intune-device-config-enterprise-root-assignment.png) 6. Sign out of the Microsoft Azure Portal. > [!NOTE] -> After the creation, the **supported platform** parameter of the profile will have value "Windows 8.1 and later", as the certificate configuration for Windows 8.1 and Windows 10 is the same. +> After the creation, the **supported platform** parameter of the profile will contain the value "Windows 8.1 and later", as the certificate configuration for Windows 8.1 and Windows 10 is the same. ## Configure Windows Hello for Business Device Enrollment From 94cd2bde7d93198c9e0170ffa2e91de81c060994 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 5 Apr 2020 11:52:44 +0500 Subject: [PATCH 17/84] Update hello-hybrid-key-trust-prereqs.md --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 97c87a6d14..2e296b0040 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -63,7 +63,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below. +The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The requirements for the Domain Controller certificate are shown below, more detailed version could be found [here](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). @@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. -* The certificate template must have an extension that has the BMP data value "DomainController". +* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). * The domain controller certificate must be installed in the local computer's certificate store. From 9b08473155898029d0211780c48ecc41e57430a7 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 5 Apr 2020 15:13:34 +0500 Subject: [PATCH 18/84] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 2e296b0040..cfe007b704 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -63,7 +63,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The requirements for the Domain Controller certificate are shown below, more detailed version could be found [here](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). +The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). From e25231e6ffc23ef6109b9a9bd5e791902c95f6d6 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 25 Apr 2020 19:59:46 +0200 Subject: [PATCH 19/84] WDDG & WDCG HW readiness tool: typo & Arch Locale Description: As pointed out in ticket #5972 (closed) and #6574 (my ticket), the script on this page stops working in localized versions of Windows (Dutch mentioned in ticket #5972 specifically). This is caused by the difference in how the strings "64-bit" and "32-bit" occur in non-English localized versions of Windows. Thanks to RvdHout (Ruud van den Hout) for suggesting the regex solution. Changes proposed: - $OSArch.Contains("64-bit") -> $OSArch -match ("64\-?\s?bits?") - $OSArch.Contains("32-bit") -> $OSArch -match ("32\-?\s?bits?") - Readiness Tool Version updated to 3.7.2 (thanks to RvdHout) - Typo "archictecture" corrected to architecture (2 occurrences) - Remove all redundant end-of-line (EOL) whitespace (blanks) - Reduce number of blank lines before the signature block, from 3 to 2 - Add back a blank line between the metadata section and the page title Ticket closure or reference: Closes #6574 Ref. #5690 #5723 #6054 #6055 Ref. #5972 (closed) --- .../credential-guard/dg-readiness-tool.md | 159 +++++++++--------- 1 file changed, 80 insertions(+), 79 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index 6c12907b28..a537e86251 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -12,13 +12,15 @@ ms.author: stsyfuhs manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.reviewer: +ms.reviewer: --- + # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool ```powershell -# Script to find out if machine is Device Guard compliant -# requires driver verifier on system. +# Script to find out if a machine is Device Guard compliant. +# The script requires a driver verifier present on the system. + param([switch]$Capable, [switch]$Ready, [switch]$Enable, [switch]$Disable, $SIPolicyPath, [switch]$AutoReboot, [switch]$DG, [switch]$CG, [switch]$HVCI, [switch]$HLK, [switch]$Clear, [switch]$ResetVerifier) $path = "C:\DGLogs\" @@ -36,7 +38,7 @@ $DGVerifySuccess = New-Object System.Text.StringBuilder $Sys32Path = "$env:windir\system32" $DriverPath = "$env:windir\system32\drivers" -#generated by certutil -encode +#generated by certutil -encode $SIPolicy_Encoded = "BQAAAA43RKLJRAZMtVH2AW5WMHbk9wcuTBkgTbfJb0SmxaI0BACNkAgAAAAAAAAA HQAAAAIAAAAAAAAAAAAKAEAAAAAMAAAAAQorBgEEAYI3CgMGDAAAAAEKKwYBBAGC NwoDBQwAAAABCisGAQQBgjc9BAEMAAAAAQorBgEEAYI3PQUBDAAAAAEKKwYBBAGC @@ -114,7 +116,7 @@ function LogAndConsoleSuccess($message) function LogAndConsoleError($message) { - Write-Host $message -foregroundcolor "Red" + Write-Host $message -foregroundcolor "Red" Log $message } @@ -132,16 +134,16 @@ function IsExempted([System.IO.FileInfo] $item) Log $cert.ToString() return 0 } -} +} function CheckExemption($_ModName) { $mod1 = Get-ChildItem $Sys32Path $_ModName $mod2 = Get-ChildItem $DriverPath $_ModName if($mod1) - { + { Log "NonDriver module" + $mod1.FullName - return IsExempted($mod1) + return IsExempted($mod1) } elseif($mod2) { @@ -184,15 +186,15 @@ function CheckFailedDriver($_ModName, $CIStats) } if($Result.Contains("PASS")) { - $CompatibleModules.AppendLine($_ModName.Trim()) | Out-Null + $CompatibleModules.AppendLine($_ModName.Trim()) | Out-Null } elseif($FailingStat.Trim().Contains("execute-write")) { - $FailingExecuteWriteCheck.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null + $FailingExecuteWriteCheck.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null } else { - $FailingModules.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null + $FailingModules.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null } Log "Result: " $Result } @@ -204,7 +206,7 @@ function ListCIStats($_ModName, $str1) { Log "String := " $str1 Log "Warning! CI Stats are missing for " $_ModName - return + return } $temp_str1 = $str1.Substring($i1) $CIStats = $temp_str1.Substring(0).Trim() @@ -245,7 +247,7 @@ function ListDrivers($str) } $DriverScanCompletedMessage = "Completed scan. List of Compatible Modules can be found at " + $LogFile - LogAndConsole $DriverScanCompletedMessage + LogAndConsole $DriverScanCompletedMessage if($FailingModules.Length -gt 0 -or $FailingExecuteWriteCheck.Length -gt 0 ) { @@ -254,7 +256,7 @@ function ListDrivers($str) { LogAndConsoleError $WarningMessage } - else + else { LogAndConsoleWarning $WarningMessage } @@ -321,7 +323,7 @@ function ListSummary() } else { - LogAndConsoleSuccess "Machine is Device Guard / Credential Guard Ready.`n" + LogAndConsoleSuccess "Machine is Device Guard / Credential Guard Ready.`n" if(!$HVCI -and !$DG) { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "CG_Capable" /t REG_DWORD /d 2 /f ' @@ -336,56 +338,56 @@ function ListSummary() function Instantiate-Kernel32 { - try + try { Add-Type -TypeDefinition @" using System; using System.Diagnostics; using System.Runtime.InteropServices; - + public static class Kernel32 { [DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)] public static extern IntPtr LoadLibrary( [MarshalAs(UnmanagedType.LPStr)]string lpFileName); - + [DllImport("kernel32", CharSet=CharSet.Ansi, ExactSpelling=true, SetLastError=true)] public static extern IntPtr GetProcAddress( IntPtr hModule, string procName); } - + "@ } catch { - Log $_.Exception.Message + Log $_.Exception.Message LogAndConsole "Instantiate-Kernel32 failed" } } function Instantiate-HSTI { - try + try { Add-Type -TypeDefinition @" using System; using System.Diagnostics; using System.Runtime.InteropServices; using System.Net; - + public static class HstiTest3 { [DllImport("hstitest.dll", CharSet = CharSet.Unicode)] - public static extern int QueryHSTIdetails( - ref HstiOverallError pHstiOverallError, + public static extern int QueryHSTIdetails( + ref HstiOverallError pHstiOverallError, [In, Out] HstiProviderErrorDuple[] pHstiProviderErrors, ref uint pHstiProviderErrorsCount, byte[] hstiPlatformSecurityBlob, ref uint pHstiPlatformSecurityBlobBytes); [DllImport("hstitest.dll", CharSet = CharSet.Unicode)] - public static extern int QueryHSTI(ref bool Pass); - + public static extern int QueryHSTI(ref bool Pass); + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct HstiProviderErrorDuple { @@ -397,7 +399,7 @@ function Instantiate-HSTI { [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 4096)] internal string ErrorString; } - + [FlagsAttribute] public enum HstiProviderErrors : int { @@ -425,8 +427,8 @@ function Instantiate-HSTI { BlobVersionMismatch = 0x00000080, PlatformSecurityVersionMismatch = 0x00000100, ProviderError = 0x00000200 - } - + } + } "@ @@ -434,9 +436,9 @@ function Instantiate-HSTI { $FuncHandle = [Kernel32]::GetProcAddress($LibHandle, "QueryHSTIdetails") $FuncHandle2 = [Kernel32]::GetProcAddress($LibHandle, "QueryHSTI") - if ([System.IntPtr]::Size -eq 8) + if ([System.IntPtr]::Size -eq 8) { - #assuming 64 bit + #assuming 64 bit Log "`nKernel32::LoadLibrary 64bit --> 0x$("{0:X16}" -f $LibHandle.ToInt64())" Log "HstiTest2::QueryHSTIdetails 64bit --> 0x$("{0:X16}" -f $FuncHandle.ToInt64())" } @@ -450,7 +452,7 @@ function Instantiate-HSTI { $hr = [HstiTest3]::QueryHSTIdetails([ref] $overallError, $null, [ref] $providerErrorDupleCount, $null, [ref] $blobByteSize) [byte[]]$blob = New-Object byte[] $blobByteSize - [HstiTest3+HstiProviderErrorDuple[]]$providerErrors = New-Object HstiTest3+HstiProviderErrorDuple[] $providerErrorDupleCount + [HstiTest3+HstiProviderErrorDuple[]]$providerErrors = New-Object HstiTest3+HstiProviderErrorDuple[] $providerErrorDupleCount $hr = [HstiTest3]::QueryHSTIdetails([ref] $overallError, $providerErrors, [ref] $providerErrorDupleCount, $blob, [ref] $blobByteSize) $string = $null $blob | foreach { $string = $string + $_.ToString("X2")+"," } @@ -479,7 +481,7 @@ function Instantiate-HSTI { LogAndConsoleError $ErrorMessage $DGVerifyCrit.AppendLine($ErrorMessage) | Out-Null } - else + else { LogAndConsoleWarning $ErrorMessage $DGVerifyWarn.AppendLine("HSTI is absent") | Out-Null @@ -487,9 +489,9 @@ function Instantiate-HSTI { } } - catch + catch { - LogAndConsoleError $_.Exception.Message + LogAndConsoleError $_.Exception.Message LogAndConsoleError "Instantiate-HSTI failed" } } @@ -613,10 +615,10 @@ function ExecuteCommandAndLog($_cmd) $CmdOutput = Invoke-Expression $_cmd | Out-String Log "Output: $CmdOutput" } - catch + catch { Log "Exception while exectuing $_cmd" - Log $_.Exception.Message + Log $_.Exception.Message } @@ -676,7 +678,7 @@ function CheckDriverCompat verifier.exe /flags 0x02000000 /all /log.code_integrity LogAndConsole "Enabling Driver Verifier and Rebooting system" - Log $verifier_state + Log $verifier_state LogAndConsole "Please re-execute this script after reboot...." if($AutoReboot) { @@ -692,7 +694,7 @@ function CheckDriverCompat else { LogAndConsole "Driver verifier already enabled" - Log $verifier_state + Log $verifier_state ListDrivers($verifier_state.Trim().ToLowerInvariant()) } } @@ -700,23 +702,23 @@ function IsDomainController { $_isDC = 0 $CompConfig = Get-WmiObject Win32_ComputerSystem - foreach ($ObjItem in $CompConfig) + foreach ($ObjItem in $CompConfig) { $Role = $ObjItem.DomainRole Log "Role=$Role" - Switch ($Role) + Switch ($Role) { 0 { Log "Standalone Workstation" } 1 { Log "Member Workstation" } 2 { Log "Standalone Server" } 3 { Log "Member Server" } - 4 + 4 { Log "Backup Domain Controller" $_isDC=1 break } - 5 + 5 { Log "Primary Domain Controller" $_isDC=1 @@ -735,7 +737,7 @@ function CheckOSSKU Log "OSNAME:$osname" $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server", "Pro", "Home") $HLKAllowed = @("microsoft windows 10 pro") - foreach ($SKUent in $SKUarray) + foreach ($SKUent in $SKUarray) { if($osname.ToString().Contains($SKUent.ToLower())) { @@ -762,7 +764,7 @@ function CheckOSSKU } ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "OSSKU" /t REG_DWORD /d 2 /f ' } - else + else { LogAndConsoleError "This PC edition is Unsupported for Device Guard" $DGVerifyCrit.AppendLine("OS SKU unsupported") | Out-Null @@ -773,14 +775,14 @@ function CheckOSSKU function CheckOSArchitecture { $OSArch = $(gwmi win32_operatingsystem).OSArchitecture.ToLower() - Log $OSArch - if($OSArch.Contains("64-bit")) + Log $OSArch + if($OSArch -match ("64\-?\s?bits?")) { - LogAndConsoleSuccess "64 bit archictecture" + LogAndConsoleSuccess "64 bit architecture" } - elseif($OSArch.Contains("32-bit")) + elseif($OSArch -match ("32\-?\s?bits?")) { - LogAndConsoleError "32 bit archictecture" + LogAndConsoleError "32 bit architecture" $DGVerifyCrit.AppendLine("32 Bit OS, OS Architecture failure.") | Out-Null } else @@ -878,7 +880,7 @@ function CheckTPM function CheckSecureMOR { $isSecureMOR = CheckDGFeatures(4) - Log "isSecureMOR= $isSecureMOR " + Log "isSecureMOR= $isSecureMOR " if($isSecureMOR -eq 1) { LogAndConsoleSuccess "Secure MOR is available" @@ -904,7 +906,7 @@ function CheckSecureMOR function CheckNXProtection { $isNXProtected = CheckDGFeatures(5) - Log "isNXProtected= $isNXProtected " + Log "isNXProtected= $isNXProtected " if($isNXProtected -eq 1) { LogAndConsoleSuccess "NX Protector is available" @@ -921,7 +923,7 @@ function CheckNXProtection function CheckSMMProtection { $isSMMMitigated = CheckDGFeatures(6) - Log "isSMMMitigated= $isSMMMitigated " + Log "isSMMMitigated= $isSMMMitigated " if($isSMMMitigated -eq 1) { LogAndConsoleSuccess "SMM Mitigation is available" @@ -938,15 +940,15 @@ function CheckSMMProtection function CheckHSTI { LogAndConsole "Copying HSTITest.dll" - try + try { $HSTITest_Decoded = [System.Convert]::FromBase64String($HSTITest_Encoded) [System.IO.File]::WriteAllBytes("$env:windir\System32\hstitest.dll",$HSTITest_Decoded) } - catch + catch { - LogAndConsole $_.Exception.Message + LogAndConsole $_.Exception.Message LogAndConsole "Copying and loading HSTITest.dll failed" } @@ -959,7 +961,7 @@ function PrintToolVersion LogAndConsole "" LogAndConsole "###########################################################################" LogAndConsole "" - LogAndConsole "Readiness Tool Version 3.7.1 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard." + LogAndConsole "Readiness Tool Version 3.7.2 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard." LogAndConsole "" LogAndConsole "###########################################################################" LogAndConsole "" @@ -1030,7 +1032,7 @@ if(!($Ready) -and !($Capable) -and !($Enable) -and !($Disable) -and !($Clear) -a } $user = [Security.Principal.WindowsIdentity]::GetCurrent(); -$TestForAdmin = (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) +$TestForAdmin = (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) if(!$TestForAdmin) { @@ -1065,7 +1067,7 @@ if($Ready) { Log "_CGState: $_CGState" PrintCGDetails $_CGState - + if($_CGState) { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "CG_Running" /t REG_DWORD /d 1 /f' @@ -1077,28 +1079,28 @@ if($Ready) } elseif($DG) { - Log "_HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" + Log "_HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" PrintHVCIDetails $_HVCIState - PrintConfigCIDetails $_ConfigCIState + PrintConfigCIDetails $_ConfigCIState if($_ConfigCIState -and $_HVCIState) { LogAndConsoleSuccess "HVCI, and Config-CI are enabled and running." - + ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "DG_Running" /t REG_DWORD /d 1 /f' } else { LogAndConsoleWarning "Not all services are running." - + ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "DG_Running" /t REG_DWORD /d 0 /f' } } - else + else { - Log "_CGState: $_CGState, _HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" - + Log "_CGState: $_CGState, _HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" + PrintCGDetails $_CGState PrintHVCIDetails $_HVCIState PrintConfigCIDetails $_ConfigCIState @@ -1147,7 +1149,7 @@ if($Enable) { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f' } - else + else { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f' ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f' @@ -1158,8 +1160,8 @@ if($Enable) { if(!$HVCI -and !$CG) { - if(!$SIPolicyPath) - { + if(!$SIPolicyPath) + { Log "Writing Decoded SIPolicy.p7b" $SIPolicy_Decoded = [System.Convert]::FromBase64String($SIPolicy_Encoded) [System.IO.File]::WriteAllBytes("$env:windir\System32\CodeIntegrity\SIPolicy.p7b",$SIPolicy_Decoded) @@ -1270,7 +1272,7 @@ if($Disable) } #set of commands to run SecConfig.efi to delete UEFI variables if were set in pre OS - #these steps can be performed even if the UEFI variables were not set - if not set it will lead to No-Op but this can be run in general always + #these steps can be performed even if the UEFI variables were not set - if not set it will lead to No-Op but this can be run in general always #this requires a reboot and accepting the prompt in the Pre-OS which is self explanatory in the message that is displayed in pre-OS $FreeDrive = ls function:[s-z]: -n | ?{ !(test-path $_) } | random Log "FreeDrive=$FreeDrive" @@ -1314,7 +1316,7 @@ if($Capable) } $_StepCount = 1 if(!$CG) - { + { LogAndConsole " ====================== Step $_StepCount Driver Compat ====================== " $_StepCount++ CheckDriverCompat @@ -1323,15 +1325,15 @@ if($Capable) LogAndConsole " ====================== Step $_StepCount Secure boot present ====================== " $_StepCount++ CheckSecureBootState - + if(!$HVCI -and !$DG -and !$CG) - { + { #check only if sub-options are absent LogAndConsole " ====================== Step $_StepCount MS UEFI HSTI tests ====================== " $_StepCount++ CheckHSTI } - + LogAndConsole " ====================== Step $_StepCount OS Architecture ====================== " $_StepCount++ CheckOSArchitecture @@ -1345,11 +1347,11 @@ if($Capable) CheckVirtualization if(!$HVCI -and !$DG) - { + { LogAndConsole " ====================== Step $_StepCount TPM version ====================== " $_StepCount++ CheckTPM - + LogAndConsole " ====================== Step $_StepCount Secure MOR ====================== " $_StepCount++ CheckSecureMOR @@ -1358,11 +1360,11 @@ if($Capable) LogAndConsole " ====================== Step $_StepCount NX Protector ====================== " $_StepCount++ CheckNXProtection - + LogAndConsole " ====================== Step $_StepCount SMM Mitigation ====================== " $_StepCount++ CheckSMMProtection - + LogAndConsole " ====================== End Check ====================== " LogAndConsole " ====================== Summary ====================== " @@ -1371,7 +1373,6 @@ if($Capable) } - # SIG # Begin signature block ## REPLACE # SIG # End signature block From c8766851ce7050222dc6633946a66f50f7bd7127 Mon Sep 17 00:00:00 2001 From: illfated Date: Mon, 27 Apr 2020 23:04:09 +0200 Subject: [PATCH 20/84] Regex adjustment/improvement - Code cleanup by RvdHout - Supports at least Dutch & German OS --- .../identity-protection/credential-guard/dg-readiness-tool.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index a537e86251..6727a09859 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -776,11 +776,11 @@ function CheckOSArchitecture { $OSArch = $(gwmi win32_operatingsystem).OSArchitecture.ToLower() Log $OSArch - if($OSArch -match ("64\-?\s?bits?")) + if($OSArch -match ("^64\-?\s?bit")) { LogAndConsoleSuccess "64 bit architecture" } - elseif($OSArch -match ("32\-?\s?bits?")) + elseif($OSArch -match ("^32\-?\s?bit")) { LogAndConsoleError "32 bit architecture" $DGVerifyCrit.AppendLine("32 Bit OS, OS Architecture failure.") | Out-Null From 41a481e208bceba6bc46743788fbaef3c0c6f8b6 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 12 May 2020 08:49:26 +0500 Subject: [PATCH 21/84] Update hello-hybrid-key-trust-prereqs.md --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index cfe007b704..1e8f8cd42c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -71,7 +71,7 @@ The minimum required Enterprise certificate authority that can be used with Wind * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. -* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). +* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in Domain Controller certificate template. * The domain controller certificate must be installed in the local computer's certificate store. From 5758cb7036f3d8d001eeeedfe38748bc953ec102 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 13 May 2020 15:09:37 +0500 Subject: [PATCH 22/84] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 1e8f8cd42c..4bb50799f0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -71,7 +71,7 @@ The minimum required Enterprise certificate authority that can be used with Wind * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. -* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in Domain Controller certificate template. +* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template. * The domain controller certificate must be installed in the local computer's certificate store. From 8c10a037e5fb5e2ab28e96744d40aa4aae5f08b3 Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Thu, 14 May 2020 14:10:41 -0700 Subject: [PATCH 23/84] CI 113553 - Created file, images, updated TOC --- devices/surface/TOC.md | 1 + .../manage-surface-driver-updates-1.png | Bin 0 -> 29651 bytes .../manage-surface-driver-updates-2.png | Bin 0 -> 5930 bytes .../manage-surface-driver-updates-3.png | Bin 0 -> 8879 bytes .../manage-surface-driver-updates-4.png | Bin 0 -> 69349 bytes ...age-surface-driver-and-firmware-updates.md | 41 ++-- ...ce-driver-updates-configuration-manager.md | 197 ++++++++++++++++++ 7 files changed, 215 insertions(+), 24 deletions(-) create mode 100644 devices/surface/images/manage-surface-driver-updates-1.png create mode 100644 devices/surface/images/manage-surface-driver-updates-2.png create mode 100644 devices/surface/images/manage-surface-driver-updates-3.png create mode 100644 devices/surface/images/manage-surface-driver-updates-4.png create mode 100644 devices/surface/manage-surface-driver-updates-configuration-manager.md diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 92801e4289..af55a15296 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -43,6 +43,7 @@ ## Manage ### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) +### [Manage Surface driver updates in Configuration Manager](manage-surface-driver-updates-configuration-manager.md) ### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md) ### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) ### [Surface Dock Firmware Update](surface-dock-firmware-update.md) diff --git a/devices/surface/images/manage-surface-driver-updates-1.png b/devices/surface/images/manage-surface-driver-updates-1.png new file mode 100644 index 0000000000000000000000000000000000000000..58cec90ea06f708f04b12a96c781300ed8108bef GIT binary patch literal 29651 zcmV*UKwH0wP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!~g&e!~vBn4jTXfb7)CKK~#8N?frLG zBU!#DdY^d@cdc1#{+#!4XRT+}Gc(W3x#xBtS8c1hySl3?JxP*yZzP0~goKfV_uhN& zy#Rqg0%Q=#fxPzu1Ty(-8L~*yR90n@4LZM1MJXdfVRnQBDAX(# ziva)t?x*wf^I()A{!p{q?Z5iful_Fp0Jw+#%YXSVxw*N)L__?chH?%)k&uwk2LJ%~ z&42&z|NW1D{9`cDkRL-0Jr^9M)#(oehwtnZN~Oo+2~Gw80CxdOv=4=v%jFuMnBHWv zHnw)wH@E2<%$2pRCHm&v(pqI>PgmcN&1MVC2mkFHT-|By_flq>xm>Irry z3gw|l+BYz4u~-5#0sz35=5RRdc6(?b09CX8rZ~aOv}f#`^hO7Uj+kOQ@iTcW>XQ?> z9xdGEFiH-kwu^T(etq5xjZ~~O*u9|n=|?@T^HVKV?6FNm6*S=MrZ6CSkJ#$W8CMybYGRicV^S>ZLF;WM22h zh5L<}d|t=F#+KZ66@T7y@!s0*k;?8owVSmj$F(56P3{XTZ;P$Ao(Ib7vuPz;>$@6* zdVh1{P;UBVh46aLq?}!m3Wd1$!gcY^zX1T;DJaM^S}k*X+iJC<;9@eFMw96efB3^k zg_`-yWwhGGQkh616H8>$W5p(Oe{_8EdZ_7-_f{EPi_?W_Xv9iwQ zYqTe;BZH$0>r$;1jbyH`Gf}O|>UgtxxB%G^7!UU*EZ z<71V{sFd>e_BJ-ww)iJ{_0dFU&lF={AIP-}tBgV4vHlpXzH^I`y~$WxUz2E^9=BD@ z;qkb;o7;P`ljCj1>iVAe^zvMFcpwn)w$|yq6NA_1F{#DO^|kdaw#I&GH>wWz_O~|I z=`4Zm+&4kIhqZqw z*C~(pnJm6oVKON9wis(0n-Z<{)L{|__thp#ZE<-n(7xJRTVWi@bT*@syS>d|tc(rx zjW05!D%FWVWIj8$XrxrB?6#bJ~3SnKN>LY3M5g>oB!kK*-uH5$$0($XrOZZetB z82=fyj|sJ9lZ#=!dgi8Za2$Bdt9krE!>(}VX4##E{~_TpBdHCosH$y4W33NT3uks4Q3gC zXLWUxy@O^J*2b7S{NZ8L~B=q#fD;jren=59;&Uu*6g`SvcV9dTnX_yxbzjC%xu;kZ)~vjR@K7b z%%NO!w6ie7I4~O&8}q9&tC_bvM`ue6x|5ByZLLwoTw$E(ED8Z@izCsTaOdWkTAh-K z>W^B3n8jG#*xB7$-4I9wTdS+vM|!nrWo1WcP;D=+iBK{8En%NcCs~`P^A9+i8_Z*! zSW^K~hT*=Yy@-jdC>8hk2kVS&g~8@}vjz^pU4SBMeqmvGWhEF#9~){K zonEIm9H2M;m94&9|ia0w=uFU20Y6V+7x%zO6!Izm_C_$DO zD(e}l0_^SWa`!k~_CANZyC*m?Xiv78EY|iWV~eX+Nwygr%Y{?KUSFhdABsg%wJFdX z^6Dl0J)RVWnoTF&+Td#RitW{H-Pxs8dBon`7aa*WM;f==ak#T7I944W>~HVxZ_()o z3blBT$ve@V+LSAkb36P)k>o^g_gA%0s4-_|H}?f6GOf$!v8e=W>w+_%&ny@03B|Gl zf2b)AS!{vo(qr3SUX@ym9Q0@nH9s#L8paAk7rc7e=kZ=xb{5uA<wfVm?)b)N}0 z8G;iPXKfi(8jnOGna&{EW^g6?bC-#|vMJYTcUL#%=F?E~Qzu!OS>ELfRXU6N)uo)r z+U3ig=LQy?DKj};b_0KZ=U64*rtj#_FVUv$?s0`2*8CzvAQnrN8npyf)D9h&fo8kR zaO%*aP?M?UD^v5VgCqaGGFw&0qFwejUv7eCDY!dcpGQNFTCFyCe(j?|jj^?Ne4;#& zsiabwB+!Y(C+m#eH$u(pvFc<(F>0x8GuV8cLcmzxJ`xGGH`#KtMYy@aJ3*ml-CbT{ z36&13p1nFn=b{>&aGkz-ptR`Zg0+q9{oSoK21lioFgH-BxpY#_3VmB3l*qN{UGIN0 zISsOnRXT@vz}{Nl6DsW{#oEjQTOizJZgGWbgYsy7ZIgG%S)QHch~?a!&22Vka~V~g z)F&L~I*Y3{YB&t~=DtvJEDJQ;g6GuM+j6+}E+!ITrBC$wobx8L%m>kg&m%YtCvYx6KbDM93 z+UlxMYviHk@y@{^e|ux|!0a%v>GZt=;XZ4dFIDSK4z{+1r=GJT#>Rn6FBj~rZtjW1 z5~aZ)L@mr;df?RK52j>RI0OlvToojDA8^QHg9+^I$;MGHYSwP2|Eyl$&j;a`bNb9U)I zwJ0~|SN9KvQklwm>GNKmY2^~3^jM+LTAgPOlUj_@SEjU{o}b(FQt7eLadBodhz^g? zJJk>fGOx#F)aaa7)eryj^$N5`x!Q<|dulb9tj@sWsn2(5(r6u*Ub{hYBvk~`BruD| zrIjC}Sy0(8d_MQN^;jrGtF^kk9`~tMp>uh>=MIy>?DW0zShQN3%XzT6!rVtyAd%jF ziR!jzsG=oAB~qPTdR$J6!DvH!%&ON}oEPp3he9eo5(;HHGa7?-tlQ%bpF*8}yc|&y~GSv(aEd+vK}Ev&h6Ev{$WX7f!Qca{=wEBdJ_{idO4!>6ItK zqa%q@XS0~}daK*#JGJN}$0tUc&7{?zc|B)VeQ;mtjV3vIbwo1DS*VH%z+GUo+1_X@ z`g|zhe*NoT|3s*bPfl|_}j(9vDJ;9{=v!V*|G6S+nX1O_?LR^Vvg(m zuf1zr&^sr;u}HtGF}_o?g1Ne*J9odjHo^6&LlXvF_4-HNSmK+0>iIWT5%k6^*9YFQ zoHJBkJJdK(TRk))G{-w84S4T!@1NzG(A++!NyenJ^lyG%9D4G)H-`fg1joGY0pL#i ziBCVhUav~6-rMKw?QwSZILtt|ySLBY^>-&SIhr6a(?N~l{Q6~M_ki21(OA#F z@VP0U+vPN9jjnsPuK@Vj{AbiY5Nbhzzt-;-ngRd-?uL&FH2?s(FCf$a0AU3}4FC{U z-WzH?Jw0xZ{|09_007({zyJO3-yLdgZLKzk(`NU7v&WZY0|0f}&vqLS|A7FDhou{X#PKP}-#m7PKRsUR0$LBg(7i>?32K)jycLkPiv)NI9 zaO`zx{KuBsW=EyuI>qyR)_hRvrS*z zH@x|(qe4h|jHUGh^Xp^GVm2BBw}jnfQ619D@p)KmHo3ZuB~A)PW{@t(HQR=Fsq)&?cjF2@PC> zR(&JX%o@>XOC?%e{m{D3{O)zVL-0t$+&t0*><#+%k?}n*hTW{9&#!QV3bd8}VVhOL zV=k`q^lyDa@^+}%EV|vrK{5_QE^p?Z7=LjTU1v}pPEM>V48NomX3PmC7{fesF zgqj}$0gXPA^NaFC+XV6a(35B^U_`l+^$oY~!7Y)^d|AD>dX%Gqh9QE`~K*re3KO%7wIE;%U@L+w2={rKDS zKZY85Jyg3T7!0+xtE;gDm)9jX+k)E_tQZCMybTSi4;Qns^%9dcu$6%t2YRgo6FJPv zss7$&_6e#t`A1xwSAwM6-gK_B^$|cW7d4s3b3^ zWA4Bj*i2La)n0#UcDKS3+AIED8rl)Bx9`RaVRIS;#ki8WT?tyzRXP0y{jofOtqU&3 z{|pjXn7>XKeES7P`{%wIKyQEatiLZXJ~+|q^52h8vssOsBc)lSCW%U?R;Xqsx>xx! zt$2T8tf{@NudxzOF00);F&^)))fW)R)M};}{e?yQ+rn9B&cc;)PBdDz&R|e&PWKk( z5$d`pnhIlo_kChc`lH`|pD{Q+H8njqF*eawM=mI)E^`$p0!9O+FgusnIRX|N~{ zU)4G(H|Up#>InqG7(*B=%-f+xE}ZA-oxy&qYzB)T5{a0V#N7CZKYgE3-=3fTA|<(y zI=D3575CluImIYKmQvoz6^S<|=UE)d@=$Yj(u=RYevwbi zCst3=mwRdD4Hbp>@#UR~o(gh#874k;U}<}Gw!OHzyDlR>Dlw_NdO~h+z9-c7N{Q6z zb%AhimXt>AnHX-WtnTR_Y^g3SD5zT#sPr;UR~0oQ@%h(J@#9N$u0*X@9?eWMPLxNJ zjnxD^zNNP}7|J z;pUFk?%J~4lA5+7ja9fkSCOArT-nSGyrh96tt_j+f25&f#%NYEM!E}gvuiphM?0&q z*#$+U?8>fLxmrmd>m=n88wcnry=rZ&vk;f`?_Wn%c8#oT9hyw)&E=Ke=F-BNDFK&W zTTCvbwXh^w|GPSHTwV_~G)}@A!KLHZ4i$QhR>)(`E$!+|I{wba!oosdM_XATp{!x@ zL~l6SoT3p3w3^=CgZ-h7_WJUg)|Of#nbbbRR-N#AYD$U3(&=rnPVVo|N{;;96Eg3Z zH&|azBv8lJI86FdZ(C&nF~4(eSEoOjZLK5Z<+V?4YSrSg)@nk2(ZDhvy-27?7R7dU zaxv>zZ8mCVTPrJTI;NKP3>FiYxxO$~mxSpSiq51{ z_lBC?W{?Z|8%TLM*%cj=+uO|H?lxLsc4_OFRHb4}b{FR1u;lv5`GsW$-)K@Z>1*4p z-HA>Lnx59!d!$ga7YB>;a?`b4w5E~|!2U_vzFTVL>L~Um;g@~=`8mc0uS2y)GR}?n1FDcRMW3!p{ zl7Xt+n5Plx#U1pek?feLwDjbMKfFwikBm&CHk4ssq?8Q~G#2FLzkKqnu(q{^mQSka zYN2HnmN!*Va+32atFqFg6Jpact2TwIVA0-PQ$wM4>JPQ-A7UOpPHO0EE5v0`x`ylW zlS*pZskqo!+9Yp#v@kC_{^jG?RNRAysblLKjhN_{Ntr3p&oSjwI-A`eYKv9B{{MdU z>_vPDts*grNTC$ewRfSyC1qfqJ$zZw-HZA5QBn?;K${Mh;O$VGEUW0-mU&;jIyGt7 zt8E$h=GI(dMf31z7wLIc%ku1ae@}f*T-GRkd30#7jF3$$D@eysaXDq{{QYW5Wo0FW z*0SKdaGS&u=F|`cS2;4$m7I(tQ%fqk)|neaR7xeDP{oz$_ttv~3QO>$X8wsmuro@n z99UnP>F=z=V~RG9jjvDR-KeSIUwrq6Z+?i1NpI{KC`?VvM=wHtN=|WgO>urwY5Qag zF^^o?QkM7ilQd#s$>@eqC0N8{l=gR1h~&z?zNW&|td|kbNzIef_0$&;&y$nzDBpvr zb~Dth7R~WaOWhHCSYOL~^)+N*NYpMUemmo0t$g}IoPp%H3MYD4=#1C`V^ z$PB(Kjp~EeBL9(wtsYrlXh#L=8R#s}EiB22dm5A5(_5F4S~%F-k{U|a!KXwmH0nI6OpbZogLS|ijNR)=bfi^)l8m4`aB)u2@>QLEp-C^VN@uaO?ElQQtc?BqXu z^+S4YPI^jiF@;R7nO>i3FRq$cU+5&};?uJz455lc@5AR1F*wTFq4Hp30AJWL+F3)y zWAgDe%wzPI)?b#lLQU3JP}sG=wL1(OLyg#|jO3g~saZ$wDUFZArDazh>Gj(ab=bo8 zJ{l=KH7gL-=vK&Y*@B&Ii^ijsJLDKmjUp%AG> zxxf8izfH&IWu<4gPfRruu(^4e<#iLPKw;hvHO=k}2A7*xK*+(SSC$r~=XVZKNa;i( zHtE5iV$1ug3sSN(V`DPAx>_))$tmbyEF)vEw7mTCHST_0S>43aWJ6(20s7;ZLF(`8 zFGxzq=coShuP;ayg-Oo|O>NcGhS8CR+|0Dhw4A)Q@qTJ?EALo;$Qq+i+gqvm3CW2m zsd(nG;e9nVS{|uqYEvja(aQHL3n-KH_4?xC(M_?OGnI~Vj7%O{7pVmc>B)E!xfq3- z`e-RLnNVC@(7kl%blT+ny{3xNfn^?NWvG~l%g!cGv8C?`HJiy|F=}K-teK?e#M$Y# zr2OJaN`6OQZDM+}(rlPQE$32lVtRwp=CEkhDs|xeS>Q-BhmN!ya#3zc`@LVM2`5) z*OAGY*vw2?%aq*Yud2NrYN*UcgI*?NHIY}=;3Q}rD&2WEJdRp~RUtK;fHx*OC6sh(X zJ97!u<)jQ+V`pnaVS091Ls==cf|eGQFtRN|$0I7tjSmW}76ZMfh+11eKR1c0Ie1E0 z%5&V{_y`IkQe$@=A-TSPh>{!gBD<6pomo3DSVc(sAt^64Hh*?yr9Lmdtb1gzxvsu# zMe7KKT3Y^)-f1_TFw$f4ii-*54b8at_|~EEMrvhuUvF`KVO1F}E{Q78`&a&UsJ-%> z%X#aQlaq_?R&@pnOrbZ=D=GZ4Thr_Dol%Y`D*c+|QC6v~6HWsH+ zn+EIi@YLF_dct3yV{3|vC}r)V-KF10;oDn?1;w?~(}OicY9219q+)cUy@o`s%#V9s zJ-QXB0No5VlTI<%UE4e`xiZ!fpG@63*(XH&`6aG)pV^(5)ul9R$D2xM^{shn>D^=V zy|ooRquZ#acI`;(N=zoTb(iAvsZ(>~^`x>wVjiV+)oc(HVGCQDsJU3;&{%&txxTl% zGB<}fGT8VG)f#A2LU#G&R98%F8Wx|2FKM7+lgpdBI_m42(J>h~xNkN;EoS!0U|Dm= z{Oo8^9)UoqAf*)!O%39+)8o^!6JO#-#sqNP7C7@40W zWF_R6cF$ettFd9Xb#G<--8roY!Q+=7K*%T^`h$)?z>PbvYBT~wUiG<#v*4Wqt ze0do;FS}=A0H2L3DlIRhg2~M;kMr|P>D?hKi8MW5uN{HDQJie@H>R8F`EiJ_1ur0%j^odR? zxnqktTTI9yPu&m8}`6N$>;jw`yuu z?a4t;9TAg>E3F?pRG!RslxLzkS5akqQ$@tXmswdkrR`HEMm>Lhq%b3!L}{iow?@a; z)OzJYcV$LSe#`i}T(;juA>(kQ!KHnrbi1LLkd>E5YnTY^w<26Nv1e*+b#Z!=D>JDN zhX?1Ss)NCb5?nT>VPHj}77kZYahUwJ@hx58D75IrBLlO?{!dQLV%F^7==2!csBCO@ zVa3GMcxV5HM8c@c!{cy;lbgc*#a>(vI@*V%ns=U4v)awd$(9Oi76y}z-XMd`hd4V=HUC?&lb3{$UmEZ6q-D6g@OgG%I+WQKgh18MT3DU zET-eJs=~PE&!eJ}o0oY0Wuo@T)hmR&9cupBLTfQA_{(MG12Ua4uy{YK|8h$tu<#K7 zMw-n22?Dd3(Q~0C`Ex3`F8>(+%KaY$1+>=-1(M#%o(f!Z*XY(&906lm8y@c3o{%ceGubx4()LWd8-6+ub zTY$km96Dx#`}XEB3{#6HN_CFOUVG!zn^Mwdaj%En% z89IPDzY<@+^T+w<|M--s=7(T+NHBk4GEjnJH0EBVw~l=|Y|V8o=N* z!M*3-4}rDaB;viQ?J?SASRNCDUqy6~hm(n2kD>TKC0{ zrOySu1n++5zL&*hP>TfUJ$E3LtKT=9*{GEW1ZWz`iR$$q^>;#V&o6Miz4pOSyZV+6 z1dT)os7xkPzlSFD?`=Vc9TFON6Z$)VUbE1^-y13nij3giyqi#{p+B4GI182dHlbrC z)b}p8eaw73RL(E6L;hYq@Xmd&_rK$=`Iu?c==jZ3YJk-!1`M?MO0JtkqF8y?<-T0sYLJa_LXMJ3#wFW}X z7W$w7LJa_LXZ_5Y8iX1E;BNbI zUs6*Gv{!AR8GrPyai7yKS@=iK^Uf^-0Nf297izD6p*`TEL(Oi|DR}#P+=Iibuc-60 z*&J%wp+GD%q2AEA&&g&rsg)|d>G} zx4=}0|1mTQ0Pv-JRH(K3&#C>~OFC>;^YKJ=VPbULi^!Pv8NLC{A7C|~G-F=kt7>M~ z_*zs048HS&5B|sCRM&f7|9j zM%b-}{iUArrX|yHw$_D0;y8S z-{*^zuQ&R~39b+L`%rJ-9{|AT@Ufxx^RH90>m>`=SkkscC1h``ZyoCNDgk$2Ae2e= zM$;k+21e^+5=u7tLg}%>XftW#8WXBv$rNg(?C^lIzqfa+P;1mG@zJ5=L?#s-q6*)M z3e}`g0sLPYsL>jOH8Pc2DG?rW_W3fE9+gpfEM{+v;xfr|J4fOp?*2YUA~_hXC+ASd zv{tKHCg$vM#3!m?ke~;h@`Sg)FO-P3rkZjolX9hy%h~7h4>U%LNpsBO@k9!p*`Pf- z;2sFYCxWfMj;55y*okHO#KfxHXjF-gxE!uTsW<60hkUd)v~Wp#39hJlZfkv!v45=B z$oZW8BeBwA(aBEyn|5#{GMMdJg_y(P9IFjBn?WH}zV8=9002MNN7vMTcBt8m8bJ*{ zjYO>;7++NwH1lo5nCCH(v6vE4;{W;YzmJXi;eY%;f39e1!DZ1_*z=@h()`YHb$<2O zSYH7qF8am8+_Kg>3Mu|&Qb8Ubo1Pf`{3Wq=>{xGgT9gx=Eq${biOJwxpx2zGrH+ zzcMT8S=@`n;-!s&QNSL@ng{h^* zR&nE;^k@N_j3toq)P^CkWFrq(I6-F&R28MhMtuF(7x|;srIqdME@vecR96tHdKWbY#pdJ!N3h>qj8BVy_Uk_+6c^(ght`IhC}ow@ ztjuDL^rV@Bqm~n%M3DARltT^0r7c}~4iFzLPy0AmraQGOhil5~x;E6uYXn?= zHYUHaovsqE5pnoJGLh0SA(L*P%3WnCB`=XYINp((oRL>Rq}0u>4U|Pb%@~}Y8|WC? zI#k$g#+{j#Tym$}Y?AD654VIT+Enkcl&vZU1V zLzTL}jzldbC1Sc2Cf!sUt+I8nzrD4yk(iNQ%F!Bs#&=r*0Dj8HhuV)`huVj}rNd@B z;jZT35;N0NQ&R8)>s$S$X>l>hiP@yl*z!e>7MksgrtnP$1#|EY|4Yb zzD!O@%Wodp-I^ez#6`zO{q;pwPgf^4IyNye>YFF=l#0UGXN7Z&x$^9kF6O)nf{I@@(H`L_EM38FhOIrtL8}nmh zW7CrHl$p7%oPt4xQMb@rTi4u!k9!`K7>6tDI8q!g4$x)SKC1-)e2PyBwGTHxtyZ(_ zU~`R5XR^g6o7Je6FgMn>`7)zHBNWLEChg%i>p-M18q~+fCnmF5Dp%-?RL+YBl;b7O0lr&cM1!eg;SZnEel61mxK7Vqz%X%0>_ zHlt>Ddjs_|Ifp8xh`q^?Dvp&Jy-t3_SXDokdR zMz|+7Ky3|x&*W!^8mi#v_4;6_U0hte{$Aj#>l5DOzih$p`arPn_3-sU^cd{<(Hmm| z0|CKdhtU7M!y~p0Qd|(Dby}6FFz1!fv0Y}^Z)il@K-*dgATg?c-=da=e9x(4eqe_=a=Y< z%WI1(&_M?sbf3FhUY}p2%jAks=v=w2P(u@pjL&j-0-0R-k)8BdCK5~E*`3G~HztM- zI_Um`cPBFC!t(k)mmdn9E4LVG<5TknqbabckHTOu>g(&#x|**+gEciZB9SOG5dZ)L z_fEF1^*PDbGeW&QkmTz zhf=0Ek;!$Y)4;60OQ(Umvo=3J&k@P=TCG;^@CBZDAD`FbzH})Co4W$B^Ww)c+~DjlgSMBU)Rym5e&6Uy`UlU zZ}ByACpu15Q7O5ww0HWzgF@%rve;dgl%9dbVFBQpO^UH_wj_*w)&c( z>A7m`^MpiPVm4)Vw(0S=Pjc{?i5a=mj1A)B2a)kF3ToHS0;L52d>MD9rZzt}zsfIb z*`zfwx<>cs7M8eNu0S9_k5yGw9|$$~sk)mS^WcYvfBWY5Q5iTQk$P2AbIbVil#(8u z^8!umb($Sit5hcz6N|g4PVqR zJ>0}&sa2Jfku{OmeJPWa_*SztZo?`BR_wVK`I&?-8&B!7Xa`@+)Ahg?$5oio(3A!I_bX!S=HBn2i3Z`H9Ihu=%In)&2>5cIR8&`1(9}|yQ#f;a zX`gJZ=p31u=p7qrA*N*2s6Tib4*>9a-Fm3q@V-!+nVDg;*_;4WJ41tN^^fP&7z_pq zxa&L~PkVd&!onPXYOsB9-GZ8!s4mt?eEgEo*wHghm-s)q^tdFf>72~?rxA~GNYtL5 zk)d(=Xbs`{%V&T7E`riC*H?~t92-w*9a$J{ihl7VgFqb~9d4-WXl$ERo^V>4CM3d* zs?3z=sAq-s{oCsknF-IIJ^b#kDb(RkT1IqHYj4-W+TKJ}R>b3%xs?M)`-`>B8|Q8( zW2%2_YPme)#p9^h>VeHO2sHq{pxX^KB=q!^cZM2DsH3B!^($*@Yy12As06`hTU%R8 zN=kZqdb+Ra?d{FX%v@ex_FPuIRp#UrO)ejI{mZw0^>a{JDM1c4wVD|@I~B-Q2Q{{EDfdI z6*`@cf^Tzk6D=?_5dZ)L+==Gr&xK;nXf%cfuAHBrqcXhB;c#5PlotRH-tJ|n$z(Fr zYzz$qpf%Rl*JH6*{G0Og^Km#FnjTH#^?Cv)FH@{X(@-p2~^I0q|@nWG#a1J_qc4k%Y#)_70um)V*M!! z9-r6kKY4a>>G66mFD~AF%ahM-Q3-bT6oFH8UZ?3~cjfT>)ho}1g+0O4o%$~pxz2lT zTwB?*oL`29(Ug}L?svx@0N_^KZm1!lr>}gLP!ownsBocy02FE{yd)AyX!r_hlU7w# z@wxl_g|19ONqg^5S3Rw{b3u3JHtU45W0O6-qkH`0t(A4bu{n7EX`rfwDq?J!7y8<(O0xg*tcWAx4tCVk*4B=$Zj`1xd_f#C*mU%fp8DFB z#eKQMC>!l*ZtNO9F}dDVIRpTFl6x6yGMP-P)uJGCI2>q!PN&msHlya}yF;zIhRvF; zqBbxO41o~wsQ8m{50c6&NiUu!CB`K+_DnTZR(JPxlo2pZJ^hW;>dA$zxxu=!5<*fc zuCAe~uyXZvs8JKU{h?+TS3ksN=ci=gX|1)i7(&D9M14*kp{t4dO$3Q66$~_2l@(&1 z#p3ZPFY>DAcq=_AF-b+_ytov~XjemgWI_%muXq0FX7d#Q@X79L^HUJOKI%b_ z?+vx8nqAgvXIb?uTjutmw%>(}J5xaJKjf|!;EGF1>(;mSI?78+%V_2GOQ`O2d1g}z z=(L2`m(fvw`96wLReBX_UNwKEEUQuD@ts=)MKQ#}%CfN)@ws6?D*{KYsTf*1a+!I# znCcDsaCUrL%*!YL{7qVQUFpC)ceXP1U;q8jG4Tn>sYNp@V+C1hWLgznpbp%X3IO<= z{zIHoLgxuwVTuN~vwSR1}sj8;EtF^d*M&IMi_Ov%w zR^t;ZHaY9$91OXVRul@gS2h*DnSz;RiMSi%xU!~}B0Q~ra%*`YjncR@T0t&t-I(uw z5{2t+t}H6==Q2hkV)LtOippD7*|T-zqWV4dW>0nBXkRm}s=Jw-Rx?0{n+*W??Cxc# zDHMvg(V)T5&#m&=8M>@~Ey^73+2kMo`C=Q>NGUqg0UpW#g);i0QqoPZ@MkVs2*2472m(j^Nw27s~=_O&XN`-29M=R}^gqI1qRa-pK zP!0Ckw-E`r@{I$H$0=(iVPi8f#kG^lV`g!7LUeR&I;CT4sjDEfQR>uAlo!NDXLK)c ztm-{#Zc;{ZEm!FXEENFoIo;QDYG$)JG!TG_TT)Vzk&%)2rktFd#Kgqg_||Xlg=Jx& zV}4T(pJD=Vr`*d>Lp3tBS{)j=f=c}M>Vn+v+cwGKYk0Y_tI#zdtTpF3IO;_?&~?Vx9|P@&}~wDj*LG`By~&W8o}mZX?fG3 z)`cog?n}4FbGkR#Q&~8~VsEW&9bfwIlybY>7Y>7Xc67XyCsrB(_>b+ro>N0D(9l4@PlpFJC3L4-fVAjntG@7T_XdlC!2awi_v=AHMp3BXb%?$ESAokLEf{ zqMp1Y)l5o-^im=jm-ZyBph_C}KDSV)4TVCj@BzN4yeuz0D(VG(Q*G9BCvb7m-+%q< zZ_@g9mm3qKpGLlTR@qql`~UTid7Z0D!4fe!{zX*E#GXR3(48C?5rgkg+2CFS0DhtS zdQJ^Nl{HjEM6FgIA0K~YsCiuG=`u=jL2g1+Ony=B(}ypz@(N08XV<4X^0Nu?F&WE( z!`0CSd_g5HySS)`GB(TXtFLTott~DrWgqU5N%;-+q{vtb??l{IMxEI3U(#_S)X0BJ ze-VXU5F9f{s43L08ba0}Lo8URc}^HJn+|&$>I$-=US?9#(kM)cs68t>0asLjjd_|z zsZGz!EiEZ6>^?L)p|S?RFLPhdsi8#EYPBkr3MHCOr$b}P%F2Es)QX2prg`=!bEF5H7hQQAvZ&) z0r1P**K=w&u2cKT=BJ!DnG%g@>g=p7!`JtXaagm|yxhv_s={naO>Jd$D}86aJ3o(- zU)YC2jkDC1n?udbFRP#u$wlpTHC27X!zI}%l+ubUGG%0_g+yEQhgwthcp%hJs_71< zYRd|{J3A}NXr;ZwxQOJ6<~A}RmomAt)|s0}Z6)Qrc!X;jC?JxX+bVNk{yC)tpPbn_ z&0HBMB2(JxiVG;T?p87;x4b$#9lt8Izz3xO{4(KlPOZ4OcxPwF^d^*jrKP2OKJVP7 zT%8{4>+hdl*)+I(UeEanXJc$|l*yOtGz!tN(X5s8`JzLi%I))5baEa~BoInvBG%IU z=8;UQH(KSqjp5-*mdI!~DS3yjy>(PvU9czGA%P?$KoTrK0x{fzJ0xgucS~>@cZc8} zzTgfWtZ{AJHMlkI0lKlqU79)MyYudSvu543=FQ^|)>)@}_t{ljPSvlfe%n2&Cr9wP zxh#a@>)8cUcF{T-jh5uy8}R%t+seV^EK_8!E11#$E`?-+B2{;KH9zw3<{ta#@^3nI zy01k{CE+`!L6MNQpXFkKLBUu=8t=G7NkJ`eFM+%u>}RBpK5?+BB<}3&j7+)e z_YMy;)6#w}hL1Sv`wef$M&UA$mU!JVf|kSUN|A7DojjoI=JPjuIUFmjg#I)jH^=8m znw$%78U&z6SlQJJ0<616J2@P}1krb}>gr!Q4c7MdFT%U9A7Bix*Y$=-S$)*9Ovv!0 zh7Nm}vs@CJvL`Vux}f{Ft7nE*L}WnCWgmI+PGd5>>D*R_(Z^H4Q5jVDbkkuYGdEnW z!|O`1$*{x&v8q zw>#F-GEOV1J^^ytU!p7>*#&btWiE0!oxB|T^XpxfGFXDswO=w zD(vN8IM?0Wmpz?JpprmrEFne}Eh(0tUp}1CL+Da8d!wI;D9!(t#YQ^IXJIauGiX6( zxXz+DY+(2<8Hwk1M0l_y6fWthI5i#GTVza8G|uV(7O%<8cUuy=JXN&Jncu}G#0A+t z0bc8&qVK#x!5u61bx>0qn<%LqZyI=QjNMNX4n_fo@F#?t@;+CC`sCNBC?D@I(_L$| z=WOKHCn-YwLv*x-db3|$R3;d#`(+OYuLlgkZ|i)1aHtU6?zLPY4*Z3@PMlb^k&lA3 zq(qg>MYi|P!!ECdVO%K*udWt=^w2kf;zMss(o)lBRQcWuu=rdasry_(+_lzDw6Mw^ z|J1N_8ZRJkPP+en?l>P}Qa+0@o+)!RhJ^bGNqi^wFZ8%AmBdWRU|W0Pb2PrLz;0>? z7N6`AMz^0k(kD&wG!EsSQD(oOHHOiX%`YC#)0sWCn;T;vQr}IdAfWM-m@fuZ?V0FBr05SFTPLllABQdkP|At{0C7 zU!6EbwT`XN3YTmGhhrd*>ZWskF-n@nfIYTFn zg1f0fHCuW?vvVzq%gzl+GKll@^Gg(R#U1hG7{e?Z-xzO^#N@# zQs5%*fJwk{e*8dqd+bC^5H>0{q;tDhS^V!&1fy2kjbN+QL;IviYM_U06+v@0>>g&x`G4RQoW~8*yd0)aMIWRyBsd$GY2pwsVc4bsKYQcnA*34I|3QaV-^1Oyk~D%d z9PkZ{jGT?9Jnh^};!7iNX`6A-Xjg)!4ZBXE6?6a+bV~YVEwE78RodDaWww>9G}UdPMY#i4emT(AXF*qqdlV=7=`#cvCLTP2Uzjd;)q%3)Eb1t7 z@vr-VwSKrs7uSE_?o}*5r8jV|_odXCNA+qni3_bsSFf_VpdM@sG^*l2*V$W zSFxA&)J@KhunaWsyEz841yE0m%1l5;AzvLkdkBrz)odMcUz>hx`fBD-B#0QT>=C*~ ze|yJ+ukDq+Y~XV{(c*Qr+?(}Kvh%XU{<{BI2HXW5xHqT-67;__A7P*Fx6tf}M}>@U zUMt8(_ABmhra3&VyELk3;*9!4X>1~6TUXR|;X8zj9a`q>%CK&U%Q3mC40d|~6y!J= zINMo&PB;(wnW3qprpL=qUuB*c8s*)Z;QV0k(Y_mV6e6XMk9UptzE2KYno1hJZYM#X zrZPu<>=2a_f?K+lOO+^2T{-5Th2iDBL6xT8G;Ky>wXAkzRJnGcPMukJRZ*uL6H$zV z1XS6>(#QM#fXiPGxcv5YuZro}pV_**Up6OeIXQ6@HR@FWP@4Ohy3|Zwds1VvY*%cc5ADqq37<^vvh{1-2&mB$%z_cRrMS?K=DOq zj6~E&*nL@19m$SgU#k8&dv|FpbNW)GkF?m6^x~=VY*tm94Jl}!qPOYv zL?+m=1KU?@uh(m_;_w4s11OujToh;b-^GmVfqE0Sid}2Du=(JVv#h`*Tc5 zsjTjTY|P~rBmYc>kFO5m((H9c09qzm=vTmRc9O#hoDH^#Vg16{U!H@1B<+tA*-;t1 z*YaUtn_Y?sF@rnxu(^+ApA7RcW(@stk}n;Y@+Qr6hkx=uf3+G$3l(N-0wEO=?o9`; zb>DRV#_6s4hAYJqH%}KRyy`R|Ry!vD5*0M71r1;jmMrW9tJ`nhq}|-$Tl()BHRck8 zx1AR6Bt?v&Nu@ZeZT%>5Jil!6O;j9Jf&*A16M4kDaZn?3_T`&A7XeP8qYz}(v%@ks zxBj`p&K+KeT;1%#EJv5%V)`3|VHjV$Rf4S_-gj-sJJ+c_NrtLQ`~im;A$Aua-l3bE zi>dbbuXIX7v;KjTt%&IX9bqX;9o%$+TMRC49<4C>jZ6oLtwY-?Fh9h+sXr@NqOR?mu(8ctQ7;0+H zJQN=EvfJersNBe2l~v`@yomBX(=}lURQi%%oIlWgw(^%^KB5IIrPW zN*-eiGZl!*(EOiD_K#t84Uk9UA3sj(&1k5rMlx!eYe;w z94 z1+iCCQOQi64b-h+*U?t_V!o+4nVv!KR_K%+T|ZfVKQyGdo6p5VfN6YkZU54@-8`MAs&VgVEMHS|)=B5mW>OT!Lu=TWsHCJJx~av_ z4(5K{rK085b=hp|7HZs7`;XOdHD2kCl?;J0Z83fdE_WVQs}p>KD}trk=uP29f$<`Jx@F)P|fxo7K8Z+ zfbYd==)Ujj%2373;RwMVxB3vAou_I6v}{&bQuQblDy?SUwed*4`3xUqs}DeDF<(9a zj0s(8l9G=j#Vx#*fj>31c);6phR?8#bz@!e+vgD==`cS0pjfG zc|D}yaq9$bbZA)7=q!-@;EZFFY9?!TWT}>Nv@>?rhpgj2JIkm)R&w|D&g%wC%&qdb zd@nr(EeirFr6LOVK{REwEzyh|ud5BR{a|KBX?LvK$*-23=iV>2c4?&B)qF)&>Yc_T zPq#6xM=~@NBFzk4%^!L*395AgkThUA2W(kDAAS}v`$sD07kY$1eeo%WlfK;gE0KbP zy;uZ(-b?MYNJ>g8FG9?KP#hC|2Np;L|iqXIB=m#vg| z({LxIs29}*~-sPA*c&71F@|GT5eTnTkyzJ|ad0jn?CTn*c4r=d0`A^uO8Lj) zP&a;ZEdSA4CVYH+sO7(?K{MbbAmP~9*jn1!)JyD~oI!10A7J>-IhiOVG4U^|3r5M> z*f-vc(+Sp07}=+L4WJ$X35V4^hjRQ8y8CX?Ut^j4GU~Aj`n09p(_RN+WwUsQR*wk(A|D;mWyV!oxfX+6&ku z2}yBDanF}{nd_3V*8eDyHLzx}Hi<*nAQKDX%-$Hi7+;FjQ8lVf#>K zJVTqMy3B>)x&5gd;C7t#8LDNJaUrpfq=~9?SVsjtT+|)k>5&z55=Bf8F)21#W;9W& zZuln@yXkgAa%c0!Amf{{dy#}+#Vr#!pC@#z_o8^M_1q<$aEg7bCbJoaZ?hAnUHYAT3+$wI{(^``e8Id?o5!au(_zWjbUy83XBW_b&@ra+18!>NOcGT8w0PzMkt8q9}XbWD5JJXe#kGHFJ&YB>#MQgWUTCRn37Htas$Z+uSZKb$_5n?@#?Mae7`*ZHEbED6d_(Jb4Sy9^^-;ZotP^wn3EqJK-AFjcYzn-BZ*t8dF5JW)1g ztDq@kZD!68L7%FX*lvo9RT&ARj}I&qD32QNo>a>VqH+;)w<)`rQ4naNI=W=~p_Wo1 z#cOsUiU>v6=1>aMFz|&d>B<&c6|@hhLI~C1W9}>Ki0@!|jif zWA_a)LGylOkW*6dFs29)({1L0>-i`=i>TfPh@$2jQI!F+e8c%(`~DcsQ^qq%1-(7r zSU=Vo-zdK?ro=-N#HEK)y2ykE3`prHSsJuwY0PiH*?Hay(o&)uLb7LvW;=U~cun&v zY3Lc>zGrT+-s|+U|Gmm8>r}(|k+4}^aQwhTlgZd1li}^Xm}F(v#(E`9jitp=Ztgmj z_}IkQIC7E#YP92vw7N(fohiZf=IDT&veIF*x1;- z2G7sAiNXbzDKgD{>t4BVBvP>7o8cl`jo9$JNKf z!&LtbN3v79uJ5QbVx<49dd8sc?fGZl;qB_Ar>CthlI~2ewAMpAtpA{PY`aKHdveBK zG7$L>dV~Kta?xP;vA>qc@lUc^P1h`8;f|SJrBdtSg8Iw~IRmf=@9>O0n%c%jAegPI ztJ`ElLPo}xG6>o9^CaF{eZLDq_p{#)$xuH6DKfbrPSVKY=<*?aiUiwV3L>^qHH!ugVYFO#=4jM#YQE*4LPAbJ^_I zk$r0j!<1WI7`k!mB65|CdW(5D7NvSZ&oH4Hp$n!gigP+o|8m!k6buDHe81xb%xb$3 zm|-3EdGx5)OsePhm~smj_c+kaEWO&ckdl8tz=}6x5tC(Tcx;6*Qbt#LT-De#v6^gNYYS*>W8(`z%IV54m=WbZvKlNR%RFB)1bu#K6QgwcT>4Sn z#rhx_ZeA@fb%Kg$?!++f5CJ1$9R8C+ubk}84Pu{b=?AdfUq#j^+h(-O?Y4ea%!_yF z-IJ%d{}}3<#Lya!>(o-b{@$<&AYHw^p?ak*4GReg2^-HpW8Qp)9;78_rH3_||4``E zhQz9?C`?ZI^KAB-OXePEHys!dn+)YFrF`gRkijlsS@rcv5rCWf*;WwG-U_T3 z3#)ak&05+3M6I5rWEpBaRo~#D9{JP1e-ksaN^fjOB&V(+flQZ>wo{p7gA8JZGPff} zF-iHXBkUBHi=xA#L}E!2-6x*JKtY4c7+}}~86KxrN`Zla(2B{!-0tq~fdLtaLP+j` z+d>{^co$fRuf}@lxZ07eSZyx9-#`68Cl!KI#xp!m4!1b-X$l#%TWRKp&FT=7AG6PX zX;_^HP&q-DOytlq8Xy`g0K@^qcmZ$rz*S)`=7Q-J?n4e?k?}y+BC0ek`**BhFN%J60nDdla;v-^ zd|n*HiK|cBV5VLvG1wV2?*;sl=)2Lm8p*i$_(NCzs_Sh9o>5o9jJ=OEoYb0#Bk9r} zfRc_;QNw#O)H?%t{2lgQZT8I+sCM3t1fD6{?AlQ|Jd%32vI(hN)`mO6Inv<-BMAC;uH zH?TIT7zN+b@@!s7u*4=GMjw&{OA9H8Fwzg9w|uTGbi~Egh#)TRxugj})c793)p8;h z_d(Y;02bjfC(j{tf$Ux#?QYx+ltpa0O3Lc$nzLZdHCC|;(-gl-*`aSImSr3yM68&v zS5*W#ZB9OA`B72Jk`O#tg4$;4T*n)hF;t2Mdw7JiI&>#+N@z6%KYVCL^D@Pp+cTWB zqziL-=uw73mI959&n1av{4WKMb&niGsX|4JvOUzHsH3Z`B3NH&xSdemN-~vm!WD<* z^Z@Vn^i8vsfnA`Tr%Ak1!g^+b7Ezt=d&QEo*t{H5A{FP?Qt;GX#7@A#B^nc^$fFV$ z6R*xaJkh2uiDBy!API$V#K*-M8yl}I#R8j2e7tid7SgFgz5A*g4@2F_mEBL(UPs2L z^NFQq%{2kjIOekVlNbdN1!;UnA&pD2`P~$hNYvGzV}|2~6o8*>(2PB4fb(`C4Y1o8 zJ%Ms2&@&)s?URPD!hKKx;s5nz9FWc(A0MxvhWQD44}{(o)P_PN^@D*VSN9t}d9J&g z))Rn*TDC%R-L2WANAdJ7UGXdQt*@!i1AxV^Ry6~e`nQkM7clO)4)?I{v_y<_om(U}SYzf1BTZrwn6I9uTQ+0T25hg+$#u(dOy?uSNUs zlykABQ27~A3E#QvA>W^I;bOwTVAalFir8{0v|9rn)`n#`R_pdt8WSdfPDVHboc+` zWgm5LGR|GMgZ~wpI!KG{u5WUGXJ?!|E^Oo>CR*iAm)8q-`u>k+dKy5Rn&tksr1mUP z5J|dI#QD|L{~U&Bd4W8W@|nzw$Dmq1K@PY=BIJ_@{@($^_;+47+)bOqdpG!Q)7iBYw(}&`%h~4zy`aIGGW~aeEC0$QavLZ2p~xz~m>o z&C7s@dYH;Gp2MB)T5F&1!WC$Ak&e8C*qB?NX^$t=_wZl}YHd8gkKE){J3eZEuOE6Qyc3NoA-MCv%m_FfHbAqO&r3H#N z{X32SQjf032p7Y0x(r|tT$rHZ*E_j^9fkuwpvHHnxZVGvxc}0Rx-JE>n_!>sxb@m7 zjE5gUHnqhH4R-sVA1*LD`5M0XPVpJ~*`=kSmF013)Ejta!;tZc6`_Zm98`uJvt#QoH!SPAhg)_juB^d4?-gA;g&rbB6UjGB! z_4wEmdNj>($gOfGvi@07w{C9~Rd6UjBN1awRH!{aJBMY~+^_k!!FSu$nl-a_^ zE2Wi3KA#;mT=X7nOH4(YLi}-^3}YOi2!fCbiUl<&=CohSSAZ||t6G|lP`$9>Jy&HK zi;}tth5O6+W=1xzbU}^!ABX(jz*}{J4OUPKxcaL{-frqM$~+0Mc_aU-l<| z3qGFW;KaqnsW#^TG1og#kCmHptGtD4)$-Iu=&bp`tO++*VE?I>C3G)ge;8%Em`Z`7 z%3I<~*v{x!Ilr(twvmRORf?q8!EE7Y;bCXABfKccqCQYw>&fnusC)N_Jx_jeAvU(k zTPn_!$SwmQX1v{@`<7?zb)U@M`Dde)L7Jr{Vkiz`B;*;u*t@n%L30Apt|*zdG#MP4 zJ?txaM5ydApszc_JxMAekCu@dUEJ9T_+-);&rO74ad9`ZwRH_}F>s}S&G6#%&(2}8 z5(O!mn=@RlqJf(A!H`SxB8*tjSJvy@JW?`pBd&5Lpn=|@{}?~=;>Jfx&B@dCZ1tS5w*%ZT$r4fI$L=g1NTP4eyA+5`+g`bQCuW7ke9Imxt8 zi%ROBH_OKSoFl7v=<_p+489sD7jR$V2dlw^6NM~ZWWd3*QjYmEX3hFmA=Vi%O_fnUsZjlE@z2u9^FleTZk*> zYq=Uiuo0^!1JRXdbL*Ji=E-GPSXe;;9f5PH1(>tY*r5ngTVdm0*Tm1o%FE%B&Av$> z(Z8CN6?1gmgvnoG>FK8ZZc0-T72%OR`rCQq$xU%AblQ(&@wtc9H`lL@;q)wXI~!g` zisiik_O9uA>1$g-ht9Z7o#p&kSN&dv{0I>g+-*vPM>)pG>t$zc7u>|NsXtfUXBN9t z9Qor%$*yF?Y|P0_{?DIoL@sFr_<>zh%P-Q`;X~#FXzW!eGEwIoZMC((!~`BvIX~-EJ!Rl6bqMhuDL?f`(DU z-{c~3aiiqQ9`sx{rLE7*M9L!i=HVL~1I?nVKAQuV@6m0cvtP%0XZUo61huX@H#T0$ z=dx|DM_g<+6K!P?2hRE3)P=S|R#xH$2P-0eM;t!RQTs7wW#nqG{i#GgHRil zX=A*6ezy;`aX+c=QV?0;U}dc+F9-6N6kZosRaNEYVlkE#742xr4p#6iioW}k;dA>z zfSR6#wz|>OI#ZB~9y2ECryM;)-0dh=#%h7-Ns&*#oINGIT$$H{^$HFGOXo zS2t>p*8*a@XS%i$o-c{<%Y7+LBcYX#ko^)a?-|w`ioV$+m-wc~f9<8S@||wqxiXQ1 z-k*@foJ7>%Vhq90S)5up7E1D(B)=2dA|N;HdEtXbQb^CLC-z&BNZO4K--hLBj1^g)-0z0}XI{XScC&&kYK1n58@_ohq;Kx+4QW8H~MJ zDeZP;VcwgB@>-ZFXVw$Vyf~zjwvD2o0xDH0ysoD9D1`E0rC`OegML?*!%o<`C!>A}9ePtSaG)`}V#M<9v`8n+UY5gsL9(+JXf82aN ztl#K*${#x7WLc&GYZs?;GP?QVRTUc-KyB0|)}3qg;X}8g$4h0HnY;<57&^nIa;h3B zT>&JU_}ro@2RegW!UwjewKl?{LPFeuGy)aQMMeCBjx#`hN9M=Ysj`4sK*9Xd^m7dv z7)XEOeuXPWhRsSEX~KG8gXzTw|J`{V@ZoT%+{B|fP4t7Y36Zs=!V{&zxtD!i(H}Jo zkWZ(IjQ(->?N*yw-zJ-75*{ltBpq^IqkqeCXxw>*7fr3v1DsN!SYiG_%fU-oZY(_e z5R3F@fD$8_MEjb`;|S-hOCzr$M#d)h;D*=)vDIxyiw?rX=%Maw_=8s^jYY7=hTzWr-87pKkT!?&~F+9HJsX_ySXp^!H$4cxTF5rw1DoP0{rA)yD^jBRST zq*+Q8654F5e=>y57r2HU#$#-y4Jtbd_;iw_Zg13mTwf6q9xU52MCNhMojhD)pMR=f zxQa)aL-3({ov|z_kb4$8T=7Q_*Q7eJN|k)|GoPbvp~evJ160O4*2>Bdj>`5XF@rz- z5&VbC*Cpf}e=L(v&_M&W(=FGVDG8g2Ybq~9vS)R7sSq(`iS0N)4SebZ5_q#Kc#Haq zg@s=mnubQJfA2s{Iu7F0sHnh(BdS$nx#VS!C&vri`3lAlMD4}()L6qs4P2hR_*JncBw}%%oJ`mS^mw}dGom1iQ ze<+Lz;+M7a&IT(Y;VPtFhV>6(P7h~XZm+n?V-NrAnj;h>=Y?(&bBP-vHn+(m5op#f zvGr&4@n<<)@-%?O6-5+Lc~`KNuTo!G8Izb8qLl`%Akx?wR4|O-h<uF;MydLeuPpMSu^0`ayi`1L)cXZ0wgN>~`pAKs&twpEn*!7!!Pj|1#Hxz_D0 z&&ZP3=mO0tZmMHH{rmv(A!?GfoM-NNI3oiy?N-Xd2F-h}V>ZQ{2a4g-j2-w7gM-QZ zdqtV`;AzvU7iN%gn-5 zQpxdz#>>>JpwR2Hb@lXMk5y;Yq&cG7_F#NtC&1`%c9)l>(DhnT1(~ND~*<6uFfK9rXBY;3h4m;Ofy})D` zwjvpqJ-?HlbOI32>5^tm?Gj(1B9rcwK3jHlbR4 zbmVohB=Jn*YSsXK=r#VXi7!E8l$VuH<%pd$M*mY%=H79_@^9EpiiPw7!QCUuD_zsaqvoX@Mn)mS9t_&x$u2r^3jNFERpgq9r>(7}a~9y)x0SbW0=A znxQqW>SNOJP%^qVA2M0e?04R?He`GgdFNnKF#fw^y!*LveXYYllqK5G=vQDlB}B7a z5(#7Hh*QOTO$&QSW{C2V<~u_1C@L}=7^Ku=fk}fBy06MZ6{CKoi+uyvR3o5?*}?J@ z0`kmD^O`nPM&juGSNgnfCNE08*b4FLlRY@yUgUo&iamI!HR7k;5H!V^OBw@|CCC7| z2(Jn(UM7&SM?emV-ff7q{qjga%$A0*YIe$MG8x$(#E z4mX$3m-kDm>VG-!f6C>VPqswqPA6M^@p^tC(&=D-6ESJRMbA@=bDz%x2&Xfi;1p*$ z46NrvR+5S*l2+RCWiRJ#m*7k`#id1!7vG2JilJJo{VqM)KpBVNHTnvvNm-22E%Z>j zSb4|Dv0^N$BQ_N_>8mG*?*n0`Je?U&VE$7{L*RMs-vZ>N4O(i?kH2D!QC>}NawUq> zY=W`+NxGtUR?e2X37)^sGovck$4l(vf^fY5|Ve)z5D{BNj&Cx@dL(jeMfd} zv&LImHZVo9Vw4iHOsHSjT5TM8B5{0ZDxnB6tlA8{)+*e{VfjHVtB_7 zPVtgQmdK`I5Q(go5VI-L(JJ2?1ar`H#(P%5y|1Rp&{kzwr+8Y!6XcJJFq>Y1?Od$Z z_c0_)AMFTKF|g;{stWV9eZw9I#M;3nBenS4&ys>6E#8D%rBoGut?hmP&e%h{ti{b? zb5wN##k7$wGmDGj;W)An+x=%~VnSkDjtg2{{w~;mOx^-6!sj-pM#f|INAww2#({V1 zIF{ia@a6|y+y5Q3RR+MLm{e?)p8 z0cWr5AWUt6Gb(K*GIb7vwLo_;$>JSW_1{9hbk+j-i>wsCGOZi)K zPfz}T%#eNhZCa8Wa1bX*QcO;?MEI-U{{Xpd B?Xds= literal 0 HcmV?d00001 diff --git a/devices/surface/images/manage-surface-driver-updates-2.png b/devices/surface/images/manage-surface-driver-updates-2.png new file mode 100644 index 0000000000000000000000000000000000000000..26bcfcda7432fb5f57ea05461460ed78ddb7114c GIT binary patch literal 5930 zcmc&&XH-+&whb!Mq)1ahzz+;aSBg{-kS@K3E}c+BS}38Z6lo$&5CRC1gc2Z>fD)Pz zic|qZ3q^WIAQTaS7w&h*d*h9F$NlmC+&#uA`>eIko@=jp_E=}e8R%)yQnOP7003Go zO;sZRfUKKz|C#a<>CD?B<3+lV`59@b04fGvtqZW1Er$Jd_9@2%nVbB_FIRDMgC< zo%>sF&dF2KbOYGXWu~ewPEL#Zrh#b|Y7kRJe(GM|*8 z=CRgqUQDpAC0|XcP4T1b!{E9Rres6C1ig&?^tZY8wUh3z7nk@j z)=)FOlliv8DIQt#GrKm7>LCaPiiz%{p|c+mN|NaFu@td$VZRzlv7nLq-Ox1pJ-Wd~ zvN$r!zgT_o!$(0;W@Yi0o8P+?V9cGlM9m}C`BjCby3exjgzVf4WgEjgA6hQCf0236 zGF<sPpeX}nqxv{g9I;sKBp}iI?#hYXv1(J#% zu_Z6s-7r$eB-~%%6T5fbD>l!Da6Pask$Wh6y^O52eaEp*Z3`x0&ysrQ=Gk7QUZ5K3 z1?xHpU@Z3i2g8z^CXYTF0baxSP^W=ygS{7>EFzUW ziC-&MNsI?w`?t(veTBXR5dKd)_N}%3esqqY0JIW)8_;KG6b}J_yiC7n)5Fs9<3frY zGeD5-0L$p?`A)?70Z&(|?gl|^d1j|~L!U$b7Ff~$Iqm0f}nomwadl8i5>mN8lat2q~Y*(hhYBsfPt>IIG6Wv9C2@ z6!JB4!EJVaVdAa>TgIbvOxbxrRI`n4TZ8||WJPv3jbnO$Iuq}71r_Tf8Ae7sgFx+w znrwsP2=_BzVcGaq@#*;+U2re%g=&bW-P;hLON;mUOH~MfK)f18EBjt=U*+ zwJ-5tMvlMLF=(60vz^*xRjL!}^DOdDn+YOOsow@lKWo@v%U$GIZuOU2B@{7 z(#OcGw{@bPLMyD(-!`U7O78I7ugT`v9U8Tk$g$W$srMZeJk|fbjmauk*A@_BKpBB_ zo@|d-8c?ovTvJXvR<+`twlZ+NdDQth_jkHp!gogJ+5yA|_+Mz9mKGjlf*4-GT;!*L z=kcUT+nMvtd zO66r#%6;c$oh|pFo^Wyvh0oAqjUPRsg%8b`AiVquBdjSBa9!rfIG{rX!J*dNg zPxOqM0OfLVD7Tg0$7(!>OZ^<9a@*8#0sc;tWgeD@bwzs62no_IV~U=FI6@~kesq;P z`II^%l=k=>(oD*xL8$8(?FK8D{(3LA2h!fwMv)mMgV;tCDvx0bAyjZU_`O zk!{7eTvE{tg4ik?T8avi##m*J2hsRQj-Rr~a_r*sY!L;f2MT<7xZSpfDiZhNbv>}| z4Fm5djMj(w_mPjC`)RTA1u6&5!e+TuC4`Qf9xm$V-+EO-uqGAi9#+M$Oztt95?r!O zf2Y>7kQt_n=gkrB?Ve+|jwx)Cj#b?12zgg zJ1DFq{9g6nz{v6)B+oy!=d3GZdt`H@Cv<0Dw%+v|hg_|ptgL{`6m&p?nomxg%>B`5 zIs#s2UpNHG!W=A@MyD{l@vMicG*BhsBqc(zrEoGL5{WJ3jSe{6cIOKjuMN*Sv%+|{ zOEZs#R_1F(<^7CL|J#W0s|J%ty3XIT&-F52>h{-rP!8D9xy6U#Xu0-w4d#m`S&?%$ z?We~pdQ#S4A+Tn!S48tjbH=-_{r-H8+2681a%BX-w@&Ixj!JGASoZ@PkCZSyhg3t#+jL!&w&n)0%PSk}ydTKM8`=h5;W6Aj^$6jl#5zEJ5{+uqW7OXOLw zx_anA@{PRs%TWPG`sL!eBgyj8<&d)BmeJiqY;NLlS0z;i$HccBYuoVYjpy(;%{KSI;`f7NCD1z*qnI5`&j{&^vyk&E$E z*l{-NUY(h%9&7Kn-4K_#K%3WB1J6QrZ6>~l{UicTZ0)=9eEni@P^p9cV>n#nG9)Gu z5kR~f-*p#h|7`haMIzD6iq>w>vf`l-GR(&w`YZ(|bS^e$$paNO6K+>oCXYq0WpuJF z%aqrh{t$PyA3C}ghG2@0$)^L3JQRoI@Wjltv)tjNfB zztVm^7n7cRR!{3aM&*+vF%>Rk&2w-D;f5o37iupFw8oFm1Ha?@1&>6;W`%aI(;kq? zmMGhrQt=PX;uako--L2nQ6RI_52Fg?Mehvh-JTm`W^z3YuQYP;-iWB5x#b%rYgG5n=QT4abq4OFmn%APtG*rKJeCn^S+OZ-C71xx+%Foy;i5W zAnheDhjO{q-w+4n>VGt5+vbFv2`|0*EW53hv1Nz&(Si-2B0hJ%=I4NEw-7{))s;ze zNqbu^Xh%mg*B?8!`ddf|ZQhfV(1am%Hr&v&bKj~KW7*=^T7ny`J+0QU`2yivA3m`8 zlyX&NtU|60;Lx?5#FOzTD)y2U$1iN`EboTGg_N4GLTiWbMtmg+FpL2^_we-hR?_c5 zb|_&A_G4%>C{>4h*83qnN2N(_9_%$~b#u`(bvFI}181KCNJUY4g;U`f?EclhOw3Gf z)F^sIZ6`fRj=kKo(V1(#^TCiPi^G^IXE86v7t(1#1(tdDnXwYb@FnI65u!IwOE>8G zD&6usLD!PPRqI>C%}Ig9dFT!C^37vy*wedML#Ik}uB4R5ukQ%*#cvNl>+FJ z*rDsFG;rSF{8Z5U^mjz)bsq2BoRI*54dc`QDZ49i6Xgn70c{}!h}4K|*Fs*PB^lS% zU>|HDELOXZzxMP>b6A~E3^AnxsfeVuw$@EHBsFh;1 zg(=*&c|N0p!ED0(tgCnS{LkJ|i}1sR+4CXS}opK() zKi7#%%u3Cq`CX>S2%}I;OV$Brp9ECw-sJ*;mX>u6Z&x1}R6^C;!8QIzcUI0aIlv|Z zeRkqcJ~Chv+_T_Uanp%7=FpH+*U{t9Wgy>K=XI;}!F{I2Y1$k3KXcjzqnL`HcT@Rq zpC8eru5Nx!dA3+!(#^j9%`>>k?8c)`O>+2v)!k#NBrrcGaqK)5LWijj%RK1H5O6=QNDqD zzgxcAc0(TfdZf-Jx4FsqbPE>ATjknD)Ec=Z2^V!#xKxST-z|#r6w9;T!-v%FpE2h5 zrLtKi*4>2OU=fX2v7pY&CT`V^H4Ns$8&x)JpsCufmVN3M+T8%yUegpN;9gugY%1RPE_$4{n2yf>KJ_(H^Y`(?e0^&03qX4Z{oduC!CQj@0DnEUaby|y1X1qQ-ejxJU4V2 z&m-5>D;AXgrm0?2XQ(x3er=-Ii~28VApM5-Yu*lB#|9oR3j00Tq=Fak`UE%vruH|V zvbblEarQJx_7^?~(TZw*wLYf!E-5aC4C42DpQtXtWN?0WlGumc}Ed(p%DW6TyMk__s3GAT?aPy1-m*)*faxD|^D|p@*|@ zw6i&_u~4^jiA{~MnVmHXWTi*Z5+-ceuXTx|2JoYb#J(+Zf#R%Scpr;Zjc=9&O~Swf zwX4HlF(`JhartX=1>L6)$s#pYQlh0&fI=JQtYxk%3K>l?C;&1gToHJyc zJ=t9*-d&1}U73qEEoLt=JK9x&m-CGEj7y^YSZz>@pYwt0CPw8yhNun}DMcobms>9r zyW2{K(@Pl5mbByK@Du9sxiMbc92gUjG3sR(2e>Qd_p(fUG`5d-|E6&a?{b8YEEe&#bgFDe|Oyes9d1iWF&VBzjWClO!{>hTTThF%U?zKIf(^ z`{x*nHg}pTT9Vt5PaXQ~kUyoQk2~UY8n%8=GaGTb(A%3I-pe2Rk~I1+m>{aOG%503 znjp&1A^BpG$1;W>Q>~m_w}31d-Sw`&z4%c~cxLmNJU;u=16;rRrGNODf}qp><@h7Y zD5k(N>I+oQOVQguK@n+@#`P!?_*-qkZE}Jh0qNWpYXb+3UPAxyDMUjWO8A{$Sw=}E zY*`S@Nct_^oQXY)iCz*~s=O^*e_-hEXP)+_+82RQ{)@m~{JZ!ySTlcyj{kFg`~``$ v^j5FE{?GULFC;oX)UAuw`zAB{>W`trX3Z7^bi literal 0 HcmV?d00001 diff --git a/devices/surface/images/manage-surface-driver-updates-3.png b/devices/surface/images/manage-surface-driver-updates-3.png new file mode 100644 index 0000000000000000000000000000000000000000..e1dafd7f1512beb287bf20249282236b4f8b565f GIT binary patch literal 8879 zcmaKSWmFqc*DghaySo%yL*JQdt121}?GeUm*NnFg6$d>v)0r z+mhe!y$(0TMEbF0NAeKIo!_4o9t^#QYeCL3zNqrOQU4MHuIcy5cypdHcvYX&Zh8Vjlt_`T-=;z7$(UX_R5ypS zB>%>AR47b<);Z~kt4?N+?6}7vOA6M)LQ&1EUxF6_sE-1rr7J zLH6g-GH)(J0ETT|B*F~}xgXL~cZiLYX zZFR3G#}sOFRjPnSDW2%HQ|2@^7AB40g9?|cBKn(fRyVSt{m1>*b;v&Vk&>c1N4_t` z)hRh?mz^0%zqy4tBw-?F^Pk&`IY|z_0d^AY*N1RT{gvyq-SY8-G_xuAEUfhBOT#6E z!A4D}+navEE!#?-HKT7@RF8@PC!$r5Og3N4cnzoNR|8m)GhrVBXBPd;%?f3Rr#Q~{ zJD})%&RotbueXwjyM-^pq|HQpz!d`uS?Yq2Hzj*qNa-(4bD!iThK{~&L_0c2>R4Na z(2xLanaw_uaE$0gU+hg)xGcn*r2#rIlcXy@CRp33BaL>%cb3i*D`~3|$rrtx-G=8l z=?AxFX51nbaDZ!0wffB7C9GjlO?4FX$T7TB>zFS3?d8WmIXD?=Ki!DCLR zx-PoiJ0S0MU*`ZE%KG;mC6g`bBgky4Ks$YMGI$1-+$Vw_?i}a^#-NT0#aL0rPnZcv z(;ud=Kj0pLGHZT$#RNyE(*TR5ClWa+{T8DPT?^FVNYd`&z8`eX9NQe}#Qkx+a>ki0 z42;+54F(xM+14G@s8pL8Nn_I0v7A z+Jkm6@pr=Kx2(qr`Aj=4>#4SSKN*9xD!Y%ttM&2+Mx6BDvl zgGrW`Q|DTxU$!tMhyL^`6Ex(8>nMgvv)A5a1CiEN^X!0xWnCE{gqEsG;wUl-Wx!X~p6y_ZiB z51Z|gug9kAjOJJAasXCxHkvVYd(SEs*1;igf1x#x*KJ}BJT_&mDLSLp40C!J49P2& z;AT>fEFPQ!-sTf)~0^<;ghepy$mNqDq->j7v=fh=_7zj1}R5$SMidm ztw?El79E9whCv^jbMXl6qBVlqoOONKQRQc;xtc$G<1+5Di*;W$!Lq-7qqi^)Ky)#r z*6SKOQ9DDoh7mh8V7NV{%GPRP{(Wu~kZJTVNT$RXfsN%!nrX{@;EU7m(c*$Q z&!_f&&pJ^*$+@Fhzs;ru%djMTggp)XphzZoLZ}qvbCmxYTT$vD zQdlm#k-2?501HIp7<9<(H}K;*7tEXXk&9^-xjwlIUNHE1F}V^k-v;on&G!WgI6E^M zPk>k!n&NmDE@b31ysY2b{76D5&V+CCgWhq-khy}lA^taZ$tGK*MExgot~a(f27fQW zCzjmY$Ke~zNGWyB-k4{C7<-mKfUWq zHFghawQO0+2DSGz-=9!p-^q0eSH$t|e$kyZ@eGqB_QJd4XG*wxsP z%TOP@XIzyf^+hg(BGDaBnnv2TRKFWrsfClsuES$+3J%ok8TWm5n6>gasCUGDI{5R~ zjW}xdxCVRh1Cr^(I72ztn%86+F0P+^t=wa7w2fnM(~EhldXw1iqu_mlw`vP|{(`;; zNqFXA{#oyID(KKfdP%uC2g1I4#6qEORkUK?37Cv{SLqA2K5mIZz(`I>O(X!`o^*?@ zl(&X}b?2%<>;o@-5ZpOx5E~VJSoI==k4g~2BEOi)B{scDI8ZUGFkr?Oq+}b(Ej9N$ z4z19bQzXYTM>Ic!-d#&ArWPHVJ14*&ex4gS=`~fN37|+Ou8}Mh7RMMSTh#(;9$BJZ%y?3Gcsy6** z7J3a`>h2vETt4@VA_7qDy^@GjxuO*G$Lg$8VY15LwoL03p2eFbvlgO*+>U}+E)P~A zRyIfx=Pb6Jv?OsbYEWP84nwZTSKDWhEg!BdP&L&yulYF(tTl1ZCX58te|lnf5;D~3 zUScK~j6^n$dJZ&iZTN>Q`QZkeaL z@5k6)x=4W$4a#FLJW)jxyw2$DbZEb*?hQ1TuO zL5G(A&jeDvZ#I)1a{Iar;r={ML7#kVYN{XJql#2`QmH+&W^!O$xiUT{fFqMWGk5!r zaG8eCNrit;v6XZQY72eH0C{eoxO&?=8v?axTL!SJ=v5Q=3oPERbgxpsP7MN@|GW9j z>)$K~i=|i+bBmSJ>UxgO6JDcZkDGou%6-!0+ya43SM#vWg?wJSIsz-u;=9%T80oFt zA9ct59m}@S)3=9>or}?~zuzZv){x`q<}M9~(9q|;|Jg;AGBe%y&*!&ow=7N2Iyb}j z$Z|myX!~YM{&lUH85}?}Y~A&~;jxXI2*!V&puKEw1>0Q|6)Rk*A9G9?r4Ws20fS%O zId#JlzV8e}L=RPamilYH(=`dr6(Hogmx;KvSMYS^9G!ft8NmTlh!w^BDPP<+Ae&zv zNu!fMTugrb5c?dvRVrH>%f%NbrO1^kYm5q*ka2;hyu#o@{GEosuheI3e{-qjq?TgY;h zgetlYPBopYs+#?n!?VO{#~fZn(M$#pMpq;u-E*P{$gl-!YEbo%J7PKF3em#zgU9Je z0#WI!zG0ib1)Augs{AjOFq%jLn3NUBhdg@=y0+TQ!-CKb}~HxD=Q#X&m$PO#zoTJzrf`dX@;qo#+g-e4nGfGtzi-PRk) z74wJWtd^botXs1k^W4k4hx?1~GEqHUQ~t&D=1*SkZu9Mo@Fn5zup-*{XTwXf=EDsF zZieY2-LGcq`DF|zAVwd(D?IAzq)BM21Z#hVGkUlrg+APF@DCp9kG0c2zoI#H%`Mvw z{2-1c{8*~JRlDO_fjjxzRS{ph<Be?K98cnrdP;u{$@HgZ%2Q0SSOOg#3AsZG`KY&c+lAZgU5xZ)NP1yHkDQak5=6@72U; zAjMMU^g2i8wWW8FB!Z;r?rg!F&(1&BZS_abm@=sq<1Kmpi-@eUFCB)Dl}G12=uK)u)MtSC2NU+A)=p=( zayZXT&|BN?&b?iS3w;B8wlkW=@M?oQP!ynngJs91AWcoPXsN{v!K(+E_g9zSEiehg z``m=(68x^4w%lsOBDRUv>i%h2Rc1`Y4f#xr<}2obJI}_Ib>6)m)kLv(tVKa4)q)`&dbg;3+D6 zO1409`}sX>=+7yxvIuxcbxcORE^kzElMtwx9Y-g%-hk7w<^0G@i^}(z3xzE+?ueYl zslAMMfYW~5@h!?H`gi>OUEk$ru4*%U^M<93-o3(}FMc*lQ~jQVJ)TK1Vc#k4DteA; zKJ3+^OM+7A&jkj~k@A`yx$;D0;fb@n%*1axjbc{Hye~q_u;lsP>u$=KnP^QCb33g>%J(}xHjYg*!5H1IYP#8?-FaC( zXto7o4nK8{rH`c(&gw(3FUp%9(*U2h#^Zjgtp#L(Lnp2T9vz&S712koh`Q6513A zPI^*pBF)mH0RI=|_ISUalg~k=r6)cLp>+7Fk<;A@7?Sw^aiS&=?4}Ti@o_Je|mx7E?F}{vif$MQEu)U$<`JdV)W>R z2h1vonUweR*3Mj%;--A3ASN*Q{v~`y6}X4@=rd!uUu1=Eva#V>k+O7}jq1a;wt{K1>|NeYUoJQE5Zm-R0wa3A^WZ9E#p>6CY;Valk!9MP2+W18gcto=- z)q2K@1{_8)u-CW1pzHd0hXwNa6k5Ou70&W#yc-J^{Kazk{;UdWkO?t*qs5y!nnlMO z+)kp$oyi2_Yj_XHFzem3$cu8|SM?pV8TF?CXlsmE)K7KKIi-Ldv$CU1In2FdtCidj zrd0PjGgEEi@_=F=Dq|$g7<8R-*0T#oyN3>=`HRb`kFqVh)L-`Y&fmIrR8i{4{xO>8 ze0MMr$ece!r+Hp+brkk^bqaCXSJgtEDo%N8v(FaiQ?C$;8km~k;a3EU*S;gAYq({0 zB;b0}VHUUp4W};Y3#kHRNHY4I328}>T zZ3r+Uc-&y-ozA=GoA0Y;{oxID+ouFE+p9DSE}0QKLG9NH*AXLD%&-$FrRd`TUS5M- zi^MLA*u$MtKSpZ{G1J^*ctXVAhBXWqk(I#r-${LG=D%~%X%Va3^8pi{13lyi8cHE^mb<*6%E(b(qYEpCDejMZ8ulyd}_BQVSa(y+CXYRc`#O1!j z($$u|aV2=|A<+-%$AO+o2F^^RGuO%tkhBJS_Ik?dU&TC<`TATu8JRQiMp2qAd60HZ zD(D;ceMoS#d{HYN=)y5g&y{C9&BXY;){3$}EcUxa+g-tmlr$IT&x;*-xS3f; z@1!gcx4XkN`8oayuCX^9F#pwqgP|wJ_WXym&SC}LyQ;MU&Y20yTZ$2VPhu|(2+&Zq zQBf1Z*HltOxNo1#uq9wsbd_HDr>AL1$!p>5^&z*2g-S>VwA4IEN@S{uZa08+#gVKO zIGdjp6PqLNrw3LXnpc?hJYwafwmIJjjI!7TtgU1jMMvA40{^%+zeJqD2%t8?olg5t zqL@(e6*QW?UAMRr8wZmNIu@YtL`RV$-9)mcQ7w+9j`*HcR!VO?i>SaM?hHuDRDl3RY-i2l%_Pyxfw3l1EA(x#A;MEIFD z^XR}b(?WI~A;Ac%6Ec;a{LA5;7tJ=Ai0|%_8ToF$7nQo)~t!r70LY&Tq zo7BsduF%j$1ujAJf-(};^^OOJm3LIV-QXXQr@+*(o|f6LV`e4vRpYF_R?D&Udx(Gw znbR|x;cbv;;q8d3%;(vyojG%2t}9S+DEAhR@>e#Dw6(Se(owAfFQhL0EyS zquk=CKT({@tZ0_9{d>{^!pA)_9K|P>-yrQ?g0hV;fmpWo8n|MjKr8bP&Up zj<%*9B}1jd%) z=v6yoN{Pd3_zBb~8$9ft36ke*o4k=SE^W)2>J*~87I;kN=gG?6>@4aPq*}GRyHx+o zTab@mi^0=S&##pHB0Q`e02QXV%tE&iTLEuf9xMqb6v{W>s(V;9H&P|A6{y3SIIs9s?P8or*DJSN1A@0ROkPpA=uQ=(XbVA! zbK2)4^U_J~BZgq2Si-qcsnXD*3cWibCw*Hz^;w?`*>v_6w#;E$q0{;3g9`y%H`#Gi zFb%S^)|<%UVkQ3MW|Zzn6GU`%d2LAk1s)be(0jrXd+deYi%7&N;+xoL(^NPxM$K#7by^BPo_|AEK@`L+BJ^omLNt}>^o=G%@jnx zbRCzq3?&;3pUwLMf+;@QX`I*ZacnwGUZwad-!gJ-vh;uW`kjpAW5`R$L9_~xL>U#^ zSBp%z92(>H-^ttXvA=ok;PXcZf}gr6kX(sm#VqL4MCWMMTT0F!DD2|D2 zbky2|11@weOQygOCx7^TzdPYpX0wHci*Z~HaP8cCy@iOy2pan4Lt4VwUmhijuxEs> zQn4}`Z`dnKP6%L3<;>Wa@TI7Qr+uFPlYE^X8s|kGi`A09KK9ln!%40zOcN4K94vBpEY1jv^aL2Vc=Z9i)PSt=LmiEW(32gQQ{W6tbAeWy;ifch3LD zkP|aV&6h4YVtTPtplRtc_eA7snpr_rFhb}+-E-zu*$IJh+?1|S8eKAFMIcRWfz3}y zA4~a57KY_l3<9{o(L#-oy0NST^{}{V^7OQ#{+)4w+`b+Rtx`Y%?WGG;&Kqu(nX}Fl z7^nCWdr7`$$x2KtU-E+xD+h|riB$|R)hAv$y0Y}O@WQ&t|r5it>yKsG>7_O5T zgNDmCI;&2l@Lka*Kf0AH+dKKuNuyQXt-2< z${Tu@6k0pZfnuG~BIg=*{k&{apg&fm(vpQ!S}{muZBdoMX)&Bji|P5B*-Z$AAk!d+ zoHr0TxXaq(a8Ssxnbo4w-HpMYdokpl|}%r{6WN3FR>Mq7$6biJPEDeu$V za#HNeQovdEzY(vI(;Ki%3D#3N8MFqlwzmJ(HBPN%?se`SC*3KvElBfg^oruPe`05V z{pzObm6f3~XG3aidA1m5dv5t2p2R031@k=30l!@(7ynUCr|rL3I8a3T?0*APRx{u1 zwVw+4BjR|Yv&($GwQ`AZKpn1{mUquX><0C_gZ11JV7;+G2?5e^sQk>p^Hl#$qBnw} zpYTqDy{w;+>mZfsc-sYcU^L%G{RD(Va|8PAiUN4?u86j8hNxlv=uz?ctgpoOzsNO*M@u^zq9sXTZ8-JMUts(6xo zC|FN9cgW6OvR5-UsFs7Fy!pG8x{kFMb$1Z%9(HA|?c8}xEe<90qdZpufJ+wedmSYm z1be2&x1_Hyqj~MX_I|xrk#uWP)@v*kt{gx-{_|YNVzEgWIT0h?@QTh`1x#XR-_aOD z*83r}T8Ka~T=ixuoHrJc=J!4yhJ|-Zy8y)N1b-=f3#JwsK*>bMBhBHOSIC`bd>2x) z6o=KaiBwJ+yIN9{8N6~AizA}*Fy62-fN~+U;x&#{dH*EthLBQ=4^V#&=r8ve*Uu#~ zxo0+dGIFXOoIZ*&YmXE)asTD+uZG_-Ra>T|>qR;j&#f9r=B%D=8El<$B1=W5o!65& zOuF7Z*)+z+CCsnq=@$4OcXIa-MOiYqJ%FUNx?%1ngeP^K#qyx5?ZFZRY!kHlD1hp6 ziFE}5{RG-WW%i0&5)eK@QZ^f1{?gME-)=TCMzyhkUF`f5!u{+nlN%OD_G_7-v#(D{ ze&2<2e{MOFlob}_#?K718gW+3YHqW zjU-hdMb*-@{!Vh20U5B?q{0F$RPOH}befQ&-OR=80uKlzOfU_F%#~~aK;j|{D0lUk zNCRYOmhx_$Mqm80|NU1?;9}ZmiESm{BsEiF;$ucFr;aCzdPx7u3wh}O`H}<9{2y+V hSHtN3dg}oVTXS#McB?rV^^pmhvb?%njqIzi{{wAP^xOad literal 0 HcmV?d00001 diff --git a/devices/surface/images/manage-surface-driver-updates-4.png b/devices/surface/images/manage-surface-driver-updates-4.png new file mode 100644 index 0000000000000000000000000000000000000000..5e6e4cafb41ac234112c42dbc3caee0b374781e1 GIT binary patch literal 69349 zcmZ6y1yoyG6E;k7DIVORKq$rC-JKTq(Bkgy8lXTaR-m|Bafc#-7I&8tthl@V;okRt z-?#p~l9d%WIcM*g*)#JzGdo&cRSpxK6deu@4pTv1S`!WqffWw!RT3&Z>@O0e69KS~ zSFW0Jl5ka{7@Ymih!~)3d03`s0w^CT|QAcJt&=K3Tdk+xLM4@hZI$n6Vqke8+y3W7UdGF>~oq83JqtjA; zNmMgs6ls-$_r|kmB15H~Fy5-OlEkq~xBSfCYWJ|LqC)tB90g*h8hF)^H$`;rGql5M zEaXXZy&Qf}M^yE_!wE^$bG>Z)d|_vFBhgRhdP_CGlK$iOv61$Kd?7N?B=@b&79}Kl zt-@q&PwH(no>q8FEEDd}JgazgmmX~7HQs-I;G6f3@a+jNT^Cacxq9EP=C@&G&inG4 zkL6yhps4*^qvQ`5Kv~CMqg0;D$`ymE#~cef4W9%ELve12Gb%Wk+IPH)T*O+>lM7QD zrizF#juCyLRd|i%8oAZ?lHbwqr>x5CZu$?5zFmtm!n&LI?5_)O0Pz}$i9M4}UCKk@=H=WXgdE@qGec)Nd15Ld1 zjqrq98yaWnA9b1582_7nsW?X)gONRdOyE06hVlw8=;MZ#Trit0LfCWCj&S~t;5&FAli5EZ$1rN{zt-1y zFU1#N6DvquLPtaaDxT(*sjNI)n5I7-$@(pl=D9pdl6*hliCS?k6Te?o&3Qk%4{Y5R zuT8UyoxzLh^~01l_X?$PxOA(b`~dXG*7s?9%gl@|QVb8VI|ACd&l#*Nx-*H#H+EZ* z;n@poWT@43GVWg4M#_tSgQ$E?XsEffh~QqGxd>rT(oUNnsuHuo)%gWQ-*rB1`^4?2 zoE;Src@h;ePklN)-d{0;%V+fXHoP;`WASfCQvM}_S$>XW%@c3OxJc{y<=&aT=gtv| zi&R}oj%!-)T9jNn+3AL9xI28^-`S-oAfQc+rNbyWIXUwC`(RL&coOq?Nn1CGl@rps z?21a2dQux1T{j7iig`ou(Vr~x6(5xgkHtz8t|?{QN7X`RxcyTcy$mC+lwex@M zB%aHp6YLr;TaHgLrkj{#cCX%UQWxGR&JlMt)|k2c@@=1fW=^TBib!XBf0Vf_2bp#< zKKaZa^uN9DhXVPQVQ}{=u1T=fHR)*EqgTbrQeCNeVWuZRNFa-F!^yR{p|^?v+GYz+ zfV)&{-C#8LZXn53$~D79Oy5VqXT^C{1~jK~_=tAj%d$Q{BHue=wNZK3pK*z4kIO#` zmaE?v_;ox@`yX~;x* zAlLAZ%DP+#lZmI1r0XJuXF5{x)DU5pPC=%R5}O>At`7#92hu*dL=4wQSJ}bxtaU4c z`cn(@^U4T@8;gpXxaD!gH9KnutxoKfpzF}u+Oq_Yx9Y{+kDkNMBM(~p{DkF9%-4VUk26P~cMu$fA2wbc>lQcV z7A%w6wyumXua?|uGbZfLVi!{A--_1Ucvr$4>YFTdfGaX6;?l$;yWrAsVXbDmyru4) z|Hk(~g78%`S8IoHzn%SudgPJ2YFhk2vUCr5qX;3cjSR)hFUJStgO6srTYvpCR=J>U zq!>TjrpauWfTh-*3lq|Ty3o&#t_F*_$;bFgR15#OI+(MFbH8|&3t~e~Xka$`)@FE0 zJ5^1{<)tJ=FLJ9I(iuJJNKKa_=`3P36&Q&`x_HUH9;imG7<##unmeX+`$4g~C<8BS zSjfl-&u6L~c`Kmi!sQ};m!d>3a0)MSVcDx`U^%#GA2K6e)1UG=q9`MasCSVpqhbGJ z>x@>-{WNr^;YGG?Z`EUiiq601Tn%-+_HB^cAo8gZxftrG_x*}&ZQV;3WtARsi7uFO zTMyMArzooS*zJ-WHs$=?&mw;(1G>Y>r&%lICS1N%8hTA8&|za8KFHJvn@I5P+yu#S zxzKao$vQ=0hxx?*3C|{x)-KRPXmOm-ww=TlF)sM0!@##ibCssNy*AKwd11WWr%zkC zJ706sB6vRfTXJ5#S&{z05c*sEgOwFd5fx~P)@>g;Dwx9&d8K5stMe;QDMNnQ0m-&4 zN3@|4*F)cgSZ}|hZt>B*sq{n>y>(N%eej!GlS4dx2*dLdwn&WD-l z+1wf(a|0ji+zBnQOkIet`k%GS?RzBr}ZDWLV_fHHACH$+= zX9W>*YN`T1$uriCN=1t8q4WMp#47B#`s__q5Nt6y301? zuTQm5@6G(r(wC4eUO{XqBy!S(N*=SA4~caDnuH^Qt?jcTKrP_}mnw%G;UIszU3~Qx zBL8)piGdA^RGpc~)^R?%x`uP4Q@5_G2LgNVoPpZe> z=Jdd)GiIh$xz!(!aN6{;S5!hx*S|=(JN0XF*-~hZmj?$u&7Fv;l^vz+zB}nPteC9f zIkXq%racWDG(5L_QLm^GnSGN#A69yP!bJ?`oia01pkIAv95WOri?jFrtdSY_E1O|d znuwCkXe8BV0od%c(ArFJ_v^hS8{v+As}II-B${$@tQ=E-7!5T)2!$WT|SHSbY zE`Bk~_KoMoq}EdBjY|vQqX}DSzuRWK=)KF*(S~M^k-(|p+Qgr?#$~92UaR~89Bpam z^kervkHPsn1*TMbxoKyno_>HKW*{9rGq8%^v&HmqTLe`7*A~Ka^L5$vhMOXw#T3#{ zfzr~%W+%&W0IVabl$L`149+c!tHg+MUsyQHy&6n>93d^ykLYjT6{-{7X+6=Cj!hnG#&S@QrC{?R*n; z)VkYc1|55HtH0)_M@ovM32-SnoZb*4Ri%Hk5oJq$^|>e8|S5?Z&@=Mp~&)CVjDcukyL z0u*9FK^fjLb5V&$vB9QvHuE{@g>Xmggyv0(Nl!xBJ5bD7zj)~Jl!@+9#lKjCUzT$pVK&$_Gke@ zUjn{|&`RW~NEoBhx}n#rLS^btmGb~To>crY`#Us)gZ_s%KyBks5Hapk?5&uVLh^e4 zb|r25{;rnO?rTUz^(mV*l%113YUvM+9gVU~wrX09-yttIR$;arS=>k)R(`OuFr|Pu zF7E3AH?D1#d=20D%v?m}4Gf!= z0LA0H=NTe$!qB?vAs```_t_dcT;38sSCtA~*}n+GQH}*!a0L&WJ7wG_3n6Jqnd>uU@uRt#~+mXmef?=~xH||y zTN1DLhbP11J$#!GpqH*SAzmZfPn6|cl9!&EBoY;5Gb{<@-6_|K`h#Qn(fuYtYCrfi zGmQw&yp;Rn&Xe1RKVzL+ww`_$3#oFPtWJoXUJXtUL?&ir{pKD|n9?4HLpK{Y0#ScX zhi`48;DU;V4ez!>c)}zGRE-~|`n=_DK(pw3GJX&~A#1iV<_hTq7Gr{?_Wi$9qFJwE z#g~PTzlRoEukM~}ujBA&q=TI@w(%T&XhYs_lU3^qW4547$p~@QVH7PjKjI+CKxy#7 z8e|=QTCWTF(>JWtIh~W|``!8!oNLCGW%8}itAcoM;&--q*g>@T#Zva2h*5G3V)f}5 z$;tQAry8$|djAC5MfLF1I+(Y%SArYK6b!U~ zAaX_fagwMw>~=Nj4v;{wi&Qh?#*q_+auebQ|72$qmE|A`Ip_mMR3Qv-*;cULN%zB} zLQYzge;2cD<`N}$8}rjq%Dkte%J-o7CGNX_l<)Sry%=T9M$s@bEc=bE zv2t8?#&Lcf>#OxztNo)HXjELA z-w>7g%It!;XldXE!b(l@6O#gax6txyK!>BHu9M?%N2Y+nPsYP?WNkt&oyIlczGKGC z+V;-R)@OdZv&B&=;(VLbR^OZc%CZow2cxOK#yl;XzY<|&uV$MT|Gl>I6VQ1RrkAEF z{&te(S2K_y5kDz`U)W*EFq_5Q%nX{$wU->?w-Q4Xoou({pSiTHfZIpY@S@9=JmTBG zOozV2h*CFEh*|37LE-UYIJ%xdK;GgBTIk3`BnFRbysH>If2ec=vUAyb~K;SQ3XAwkXZht`IK=A3AC|K{4b#Zj3LRFiZ0YG}f5H{8DaWM8h1tH_ z45Nl3qn4>BohaFz8`6S(0$1nFpHVd%R4l_p$-#WltwTr=C-MT&DG#~fb01A?WGiRtP%Q@HSo=RMTyKd^!j zgoBBY6aLBKR&aCH7W?S@OpqV8f}&dJf6mfmIclO}4Lv}Ie0{%t1M~ns3P%;^G{gTudi#yTkt9T%@D!Qe zABbOz^Y`aQSDKOuMrgM&e({JLqP-+5{5w+kw~`cyXra=Sd2DtQ&&kn&Lk?@cnb41t z92IeP&R!e|x#(2Qa%x6-1fT{~Fi`d|Z?f#6hYS`~yYszlIQ<=C9b>^uHYU1#@c+{p zp-#t&>rQ-UwO-ejivtI#dsV{IT!I^5|Dgl)z-%0Enc15`;>%9alY{eM^+vWvMF=}f z)D!J*iaQ6&?F|W{YVNDrZXpu$0hRQT>q}xt)izm_XmCQ}?VF3g|df5X`2KQi#Mg1dzk z>(j=K+S*VvTA_KwmpuSLH?F;~;{ywaLod|uKkaUVL?1Odh_g*vZb=8Gb&YPQ`*-L< zOjva#o&yWRKsR%YSkaSzuMKh1C$zZL0fj7j4J45_A5;vQdSgNCoV!Dpy8Sg%sRF7- zQFR;*QJ^HtcbTv_2?eUI4H9X@cG5;j39}kDRtW*}MM66-v14GGP2;ov7k9P>gRo47 z@$Foo;{?B$-+7{dx^>Ae^+o!%Y7AT7&PIcB&^x8%jN4uCX`?mlU^zvr_x10c#nkJX z20Bz|?y*0uya^yw1|UWHlpcnd$9>m?<8MYK9>L2oa+&7>7+{2(#Nn>)-aAmK@GOg3Z%3F_Svlk%DSz74ffa06|Vrm5sa(5zjbWRQPi&pkteV3h~BO6f7;fB zzNrz_#q98s7A0j@SGdbYJ{ruyDWlW;Ow6~D7zMJTlY7HOij?7q^ld53=PR4P=j!qd z1x(3oq=4YWcvKcCkfJmFe@e|Jqk7EVdoE^7zn&JYl}7#-T(?#_9I7eb^{`O0M=~Cq z$#vw)dj9Apu=;VIw=6t9D$*qK~12Mrh+WpThXTf=NCglwvGn> zb0l}a?hLcY8S-^If~R~8nok!q2znmR1RNZaaa z7n zif+03QkKQ}B8@2C_Mx4SZT^$5=$=NFM4ls??`JEsBn?u3Woa1U466O3bKW?sYA2F}(MW;M*& z+szC6ASyB@I`G`I}1bdYx(u}-CH3?l$y zT0&G{+W|%kAFIJEaba?FasQ}Ri@A9D#corIl(x&}(_M*R|A$?H|KAlUO*UK8{}7#% zZbs@A`<@VKKvJhdP6ccTe|XW)KPI>e(~m7|UKpO~6Ja2ECq&X=V58;Q%Su0O(Kv>K zL=2YS-}e|@S#N!Xnd)7Sk;PYy;hPSSvqnY!bC?=(eqjM@Os8tXRtgbmU|ar_t*zQp zn3^B&XDJ&FQhXU90Pv-qv(zER+Co9{eJ^aR%>Onva{)RuXc zVqhbg9K-u^FA4DV3rbF*NW&b9{p7#?DX~xi3D8US?&+Ao9MHyBq6sX535gr{6&=9b zY=-2bklObvhl9x*PJi*e@5&@YWhUs~)l477@wek5Kw57Js-c*Q51CblEtCA?Ja+Rx z%F5oB#vxB8yhiP%Lvt3D4iS~am!T$ALZE@?=e~INBFe(fnU!4KtPwgHJl%FS0q?!W zQZCPtZw&~YF1LFP%k7hRb9@G4hOOERail>hSJTE#)=Ao`r7y~Qr}8#W*R#vs3AD~swK{l8uHT&r-4Z>H|@)pFPb)PL_lP$49=}FP4-~O{TDqVW;VmB zPOn0XnZ;1XD?7s`zm=8^6y9o>2V{s7^jzQT&GOl=Y${wmhSr#i88p~50F?VDzc23d zzKE*<#ty>7b^Hn|Y4TPNK!@e~ zcsW<-1s`)wP-`)TpYdWv@}t;YRmSY>B6z(It=ePb{V4;41>^+Ed7t&%nsp~mpuMS69x{Za#V9m21h)xRwmI=lV! zXS<>dCh}xLS9M!MI@D*2w$~*p@CKu~~gK zBE|#=EYZ|R{XQFUd`zl3jq=&l z{7VMQr7&pyvkeQR_g+DcM#O8RNOr~uOjtUd-+rj6JY3}V9o;@UQmVxd)QM$%e+qfq ziN~NX&7p`hMGP56C_VT>uk^}3&3Wu8AMxWyYqdl744Cuy3Uje9&f{PI@KxSF9JF*z zv6kUo(dwmEVW(oSec$~)sjZETiB$g06V=xo+D=v3x!xPRRITUE)INJ!aJPJffMka= z3T+hhJp)<7^@|Eu6z1!r-!fl!Zseua!p2#Gr(<5)6xo~VwE&OP{y109%EjawK__q7 zrQIf&UcSD@n>;4B`NC=vJlq$R#xf>4^u+U0JXDb!y~XP*vZ2+g>_ zO#cR_PB}o52k!5TMvIY!9}a8bN$(q3zh8_Hp!9i~qaDXs+POc6EuUUYRA zKaz9;?XCy7Z4Z5PsQ1wN55B8cj@Y_JE^0nj9`YL=VF0%GrLJMsHSe|Mm!t~7Pk`#D=L@`W^6L3-USiaTN%hz9R<`_wJ7iMat$9*8X%1PfQN0)5(Y+r5bxA^VMHRy075_-^_6b(c zs_5UX_3k|qFCUsiMdh+mkm87|`e~-E7NxAy!u@j+*#>BFZ38R{{rVXs7~pO!%+;(? zz}jsTA{e*pob5m-r{|rcoBLvTXOFuda?&7&C}INsn0GpTv>x#mS-pQHiE?$vi%7VO z*6gQU#>pDIL9G+xCow8k5bh#`bm3~N(B7}fC}qK*Ng{!N(-IU|Q75XyZAymiu{G60 zBv$?P4MDv(0xvfCbk|McL>iWjr}{AZ5P8a1q10}o-@nLpv?+0r!O1Bpq+Q33KT(xP zgUU5EL-Y*{>gwv^5aXm?N8%NZBN9; zmIm?>hJLVRtK=*_uu2+Mod{}xWgUf^1Tm1w$w>=XX!N~4y1Me9D=Xkm`1-J839AKm zQX#{^N9uLZWc70c>TJo2p2faAG05fU)z6TXyN0t={TNyKZU5(O_ETKVk+R9o&ZeqT zj0Uhsn7tB~rZ6eoK0e9B5RPODxZYjt)>)1j*IB5zy4Fn;7jT>Y`-tJKINZ1eKeKW* zIgXzRpJBjpdKU%!>eqNwD?CTBLwRv$KS`NuxShix#>cy7Y9>S8sUdKCp^?nKGzY@3 z3;s_Yk7b>rJf2L<*so!Bq^T&&!^2||a7#}e%L7YSATdOdy=HV$3f88;+p#g20tc4< zz=N&3`n04t%H!3Q+njeVWQ@Agrih%q;8{(6QA9Pvo6SSfv;-vGM}t)E2Lr|LJ8l<` z(KdwAV3j^`S>X2UQ*&()$miR4wJyhDU07V)3buSn?nKHO8hDtQ_YH+VSz4A0B`YE* z{tgT%f`=S9R9_LWn$$t?OI>{{jk`o}YH#aJjMm+Fd^0H)9e-oH=?dG=T-_-e)Gw1( zx*{4<7WZx-g)O|`bFeqh<|M1WcpXIGaCqu0?RB7-^Go7Pvq6bupQl<3|7@Ftf{^g5^k{?lXG7%L8_Sh z@vX9j!n{-8|J}2AcS8r3Qfcp&8zPy+hlbG{m`*-SbsZnibbgd2>VJ)uAK?((f3a_Q zv2WI}#!TjZ_jgRMtQ<6mF#2zZiTLv6`QZQwz+CMPj4Cx!^*hO~5tw0!4!KcskWYv*Cv41vaJ3xyCK zhNN5#^t>|r*vejHHcJ7RdT!NVjGLfpn5N~Qju;T`W=It)>SQhwhI_H_|CVnoUK1+E zbp{@UL>-8S4lVt0=bc7+Xkt0JecqoQ?&lsF-QU-JIEYOP!s|sD6l20-(4P}iswNl7I&ud>ZtX*~Nhgg)_p%+A zp8?8~mTVuz9!`2E3t)yVP~sP;|4$A(sjhjJoejgza+7=x3yD$vAskKB-Nz2K$WmA3 zF^gHY8FuFm0$oQZ6@O2vcTw#RP>=tj9@}D5Ht&i}<1Q}YE?5gZ%9x$8D3x;7BO zRZs0DYiN<|beeKB@!em+78Us7T$ML!?mTUfNfWcQg9f2h;qy;qh-A~;xzN!wsrA_RmXzb+1m#tI@hXHf#ZkI zHQ!fafV^jM8gSK00!V9zcz6o~my}&sMpxQ1wV{)ktH(N^5ieQTgY^aEgX=$GPDS zBawTLk%Og%I!CRs4n2Wq(4CyOKx)TR5Eo8^FD;?v`1b1sqr^|v``uU>nv^31!n-QwpueLusUSp9xRf|3C(j^rK?4HS# zu~e;nCPo6(dH2LhyRG5SuEJZ6uW!U-OTn**zp2!{jFYDk2ZFguG>(hS#fU=fl)3jR zJ=xLSfjzfjpvh@ah%T%^k#GdFX6le&6BfO0=7M0HkzW|%h?t^0qdTZH&>nL{t*)E)<1e^SIuJ)iA6 zTJEII3O+KZs0>92cnEJO%*&chf88~Sf34y{r))}3$pu8?<`Ry z=%yjcLDJCjF2t=CF-tfsrF$%>nO*-aX_shc5!jb z&IoYpv&*@0!}b({2difec>fVGcmO80Vo?fQ-D8VxO4Z{grbtUDvgdWwynSIpf{%|x z#ctnciP4hHFl_*R{K9Ww7~TP)m_4t4l!30JE0r;QtMI<*@9XwUeG z&sPo#G`-zkeVZM)+n2WAqSMitAay_WhZMYE)J@TLHJ08re^}krg0K%G)BVnd)$3RG zE}kE1%!1{WpZy=#y)jZ*^lBRO7Vn@#)s`mAC*gU)^1Z=yyV)u?J-e7)cm2mz+sPmF z4W$_^%Kk7b1x5T4P4nW^@!EZ)Ux%y9? z;CTqMIE$n0&r6xE!6cA9GK2Y>+z#UpikJ`0E)V0(rnLUSGlDk%5M0k^O znHd<7Jidb!r(3d;!CtbqF?W(^p0p)@?g zg*2}S0cZ0mMv;q|_b$R%Xr5<`0xvd)9ZU5nS&WH)J=H$lJrqq=o70=j5V4^fWp9k7 zuaA9S@8Uck4i>Z0fwa?upBH_pSIDfKZfVtoZ-)y?O`fLIs2+d!cIkHdgifJ+bZftD!&c2~ zp$@R8GNoDhlHWVVsBGc%YL*%v2bU=^ek2kTXW_g*uSw{d|+7!VzP z_;l_HZ3w8!4C^}iDt?PY5FG>J&Widm*a7Y11D?7nR!AWqv9D39+T;58AO-m#LBh>-Xd<7=Sj>w|gc7ipU zZhu}}!7Ud0YqMYC+-B?ly)~zp_fOSjTbci;Vs$?2fjf7E{e-yD{DvLsy*}yCAw*Se zoXWb!3&d*@$~A6vEn9hnb279&@$|az>Y9GSBhtq1`#`|0qeEcF6qz$M6n#m=ERyeR z($+D%>zn0un3I)jBnKh;4mvk~Ll=f9_cJoR(|e-|()Q0WpvQegV9^U@o%z%A@-`h6 za)4EyuvvE9oJZ+7y%Fv0he-*O-1uKi-j+vFnwAGlt7bor zVm=#ZxpKoAea~U2{SO=D1W3J@;BJh-0|!df+i|PQFx!L9w=wspCL(%kUPJgl#Z67- zp|7Xs{n$DM_cT>=r>NX%93CDW51%Q={fWBl1OH?k+euEQc6>!iB>0C+!6w1x2e=~k zh;zgUK~MUYS7lSTk&ByN$#0%mBbzR?-(_FVdNIR1S`dh5)aNkcsn6`&ghBO=G!N?9i4f%@x)=K`<==efZ zY|(5OOLKTPHOm3cZP_i|=Y;&?V32=m&F-3aK^T*;DZLV#Y=rIzcp3T~NmQ~JLT-IJdMbBHlb!bd!hsUUP#=r#DyMHNd+s=`b z_8x{Y6n3B9+o-?uK!MatjetUG&u|(a=*-8{kUwgx70eQpO^_pl*QwP0DKA`SXa<8+ zu^$6t1i>WFT=_8C0(v9HDHx}>ysmGV)4yKreDg2Ix{|Gk3l>0w_-T;k&W}IRmk$np z*_C5BQi~fQYxE8w^!zbPpo|BpGAdU!rF)r$g7pcI0Jwd|Z3QfP2C-*Qal=y4TT#yZ zv|E&c^_XTqvkX{D9|x<{FB>A%F{mzoOYz{WnvfC5tavGlaGxZj1L|7ZdDS{b=4@sH z%yfV5VJ;w?#=Labaz&pc}fdE;#X>H_TOf-lI}w_D?pOf=7@!6$$c7{g9C<*)1p1WG$^|vR{oq z9fc1prY zOO?kE&}5@rU(z>!}sMM-FcF#|-eS;~{P|(OW*!o%@)z zwyrz5ZaBFQGop1~O+ikVn}(_z4P!LC#r3G!C$fOs*h_ww4V_jXfbZ2WspD;tOPAGN zww=cZK5sD}-fJqcx_Cd)bIYWvP8}#q?E(ViQ{$5)$AKCYD=Z$cTGKazCWPKfy(gJT zD~-nw@TKWv>LD1XmsQWiqG82SAQO(4#KJ7t%EdfIhXnsE)QUEDmj4Zy#>dp4fYtS~ z;Um=9T7i=81$sDrH1Q$L018df7!*zaQ-vJF&3ugBQcjFW?yztv)=_)z5(d%_ggsw| z@g+(Wa7l+O(KSNeY)&mqyaV*<>c5rERq1WvlTfK*P#~AYkYeDW{!j!JCK|!YjbjxC ze@cv)aY2|wv5w(T>+9e~l15?*kwZVDd3%DRkGvzrFU?lH9EA?qZ7;}~G@bC2;YjSI z{v6X7LFeH(ZS7d%bjv)(YE@U^SjTc$VlZtM+(o-qW#HE4Vb*rE?FB>*br}wlyr!k; zVLN5mhHjO|rmSw)lt{e}`-n~}X$``{ELK)c_`~!HoLl2MMnekukf#Se-O!^KQDgrRxurATwMz|xIYv+VwBT= z-YPsBkWCeS9%#pXU)7O~%kS6mqo_+gwh?FX%}JC!Ts*9)*Qmafx+jAiE%K|B{i-ld z0k2jObr}B+UGSnI6;wfnCJBFB$^IkMH6HAW^ifj(d*|3X?(MGvR2F1OA{4!8=7xzN ze))VauVqbPI?7u^_LP{Z9_dq@Q)S#-UQ*(oUKum$)|;=8q%B@jLwuR$k;!bXN_fr| zz#E2qfKMq4I$AwDM|yGpq8A`5B+a7AI=}+feXEwe2-VdOC0^%}to4$8Gb)XM<|R#r zI|$H;qP~4GH>&wj&*oYV}ZL7=^yCX$vL;+ ztV$@ZVfcCiPFMp+s^B;&ni`TUV1-=W2kajbCz}r6)G?;$21MZ}{`@>gXG~xY3N39W z)}XwxIN>z7|3nCL()F{&j{;5`k(}RyK;=?(j5o4z*Bv~wJZJf>so5=0<6&jjv(4KN z15epS-rJko+E;X7Gp-yKMZwJxh2?blufOeW#GyFOa=5P4d(e+jj0EARV?Dn?3@8xe z#RsP-J>967sc6Xr%k@U$0upCn6^?!1g!pn=zN-$Qj+L7m*!D{^>P#`UbX|-)6y2Je zZVq<|gfo+%Z2wDFg^@j1!WmCigH3__7hX1%16?}pau7H1#H}%#g?t&4wz(N<7De=4 zPVhRcPl<(6qD%qoEBgjeVC)cOf662oT9#-<&n<)|QTi%3@M6@d8=i-o4w0dEWQ9hp(;pfD}jlWDdu1@9Vym>oiRV%xH5oHTbdq z+_%_zFd#Tz8r*4IrXI6yonQecO1ues2ct4fUxVI)V?gZAubnJ+!8~+p#NnuE5kC~# zab&(q{kFmpBk^wqs;b6}5Uq zWUy)P+sem+*p351vQIZ8bE4TEhv#fA{i>~Jzx(#C=lFM?w#W0CIVWvczANbr-r+(@ zy4ym$T{(|2L18ZP!eL?9z$$TEJg65S$y-z7@0K3F-Y|e!of8{(;7i{}4Uon1I(L4( zB$zsK6bb6DGrYOloJTwTXO|jwKy~8X<~WHnMGXtG0DjLGE7meLk3^qLqA%a6GWkU` zrG;%D^;%p@d8)=C=6WCrdA59tN$-h#Vj_ZT>m8n`nDxdR;V4Tv=&rnBHrcNoUbbj5 z94&EDHO$ikXzcbvGIDb#KA7IRNep(xwBjgY&$MK-uU_}|%<6V|ds0A!zV38hleekR zPWAn6WBfeqJ9qDfu$W0}EXT5`SP3DjU#CI-3 zqxql9ab^fZrjJSAMqj3HQ~=ci3nsoL1~I;hx1vi@L$vp?XinwC4Qpn=mPjZj+)oSV zev=CJGwcS7$Ze2lV0zFP8%$%5K}-dOgeBHMgxM!(g4%7Biqnn z(U&N62qR+3llIsPgIEPAP}BeB@eYv(Cn)R;Vb;Xe8sg)sQq#owo*Fv)J4B&bjh{!$ z*@y$9$hq0WNO3q{qEhL+HYq?63GD5!5y_~%^I6ZlCL}+p7h-}GW7!Apj3o>pVg5Fw zF5H&uMM%oeZFuqNNECMRSl5p$aUG4D?h9cz zJ8Mkg27Yw==++;^t$pFh_ynnVsVuXp%Iu6t$td6GAMg%OWZVI^73VyRvK*TFi)itT z2X2u;u#APL;Ru6BY4j6emT1yi7wm2}rj9xO@{5@#)(9G@^#iPBv^#oj)pA&>9@9!jFW|uc5|Kgh9yJoZ0Z;_hCNX_=VK8nF_dXW$aPY zr-z`l)4XS4D-;qoF`Sl?{WYDh%a{m>#v?L{+rbjpWkWQwVVXRmtZjX0)Ml#_B*hKD=N>CWu zXd+xh)%=7d=|>1XXKGAF4u=65EX&X-t>cTZcmEHYVr;^WZ}E`VE8qQkg{%7DDX0EV z`v;WG+_n7uGk14&ETr^cX#m}w1lubd8r%V>s}$7Nvl|-4)vH_OP4^%|M{GWz0(IpVO#=yy z6>x0*)~@vo&(S%N;;02-reIbetw@uJx^k&d>ETILU#3J)|Ht}>yp#T)OTGN+nu?g< z8NF|rpQF|`%Fh?aDygy>K3#-UgMXr{n8bzGhwyqSy5YC!NTJ7 zbC%vxqou=wi^o*a6dCV#!NBzh$(mrgaL{iIwXc1~Qe=>uywopvOawp+cbUVZA5#=g z4erxk%MGHQM&m47uSHIR2tC@Uf zfDZWrSZPf9UY;8X3d?wtS&OTsISE5{u85($jwPc6jcv4)IvoQPmsWFVoAopnuybY+ zn1C1?;Pz)6SRWGk6LL=49NC#KyhIZp$v?eCnxsC8Xka8sUdMST){=-uQ&V@L!JvjV zWtqnv8AT^D#V-(VeE&yScQtnr4e6g@iW)}GP|be;>0c&#SgMKusW@WiedCz}*>$YF zCoLq09UQgM$wA|`fFq$+-eGsi64Kv|)ovwY7Ge3faCoFv2rJ8WMy-(5cwdMGZrYAJ zj4Y$@0h5z|-!w(SHnrUH{~Yc;==D2|@IYxSOE0h!nY*d2T(Jqoxo0^0VKlONA|{Gf5#Btdw35stqUgSkAL zA8B2)d^kAr7X+hQRx9$K6D2S02Wz)Y(40g!DgoTaQx{nZ47hNcf|x4|^Oc;9B{fR?w(2TH2=b{TbRR)Yo0OtYdN7UUAC-@6I8{2m!4{N3bM8@8b7G)d8^JwE!!A!b;xJY^s>|c05-W4 z0es@uK|b=&p+zzF4#nTeT`|*85h;Zowx2`$W0Y-1g5AQdSF}WbJntQHy>gBeZh79^ zBGe)x+AJh2A}S)(-2789GX3R4LK>0rYhyD|N%4g{{%Jday;axvF0J|3x_k2@$$dF$ z%&yVr&e(6gBnDxgq<1*P^U6&eY)%Yz{hG=RcCaHVSL= zta?Zed3|#t^;4e~0Hv&Iodfxrr zbZB18?G<;2m@8Ve`1J&lX!e09nU{3cz7YnC7Lnid zpZzb-etx<%=`PM~+95e8w;w8PtNOVt!pTmIVciTUDGyCUBbjldQ$yGrSpCi{!cKLQ zzfE)XsU5TxA4*B`NIg8*nxS-ml&_b;mo`)URjPE(ybV9vDGc+eU`g%-WoEvq?M>ha zNjphiPY}^cmMPkdiQQ_i-Hs(ofedwm-gf!wKJI$UXX5ci%a1nhC#PXjH!>Do$HObz zXQS6_^zI=(wUr&CWwhJA}sK;g{ec%+)a+Eq3%QLhrbnOJc65rV38;?G-y zq167lQ;N9rcDsbynHu}o)8jfpqDxKS?Y~szl;_{f$nCF`f-=1GFSW0~UGsLT{%K+* z>Gs`|_eeiR2;Sjw02log7)SheyLYKSj7>zbNTTSdf%p14e~LFNP$^8pS90b>tr-Ub z5UfhLn5P?C(&YKOxpI3>^^)o91~5Jj`2TV9zi_kOT`|>zE8T*Ri>}2cyUp{eO+IG3 zrtk4@pU~71#nPA;27VNDZNvFTB^wk#rZ z@xMD?`52m_&ubWmvYf)Dv$F|1%1+nluGls62F*L4I~9nr6jSlMQ%U6DZL80z4R+V2 zM-k;PvR1W>g`W33^P z>QPG73V_aDeytPxO1Jjy;`VVSg4}S?BV_E{r90?)_|AQ;S>`Lo+l9r;XK%aTd|f{I zhK`uDxPKNLg6}yr3tw9gtvG?J8=UVSgesO*Li#SZJsfe>HzV`nr3+qzshVCOowFtm<=CbLZ&dU$<881KspccND5;z5t>Bs&Zdhc(EA1uWhGe* z<5Zs;zp5Zo*NkaCzAU1ZUuC_HyKZ`81N@B@M)F2SF5aGUYk+*lQMr!g1A_4lQ{H@9 z<4bKT`6wi7QmI9TSQ?wO%!0CjQY)&{qtc^Ji}AE41~r3yAc@DMU*ypH58{KLNk%@& z1fM0TLR32!KtGTM(O8BopVS?FNh9^q7Bp!*hJ_^j?453|?bg$l5oWvYk8Ozd{+EqMpA0E*vrcU7CE z3rn6K&3kjn5)6*9%nKAzE9$2EtH#PnMM8!IeMQ%sUhOUygH?VWxuLswbjS&*ySJ;* zSA+U=;~FD4`q2X7>)9mrpFM2hxI%z^G!v`vW0npfh&&l-cXZhBtS0}>Qa~|d_Izsy zA06~NBnGEwIfL8qYrt9<2>Har4WIv(n4=VS|l}ad2Uh@Da&s$nha}KCm&!A$f7} zHuqSLUvSssrQS0pr8I?gG{6{Z@9A!)N8-Hi4VvJcaHR0uNNP=)qln7KwN?|N{6hIr zRcaDnZ3<{w(sMEwHs97Pw9Qf*Zy+1F8yU-UJ`rtpZ0IE=!mpZ+s0R=pror?B?^zDK zS?i_33=qaYWK6D%_4kD-A8o6nn{g`eFK6V&LJPXx7_M})rMRi@j*Ik8J_+q% z7hPC{{kj^5tao=AU5)9yu?$)pm(iNKXk7>@do#a!7##tvocfhExLEat5eRNbF1Sib zkZUv+k{dyiyIg>>6m|jv*Ap)(5e?SA`=do@j@F_roEypu6c*fDwMsPys@bD4oV`K- z!U&NEqR!&Bf63*MGsm7VQktghqKsCE0i+ISN|Q8g<}F!_DuR$NB{Ad*pVin<%%mk@ zdA1UL18+4v5~f_yR20j!RN*DE2HOEfgm?^UHl7U6eMj0Mve)v_#!hS4ekztUYz`LglvdY}3z7C#B{phjNVm zrn~K~iLC)i{4MOr^MWNv{Zzu7sd%osM!;!1w)W$Y&ZWF_&KG}K5orImXCi~`d;be+ zAq$!d_Mw2`1i_qNR3{>sZ2}p+{0_Wp6Q)hxN0T>M`$LV(Bqc&S4>RlNf>J#M+I7Ef zOrM-LSc5qD_g0Qqh9kix7K@6U@i-3p(dv3M z^6V$?T5+0_C9VBb(&kIY^U`27d{NGD1j1{5$x#+uj-#jmJS6-|KD;j*+p17boH7s9 z{s2O$uR@p6e(7S-Te7+4HQ^u9XY*pQd=lg-4cB64U*}{z)P1Gc8LTWshuMaD0J5Dq zJgZMAGkSS9R?UNuEFi=psUb0F5tv1I}naM5<>IU7s z_{s7sn1(P3?VT>DT*=K=pD#&MTlO0GRWnRTS=xug==_|;9#@4dcFod+;ggmMAU9cJ z9k&lnSTCQ^D!FATg(SBhzcV42h`}o2{D<{P;(d}9IU2GaB-@CN{r+sHJ0sgLBkyU4 zjl*qEPFl8>=(_$^1#0s?GPcHV)5`o^8x??~0~<_M56}K`IU)VR z!o++hMfnv4z4`HWdQn8bKq4On#g~F^-9X;=)6gSSguvvBc!jTSx4sL}G8!bZntCz# zW|0cd(BF16K=!3DhM&sknV1-^i-evQxh9yir26#Ex6(s+gVSeS!~vaDPbf~!Rr6!C2&v&m~nUPw=o1skT zM){=GB6PKx%;9}S>tXSSf1G_4p|bqj634lrT@4L0h9;Z$c87li#A=*hAcHi-`FZ9R z<>q@Zz$h8VTjN>O{$yN+=wD<70EDxjv`t!c>XqDB-h|q%UX2;uT`a&OX?$;Cs{gr1 z?*kb$P1%JA!ynRC@@CUcaqAj&)d&C4ZydJvfP%*+gde#e2Wp+1IF_k_oQ8jK06_f< zSbEL#sSu~Todi8_Md}{Y2M_FE$-JzLgd>BG{(92 z@8A48*3Oau8wkAyL@H9HxntyLu4>(;mID8wArAQeY9tx+$G@G*J*#!w+207SI1r{iB&My6WLT2>5r0~~QuJp)9rlCHE-8v%y-I6BM1ft&ytP^>34b}<2i2^%M&6LIM zMMv9d^#Gut__XX?yn_TRkwaeAY>*7uXyI9H(%Qg-?;1(aSu3^lh*Rc=oF{Os4Z}ty zONPL`&eenviKEFqTYv=F2D%m;JaIZ=-36gmr?>NTL2p~`wl?n$4l7jH9lDLz_zwKH z-nvMw8rI!+Qp=E&>NIW{tOs-zy4?S?dZX^`8eN}Jlp4Rd=xF6Our*Fu^5!T5T#W^X za-&14kQ!7!1{KS6AZ%&(+$&Fr`M!2L!KcT>() zmnIAs#2T+k@k@CJIOSO*6dEakeytg*ITQo22|^+P8=MYOZ@46)NwSH_qC^bT+4K;` zO~jcO8Cc5nhNbz_Z-XAtA0O${IIu|-v}VNpbA39zf^n=*lXt#QhBQOXOMCIH?S_RR4_tzf-9R!X23CkrgRq^z z#HprmhXIx%{6SCHvs?&0b0H`5tTMWSe=CGQk+SHW|GNd{D3?;4mZz6qum74w2W+$C z`I^-v;jHXdYBjCttz)|S)Z6NthK;u2+s{fcY1z$DwkDB15)QwYw09nRn{8)wI39Se zXucFMgrBw7?(WBbv*^z9THhlGl{h^baIvvT=Q0Xm!QAUbenw*x|LFM#klWP~O%(p7 z5nep|YVvJ3^^Zm9+NA>7n?=**mq!d&VK3M6GGCc~PlXJAto9zJ;UIGIbI@aNsYXpu za6Ds65KjxR5pll&F-zieB<9hAgK)tfRXcYD@@Dzk;7CdQ76ju&yaFu7ktGESIY?XJ z%KBfTtVw)NN8S8ry;%)XY+*9X=eD72?| zi=1aMWMy+>S4Fw$GNFUbQ0p1_o=LK2ikpnz zig)85&I7$r^wJAyOw97Ps5X`qDyjkVPgRr)Va)PDC?YCCRE2c8&z|i#h?m)u2S584 z;c@wE0H8bCPb#PEUg$@~#fN9loe{(H9E|CQfm7nY)l_?gA+71SzBZ99s(q~f7(!ew z!h{nYvB0j!j(kEUf4{B8cL7E9{{j-&;0atPPQP}D4dNt|i+4E$VFWlgraVF=90OA{nn(hQ|*6N}c%0z9LPq>fols-r-oXTeaPPe;WKfFL-^2Tl(;2_IBY zA%t+YNDu83o; z-LPO)JZD?1HSGw_{xtJLlENoGB280H5u!C-vXnJ~ODcJ94ffp?S1fDg<|BS<2mbNF zg#mN(l0qzri0L6>9rDvtOV*W2eyfsc=Di|`H0ATMMsLJRpi$3ce|XsbN<&=jzwVVi zLXD^4U_Nh(@IP9M0Qtzx;xk1scMN$&yQtF$p1|#x8j0AB4jH{L2hrk(*J zPk)|JGnqfZCj7(fb4Ci`By_GIMeKS2f}PXj!noU=^ItNsKkmatPr9yOjfWK$9>FTQ z`|QttRe7{`l7LJGN6?&A`*AsQRXv7-QJ}@X3vZ#cis<`_as=tWl`%N$#^nV4*_8P$ zu;#7kSfe~~0^>)hVuw5E(;F4-kw{zE4S^ zpnY;1TC>;eXRec4b%PlC!g9NOocek-sruL$x(o~GV{EYDIILnKn*F`d;g)y8n+*U zEw17pojz|8(&!X)dnlC5^`zg|WEHI00^qIaM>;wXqocU&2tMO;2VPI@fZF|EAFyVm zd9QcIe%vkxk5tfzZfhIkVECSUq$s$n_K#@d`o%!K2{+%eap5TX?#Zaj#?nqYP>|?x zAJ{RGv<)cmYmcQ3C#*3Om1$~&1S>8}VXu*Xr%PS3{LWEm2n3M$mMO=-$)`Qooc?C^ z*WWmVta5-h`rQx>IbHiBsY>sa)ReTbid&b9j@wWbrI>PhO_twhpl3H zT)9OL4r=(}-?(crNbw*3iUNei_x`OSpicPN*o3PFTpqKVf=ZUVudaagdJpG&k@bwv zye-|Q>v+3OKJg1S+K;v^N#XK{sA1-DLJAF(%7u?ce<6T(*ux5lufy^Iu3IKh|EH{r zoA+8l0y~S>%<rY@^z)4NpzxhOzqZle?&7&R9h{TVz)1T(6Vz|d4#kLd24!({7?SAX&4lWt zDiV9Y5S)bm71Ri!pg%hePF(s%T}3~a2}l1Q6|Of?Q0nBo56l2+`2PPzNe+ldk%G~- z(HYYX*8ORzje{_Em#fpACRWGUD!q8gvjs0~V*2vM2<{r+KeN@d&)wWYHcH|)xIL7? ztO#i1UfA8$tVM%WggCa%0jp`P(Jn&J3NQ!j?*IAnR#~-vgv2>9gF=?nn2U&HEMtGg zAm?Jc>#TFnx&Zk19RcICXpB&8RWUzKw7k!Ov&WmCe+3_DEf<%uJbwJjh#AW=_&^Dd z0t}{NlGBeVc}a4=QX5+$n{=;a$nEU*9a{Xea~F6S))Bm!KJtAp`$9u<@$%0z zoq%kv6Ns<7E&w_ra7vQU<(OF`IB?jJ@}#)B%;wHeu`=K$&YI)mg)ilSFO;7wd{H-$ zg#YH?<~Zfug+%20*Jfw&yIer+-!Vb2)iDaKD-z&(rUl7NN5?hCkE$y*H49lq-Blj z%$#U9`WAH!4cVGM0WIoAVPtx=7z48$LrDTND7hj+_YlQFnSZ{rS`O1mWr#&2RAK-U zQrKOrIndZ!79mEZ^tO~(B~6fNRIZv$<3;dZ(66!pm}=*YK;RRz$uuj>u`*h;#5m2f z!+4FV3Fen_IjZhpAtGc6)oX1O-k*9TTD^pg++Q{8V_N0aixC6B4lWi+w2MHxp}{;k}DDjSSpoi&YE@j^II5owCWS#i+AKwS_0WB z`cd2_o@q@Z`gegLV{#f+I%L67FSRC^%x&6cTPJrg!8Ll zz}gIKlLiM8MM>U-Yw}`R`$beuh)by}vPCk@-&RN5m`n+T;|_$^zU0KS;gq9|G}NP} zp4)5gZBNrI)5SBT^C=+|n7-NrtLej*ungkm)<{`xZWad30=o%JKwlY`NYqBb32|UQ zshZYKh`g{tER;DS!9mf@g7s@u#Ef8C5^EY9pFe)Nc_Srn0FRm6I!kB;*f_=YF?w?C zJ+UGR*^mP~+IdM#aW7c%gNy|^ayd#x z@W~SHOxZl9lc3y<)U!6Q3b0F$IeAnBv_9e+1>{A%`z;r)Z0{)@PumX%NSHD**y{3VTrso%v?+LT<7r6nkx^QK z5sRJq5nL9C1(wgxU<+sY1oD0`RFF;|LrC?b0al!dn?wUTwRb(89X!?aj&UoL!}DoP zwyjGLsl|3F!)OFYKZT%{zEe|=q$!K$9cc92Wh)UoA$|8djha;+^g>loY`~tIlpxxR zgfmX>_2Y!M2$PpF(GkqY`)wX_7Hzo-ool?qW)aa|V4Vl@(OB>;2YGVi>~hvLwBu=Y zst@t55LJ^*6vTin7CVSkN!2?9zicB-gFmzcC)Bt6BRu$VMy#JGN%Mq5$!w~+FkJ0N zs%;NNXhZkYmeb##LIPITSqM>6hfMuBy^h{tCaz7q6!%(_x$c)?je8K>9CR&SNq=T&lemsURP&W75aEt=dVmb zzZKer06+#9tR%o&?FWh<>8Y{cAs6dT>yr-PfytbOF7OVHPm_q>T%yGDe5v-(k(y0Q z5M0=V_*FL-djyb0PJb}J<^77(962Ff%G-sjTBZmtOLQ&|iAyP)<*HBl?c!P$D-j*| z3)}8Q`~g)DvjqLWh^+|T*ri=2`Nw0tm5IH$7pm~Cv>MfFB2NcXkbY%5|^j=9UP&9?sUt`O{gK^4gIV3`|`ZlesPmGwBZP{t_6p)K{qI zxXbtOI@60}Yn5@z&k!$4xmF+7%f+j_$4oO&n?ZcQxZ)PO&lhRwI zD6TSg?25{GH;V+%`>71~i0Y;~t1Nf7u7!J#3i84AyZXnU%ica&*}k)LG+cjq!qE?$^LEwaSS0%F5hlvNQ;zI8Z!|eXTAnY z`7Le-9IfB(GlW%@%;f_Orf>~EzXPnY&BI)8e8V<|{|r7q0ncmTvNG(lva%>NaAi1s zuj?_39YlFnKayXs#=FMEfUo+>w+aduSy_zWz zHyebDqv3e%!5hFpZ&nAg(zyJ2nUNkYWFxD-;vqKaJBq_rGM2-~QWR=uWm)z5b?gfa z^N+rS>D$|`i3s^l^rt3nFc^RHj~_qy%-agwUM?=dbt~?|6%+2k zPJgT<=@1IMz)lO6@^33R%}Q$cj0tbaK~3;HEERp9`JVZ_C~&QJ5$ z)yEL1WTVJ%T9jq9iazeBx9$6QfS0q}W@kz#(5==y1f#>Oh<{`BQI zIl_G0ayc`y(*V+LN?fR|a2_4SWb>dw#Jg`+8uV%q}eP8X~KA(phI%q=I2U|1S8d;r5MUbrg8+^!DRkS0a{UlqDKQ zHRYSSI(l)>@?U$FUBTifq326+#{^cxx%@VuJRzrK^47%Cr=?7&DH}SVG{WUc3 zlOtd7n4ac@UF1Mv!yWTL?B+Av!$vD*2+of?;7fjr5qqJ<5t-ol0OEOl4jX070}70^ zCePJT%WEVhvjDG2!|z^f25@GC7(ONM^+9TwEA1I8h@jJ0=4$(Wt!WD>6O;eObV=BG zTo?obDHgh4Ueqaq&YI~~*fLHzXrVLc3{K7kS^#h|@aK;H5b(3^P${fLW8A=DA;cz;hXcf2IVjU2+_&7r3>D zPGXZU!mY|jmWZCwbv=9g_!)x+KioR#eo3l#jxI73-vTTLv`m=jQdySYwSTaek>pgv z^+h5D5408a{fu;S@^hROxKN1zqVcz;$ zt6-OOvy!O;^dJ8K0Wda-4^h4*(}<=}3&S0(`A-uB>OV9!2~iQ0ewv*<_6s}nGukS6 z+p)R1`2=+fl@KMd(KDZ9iLMHBVSIz4Wz0-&s*@!t@MuC*j^}7?LQq};jv9r+FxaTw z!qzXm(18bzTMXRdIeH2q zgaApE^cyc0B^AB^SUhWW7o6(YBoD+)$-zPqEygf?PIvsVv+f{dPM3!TVd!QZJs`T zK&Q_~$IiFCN+8O;PnL!zya|##n0&lfyyPt*N4^#mFu;bPT*G7ff&1yZ^0u~%A(>l# zKh#a_0tqFz;Us8M$RNxZVa}ryVfR~H(RQX>Z77AV%%bLKIaOwGlp%0~2_DW<7_j!B zBWK@iDIxhEw!^|;CHzkDO@ENp+ISw+_E%R(_>|GQX*fM|56{O zvx1mV8CAkZQsZ#xn`47WR-ygZ6=zBQ-}GnW7(!KL(ER1&>mc2=wS>KP?bAI!Y~~uQ zHGNF_qll&F=H^u6!eyKY)zN{3;4JL+3ehRudsu(EKead+cG-5VVljHR`TjyCn0>Ez z%GF&m?DW%t@h?8F?C<%vGl%oQBZv-5)X9B>dW8xgdy#+Wkle?9ycwTAe?A}%+`ez` zDF`tZV;Q1kGDSp67ZICspK43c3fdD)Wthx;ktJ`^BO#Ci*u9vTm|5V=z#8b8;6fVLF`;k8Bb1$U4?Uu3*JE2;>(A(6n`O5qRF$Qz z+`rii`xXDEA##269v*-B@+CS1M()>aLT=uRY#VszPrlLI!=l9a?=%Z;N2|w@ycNSV z;oDXG2uN$d(b~cC5E%)Qd|)faSS1*X6avPJ;M{!1H@Vt4L|?{bQf{lu4a01&aBTVU zi5}=bcJgdi2z5K8C5dSRx*aNAnmrTN?%T^PN}FtS+iKow%AlGd<_|b{8^nIDo&JdQ-Q8kXcL3&AN*7 zb`O+;DRmc99q+XKf&$ZKKpZ}C(2mtaQ3y*q4k{T4J32zacIK-RS`QFtN?WEtX%32v z&ojxzAGz#$-AKaRbYoz%Gv6HeVo+zUtx+Sw^Y%~uEuIfZ(s!FmBveRNkWp#7cy32l zJ{JvNLE0_On}@JmX*x>3DCG2kPssJb5Tj&>xkK3L`y%UfoD3jVvXTA|KvgI|Ny88g zCm_I1I{XPi;TYQ(!qO!3Mus`&9f6+%O>8OKOYj&SF0kH@n-?rs!@ZqKMCDYHEUSlMl>-n%l5d z{D}?@OVcCx-R!evg!cN^^_u9MYQxj6{XYCGWqEc>)+ivH8tU!sz0egB^sUYuypCjb z?U`#&LN{-^NhHJxV)erM;NUvrI6at(Wwn*5BhAUfQy>#|3*4{acGyI;j1-EL=KUzg zy6;Tz46Mc~W8{KuNSvLWbDCHaJfd#MX?QXT69BU4w_q$OJHe&|g&2VjcUT)9 z{(Wt`smYXuqzOw?l>|+X2A3IRwLW8Yu(kc&fkUX2&>|=IqD&=KnJ9uK`ZL(Qd+;Cf zgpV-ISf%>??`;+OfN1SBT>>zgNZ;dV9ARGg0ZsM0cQZJfNcV}oxyEJSZmq4Y6_&_Q zZfqqF*YbaQfYc{C-tQ+q0txb1Pn-{-EYBv8ap3SWG1tm6?(f~*?s;F43QC{M8eH!^ zpuJt;kXfovIpEQ&K&|NYGjvrl`uXD*MG<8GA@xU{zx5G7P-|R;N%6S%&AKcvaegn- z>bTw!i6 z?!y3~pQZu@?n@W>&#$#iyMo(bX-z;pQ8=TH^aZQA5h{ZfOW0oLS&b3b%>| z{S}VtM#{`+e_14|HYI(u=i1q`@c+APJm zWPiY3x+jLjmBSPQ^>XpvGLWmID+2x6{nUlG*{6B!qG00ru*>_6V=PO&Pb*!AmGnF1Bq}-lSXoxEjxzHCidX|Gjp6aH%9z?L|Hx>B z>q0B+`#ZZ0CHA%KIveow0qk78!sp*O~sAxe3yxQK>ufT*X!K47h* zm?E!@#>lYRKsAlh29@U&{&ok-9&cYkhsp9pUrp_`x>j;ke{Gy^Nj7vH8>J+a10HF3 zow7iG*ME|qQ^@5j_W?5n>*0$53uH+f8YAvl8KYv;z^~)W(;w~;cK%~K3vHQuO_6*T zbrPFf_1zXN&*=_<%2x1UB8~-q=gN1P>m_2@P5`R}((ezV=(D608Fg51h_ugy&x9-R zUz_J&R!}d)!a!qji~?2KDsHT?5XU*< zv?nc3s-})kP33gCMbQ=Tet@C(VH5ePJKH2Ouk?xNbi)bc>3~=Omr|{*-g$@|H>Nd( zdia0_rxc!&E_^kQ>dxVG1fQzWkNyEe+e4%L$n#>ARJD%X#9snL;50kDYD;3T< zvpx|8qlKQJh8fS`3^yymz`Ub!{8SA7;V6RkkFcNI8XjvtOTlA&5^6}@-TA??_dDd9 zKyddoX`Gxt)A{I&x!3^(FHBuZCDm&m{>k!2)n%rQQcLqc5w2-c>B^BM}-v`Rc}* z3$-CMczyj8Pn{l!h>v?L46wP?Eh?r3T|rb|R4DES{E-|CQ{w;*s<2A^TjB!ukLuf| zjt>pxq#!KgZ{oeyz$`aA+cn$r_2WH1M3z3|TEZ^IIq0c65RRnlXa(d?uAP1zyy2*q z3>!Z9`XS%Ylz7d8?`iI4V4&8?Oh21l^K+-xe!5^FuU$_3iij?!U6Ey{8BloTdzr(- zDA82{2lzfAnfXrv*7@g`z)O4t@?Dnyu2?-r!+l3CQ?U^}t{%vnzX&#h8QFhIai4Pg z5nw-dY5?SxyUqn8kum!JV$RUXfwlSd+yyPpr|E0`R7=e$kSI5rc<43yww8?8xL(}C z%zQm-uy38$43q3wRSBIC@%tm4v=ty@NPvJfe%tE0o^|0%&8r&z?M$;$dqCC>{HgjR zo-xx+EP1sV_gc3+qeXo40$kcU)0?!Q8)z%X_aTKRxU3;NB*(|(U@=*I6Dhn0)HLR= zndRkaoE-N#1*u@sW6S~H3KhWR*{Ti`6bFe@iA5NV6NE>CHWnzRfky;}08jVVd8(iT z9C6x(lAB)NQGhGq08vpR2qd^aYx1~R5P!>+=qd5ixqjV(^KA{;ky4^}pR6pcg52{& zV+6?7!#Z9LU9;y}POcO?y{IZ@PJV!dh!jgtSD-#^JaN78(JH7+7v!eC96UbeFwtqI zsHs2#INpobBaS}(c1X~{cyGWb!{eAZW@7*&Ey~IT0zKlVWa@PT zn}WC=G3cV@*qO;jM$i`wu)oer%ym=de@25;HaD+gDMVwlVx$~0gVOz3W$JjdI~fTt z{+6plSs%^i^{PZ&h*G8gm{s-u8__G~$MIrGkKCW~{}upzQymcl4LaR!{ATDQbkTK= zOdNAa{cOnJTKecC%QN4lh3e9G51nvmTCKKs+HnLf(Gb&P(>$6W6prygw4y7FZQ->+8RM(CM4g(yE22~H*ba5r&A11U|KiJl ze!`D-pSNZ0D@KXS_U{XLV||3O{05$f_dge1D;N>;?G(F}nE3d3Bf>Z2VC^LksUVTx zGXfPB9I(PUW0vo<2eUL-(WY}p5*@ZN@@4SUrB$wxLoMjJcnJ=GK@c9CM^B4;l?FJ0 z`R{F7mCAA-OlaL+X3-#zJX)p*p5AXC!1@ks@^%^F23^;Qm%=`xb?AMsHS;|Az4mTH zus7bAd^y2yfwplF?{yjJJ|tvH6zU<7M|HjPE^zIOPDo-0+rmpRRH5KM!U_b`S*b5) z6Pd(Vi>)n67}fgl>rf8fl=Hs9(!QV4(926Jm(nUPEk{!6=v*kY`&6}3O^NZDBoIBy zjfE=-=caHNFU87ed;?pSu6zkAdLR)Z?ZS)rdm5>gngE%xXf$g7M3<=mTm1#E`7@to z`5=X6Up9g|K3DfvES!%ICfdxyHa8aC#4ivtX-w|ZsRPaRwejh@Z_Cyo&KjMp`;AO4LV?4W1(pY&k(UrN#{?LK_{pP%(t zPySzev@P{r4G9h%^yU{%8AV zU1w5nzc?%U@R&59I1ISu<2S1b-Ro2a8|%J)HIf{uiVA+nmD1-WF9*vqiKFaCV#doC zR2x+4o6<7#VD)9{nCGXGOCL`w#OF?lKF?{3WMvJ$yZR+c~_XxpVFFOZL3< zm!yV@SZ4ZHu(nK!_fJYP4{1d^EIFRu%R=-a}oU|F$;( zDB`Q^0pXPO0?@SxaQ31;Bc)ci%f?FokC57T)N`dZuePc z+q

gWXdlXYRUD>YzV*+l$4(+B{|61@XokM=5roWU2l}%Ok=2N6JE$sDTcI+7_z8 zP)n;`1HpMtc&atB3Z(h&3%p*K&hH=L=_DSnSY;{JsZxnPHv=Z)prxr9BN$~3fw`iO z`ra*DkiHUir0#$yNa`Ab=|p{OLpxV*h4`Q^6~mC!EsZsrnU|kPLP;o!w-Bea7zQFnG~{CZo}nZE z1YQ7*&0GSl4UA`+|18ADYGxG?CO~vBD(hn3k%EdMY`t3`AH3ElTc0R`UZ5bx%^_@y zDXg%UxeTHPP7SK}`?2veO_IyM9XJ+}Cz)Tm0vIks@w-tt+AG#*V z^t?;k)#8JQgno(PXN>7Hic2Nw3X1FpvUwTFfmAN$C#ZR5cxWPWvupYEY^9{VAh)~O zp3oYH2R#_j9-|3x4A7t=>U{$tB-}omw=!3Ktp~vjE#+;J!wS4BU`}8|QXV!wd|nn= z2py)4P}GlzcLGp372Cc3BA9nzUifxxz-ZGC3L<>L(a9*BhV8(i8Ne@dMjm=olE>69u}I z3Cp@-w6|B?cR_IDC*BuY9aTCof^{zI+!T^%TPzY)R&tL7Z#sM>|KXpdxfjZn5L|>V z?N-i1S^Kn%$-aD9xA=BaR#~W`>*wzWoEmX8z+rgLQy;GsJ@%W7$7|;TE4+Jj8E)mtrE(am(npzk(jKiv^Z*UCgB0RdPp;v zu?FckS%m>xCpFl|aq=oH`T9w{*z+*z-+GR~e6R={;a-W4pUq3=0D<5H>``W8tF})Z zY(#Uw37T_RH&^`PUqZ|ex7&gKhl6~^4mAeZ0Fj@*++WmMRET2vY+5s~8zHS~I#9VszNFEbCuL8HZ47;I3wVFG|L zz{nyWk|&UoBq@~YBIYV&=gAluSs-sgQ)3p7*Ga>NiY*$0R}9(e>2cLuH7GmB84oF(ubPH|2h9HI52`j&XKr1VyWzk3zFdVTzcjG=)m^={F;8>Pt1tzTi|>4N@OvI{97wZCWs6&~aTO5~6riD^{i zAPpjkY*2jJ%Va49h0&3gY5I}sC4JNBlO+k%g)f8U_>>0z1qzSIB5?@8-==h4x4vP` zmW1cs#i{TovzAclfeWaAS?BX!!v)k+USXBsU{*ZM!phN4h5|*JnMP3%>@05k-Ere> zADgJnymZrv=TQ8PutVK$b(`4R4+6&brlIHp0(eA|`j`v8#zRzV51#@uTHi}~3uSw4 zKTsdo} zodgc%Y-it^0yh61*I&W8A7PQubl z==Zk~`?k<%xpunV)6%5*xIaI3L&V1n^JkX4KexkZhTF)-}{T~Xz+~QS{ z+BfMTAG$tQrTHBH#)Su_Os9Yyi7_w*AeFSg zLfi=!F(mtH4;Fur(M`+0S?L2#%m8ld6>aN_FkQ3cPot4K+>Sg`d$`eADvIeo<^l!49yk>|%6 zG#o|M9RHu62_@fujJ|^oYb{|cGD9z{{S`3x@0#ceIh^W6w>B@bbiE9V+p_CRdCHQ` zJDlH6b@tDd;dj>C4j;b6?7m$I4KO0lsrf-=hE3*)#=;*v4AHCE*c+jUjuLiZPXKjC zuelr)Yw_l%3HFvrY{^dnPN!PhwRYAN#n*>y6h-I1zx|sw0ISC3!beF@=y}(mFD|Jp zXr#~~O~!1qw$SQ}>_SG-BrmWKB#8LLnKb;FHq*=cMbhO;x3-y9;_|)7w@@QbY3X5L z7Tvqw3teZyW^VAAF_E|>Sqmr*X#11L!A68sv`h0tCgF86=wY<`fBR1-EAU#J9NdKK z^7BzCHI~$R>Q(FwnXf0;=4rnHe=z)0uHX9}as8c>cx5D5x6nE7?`(3!q*%e|^{Hb# zQrHVYQ@-z90HX@j1ihv)$}w&c9BkNMYd5JKB||o*hd)_ebQ_#G{>&&6*aOnmDn0IJ z$IJgs=`({!>#RA-E3lv`Af&-n+-X2Pd@CLj>yOv^NpImv#NvmW1tZe0i9d@L=qyC9 zME)USkfU+T4fT&yS{^C{`jznNaI#luYGxZ~6OvZO68K-97dz(}oXLLHO^F#nDt>Kr zO*2!%2(hhBsSv;g-Ms6gF1YV`YsJ}it+Z7WLC^(c3%Eu9aI5;A_!*PG?#gSTm@E2S z?X!#IY~*70^?el;i;ec_yKR6V z;gFk1$oZ1pm4WH_f3eg8x`F$jPg1-oI*<37F0i$!ELn66bsl1D)dR2RZ+>mW&Nvk+k&N>og4e&rkl?0WkFJ50Sve)Fwb7GgeE5@ zu17Y1b;#vHEKUNHEa4ttW(VRU`F<9E+n^Po!Mt?ukSK9@g}L5W1L_8);^yX*#SPS2 zMtFt-=FtHJKyUqEXcRp2(LZ5%S)hq(*%m`}pX2)G%*XET4Y8 z>@Wt*N?Dyj!M67DeDl><7Yr;ZB%>}Lo&eBNyu03mB2@4R!k67_7*~v1KCS-q4E?Xy zZ%j-~9`_`L^17&3CnrVob4-Vlp0@R$sj!7pDIqBsBVWwi)YY*%@M5x)lKSCb47b7O z7Q@;2)A_*chfkenDz%IF-$58>AA$SVDVTcK+AYVQV*gcTu(CLA{Y0ZEL!@a2lRPlC z%drGQ@1`#+q9(Hy+6e+*mYZ8!`6$%qmVs9(B8~WbV9+{mZ~5s?x{Zp$GQv(6E#9x8 zp?sdKJEz0hhK2?_BAEdB_t1Y82W|f+=pwyS+N_{RY(DF(8twCgXD8*v0m!bMH~$*Y ziKc`Eh)-7B>E&f4bJArxT3QH6_FrmhY7pLqnHLo7jmOK& zAHxmGVY&Ro-`#CtIFkAMM+;u##v=G)B}#t92iP7$c^*tC8LHCbRPgQSJj=?O~JjjVrEf`T_utO&w&-cRmIrD&7NNaI~# z2DqtJoSm%ijd%5RGb+lDNh;o%eSxh@#o*y1={uFbC`S4|V z0b6jK`YtTQ$!>?+5$-kC@V-ietWc+?d#7;Y-}+B8fcRGqXL!R07z>d22l^|;jFM4H zH)D(34+bMuE9!08JXcL)`fiS**MEitx4-BY^ly|^)D{!>)wCHDLo?tGv@+{=5{8KZ zpA{*7k84IQlt)D3{Ba4w5OZOvaY^$$I5A@j(m)fLJ!Lb@o-CPU^6?yh>W%r|6T%rbWdDV&*aY9bsp(=h<`1%~NyBJ+zRY12Fbj+pIEVYQ>`Q+ZtYc`H z8)}r|1ptWoMR80DW-?YIYcQ%AjH5E>Bzd_VSmty-npZ7WP$po{#~pve3oT*xY9F^x zO8_QGgdrQCM}Y1r!BLzTAn}R3_`57=AzR(S+|9Prwd%C@pR-EDYC8MxKIAj&g1$78 zkw;5SC}T7)54n<=ybiEqlpP6^oHV5Pt7g+wD-MC<5w-mynjKfOAKcvB`u(1xj4(0! zu+SC7y5S+W2?z+j8W;Yc{-=?_UqMNakO%+E{_Z)68{JFs*v`voYWr)Ux{kBQ1<3(@ zudZQrGlzTGAxl*tD0$Wv0ux3nbWaz1Kxcq93h?=A6^YNvdIp%20gD)c9bw+94loo} zdnFePjd1Vz&Z>5vf8TaEg-t-#$nX$Sef&h6725MvuM$Wo!z+Q+fs_DUY8>+bsua%}@2#;V~@58ubE+xph++=Nk1jExcgqY>erXy(Mdt^ys#e_<&8 zv|mKo8K`{3?1|e$z#gMYD!h{YBm!Tb(yY6KFikySE&2ZjP#|6^R&RpQ7cy(Nn1rO{ z0Jul)e}z61ltlME2Q%Y_rQ`lu=2jy3O1%!9_FkZ^=tY31Hp=9&gDei4;*Ls$O$Ut~ z1{63z9pWfHnKam}hIFoV+q69Yu}q@TqxCs*p<;Pv^XV;E7Ao+VLJa?^?_`K1mD~Ar z{lN-72XCVQgflmJp23<@qUS!rheAPgld<3VqeA;arH1iJgfQRRbBhi4c7K#AT8a1q zJ8`Y}wZU@kKpS7kaJRn`ZuYLc>z-j+Z<*V#F8o2gZD`WE5c-T@CBjRB*@& z(H$w1KXJnSQQcU{As~TZ*Y^+k9_q56kRrrlrWY5(uaq=-2)Xj^x3ljqc3D0&BAuT$W&z$fcT?9G--oK)}9OKmxz$Pq8TI@C@>i=N(?MW2d8N>w|84y+Y z^o3)+<-~0;15hXe5G8qBYYu_-_V(W|Cvk>I!P7T2F$vYD;K)x=%WVsj;>iS^ zn{{3mdU|$InE<7KR`DKUwe>%b?EJXb6$Pt1K6!1gA$qgtp5Is=U1STKUKF0(wcJqw zj}S@-FjZeX`WsFS8u5A`n!Xf1?Q?hCy>a%kN@8h0g)EGX8N?aPVbH9?B_bkfvRPYg zu*B(W;ejV$Z8Y2z#<6}ef`XJ_{bbe0 zWCNadFLP7p)N&nM#947q3%x_x3KjRj;NS)M(SAEjy+Pw9=r7wl4y6kp@SPS~3v4GO zC#02sQ5-OEe;{wgB$r=j*Bg?o~*EB9{;oFI&yvsH@O! zkAe|^EH`{|gqvUzXf?!vgU)h4po`6*#O#5j+>52m!!=74aAR+fPRXS1t`nI<_R|3S z6;!0r88~^hzCQc#`xEV_VS8yZg2p%GBBhw{@THJV95@EG(~_(23~#}9FBgc9)8~#k z8*sxq3+r3Ng6v;%eX z8Z~!!KL2@(y(IE$p%@KF%pTib3myn$BtO#Um1yfkf8Q3cdUGO>$;2-41xqxQkh-tI zIsV5ON`ioZH_#fz1j3*9-`K)D0FeHZTVS-RN{IgC`x{;njx2~)f=xLR2Q0+mslnt3 z(z2w~RQT>5vhm~c>drhl@YY|-`)rbCiDC9Qh;wU68{p_+&ENOo=!?bZx%+oLJ={!D zb%1N>q&Pn{&0k39{>9D8kY96DGM8o(}gt#%s4c*$2dR(!%D7pk9#mI3=CqShE`1dvPK0Ur^Tn(%p z|G?d(Q7eW59*u&vo)A2gn>wnDT?YAHVd%dFJSN_vsJVU{_t7Lm3N#E=Ws+xzBVFT& zV<GC5Si(&Hq8|>kso`4?<_Z_Cno-cn%;j46Z#gh9Lr9v# zPEv#H{(Znl!*g^Q)E+sU5qX*M{8W{q@&`fSM?!o%1PQt9Urjc`l~DNI|1*h5{+F5t zakm0`A2MNQ>!07-7utQ=sp9;df=$-DsZ2|X){AMih8JNGI5PiiiM-(hHQK?Kk1a{> zZZ=L(7EJezpMqq+^w)ctA8tpXEm@9!Tv2tf)37$JdaI%B2FL$j`afRPORXgn%${zK zvy~qRi(wH%xR(}bX&c4K$i1)u3emWtq8QXryVT z0G~Me1?A-6e-~ubS)GCOSGeDoDDf8ZMp!~}Ewsota?>MGc{}T1d5N~ruM{-e{*{|6 z1^J%o|C)v3<*~vB8MeO>c;MLwVE60}-7bPo@k0Cv&H4~)$=9-DmwY$@xoCIPS{{nm`S zwL9S134pW9^9%{1cnxKmTu#(+FnmKyHd20LhA~oHNiGUeh1@=@CTM+<=)K9i=UY}$ zX|C!Rmh;@7AkPN%m5Yq#D{(IIKv)%dJ&EOAzj)=qY_@Ihrhk8|(oT8}cQbddm9(YC z!lrVZ`X2R*hJk~irZVj1ii|l}&0$OCY>#7MLQE(_R7KQnRNGK7@;qD-_)W~S*A7?> zrODdRrW0mXqELyc7UNWL8XqIzK~vkm_r2#&-jA=vX=$^H95+0p-X>v;vkIYX&`mjX z7gsNLf!FOE;TQV6)L(W*1z+HR2vhdC%}5+iwMU)d%dGdxe-lN5M$&itdHg50#2J~O zihrn)9PTviUMQw`Mqn*D85$DXhQaSq!4O)*qh|O}Q~@f3GBMZa+gf>Sy!kmhY!96hS&@Lsxb|D;< zlKnbtsrR3sZK>{s93sLy+q-{1?|)5OW69Bq?$R7SMC5N*j%fNZJFVtuq*HTi`RA&1 zA}`fCr?z|l%1!m)f@W@4@iYDX#?Dtf?jf@^`gEVW`IN&2O|R9M9vp{z{EwXyZTz2W zL%Q@D&qrL=KBhJP+7D}OpJ+i$>bPn{(WqKbGPdJe{$atfTe(m(bAT}X;@)=zBU@2r zFjN@@jGUj{7s{0C??PTK$G6MfCW3eBc9|cmU!HzvdA%0l*da(T_tm_834)&Wb*0qX zN3QJU2_L_rNfQ_4-VjLfh_!jXP6;()ZALAE%g6Oq5$%DdrDhI>l_@S-);~Fe-M*I} zh$iYlT9uLgU&G-#e2oMb*CY8>t`ux~(UEmmo>KW;3{|hbnGbf4H)v1zyUA1Ob7C@u zV>3qTW#e?bqsidsx7{9^dU*G<&3$kaeqKO1Cxw4}>ynFSd7?s=SLpdpaZG>E=??$k z$WPZJ`g!c-NpTM0*Ro&93WiR{mqSfi%>kV+V=sKxJ+n5}Cra9hPCqv48weWJXBTfs z-ksG+dfy58oc6dpUj&qL>>LT&LR(T0lCgi9Hx{2DsFJ(s#z2x04+Teq{~`~k8~#w!rDf%C=wwGpxn zv~{x3!TB7&7g`&E@e`Nk_Y-7y$O&Puy86+Far6Van|#ozg!@1C^GYWHjeCYC3i_Ak zpiKW~|FXgB!C43W?dNG)u`G|1mVnnNDu2GKF=FS#_yA9bI-Rz5JZwfSUyco~(V#`f zjK!O-7q3lWO-oCLER$)GcZpb%>%6(YXUa9dD(ynjc1IYVL5k&$0?fRW>90{qjp)IK zXT@o52(f6dXXoFUBxPzgbVeJd->^m4)psbA@pe!lU=EIs7X3`O>6AuO2E516j>#Ul z@D+F>+mC?z-eyd&QlOX}y5eil2toh|?Ft;cX$x{zM^X|tLfo*W6220U%`Ge|xAAW{ zhGbY10e`KpV;>04XQ2f-UnwSz>F(Rjz(9>^P3w^~20vAq_s&h*_NeUH-h1X!GxWO~ zEBFL>r?Z>gNK~9a5I4XPn%myyaoGe~&6qO=>f!JVYohQ_;8PqLzh@nP({W-D03Q2@ zC!)F=>0fJK#v|^-4I2G{Tddnf3C%=)TpQ1(LH3O?Rl6|YN?N(B=7rG&$e`Jlg++*A{%Mc`SQ>KHZX?`C zps$+|3gle1q81i(ldmfi<%1+94iTDAh2YG8xD+MX5Z*mVwgC*~k21=+r z$D%IcD$8^I1qyR&S6b0>^#7#Mck-qTGdz`Q19{!wl~bx0Q8)~mS?X`ZqnNBO`o0Rr zB;0842D(R|IGaHH2BerWaK=%c#EjAM3#Q~*`$tE|%n&mRdw=i;ZP>?HR?y$wQa%E* z3WH{{`&T+>v%;k5%{cvH3Lsy+Dr`o|ED!yHDl8$`Po)$ZYUGoMb)jE=LXMVjn~ABN z< zbTV}_-|oyP4I^U$@7c(z2ST7`D*7K&GQLoN;FxCutL<;6Gyjm*m6B{URE$=+oFp;K0;=A_6H6J>inXj^ij_DY{YlXC50^~PL}P^G#) z@+1&X{Ml8i`IJH=QH%hZ`O-X)ucen~4|5_iL0V*!lsMdw4gPx}KYbouGui*WQ)V_X zM57Fxz~^g3B6EN2wC8z&gz=ISo&e3@$ptenktn;MGxzJk*s?(r#G;)29Cs zf%97Moy6@4B{G1c0@Q%HT&NO^i9H=$8={!?=)N*JJsJ{dq`f&Ba8G(AM+$2-Bd3fj z3%`L{5k5Ko-MjkDY>)|lkjihG15pB#oSQYeI4yE-GLrHQF8V#X-~u={8Kdw1tTNpc zaS3$jD0IwLwHw!Ya5Hjv;bG9!S!fMzv05mwGGoFr(6d>?-{_Vi!L-e9cJ7X3p@s+H$ zRK(}G!DWfI@~|Gq40b7528Fqfc^7lJ9j33te4C*C^*ZMNbN9TtJu=wP9zOn^}S^$Yh54DAflM>qHbrC!GdXLopZw-P^y{@{V7tspv#MSYDy1ov^o2j} z+m+49z_F1##u>v8a$u$-R|wtLx{=_FGl}EW?R`9Sg-lWwWR>N+f>G}wda3KNg05>} z+^`hO2LkPTt?`vD2KmBypWNlUM2!16IeL2a;#xGdTeAPIy~US93pb1+JpvTP!Dp+D zZABUlF9_rZpV!_k=e=b*^lKV>3RP@c|#sWr=7m;Pssgys{ z86-L-IWi@Y5kh|&@Qw*@(}`;akC9qd_FoM?_pimmID#mc#sA3+VIWpO;kK6l3BL*z zG2*0z@+@U4YtxqcD6%DFL9WBw(DxSXfYUizay=|z{q4%dqb7^sKZ|d}>-oD5_G@c> zb<~XI+Fr<&GG7Q(T$F8w_Xh>P*>q*X~N5(Ez)MWZ!<|~KD%Oc!KroiVmi4!SCx$i@}sL07GLBo(){JQ-|xc~8l*0@Uehz& zbOC1yI;P{mu|pSkQDL^7nqh_@VBeoT{OdTm+-M%=3=fix70pi>TE^E1*b_6pA`A=8 z8R9vKyrczcyI?@k&QH{m{MFlWaCv+-_MmP>S4R5(fGhR6`UTI+!gZrtz=n8Ug$8i~ z^B~%(Ofk&Ot9VwWK;ncA9`SKmG`0};5#5*;$ic@zQcTB!ynBE1moew-4fjL?g2r*Bs^9XA9>udwd*eVJDfV63pBb)%UfyJi|p# zD)55HllD_Hj6{_Ji}Di3$i}2QaJ^Qm=9$--Pwq|EOWIDD7h;uPB-oxNllwopn6WK= zXFonP)$P^&Syx_AUCdI4ZB?5*x~aH z8^48IvuUaBlmC^h{vwmC*DIG++j%z5)i`CsXF4HYKWmd5WmIccyHg>SfdQD3>ju!gIbIf5DO*{=RS1J!w zCJH{o7@r;Q^E6y=J5Gcti1#BN@jdXSu_j)|AU1uFb3z-5H(0^Y4{CTYC*=}{X7fLk zE#OW)!((|UV2EfiL{#3;#-x`mNcim@%IU+1Ts?5gpV?J zG&>A$>l)X&$kPkHEwvpBY0$*EV`|YFnO%-z)34-9>iTovAb8!X(l%vr!@baciRFEK zpQQW3ABU{pOBA`G{1Op=rQnl)E&ldC8v-f6a;0?oh0qmAj=Ew%m@WM;J`b!b|B_=j z#s6yStQ2ZG5=Iq3Ux}cj79qUf8g%X>RBuvY2~WZ0f_RX@%la9N(FFK5v>Ks^#f%R-7(; zVv;?6nd;5wABVuNdo_J&X?*#WZN-sI4uHeHb^mT2f$IBpwAmI`Vg%Y?l)><^^(ij_ zlb`SLd3XOJ=g3Lo*HM@^Q7m6xPwEgJ4vi`Pn!o(jlKJQ3;>*M~luxt!-cwvh_B>I; zs#3uy#?%YGN(c8cG#tMV)t^t%PeYqs?g!aE&k@|KcY-nH-$scd8(SW0T_mFKvR_U& z^YK#Ev2PSfo@T)B*-u>yzFc2AD1hX}!{n)hjPK1cZ)DFUb$`HGWSVS^>kkEA6Y-6n zf#x3_&q1XN?d0a#j9$GfFBRw#5{8rvf7QEFT`p0C5w}@t7$a08zWuisX&JZDk<@)Z z6F>Td7VW_`=k3bKtiimUsa>0cZoJbo)4&GuO*rz)V$^tl)M-@IY3KECzx3z#M7bSA zv6-_RQ{gfffh??EOZEOWRkt2ogqUJF)*>-CH^bIWYyU;&PO zejO?FfD#bqsAwws-5kR}Kft?05*cqcPAtH|7FaF>il z>?)cK^y+xmos0LCr1#tY)h>lMAI2_oaW^LZWc-yy%f)*_e(4^2NwdicWSGnHXAJRw zv>>WdC#q^_%3NEvudpoBCT7me_S)Nge6&g)(?3MeUM4H2(Nfa5TOOjA9Ls2G5$!an zn?a*vt{YA5avW)8^0T!%z8}FTlDmLCEN8riiAV;0sFvEwm5uX7LE&1ZimRlN%`T0P zJIJ$|I+?lsjd8#D^b3@AicQea-Vr^tNC`}*`?@wBFAfm)pCDpBfL3s)%xfqxqR1*! zvSQ_v#vEdxl{KJ{-aip1ptq^@q=nt&`=St?-+JpT$-i7Br~=)ck1Zy~D(>3Pe}aS$ zGg5@$ZmOIioM>bCrarQHupai;g!NXue182ecS=8PN7voRKtlH2-Uc@M)e8g1)D6nd zmL2z6QSm322k?t`{T^ls37z@wK+z}v!9`=q(+Fn)KWe^1xws>@d%IeoEobCg?nq<( zN^3#>$zjx@I8g)Qm$~6KUBO-Fk>#ZZ2OIUVF71}n$FS&c)q0N2f=*SwecMgVPwV|j z`cL>z}-THr2Z^3lAPuYXD8Pr#Puyodi&Q&7k-8%h}9<^sIJ z`$nKf`d(g+GvPheXBuA0XKO2uEgx39R35DKLo|<}^FrTaNoFAAHOkE7VPl1qiJP8t z&X-m4Fu>-r^X6cg(*8o-fnb+OVM9vY4ICyj34FQ9aQe2eaI>@HAMaIuU(GfT_jQX%U?)l6v%`#lj7$_8a!xV}Xdn+HI)*);7M#KTt zESM`RN1s$+^*r4uvR&#z@3#Ef+9yRw%7A`mSLs7WxG7e$o8r{28r3cq_1KG~^#MV{ zJ`3k}Lpqitc{lGrqr3PnQRd5ca+{+*25-q5NqEp=#DC}tLv$%A^n~47cMM33}4n_d4J#_m@&{^ zFayg%M$9iU9BGPhy^a@ve;SuNqC1g8PUn*x8M zjouz{)J9_sc9K+Ln6NGM*xrxQ?6Pr58gmnj?BQOlPI$glfYoI6G1kftgXo4sZY|Bz zybx^etg4EYpIZt`uXkbL_cDIp(X{s9$+9W+4rAqzR#iF5KqJCw=~Uh&-4d}PoctD16jrDtcQJ%C-UrU5=9LQ&3Y`g zPrA2FbnDNLe(jA#c}=GVP8<2-j9P_!QbhQe5swvGqs)H}JHK5x`y^?eF0>baR_UKE z=u|=pId&zsTt55Q6ZOf<14RC<5i|--)f_LF){$tnxr={!uDWdhmXY_X``f`}*@VlH5+Y$_ zlU{OP1ovC+e0-k!cJ+u-Rn_8PmlOZ2wsO=Rw%|DLJHONNC9G#R3x)QrF&0&9x7tBP z{Q3iFBn6Vl6qy{iZwH+qx4Sz$((+SXc?z$Os68}Rn!wxPnoJ_<8dJ*mDW-e@GA=p+ z=K7<{axH~3PH!!*V7HsY>dd^`30K3Tvx#QS$$e{b0uCHX%*KeX|2!?#uw3u+#e_c1 z$1AF#F{<4@QZJlCed1x0Q9|eB()hFbbt)fPR_%?6(!8p!b$?}bwSzwzrQwKB3}g6J ztLiy?QB@I_BhzV8h!)%nd=n7hMz(mW5r zjz*|_l z5QL*|XRYB~%Q2>e(QKzhhL71}Y~G*ZhoTC1jGL6CHCD1$&feiDa4@5X z8s$yhC)4g>=@jeAycCDrBUaTf7EVMXI^wndkD>-ccVD~);7A$wa`;edU%xK&dI*n* zaAN|%Qk&D4FU-|#7ACxb^*Nrh8=y|>ff>wm~MD!ainF)c?(1xQa(!XF?T-$)yu|8-}@R>dRJ?S z7>YZ4o9gJ9nyGIGM~5VSaj!L*TBGL{RBziSnIXuoT0T|V?k{HGdg?IhS^G6NaJ+gt zwVE3@_&26{wH-)X#Aa4`;-w zWK52aYt}(vod|+2_VC~U9!_*g1~6*dpF(ME#d9x4`J-L$VXxj-O2<Ll z)3wgX$VlLTF53dI(!^)jwQ^0CRIY=`LPX+gU9|1o_aWZf4EnkIpM)OpwCb#v8Xd+2 zn+#t>WJwp&#Qhi$*r0_;p>lyC%+`?p^Eul9;YIe#UA7zWpw-Fk5s$!Laof#2okj6J z4aoQW>yT96{mG{Dj#@X0|AdFy<{R4^YF?l+0|u_c>DS~JFVFe_gB`Z*4uqE^ z@wx-JO`hGgQVB#6bdS~ z5}@ACmtB|r1UAsC)U{d`_&l}-zg0>-i6Aj8XTCX<+1n2}oXbwihHE??=046)e0Gki zn7>@EQddl>_9${6ibzb?r(L`B9Bl2vsdURTpV5!dc(nde?=k1oT9#8onV-W>Q7u5x zR8Z!u@2%{%K~p|(jIsqK}tklTyVb*x+MadmN~TnL~7SCF{(Uj#_q$64YmtG^RhMoOY0vzqVqS z*Z8QBnW>o(tDBM*OQRSElWUzv#P56x)titn#?Vdd`r9wZ-W8K7+#1XPGJ5M`($etL z=H!mtZcDdswf_2-Hj81KTMS5ub&p;37Pb-46tdbZ_iKK{s8m6fHs#u zNdnNmJOG>l>qyz&o}Jjh|8A(Btk~Zl5&=-du``2rcxOT{cVnsaQ$?+ob5-i)8cxTH ziM0Tqbp8Q@6Vq5xaRkO;K`ijNy!KntG?|yXLND6Cn1Re{$O z*c{gXn)$8U28?$~&CJZaHwo5gnVHSRv>dJuW_Yq)H^OlATytAnbv9D5suKpj61V`< zAAO&vs|0b`B*y*ON`mK{lWa$1Vu4#=X8DN+HZPyn9NCYxmtERpBaB9ci#8aWMUU}l zRHyTPrrO?14#NfmQ_63cH8nx}tz9NvAXllHwV#p2{tWMesrX$`>76#>z?J@^*$dU5 zYemn8s6LGQ5fYEX3^p$z;;XiO3Y(P2N6tTwPm|o)&92LvIGykEc7qi)F)`h_X*te^ zI4)%BE@T}Lht6FRagsE4aFTbi6V0}cWd?sKjxfuNF%2?T(9&LY(lBy*;QVM2Pc%xs zD+K4>eoNaogzyX5avA5j?c}5W)T|E~Nkluzf-{75e$vM^IwqLu$I4IoV6W3~j{FXubG z+FV2ZWYIA&TC&W{Z=vAwrF)@sOnyiDXCw{wu6q0toVDChtOnu*?O&I1-Tp9$-oTOo z!?;?smx{CaBa*yAZc}qJkNX6STxm&34x?sPhFpN9l*nyd>Xa!k>&ziI3)R+j+fD@R zZ{qs%d2-iq2Cu{OpDGYL@KIQ7COt-oYMthx(nMS~+1g_i z7bz_*-Ocv#2KSmJ4v&j7fX{-LC5=ph|M+d{daKi6NnD6V831IHe3fdeDL9}vRi1%C zTdr_0>PsLz20A)=i3}1XqXC*;K&v7p@HZvqFpG4{I|Rpo<4*%H2L;}aC@@lR4JqoZHP>btJP zoNaAyPc+rntChtWf_>%EbnvfB8%|8F+aK50cl8kO8CCsTQYg1JPIK*N{ZC^?Zs|x@ zNi*8#T!+*9u#A!IwNaI>n!298YLw!m4NK}EKZfu{g|Pw6qlqL zm#CVSteTYkAuCxkD_K8Q^S2kGkN3n$d-n=2jCu=7b9p$Y_{)BP zRqc28$x53%PUG=vhX;w%wDR|uqnl7N=H}o2-J*YzS)mbgzKR6E{=h&djaAxd>b$B1 z&Wm=VX`G1P$y?OWc{9K)2qMn;|{qP@lZ z{8Gwd!r^Ev-h`(PT><}9xC=C&s~OFU*?4TZ1c)kP8|JyY42RJLsxFlp8xq3nUkug4 z3V$tW#l>NA=v;KsLgB;DPX5|#$`PYzrn~&8!6(0nA$z}-RB}qF;E#cUkt*%(&UZ?a z|8nBeWek~3Wz9sZY+k3OJOQ(&4?QM9;+7g(Hjy_hBjY# zPb(hdhRt?fX|TqG7!iNHJHtv{wH~owXEm&TqTO*)##D`9vc&4!7|QZ?oU5Ggx#M0- zJX>Ozb0Kbj%3{-|U`}_QWpJaIrL_LSf{Ae!-&>=mg~_2n&}VyJuoWhsOdmT*NzQJ5 zZCZm=i{^YdEB|QK;WsxYk`cbWy5SID0|s?) zijXO+sXnIxB)0o|LAG)65aWT=WpGiE5fMw@Oe5<3?fz;Map3$z8XQlS-GJmHL3;=M z#YZ5eNUMA6JGq>bp#EO@JP@0ln1(mD-rp#uygodKwiT7GD{C+V-b{Q)t{iLuH;AEz zqvr&r=123jiUMcQFdE?)_rt%=z47Ad=TPC&*-a6&0z!tm!$*Z)JRN9%%E6t0wdw54 zrT&WZt|J8O1<;qd-`ik=?N^#_)!ZC@kWx!%zXiT+t7xlAp)vFq+?C(v^P}JCl)<5B zM&7{1B-R85LRYoaho5p3j(@tw>Qh6Trl!?^W(DW@L^*v^33XcyU%7#c1Sq|}xasJL zyX%>@-f(x73ow+NXHBt`$i42fm*F^nRTN&~n+n}0aDmd}iP&6b!I<6OPLKv8oHFly z9Ve>VP#Te@W2I$+*=Bf9*fWP5_27tleOo3O%;@9#GwPM?e8UtoF6YD5bYy#B`4V0q zl7V=%QMchnpiPXt1$h}yfXp->9Hz%n?Lfg0SlWTa^TB?^WZ*K|1iVcbg!}6)rcOE^ zzAOY+H*bUkb7|EaKF2+!>mx;>rv&=6cV2w5P-5nyanQ;Tbn|~i-oz1viyocvuyo!U zrOt@s=q9A4$>?VUW;)Gk+kd3Y>1O~LPZsQhhMC!qTQrz^eWvE)f}VDp?SLO}la@9aJi79ro)!=9Vq=Re5$q)wpbCOyB4wo30g< zg@MO5$9++Ie_$YNYS9z?217VkW{Pv}<6qLM3dz)L=mUz{UttWi?U^CxxD54o2E!cI zxjRe!2Yju^nQHIEZzersi~FLmxS`xQV*MyA{vzz$v2r~LBg2KiXm=>W3&O@IBW3*} zhC^m+sPhm>oE|z0V&5?oh37O1*H(yT2e#*zhG&Sj`0cH|zf>wEj~5MnWw`IQvy-2a zOgYV-%Zve4ul-5aJD$kG$|o{SClY*J1WmStTvpxj`565MPZBpAgh_E(Z6-5CLD?0S z$phE12@COod9HRpno!H7e19wr{{-IFkEnPG0^bl)xq>Px z7~YUw01F&@S2Uyl7c{Xq6Q9 zxAwhphj>va;5Fl9e>C3{B$OqA7uIaJZBQ#o*Eew&^Q7tM`!4}=jvcmmmyFq7mF-mw zV=`*moyo)j6KeH3YK%Y5%Bq%{5s^lDx3>#HFyg#-R5>Z@HGK?Rj9N)=x$WfJGQw*| zPC20Q4A3DlP{MtU;JTpsA!y>5-@;r`E0%|&_xTsh#+#5!ZFD^!cAb(q46^|N4Zp`H z9UUFutG}0$o{s33Y1<8Nb*HK8Gy|$Eh@AW=zVP3FP3|3`M``PPNWc>_2wd2q*aKdz z)MU~MyxR%q=k~4bKsN+5k4m1mG!M*exJHJpi*}gPa@du;U$0B;rMKrjLLoK zb88{G+i9ARc+q~NrTBQ7ei3n}#h%p>X2|{yiM+Hnhx~=Ox@dM3`%Sor&WAWvZmU(~ zKtuj1``eN5G4?4{%Zf_#og%hsRy>PKuJxF66Ru> zmmCTjwRM1EGa;&oUrJeB-D$rtStS?>E+9Jt$?8#LFu8sdxRwK*)VUTeF=`+rUW#u* ztZ!N`X*Zm(N)Wrewiu-`d~e{d3bjdmX&eW^Z5Nzo%xf05t=-+%RQhiRDYxB!aSjYF z7Jg@N*xWe%T>W$FZF1F&Cu8 z#5PdqpXDXOehhk#b$)TN`vuLBRClw9$!i=NBem($FWwl!9;<>qp*c%1-4k}wYioM6 z%|8{7I}o<#KXqar!3$+uln6|hvpFr0#(oX%{Gwq} z*+@yr=A4yw8hxZb;MXgedwiJxtGc%gh-+K7L~##VxLc)gcXuba2X_e?+$~TMJh)pR z5FBC<+#$FImjHpFfdmNY$xik@=f3XS-S@ut=he^BwQ8+7=a^%RZ+y$!owUA4y|fF_ z-R|35qt8#`BHyZh`!U4{i;eLxlE>ctn%Sk_tU$gST~X0g%mVL;!#yBjo0pIHfwK6%=(jib5#s8DUi9TdrgI_S}zL1FjJNZ0s;K4B{DgCPZI#wPS+h7kcQGg0gkb zclu;rd5|<4>diQp0dV4t#&7W*KeKK6xX;rNx(J--- z7rh)9k%pG@94|scjcYzTsm4rSDTa#a3@$TqIJ~sC6`#0oKySC`n#oz6#qn{{Cm=hM zIAOq}jKZhU-WutBWIp}tDUErghRS56QqfO35MABJn2!m2W?rpObVSmnRd3&=db%t( zZ$NR*Q(l>?Kn;^9C^0hu|<)XemZ&{RWo`_?_3nI_WUqgleYvd;dl z4m-M9L7rp{Sx=N8{;fH@oZ^%02^^wm%$pDAhQy5+UdhIp-NU5pTdwcg<+{^&OfI`t9~ENa^Pb3?(hoPtpLUy8TFtNI#BUU zMEMw3y+~Wy@v6n`3a2cyUujg)J+9qb%lQ)?Lue;7AmyU2osr})s0YJEP^c&D zom4IXH$NMAZB|?4*}kBX{`BVk5Fcue=ROk}SM4#WRk0usw{~{sv8rA!pc3+&8BR#= zGCe+S=%Ua-!6)(2GOm1i@jxGySdGK&LpPxX`YFG{5!btxlrHbfq%mwU$zuO2NhZcI z>#g*9()WH`iX9CFJc%gEq(lk+cX-uWRrHSH)T~{#y4{tCq=PivKpkz^wF^3#NO2=m z7lTdf2goLu)-79SE}v3xPin zzPsyMLg{}ILNQ0KMx=(T160%YJXEyRH8`ME`Vh8$E|lh+!x_IP2%V9*tQK}#TRQz8 z@owxH7JWVAFN9FoSX)0>_CpU^XAYzmSXfVPRBdEr2*iX?n>VZWsj%L?Z2bUwHSdqt zTg}c2`HM-=*><3dwH74o?{JVOJEf)tg@tMlULlU1=v@^*_9YGqTdQjvHl_Fxl7IKD zO4_)Z>d*^bVLm!@Ue&(jGO0osE5|8AChJxu>*1lZ;bm0d5+%jOKIYANkrgSZ`=7eP zPAD3#a%DkD??+PAjt}c_Q%PxOJRVLNGHM)pck(8n!{P;d&5JW`Z1%->HAS6Qj9p@*j4ZGXn9c+oyxlC@ycTUk*-%C3Ou+88#69H8VkFdYy<5n$$k2kCg=QR;^!gHLJI}ppmRl3VmQCO7bUdOV z{2)VQ-uI01;-$sI^QF93uZzmnw||hD*CxgFH#VMeh3vwr)YAES24dikDLDr+%Qw$n zrQw+-NC;v`P3DPAimhzvwt8+r#lePL_Veid7qKVWs?My46`-+k$VwZKuf%9llak{3 zn3)BbB7T|k2mE;CVq|D>uhwzANMXX3-)mFZ={AfQDV@vT?7IJq!TaLt(lHglus~UA zl-Mar(M;wx9T*sZ8ch?Fz{<)~Q zzU`o@`&HQ0L5p$!*QIG$<@rG8Va9>lkvP$d9EVOx>Y^c&fVNx(fR{u`C>32qZX?5E!(^m^cYq#)-y5LE1pjO z3T{3c3C`XweGuF`Uu(r^Q(9Vn8$|AX9nVAcg)y%%6QSDE(-S0RtmjDx08w#94o_m3 zd2K!Hv)Bs3>T2NB%#7sea2%o}|L4uko4&B%hS#rcXJ4)7|J?t~X5jBlCV3tIIWH*h zi`@JSpmkS!C?CA$d2!{lSZykFtz*Y)_6Vq-xt_h`i!Fzi>|d5JY=d6k&}wFOc6*$h zi|BPD1)c54&^I~({!k~T6vqY>whF$pF+!4)b^37gttOy+f4GvX8PYQ~W!=e8Joo-A z!QM_I#CdRXQujt6pl_4rRP#&gdQQj7uPUSWM%mcaR6Z`{B~PEjd_Ajkt`d)(T{0|HdVFK{9$WU|Sb>b}razhE@p{k2@)zm_?JbJiYQa<>n+=G` zihGBG7Qn8Nzee0c-@=szUQy8#4P0a{_C5#cQw@eXEtJWl@1eU-Ue4y-C~tGLlIHO_ZY`O5 zx7cq(+*CB(f*^9&2;>6JdRoUlB%KfTQd#g7x$%2nVtl9|T)jAAqG1XtWrWkLxkmZRtjANII-a41p<+SX)_d;^We zuED=YUtON-n>DO8`l_ImNK-gs4|I8)^BKWss4Ob@8U!50{-_BV&0`4DAl+#+ldmrp zS!*K_n-dIdQoEE0jU_V=pGgfNOgXZUlYzTlQz%ugOBBIBsMOJzG8-B}pC;^Z2J*W4 zdhlZYr}qJTTVwj+lCc!zqbO!U2Tl2*mn{06-+}0T&^WdT6orqQ9V~;qSX6R2!|3i2 z$%ba0sHxE7j}jMD?h><`Ad09|H8gNM-9;gdKKiXu5J=8;3IP#c(0h68e8!-2B-&D)MnN%V%!cvKGAZ6174N=B%ZYe$gt$W4{sMU|M0Ea z9g*ZV94_d+-=p!B&b8aSxi4YC(8vhmi}3v1epE77Ai>x>Kld`{7pOA#6N$(j(}sP5 z0Wo>o>P+M(5Us`bUKBqQ+0FosH&jSd6BCchrGCciqdcSy4+TA=I^xdu7F)RR>6Sp- zqo75%7F3xT;{xpm55C?DJt1Owl(&YcZpO)yt;?VM3Aiel`n;$04S^%$&IASMl1*dM zVfKoCv|&^fTll#`>(BGW#2KI!9fG!npt=v6>pi#BN|1d%=Pw{WIZ^8+?8vR3-nDmTLl?@5>Vx%0}j?$N1x8{0;U;j2S& z|0@ZbdPOtAgDS%l#VVDBPv$V_`rUY|idvX`jv#!kq!?qfNVSANJ`N`2C4kZldi^kM$c84?_-vq>1$dfm`4k zz*H$SU@F33PxO}LfAC58jf_*YQXXM3<3KKUGRU#pQa0Z1`c{Z-_a085=LWPz%rNUsnjItq(E+caNH)HYBN|CEE6q=!a-&>TM9Hd=DD26-PoP1Q^|S z_k0z3kc|W%X4W6@Cjr*|4DW;Dd@8hvHQGb5ruce1S-ro}T^ztXn07VKwHh2+)2^iJR{muC0`UuI(QjKIXCLmQjVA zjo&t1T3IAsQhCsIM_;i7fh{owfz0~q`~Y%fXlR%pu$>u6hjec}-HBT$01Z1Y#hd-w zad)B=d~r=TviJL&Ev~RkiJ)fgPeAwo1sp?I=Y?T6r}>@g%1~bb(IO=wOq9v>jrI-> zLk-ppWEk6)s&u&e6RLAylx%&a*8mB34*4O1h@=+5bw?ytx5Dl9kJDC2+v}2g=RrWr zN0Ao70v4V;vkiyZVRXxaSjR3U<^Jzr65o6XvMKrNe6^l5As62=hG=*+!}^_g#9(wj z#o1oxBMFdSm*I^7T<4$}t*M}R(^(Z+GISzVk`1b#RFr}B&s67$-DlMW6&De;!kKaR zk?OJnrUo?wH*va^TtT<2?l7bNiOq6_9%EMmE^C(>F00B)J0li>hRi_UjuPEVW^BHe>BzLg&(Wwu)dqS7JAmFX9cYIqE3W$Q~8m zz_~;cowW#SrTv0wpX|cGSI(##!;yhJ4fYON&x!$yUTfWhRTEXS^7E_TW?{Q4s)gW# zPcS_Hx=r8}O9#H3)LmuS0vRaRLcJY!dhScBk3=fmH2`*e&hf_0%gV~??(PP`WZ4KT zpTHU_jW@OU#@j&z9`zO^{&g(??Q{eL0FdKNeqWevQ$!0_S*9~ssIid33SYXV&OwAI z!dckO=P=OWf+?yhwH~9_q}DP*{20oIsA$Zd$Wd;szN#d3N#M>oSr#~Nm(Ii1Wd-Sn z@@mSb5px*Vcl##G6b#-dD2rV3YHSy~WWkV4BVEdh35HUiL8Ia@J$@4Rh(7xp-(|og zLw&7ev^7I9VfMnV$M8GY&zVOw%qBU@tzF5kab(akqT9Qp7z)TbxjJy$<4dqLWLgI% zD*>jr8SU@46ieOn`*3xC{>`l`-sYJ|Y>sOLIElk~?D=0zXg>kUD*FajkGEUTO{Ft| zx^)YLfTRhqxNDuykKKD=3&0hZxRvX-{G-0+mRJTMqF$PEO5$D&cDCmadm~#iGM@MY zOi!R*;~sXksGy)Q_7MyfDbSu2vy6h2)DJ9)DUJek|5juIQ#QFragv{6%ZxuW4T8_+eOU?<}p@Hd4v=t zt;lO$MhdA=aZK_UeeQwV#(2t{HR9cZK<r3Is@Ucc*;*?#Et&oRkzs2g7Z|cWPX% zsnAA{2}mxbdS}Y&12Fgeg zJ~0xjh=eoe3>!$&FnkVvoRIQ;OL~YO(R5vDyXvvQamH8Z@M=~r6$|_!|DVAYWt}+l zd~*sUa3fpIjW$vVyWUJRVLmpzJ8ZnvCIquF@bZb?4Ddif9*|HSldpWA#odkTW{z4e zO>54){QT2*xrtnAJxgU>N)a-sNSn}tfG4^1bUk3ZH2l~_hSy4-yR|@c5ai0D zkZwYui0k}}a9iTByb)Sygc={7kM87Ysi|YmcMI7=ST?t}RgF2zlFWqc8Biw&Q`K3Q zvBj#zji9LJTTXnxf|kxd3q6)CmP8X*A zW(ZPYf^NNoER*S6DxXqc`)|BE`?s|h?$0o;j zzRYfo=i6*m34KzZtC4jieBV{Uk=M(bsoE2XX!M#9Psu`_6hf~f|3t#zjQ2jQ(WjFM zEB6Devw(lTnuDX;+I!c3h0F_BJ%WoT{fVhA%e@=j$DAm{mmWSlGfCO zO^t5Y>%x@Wn%)*TdFhL9_}27vom1`gIUWAg3_rtSrKc3v7s+K%hwwK- z#S$jfw!2;)TzCt;#KN5Kw7EzodzX%pKm?7cEz*ZfW!v(e?hQw8Ha~LKst;^pio63A z#abkAn6sRkkp9kirc;5N@_Pybl17THH?fGmuNh+{VOW84Q?b-kD4@@E)Rv?iOp>I; z?#Z+Y5X|qDKIY99sw{1%jETfugUB0UQLv-ldG1lqP@pwKET~v2y7`;z)P;ztC*Nt( zM;%9h<#;)W4|~y9iR&0!&!D|3YJ_T>1@SM|8Y_Gg*}RRlkj3WMz!chL1#{G@z%BoM zKr?O{csKVdbSm^JpD`)$2sCBX!n8qsSTzAV26&QnI;l7cv|;0Q7}D0&#ct|{HG3@y zvfxk%dQQC%u^I`k$iOrJZ`0pb`-=_y&#FiCSkqXy|DevjJAW+F~|*^@&h< z(6>G2NyYnbeJZ~F@@>*KGs{_$N88@-rebA=LI;h?^8zccA9^rmq2Z7vW@fS=IxaTb z;~`B<0TKcWI1AsPya&qRMD&x%uL_!ciR26Y0|{U!5q7;n`!SPGsgeL1g?5L6Nu%(X z_nxU$wk)48m~!8z!0o)!B2`oRiT0jUsd2usoqC}yQ>p?I&TesS=EpFA(S}xZ{rEjr z+tF$K+f(gM7$o_cC!Y{l0!hGIgKxvULoMO-;1DtvWAat7vMgEloX*ANrbm zD*9SEE9Qx-kVH4fgG}NMJbc|}gw+^gpD6F8!kVqR&^!r0%62Ej@ht6%0dsd3+yIbEC5T5(+AJ(YYK}4b|HpJlLbt8g75SK{^jpM9WMd@ANMze)CNvnL$M_jhs3o-eC6`wrbrn z^&i);ZRrWXd00y>Dq6|F^+plNuokJo*!mkJ8RZA$Dv?ThTdaMXqxGtJEz;WeaA4_h z?$hVOlI+-5Z~Qbna=v9p*1W|KZ7iHS|ITAANHebs%$*JM(SLUG7u?N?4Psdt2FyZK zZcDz4ZWB|i@Js|#t9w066CG`7Y=&8NMWoyvOl~J0j>y6E?N-=VI4UR=%EQ2QVl>B# zwK%x5?#c&gcvM@?G~3}HtwrtnRPhm3PtIura18w7BfBnFcme6r`y-+h83oTzCVYKM z93=c}`yFp+(AMQ>RLcq<)TP^Qax{?Hy*sO9O#bFfqW!^Z%0xg1A0P^|D&LN zgK|t64%{>0`aUnZkIyCGK6L^8yJXEQ{86b2{;w+)V^uY{u!2pP++gsgN-c=kYlj{* zTq-hESJ*zXEf}f)9CR-S)uTJvN1Hp*JVqbJf8snUE&0r8+~l-&_shaoT}YS8zEyqh z5$jcEq5%q|*wPpJ$7w|FdjYRPR^X8y49<_Cav_JCyzyeTi?T+WVj7MWaTwb<)XVxN zizmxe5dV|_iU6t$E%M(#4D@%91fy;XZ2JM_|HWsFG{aFRS}l)Tz3vGKew+W4IPP%P>eu1W1@H zg`*KO#vVVWh?wRx`_oc#**j0&^{v3}akodoJ4+r{SwzWV+hrgTQx~Eu^5-Pbdg!V- z1}Z28-O)R1bDcyy=B`U!h)8NQGaBB8xNBA7rn%-hs(_4~Cga=1cKpxB2z$y#j701% zPnhGg2}#|9FMcWX<#OMQ%nv<(04$#XAuwwG9&h6X8Km`as*B{wvG&fulH*e zi4dbvsR1%keaQ5C(fOaXOmNVmgnu-l5u2+-gOK~kf_&bps-CKHayBD*3lh@;)9)_! zUsb+(`SLCuh8x>Ru2_0LeNj7c4DbSrukTV$;WdGN7iWO6L<7~myu7@Z7l&M1nz^Dt z#?jfCewnUL`4CVf&CLc#@?hBd5|L*#5P82y1r8{iTwrY;rTtOn)EO0`HWV|JV%pD49_l}fCuq-k>MU_YY_>bX7=H=Kk*gk zgWNsEG1I_u!^-Y>jxuMcIP=x){$~~%Gwu8K+}2EN#KMecpZGO^sWWe zO=%Kg6MO^}HB2PhQXiRbx9hCxww1%oWP| z!1m@yw;sFc`G6ks`IrjwfD>!(e@+q+K)z8dG+wh+`8- zG4%SB9}Z{o;jzIpzo4xMe?ndl#|7PqI(6`4I|w3JUzNy7Aw24S0&0uI%hFj=pFh6= z`)v}K6H9_J6kjhGa}3|zKC;h}=veUnJaUH-Z?rL#n)(vw_LK=)GZI2}jaUxTiPZga zM!igQWMv~0@zuAr2(b6Zi_v4op!lk4$65F{mK|LZ-hD#|q`8kG0x8_O-=9dTB`>O@4XxccLoSGKn zRth|fa@q`)xS1Wy>Rnc(=)y;H+|lYLM&0}()N-eE;k}vRNqqW@K^V3U-1lAId#}r7 zciMYQwYXc{sI|B8p6yMRCmgIztkFB9!t7Bffuzf`vR;;{4Gkwg;Mrp7*^j!~`z_V7q07E?;wXxj{O^>PyZ@TsPP` zPUw@2cdmL}MHz?{wdL0SOvp)4V(UIx9YLOI)d#{0Zx5OmODgmse2C4Rd2p4Is1T5W z&Tpf@g&(0pu`P}3D@}|tcf?e$f*Mm#5ioqG4H@{BEY%>*X-rUu?81ySjvxh{=DRG> zU~yNZx%$MW3PEnB`Vb_ySzJe`f+%Ewb0R}=xbe` zc&BfA!`tEvR$N%y2v7QfP9<_iau;d5WELP3($`to``kP2a4JDrVL94Y^<6pM?00X% zwQv$dbg=Yc@Fa1c&O$n7_qr}q9Z3vGgM{yVmFDw(Jr=S%w324asbekbd7u0q@HWG( zQG5=UmkQZB_lpH6KXi8H6d5V~F*y7etl)JqWP7}Ji%ty3N2f|TH*2%7|0|#pODtO` zW4q!bCs-luzu8WL)oOLuZc|Tt=c%UYs1e7=OkUKkHM-ak=IsEFGkDd&F<>94(t+=+ zc8ZhcZ81TDX&Pw2&JN;r(3|(o3#*m2tBU{74!rQEroyyOgZ>DL;<|;M?fu#^;&Z3Jy0SvT|qsJ+cXGM<(;yto5b{-bM(3CR|8xn0ej-s(8;o-6RJSV3tFeqtuBNXha4HCP42_a6 zf)n)7&GGp66Ag?0t#4j=FO=ins%rs9DhyOX>oFkf`T5r`*U6Pj&!qS=!8b zgs6WjSVyU*fSypy=Fi5+`stNNU{YCE z>)4Kl)JAokz(*JIW%Zv`<^Kd`R^x%r{(SzqTUZ8LGu$FaO>N3zxy8^${RElG{TnEzkN3P&lVK0Q@0EV z>Am0I``1UNd45CQGT1G)pw|6gy!5m#=I3(xO;Pr+kZ9l>XtP z=LR2k7)Im$|B+4UDgY2>pbGT5rg?2GEf?)|l8iI1X;TH|D0zu1U}hpTPM5m>L%&l+H?#*J?xP zzU?Mn8(;4`qNS))&hgb6O_Qs1JH88y0z`U<%B%^>9 zh`@!OVd5;?C`!j1-Xr$l+8;DMW{3fH1bP91X%;c0jn@R2wX0p&46@?O3W%ZlN}M!({?UsQf<0p@)Enf7^Fwp`TgmNR%@7spa2bAMxc?Rs zDo3YiljfWcFIADZ9orwWBzJao<;Rn`3x%RBZv)2>QG1c4v?@1tFYkVgD}*oM`f*%~ zsRrxjC(P=XFG0oV%QKU<;DFU8$Q}5%o$)TZID%-ahPWM&evPvM6>{CDJDD6m!Jn05@!H{GiL& z>INxMV)heUxQN4j?INR>^#tA9$QyVuXh~h1xL@SU*xuDlQcw(|Q0;iyCQMJbCQ(E2 z?U7R^dG<>&M(FGas^9x5+DDX;qDqP+3wDajZG8%EByPrh<%K)o3IM0=*x={@(*b%X z1Aj%Em7UPoE}aSQ^s0r%qm+jSCv$CUOwy__xZxlqx)I2w zsMqTybgetqUJN-x? z%mGDMr|W3AKb5nLN4&68QDElA5_%OXG=8-2w+*ti6h(AMtI&RWQ`WVMuWLYr=hm9ObuTK-dwl zR;7UuWtO*jWI6mm9nV2{J*Zduq-1DKng@lUABKd5A0Ohah0ue`T~9D*#U<#z%RpFV zWmX}ILIk%Kbc#vCtS!IW=`M$t)XPQF!Dw4MVe8Eq1LKd16Bo>2=yE$h8}4~R(^Ei8 zuFb^61S4t2Oq!Rh0hp5?H8(r#9vOKzi-)~~rQV6L7sP)dq;+#~!E; zMRaX*-OsM|f7qEbeGnAId(MovkDiv1imX50kA`~-Xa4*Js*r3!o2}H{p>(DPs%Gzx zmo7+KPnRQGpd;DeeLKGkIdGZ2RnTUS6n(g7i`#yy*!cdlVv2-$@>Zc1vZ{G~m3;`0CHLcPH9AkBHc9i^q9e{5O-%J^e@JnvV8%8C7 zu&9@)n4Gyl&6~^2erjhTy?bBZ$2%_kDo_5UJ^lGG;NiRQ(vgkq?DUTeWIJd6B6$d? zd~Si9{xHy}{=Dzjb}#08qeNSMey_*=kwDg8@k@XGpv*r%2xKTPZ?*7hJV_&(j{nsg z9&gu$D8FoeMUb8OvnKUqGq$&PPvYUbmo6`TXAKMvDym)R{u4?l3jE1T4e+E7et^gD zolv)z)g^j;odZlT zzH)L=sm$&D&maS5!?cVJ-E{nB9v|~0N?G`qjVb<;UkK7WReE^0Smzn;z2K|Y1o=P4 z4fcRFDlIF^0|kD=C>kXEh;`q^E1=appr+yQKzB^5N0MyLbq23$V(3Sx#kAi zrY7dzYo87!+b+Luu5Cqe*VI(k)* z!4VbGtlT*UB0ji(toU!-*>$mJ4n<*7iLE6PJSB*6!x~wQ5hP8i`yBN`l&wfCZ%2E7 zT#0sTW6*&M(nD8SZQ5!f4Fw&4%n8c-{d*H=!+?1(Ue^aWNK`7vplN&I;NG4YACW0K zukVKm3WfCU=Un7xoS#ii`AK~e*qZ35wcuG3H}zE>d^(TMr<4sInRfUpK0X$ z2cgNv=2mEOSmYVUX!O!z=iwO-*K>Ae{nCWjyUJ0>Up`QQReCh7=CsE0n@i7#4# zz{K?lr;P%c?I6+@T8RI1AIaO#0i**u7w)! z%L~a%T$yIO$saQ#AKSN1Tmp;~915WXx@ZXDwscwuD~R4gc!X0|p@&Ydz|-{X0WM)v zI&cLqpN0z9&#ut2zrMK_GrN-KH-E^-`Ii1o(65nJT9cs3jr`@@T9@9pcUTT0t>dVZ z{tB3IZPCn({5K{jvMUkzO!<*MWTeq^duzthhDMf>_199=-|JcBM&xCpj+sUoawHz* z)4Q9bjaA0uw?(zU{o1}EDK#}y84U&kKV19$!%NWhtkQ@#J z1VL;&`!eJ+Nl8)09{#^(w(6p}o#b+K(q+LHM|jBIVPRnlPYr9n@cQ@NxAFQFIz7d= zar&qcB!3LE-qPfLD<^PU>ZXwq9c~WF|Z;*n4X{pUk$DDy`Lw+tR2+vfyQRrT* zh7x;yjjoUJJ6O;Up!>10XG1*q1~tJ#Q~*ThN!Y%<~K5gAB`jr(leI z0XvqM+pe9~ldr+bww3urJ?isRA!|uQyiSoVn!;-+PRYFQ?KH>f_;#Q5y$Pw%p-u!0 zgXmik#> zgCC0Ni=fGL-w|t1BhP>t4<0|PYau++a2@HWiC|_|siQctby}Q(fWmte(PzczC})kr zMRm?gE>Fn#AA~D==>LUo1*SIbZJRjOMoi2UatM)d7w!3Czh31IAXENK!j4)v6ASN| zy?^#L&JwOGjmEEJCb!t`ZpS>H{g|E4A2gbE-YP?Wm5hEKr5ZG}9shi)SP3t?^p>B| z|JNl2T9$@|fZZOvyL;p@se9l>YquYiBlJsk4AI?DS}CjL%2hqL zT+E;U?+*MwfjNKh2ih%EQT^5fD9}I4;~(%+>84c$YT@i}R}iO#wA@YvB0v!_4rI%iU275)^<^()Rj++4Rr%gNl?a0Yv*d [!NOTE] > This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505). - + While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for sustaining a stable production environment and ensuring users aren't blocked from being productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals. ## Central update management in commercial environments @@ -32,18 +32,17 @@ Microsoft has streamlined tools for managing devices – including driver and fi ### Manage updates with Configuration Manager and Intune Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed, and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates. - + For detailed steps, see the following resources: -- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager) -- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). +- [How to manage Surface driver updates in Configuration Manager](https://docs.microsoft.com/surface/manage-surface-driver-updates-configuration-manager.md) +- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications) - [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/) - ### Manage updates with Microsoft Deployment Toolkit Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. These include the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259). - + For detailed steps, see the following resources: - [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/) @@ -54,7 +53,6 @@ Surface driver and firmware updates are packaged as Windows Installer (*.msi) fi For instructions on how to deploy updates by using Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt). - **WindowsPE and Surface firmware and drivers** Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase. @@ -65,13 +63,12 @@ Starting in Endpoint Configuration Manager, you can synchronize and deploy Micro ## Supported devices -Downloadable .msi files are available for Surface devices from Surface Pro 2 and later. Information about .msi files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. - +Downloadable .msi files are available for Surface devices from Surface Pro 2 and later. Information about .msi files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. ## Managing firmware with DFCI With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see: - + - [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide) - [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). @@ -93,7 +90,6 @@ Specific versions of Windows 10 have separate .msi files, each containing all re - Management engine (ME) - Unified extensible firmware interface (UEFI) - ### Downloading .msi files 1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center. @@ -102,8 +98,7 @@ Specific versions of Windows 10 have separate .msi files, each containing all re ![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png) *Figure 1. Downloading Surface updates* - - + ### Surface .msi naming convention Since August 2019, .msi files have used the following naming convention: @@ -120,14 +115,15 @@ This file name provides the following information: - **Windows release:** Win10 - **Build:** 18362 - **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows: - - **Year:** 19 (2019) - - **Month and week:** 073 (third week of July) - - **Minute of the month:** 44195 + - **Year:** 19 (2019) + - **Month and week:** 073 (third week of July) + - **Minute of the month:** 44195 - **Revision of version:** 0 (first release of this version) ### Legacy Surface .msi naming convention + Legacy .msi files (files built before August 2019) followed the same overall naming formula but used a different method to derive the version number. - **** + **Example** - SurfacePro6_Win10_16299_1900307_0.msi @@ -138,13 +134,11 @@ This file name provides the following information: - **Windows release:** Win10 - **Build:** 16299 - **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows: - - **Year:** 19 (2019) - - **Number of release:** 003 (third release of the year) - - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro) + - **Year:** 19 (2019) + - **Number of release:** 003 (third release of the year) + - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro) - **Revision of version:** 0 (first release of this version) - - ## Learn more - [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) @@ -157,4 +151,3 @@ This file name provides the following information: - [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide) - [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). - [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) - diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md new file mode 100644 index 0000000000..f0d70b03fd --- /dev/null +++ b/devices/surface/manage-surface-driver-updates-configuration-manager.md @@ -0,0 +1,197 @@ +--- +title: Manage Surface driver updates in Configuration Manager +description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices. +ms.assetid: b64879c4-37eb-4fcf-a000-e05cbb3d26ea +ms.reviewer: +author: v-miegge +manager: laurawi +keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB +ms.localizationpriority: medium +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices +ms.sitesec: library +author: coveminer +ms.author: v-venum +ms.topic: article +ms.audience: itpro +--- + +# Manage Surface driver updates in Configuration Manager + +## Summary + +Starting in [Microsoft System Center Configuration Manager version 1710](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1710#software-updates), you can synchronize and deploy Microsoft Surface firmware and driver updates directly through the Configuration Manager client. The process resembles deploying regular updates. However, some additional configurations are required to get the Surface driver updates into your catalog. + +## Prerequisites + +To manage Surface driver updates, the following prerequisites must be met: + +- You must use Configuration Manager version 1710 or a later version. +- All Software Update Points (SUPs) must run Windows Server 2016 or a later version. Otherwise, Configuration Manager ignores this setting and Surface drivers won't be synchronized. + +> [!NOTE] +> If your environment doesn’t meet the prerequisites, refer to the [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates in the "FAQ" section. + +## Useful log files + +The following logs are especially useful when you manage Surface driver updates. + +|Log name|Description| +|---|---| +|WCM.log|Records details about the software update point configuration and connections to the WSUS server for subscribed update categories, classifications, and languages.| +|WsyncMgr.log|Records details about the software updates sync process.| + +These logs are located on the site server that manages the SUP, or on the SUP itself if it's installed directly on a site server. +For a complete list of Configuration Manager logs, see [Log files in System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/log-files). + +## Enabling Surface driver updates management + +To enable Surface driver updates management in Configuration Manager, follow these steps: + +1. In the Configuration Manager console, go to **Administration** > **Overview** > **Site Configuration** > **Sites**. +1. Select the site that contains the top-level SUP server for your environment. +1. On the ribbon, select **Configure Site Components**, and then select **Software Update Point**. Or, right-click the site, and then select **Configure Site Components** > **Software Update Point**. +1. On the **Classifications** tab, select the **Include Microsoft Surface drivers and firmware updates** check box. + + ![Software Update Point Component Properties](images/manage-surface-driver-updates-1.png) + +1. When you're prompted by the following warning message, select **OK**. + + ![Configuration Manager](images/manage-surface-driver-updates-2.png) + +1. On the Products tab, select the products that you want to update, and then select **OK**. + + Most drivers belong to the following product groups: + + - Windows 10 and later version drivers + - Windows 10 and later Upgrade & Servicing Drivers + - Windows 10 Anniversary Update and Later Servicing Drivers + - Windows 10 Anniversary Update and Later Upgrade & Servicing Drivers + - Windows 10 Creators Update and Later Servicing Drivers + - Windows 10 Creators Update and Later Upgrade & Servicing Drivers + - Windows 10 Fall Creators Update and Later Servicing Drivers + - Windows 10 Fall Creators Update and Later Upgrade & Servicing Drivers + - Windows 10 S and Later Servicing Drivers + - Windows 10 S Version 1709 and Later Servicing Drivers for testing + - Windows 10 S Version 1709 and Later Upgrade & Servicing Drivers for testing + +> [!NOTE] +> Most Surface drivers belong to multiple Windows 10 product groups. You may not have to select all the products that are listed here. To help reduce the number of products that populate your Update Catalog, we recommend that you select only the products that are required by your environment for synchronization. + +## Verifying the configuration + +To verify that the SUP is configured correctly, follow these steps: + +1. Open WsyncMgr.log, and then look for the following entry: + + ``` + Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set. + + Sync Catalog Drivers SCF value is set to : 1 + ``` + + If either of the following entries is logged in WsyncMgr.log, recheck step 4 in the previous section: + + ``` + Sync Surface Drivers option is not set + + Sync Catalog Drivers SCF value is set to : 0 + ``` + +1. Open WCM.log, and then look for an entry that resembles the following: + + ![WCM.log settings](images/manage-surface-driver-updates-3.png) + + This entry is an XML element that lists every product group and classification that's currently synchronized by your SUP server. For example, you might see an entry that resembles the following: + + ``` + + + + + + ``` + + If you can't find the products that you selected in step 6 in the previous section, double-check whether the SUP settings are saved. + + You can also wait until the next synchronization finishes, and then check whether the Surface driver and firmware updates are listed in Software Updates in the Configuration Manager console. For example, the console might display the following information: + + ![All Software Updates Search Results](images/manage-surface-driver-updates-4.png) + +## Manual synchronization + +If you don't want to wait until the next synchronization, follow these steps to start a synchronization: + +1. In the Configuration Manager console, go to **Software Library** > **Overview** > **Software Updates** > **All Software Updates**. +1. On the ribbon, select **Synchronize Software Updates**. Or, right-click **All Software Update**, and then select **Synchronize Software Update**. +1. Monitor the synchronization progress by looking for the following entries in WsyncMgr.log: + + ``` + Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set. + + sync: SMS synchronizing categories + sync: SMS synchronizing categories, processed 0 out of 311 items (0%) + sync: SMS synchronizing categories, processed 311 out of 311 items (100%) + sync: SMS synchronizing categories, processed 311 out of 311 items (100%) + sync: SMS synchronizing updates + + Synchronizing update 7eaa0148-c42b-45fd-a1ab-012c82972de6 - Microsoft driver update for Surface Type Cover Integration + Synchronizing update 2dcb07f8-37ec-41ef-8cd5-030bf24dc1d8 - Surface driver update for Surface Pen Pairing + Synchronizing update 63067414-ae52-422b-b3d1-0382a4d6519a - Surface driver update for Surface UEFI + Synchronizing update 8e4e3a41-a784-4dd7-9a42-041f43ddb775 - Surface driver update for Surface Integration + Synchronizing update 7f8baee8-419f-47e2-918a-045a15a188e7 - Microsoft driver update for Surface DTX + Synchronizing update aed66e05-719b-48cd-a0e7-059e50f67fdc - Microsoft driver update for Surface Base Firmware Update + Synchronizing update 8ffe1526-6e66-43cc-86e3-05ad92a24e3a - Surface driver update for Surface UEFI + Synchronizing update 74102899-0a49-48cf-97e6-05bde18a27ff - Microsoft driver update for Surface UEFI + ``` + +## Deploying Surface firmware and driver updates + +You can deploy Surface firmware and driver updates in the same manner as you deploy other updates. + +For more information about deployment, see [System Center 2012 Configuration Manager–Part7: Software Updates (Deploy)](https://blogs.technet.microsoft.com/elie/2012/05/25/system-center-2012-configuration-managerpart7-software-updates-deploy/). + +## Frequently asked questions (FAQ) + +**After I follow the steps in this article, my Surface drivers are still not synchronized. Why?** + +If you synchronize from an upstream Windows Server Update Services (WSUS) server instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. + +**After I follow the steps in this article, some Surface drivers are synchronized, but not the expected drivers. Why?** + +The processing time for testing drivers and confirming them for deployment through WSUS and Configuration Manager varies. Therefore, Surface driver updates are not necessarily available on the same day for both manual installation and Configuration Manager console deployment. + +Additionally, there are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. Surface drivers must go through additional testing before they can be added to this list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. + +**Is the driver allow list published? Is it downloadable?** + +The Surface driver allow list isn't published online. This list is delivered to Configuration Manager through the update and servicing channels. If your Configuration Manager environment is online and able to detect new updates, you will receive updates to the list automatically. + +If your Configuration Manager environment is offline, a new allow list is imported every time that you import servicing updates to Configuration Manager. You will also have to import a new WSUS catalog that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment. + +Another solution is to use [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates. + +**I require the latest firmware update, and I can't wait for it to be approved for import into Configuration Manager. Can I manually import the driver into WSUS?** + +No. Even if the update is imported into WSUS, the update won't be imported into the Configuration Manager console for deployment if it isn't listed in the allow list. + +Another solution is to use [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates. + +**Can I manually add a driver to the allow list?** + +No. The list is stored in the Configuration Manager database. Any changes to the list will be overwritten the next time that the CAB file is processed. + +**What alternative methods do I have to deploy Surface driver and firmware updates?** + +For information about how to deploy Surface driver and firmware updates through alternative channels, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). + +If you want to download the .msi or .exe file, and then deploy through traditional software deployment channels, see [Keeping Surface Firmware Updated with Configuration Manager](https://blogs.technet.microsoft.com/thejoncallahan/2016/06/20/keeping-surface-firmware-updated-with-configuration-manager/). + +## Additional Information + +For more information about Surface driver and firmware updates, see the following articles: + +- [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) +- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates) +- [Considerations for Surface and System Center Configuration Manager](https://docs.microsoft.com/surface/considerations-for-surface-and-system-center-configuration-manager) From 35a2d548d1762b2528e49faec7a16cb3776b9229 Mon Sep 17 00:00:00 2001 From: Mike Eggers <49650192+v-miegge@users.noreply.github.com> Date: Thu, 14 May 2020 14:39:48 -0700 Subject: [PATCH 24/84] Updated ms.author --- .../manage-surface-driver-updates-configuration-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md index f0d70b03fd..285d16a325 100644 --- a/devices/surface/manage-surface-driver-updates-configuration-manager.md +++ b/devices/surface/manage-surface-driver-updates-configuration-manager.md @@ -12,7 +12,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-venum +ms.author: daclark ms.topic: article ms.audience: itpro --- From 1c72c2ee112d3fad7aec8b0ffff3aea216d4bd7d Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 16 May 2020 11:54:23 +0500 Subject: [PATCH 25/84] minor correction Volume E was mentioned in the document but in actual case it should only b Volume. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6218 --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 406d096165..a2cc7ac74e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -457,7 +457,7 @@ Checking BitLocker status with the control panel is the most common method used | **Suspended** | BitLocker is suspended and not actively protecting the volume | | **Waiting for Activation**| BitLocker is enabled with a clear protector key and requires further action to be fully protected| -If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on volume E. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to the volume before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status. +If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on volume. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to the volume before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status. Using the control panel, administrators can choose **Turn on BitLocker** to start the BitLocker Drive Encryption wizard and add a protector, like PIN for an operating system volume (or password if no TPM exists), or a password or smart card protector to a data volume. The drive security window displays prior to changing the volume status. Selecting **Activate BitLocker** will complete the encryption process. From e928e808b4cf5c495af9449047e55e4b88ad592b Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Mon, 18 May 2020 11:42:15 +0200 Subject: [PATCH 26/84] Typo corrections "seperately" x2 Ref. #5916 - Reviving the typo corrections provided by @schneiderl in PR #5916 --- .../credential-guard/dg-readiness-tool.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index 6727a09859..ae96f09ed1 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -12,7 +12,7 @@ ms.author: stsyfuhs manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.reviewer: +ms.reviewer: --- # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool @@ -1184,7 +1184,7 @@ if($Enable) if(!$_isRedstone) { LogAndConsole "OS Not Redstone, enabling IsolatedUserMode separately" - #Enable/Disable IOMMU seperately + #Enable/Disable IOMMU separately ExecuteCommandAndLog 'DISM.EXE /Online /Enable-Feature:IsolatedUserMode /NoRestart' } $CmdOutput = DISM.EXE /Online /Enable-Feature:Microsoft-Hyper-V-Hypervisor /All /NoRestart | Out-String @@ -1253,7 +1253,7 @@ if($Disable) if(!$_isRedstone) { LogAndConsole "OS Not Redstone, disabling IsolatedUserMode separately" - #Enable/Disable IOMMU seperately + #Enable/Disable IOMMU separately ExecuteCommandAndLog 'DISM.EXE /Online /disable-Feature /FeatureName:IsolatedUserMode /NoRestart' } $CmdOutput = DISM.EXE /Online /disable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /NoRestart | Out-String From d2bd7348adcb4f8d14b8620f248eaaa52ab53006 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 18 May 2020 16:07:27 +0500 Subject: [PATCH 27/84] Update windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index a2cc7ac74e..96fc9bd8c2 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -457,7 +457,7 @@ Checking BitLocker status with the control panel is the most common method used | **Suspended** | BitLocker is suspended and not actively protecting the volume | | **Waiting for Activation**| BitLocker is enabled with a clear protector key and requires further action to be fully protected| -If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on volume. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to the volume before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status. +If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on the volume. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to the volume before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status. Using the control panel, administrators can choose **Turn on BitLocker** to start the BitLocker Drive Encryption wizard and add a protector, like PIN for an operating system volume (or password if no TPM exists), or a password or smart card protector to a data volume. The drive security window displays prior to changing the volume status. Selecting **Activate BitLocker** will complete the encryption process. From 46957625cae2a0a21c2b23d8803e99936bcee3ae Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 19 May 2020 09:19:20 -0700 Subject: [PATCH 28/84] update --- windows/deployment/planning/windows-10-deprecated-features.md | 1 + windows/deployment/planning/windows-10-removed-features.md | 1 + 2 files changed, 2 insertions(+) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 5a34226e0f..242a6e3384 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b |Feature | Details and mitigation | Announced in version | | ----------- | --------------------- | ---- | +| Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 508cc788a8..82e9ff19ad 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -27,6 +27,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | +| Hyper-V vSwitch on LBFO | The Hyper-V vSwitch can not be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 2004 | | PNRP APIs| ​The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | | Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 | | Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | 1903 | From 2a5b0d5c0696e674daac125255dbb747f38ac5ba Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 20 May 2020 01:55:31 +0200 Subject: [PATCH 29/84] #6744 follow-up: convert Note text to Note blob Description: In PR #6744, a Note text line was added to the page, but without the common Note blob used in the default MS Docs code style. This PR updates the Note to follow the MS Docs code style by adding the MarkDown Note blob indent markers and the [!NOTE] tag or header. The text content itself remains unchanged. Changes proposed: - Convert the Note text line to a standard MS Docs Note blob - Remove redundant end-of-line whitespace (blanks) throughout the page Ticket closure or reference: Ref. PR #6744 --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index b9c99d4bae..98e4ceb61e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -16,6 +16,7 @@ localizationpriority: medium ms.date: 10/23/2017 ms.reviewer: --- + # Configure Hybrid Windows Hello for Business: Directory Synchronization **Applies to** @@ -26,7 +27,7 @@ ms.reviewer: ## Directory Synchronization -In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. +In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually. @@ -45,12 +46,12 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv 6. In the **Applies to** list box, select **Descendant User objects**. 7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**. 8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCredentialLink**. -9. Click **OK** three times to complete the task. +9. Click **OK** three times to complete the task. ### Group Memberships for the Azure AD Connect Service Account -The KeyAdmins or KeyCredential Admins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. +The KeyAdmins or KeyCredential Admins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials. @@ -61,14 +62,15 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. -Note: if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. +> [!NOTE] +> if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. ### Section Review > [!div class="checklist"] > * Configure Permissions for Key Synchronization > * Configure group membership for Azure AD Connect -> +> > [!div class="step-by-step"] > [< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md) > [Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md) From 6c6a89b9f73f346c41305a528c155ff1f13afc6e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 20 May 2020 19:18:35 +0200 Subject: [PATCH 30/84] Add grammar correction - by mapalko Co-authored-by: mapalko --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 98e4ceb61e..78b43b43e2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -63,7 +63,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 6. Click **OK** to return to **Active Directory Users and Computers**. > [!NOTE] -> if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. +> If your AD forest has multiple domains, make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. ### Section Review From 192dd5a33c560e5a71b45beb18111654ee689b4b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 22 May 2020 08:52:58 -0700 Subject: [PATCH 31/84] update --- windows/deployment/planning/windows-10-deprecated-features.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 242a6e3384..c3a6639bda 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b |Feature | Details and mitigation | Announced in version | | ----------- | --------------------- | ---- | +| Microsoft Edge | The current version of Microsoft Edge is no longer being developed, pending replacement by the new [Microsoft Edge](https://www.microsoftedgeinsider.com/whats-new).| 2004 | | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | From bab54b74223d0c8d7f011435b001d5eee0d7da7b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 22 May 2020 09:52:26 -0700 Subject: [PATCH 32/84] update --- windows/deployment/planning/windows-10-removed-features.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 82e9ff19ad..826247f696 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -27,6 +27,8 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | +| Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | +| Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 | | Hyper-V vSwitch on LBFO | The Hyper-V vSwitch can not be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 2004 | | PNRP APIs| ​The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | | Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 | From c681ce5d967dbf49629f6041332da3d548ac324d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 22 May 2020 10:05:39 -0700 Subject: [PATCH 33/84] update --- windows/deployment/deploy-windows-to-go.md | 4 +- ...ctice-recommendations-for-windows-to-go.md | 109 +++++++++--------- ...oyment-considerations-for-windows-to-go.md | 2 +- ...are-your-organization-for-windows-to-go.md | 4 +- ...ection-considerations-for-windows-to-go.md | 4 +- ...indows-to-go-frequently-asked-questions.md | 4 +- .../planning/windows-to-go-overview.md | 2 +- 7 files changed, 65 insertions(+), 64 deletions(-) diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index b54532b820..52cc80097b 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -25,8 +25,8 @@ ms.topic: article This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. ## Deployment tips diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md index 0652569347..41c34aec02 100644 --- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md +++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md @@ -1,54 +1,55 @@ ---- -title: Best practice recommendations for Windows To Go (Windows 10) -description: Best practice recommendations for Windows To Go -ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: best practices, USB, device, boot -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Best practice recommendations for Windows To Go - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -The following are the best practice recommendations for using Windows To Go: - -- Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive. -- Do not insert the Windows To Go drive into a running computer. -- Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer. -- If available, use a USB 3.0 port with Windows To Go. -- Do not install non-Microsoft core USB drivers on Windows To Go. -- Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection. - -Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain. - -## More information - - -[Windows To Go: feature overview](windows-to-go-overview.md)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
- -  - -  - - - - - +--- +title: Best practice recommendations for Windows To Go (Windows 10) +description: Best practice recommendations for Windows To Go +ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: best practices, USB, device, boot +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: mobility +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Best practice recommendations for Windows To Go + + +**Applies to** + +- Windows 10 + +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + +The following are the best practice recommendations for using Windows To Go: + +- Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive. +- Do not insert the Windows To Go drive into a running computer. +- Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer. +- If available, use a USB 3.0 port with Windows To Go. +- Do not install non-Microsoft core USB drivers on Windows To Go. +- Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection. + +Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain. + +## More information + + +[Windows To Go: feature overview](windows-to-go-overview.md)
+[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
+[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
+[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
+[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
+ +  + +  + + + + + diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index d57413d357..8724e8278a 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -23,7 +23,7 @@ ms.topic: article - Windows 10 > [!IMPORTANT] -> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs. diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md index a9f0103eb9..c896c72fde 100644 --- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md +++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md @@ -22,8 +22,8 @@ ms.topic: article - Windows 10 ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the “what”, “why”, and “when” questions an IT professional might have when planning to deploy Windows To Go. diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index 905e495858..952f743607 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -22,8 +22,8 @@ ms.topic: article - Windows 10 ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index d888468cfe..2a8889f1ab 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -22,8 +22,8 @@ ms.topic: article - Windows 10 ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. The following list identifies some commonly asked questions about Windows To Go. diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 23fefc02cd..c978295e6e 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -23,7 +23,7 @@ ms.topic: article - Windows 10 > [!IMPORTANT] -> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. From 404588ea2a60c67404d06a5f56f4899f1290fe22 Mon Sep 17 00:00:00 2001 From: Kannan B <59028488+kannanb-github@users.noreply.github.com> Date: Tue, 26 May 2020 09:00:20 +0530 Subject: [PATCH 34/84] LocURI locator is denoted with [\] The LocURI has to be denoted with [/] a wrong separate was used in the URI, the file has been changed with correct separator. --- .../client-management/mdm/understanding-admx-backed-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index ab3a46a409..14cd5810b2 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -260,7 +260,7 @@ Note that the data payload of the SyncML needs to be encoded so that it does not The **LocURI** for the above GP policy is: -`.\Device\Vendor\MSFT\Policy\Config\AppVirtualization\PublishingAllowServer2` +`./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2` To construct SyncML for your area/policy using the samples below, you need to update the **data id** and the **value** in the `` section of the SyncML. The items prefixed with an '&' character are the escape characters needed and can be retained as shown. From d178dd4f7ed8ed166f7e700e76ec1f5cbbac06f7 Mon Sep 17 00:00:00 2001 From: v-jodben <65978782+v-jodben@users.noreply.github.com> Date: Tue, 26 May 2020 14:30:40 -0700 Subject: [PATCH 35/84] removed restart verbiage; line 44 "The device will need to restart to acquire policies, certificates, and apps." removed; line 44. --- devices/hololens/hololens-enroll-mdm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md index 0e557e9c50..9eb5eea890 100644 --- a/devices/hololens/hololens-enroll-mdm.md +++ b/devices/hololens/hololens-enroll-mdm.md @@ -41,7 +41,7 @@ When auto-enrollment is enabled, no additional manual enrollment is needed. When 1. Select **Enroll into device management** and enter your organizational account. You will be redirected to your organization's sign in page. 1. Upon successful authentication to the MDM server, a success message is shown. -Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management. +Your device is now enrolled with your MDM server. The Settings app will now reflect that the device is enrolled in device management. ## Unenroll HoloLens from Intune From 0e05de5a8b9e0b21ba0e4f279ffd571747c8cf90 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 26 May 2020 15:43:41 -0700 Subject: [PATCH 36/84] lbfo removed --- windows/deployment/planning/windows-10-deprecated-features.md | 1 - windows/deployment/planning/windows-10-removed-features.md | 1 - 2 files changed, 2 deletions(-) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index c3a6639bda..8f602e799e 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -28,7 +28,6 @@ The features described below are no longer being actively developed, and might b | ----------- | --------------------- | ---- | | Microsoft Edge | The current version of Microsoft Edge is no longer being developed, pending replacement by the new [Microsoft Edge](https://www.microsoftedgeinsider.com/whats-new).| 2004 | | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | -| Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | | Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
 
The recommended replacement for PSR is [Azure App Service](https://docs.microsoft.com/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 826247f696..f25c4ec7ab 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -29,7 +29,6 @@ The following features and functionalities have been removed from the installed | ----------- | --------------------- | ------ | | Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | | Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 | -| Hyper-V vSwitch on LBFO | The Hyper-V vSwitch can not be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 2004 | | PNRP APIs| ​The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | | Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 | | Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | 1903 | From 4dcc5c370d5e72d359259f4177902bb1eab9f372 Mon Sep 17 00:00:00 2001 From: stmulq <65617435+stmulq@users.noreply.github.com> Date: Tue, 26 May 2020 16:28:29 -0700 Subject: [PATCH 37/84] Fixed typo There is a typo in step 2 of "If the supported language you are looking for is not in the menu, follow these steps:". I changed "Locater" to "Locate". --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 955eec82e6..e97e9dd065 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -62,7 +62,7 @@ The setup process configures your HoloLens for a specific region and language. Y If the supported language that you're looking for is not in the menu, follow these steps: 1. Under **Preferred languages**, select **Add a language**. -2. Locater and add the language. +2. Locate and add the language. 3. Select the **Windows display language** menu again, and then select the language that you added in the previous step. ### To change the keyboard layout From e18a5e239456b0d81fd8178bfc3b2ad86cabc0c6 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 27 May 2020 14:06:10 -0700 Subject: [PATCH 38/84] added entry for new WUfB topic in the relevant section --- windows/deployment/TOC.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 600278cc0d..a802a391e6 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -145,6 +145,8 @@ href: update/feature-update-user-install.md - name: Use Windows Update for Business items: + - name: What is Windows Update for Business? + - href: update/waas-manage-updates-wufb - name: Configure Windows Update for Business href: update/waas-configure-wufb.md - name: Enforcing compliance deadlines for updates From fd78fed4e75db0c209b6ba4408efca3a943a1a1e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 27 May 2020 14:35:50 -0700 Subject: [PATCH 39/84] updates --- windows/deployment/planning/windows-10-deprecated-features.md | 2 +- windows/deployment/planning/windows-10-removed-features.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 8f602e799e..016f19f8bc 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -26,7 +26,7 @@ The features described below are no longer being actively developed, and might b |Feature | Details and mitigation | Announced in version | | ----------- | --------------------- | ---- | -| Microsoft Edge | The current version of Microsoft Edge is no longer being developed, pending replacement by the new [Microsoft Edge](https://www.microsoftedgeinsider.com/whats-new).| 2004 | +| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 | | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index f25c4ec7ab..14c2603131 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -27,6 +27,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | +| Cortana | Some features in [Cortana](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana) have changed. | 2004 | | Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | | Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 | | PNRP APIs| ​The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | From 92d10551ddff53f17a6f1b6f7c8ba2de56eec550 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 27 May 2020 14:43:19 -0700 Subject: [PATCH 40/84] fixing my stupid yml mistakes --- windows/deployment/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index a802a391e6..3dda78fbb4 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -146,7 +146,7 @@ - name: Use Windows Update for Business items: - name: What is Windows Update for Business? - - href: update/waas-manage-updates-wufb + href: update/waas-manage-updates-wufb.md - name: Configure Windows Update for Business href: update/waas-configure-wufb.md - name: Enforcing compliance deadlines for updates From 71b3d5e0a37363ae00149d8ffc6267cb5dcf9b16 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 27 May 2020 15:31:54 -0700 Subject: [PATCH 41/84] Update manage-windows-mixed-reality.md Adding 20H1 GA FOD link for managing WMR and updating title per feedback. Should be ready merge now. --- .../application-management/manage-windows-mixed-reality.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index da98a12e3b..b82c42bf9a 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -13,7 +13,7 @@ ms.author: dansimp ms.topic: article --- -# Enable or block Windows Mixed Reality apps in the enterprise +# Enable or block Windows Mixed Reality apps in enterprises **Applies to** @@ -33,7 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD. - a. Download the FOD .cab file for [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). + a. Download the FOD .cab file for [Windows 10, version 20H1](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). >[!NOTE] >You must download the FOD .cab file that matches your operating system version. From 2b930185f3ed5a2dd55e69a553195bc086cf5781 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 27 May 2020 16:01:18 -0700 Subject: [PATCH 42/84] fixing some errors in the DO content; cleaning up some internal notes --- windows/deployment/update/eval-infra-tools.md | 2 +- windows/deployment/update/update-policies.md | 4 ++-- .../deployment/update/waas-delivery-optimization-setup.md | 2 ++ windows/deployment/update/waas-delivery-optimization.md | 5 +---- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 5c33dd1377..af6fe156e8 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -45,7 +45,7 @@ Keep security baslines current to help ensure that your environment is secure an There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately. - **Windows 10 Administrative templates**: Each Windows 10 feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591). -- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. {SET COMPLIANCE and other policies} +- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. ## Define operational readiness criteria diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index e224bce787..dbf94c9677 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -79,7 +79,7 @@ automatic restart. To take advantage of this feature, ensure **ConfigureDeadline ## Device activity policies Windows typically requires that a device is active and connected to the internet for at least six hours, with at least two -of continuous activity {HOW DO YOU DEFINE ACTIVITY?}, in order to successfully complete a system update. The device could have other +of continuous activity, in order to successfully complete a system update. The device could have other physical circumstances that prevent successful installation of an update--for example, if a laptop is running low on battery power, or the user has shut down the device before active hours end and the device cannot comply with the deadline. @@ -201,4 +201,4 @@ Updates** rather than setting a deferral policy. You can choose a longer period - **Pause Quality Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution. - **Deadline No Auto Reboot**. Default is **Disabled – Set to 0** . We recommend that devices automatically try to restart when an update is received. Windows uses user interactions to dynamically identify the least disruptive time to restart. -There are additional policies are no longer supported or have been superseded. See {LINK TO Policies and settings reference guide – Policies to disable or not configure} for more information. +There are additional policies are no longer supported or have been superseded. diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index 7bcf7c77c3..584aa81202 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -128,6 +128,8 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** | PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. | | ExpireOn | The target expiration date and time for the file. | | Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). | + +Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data: diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 40cf29568f..d39db925b7 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -73,9 +73,6 @@ The following table lists the minimum Windows 10 version that supports Delivery - @@ -144,7 +141,7 @@ For the payloads (optional): **How does Delivery Optimization handle VPNs?** Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure." -If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the {WE SHOULD NAME OR POINT TO THIS POLICY} policy. +If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. If you have defined a boundary group in Configuration Manager and have for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. From 9e9c6dfde80b9658f6b2eff4f66f2e9441e0ea9e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 27 May 2020 16:32:52 -0700 Subject: [PATCH 43/84] updates --- windows/deployment/planning/windows-10-deprecated-features.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 016f19f8bc..fba2f6ef1d 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b |Feature | Details and mitigation | Announced in version | | ----------- | --------------------- | ---- | +| Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 | | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 | | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | From 9a6bc337ceff3e0de97b3fbcec2e56c6023f4e52 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 27 May 2020 18:53:45 -0700 Subject: [PATCH 44/84] removing stub --- windows/privacy/stub.md | 60 ----------------------------------------- 1 file changed, 60 deletions(-) delete mode 100644 windows/privacy/stub.md diff --git a/windows/privacy/stub.md b/windows/privacy/stub.md deleted file mode 100644 index 9537f0fa72..0000000000 --- a/windows/privacy/stub.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Stub topic -description: Use this topic to test localization e2e. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: high -audience: ITPro -author: dansimp -ms.author: dansimp -manager: dansimp -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/11/2019 -ms.reviewer: ---- -# Stub topic - -Applies to: -- Windows 10, version 1809 -- Windows 10, version 1803 -- Windows 10, version 1709 -- Windows 10, version 1703 -- Windows 10 Team Edition, version 1703 for Surface Hub -- Windows Server 2019 -- Windows Server 2016 -- Windows Analytics - -This topic provides IT Decision Makers with a basic understanding of the relationship between users in an organization and Microsoft in the context of the GDPR (General Data Protection Regulation). You will also learn what role an IT organization plays for that relationship. - -For more information about the GDPR, see: -* [Microsoft GDPR Overview](https://aka.ms/GDPROverview) -* [Microsoft Trust Center FAQs about the GDPR](https://aka.ms/gdpr-faq) -* [Microsoft Service Trust Portal (STP)](https://aka.ms/stp) -* [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted) - -## GDPR fundamentals - -Here are some GDPR fundamentals: - -* On May 25, 2018, this EU data privacy law is implemented. It sets a new global bar for data privacy rights, security, and compliance. -* The GDPR is fundamentally about protecting and enabling the privacy rights of individuals – both customers and employees. -* The European law establishes strict global data privacy requirements governing how organizations manage and protect personal data while respecting individual choice – no matter where data is sent, processed, or stored. -* A request by an individual to an organization to take an action on their personal data is referred to here as a *data subject request*, or *DSR*. - -Microsoft believes data privacy is a fundamental right, and that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We also recognize that the GDPR required significant changes by organizations all over the world with regard to the discovery, management, protection, and reporting of personal data that is collected, processed, and stored within an organization. - -### What is personal data under the GDPR? - -Article 4 (1) of [the GDPR](http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=en) defines personal data as any information relating to an identified or identifiable person. There is no distinction between a person’s private, public, or work roles. As defined by the GDPR, personal data includes, but is not limited to: -* Name -* Email address -* Credit card numbers -* IP addresses -* Social media posts -* Location information -* Handwriting patterns -* Voice input to cloud-based speech services - From 7bca9388e1c61fd5c4d7ecae8e72af9b2c9364f8 Mon Sep 17 00:00:00 2001 From: Seth Paniagua Date: Thu, 28 May 2020 07:40:50 -0700 Subject: [PATCH 45/84] Handle key duplication suggestions For Thomas to review for the migration project of mdop --- ...-v-50-package-to-an-app-v-46-package-for-a-specific-user.md | 1 - ...an-app-v-46-sp1-application-from-an-app-v-50-application.md | 1 - mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md | 2 -- mdop/mbam-v25/deploy-mbam.md | 1 - mdop/mbam-v25/troubleshooting-mbam-installation.md | 1 - mdop/mbam-v25/upgrade-mbam2.5-sp1.md | 3 +-- 6 files changed, 1 insertion(+), 8 deletions(-) diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md index 76656d39e1..38d5dc61eb 100644 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md +++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md @@ -4,7 +4,6 @@ title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a author: dansimp -ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md index 0345a45113..bad9d61431 100644 --- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md +++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md @@ -4,7 +4,6 @@ title: How to Use an App-V 4.6 Application From an App-V 5.0 Application description: How to Use an App-V 4.6 Application From an App-V 5.0 Application ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487 author: msfttracyp -ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487 ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index cd77d39b06..1fa9570415 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -11,8 +11,6 @@ ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 ms.date: 8/30/2018 -ms.author: pashort -author: shortpatti --- # Applying hotfixes on MBAM 2.5 SP1 diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index a921105176..c035e3eadb 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -8,7 +8,6 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 -manager: dcscontentpm --- # Deploying MBAM 2.5 in a standalone configuration diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md index f2d0494b7f..9dce3b1297 100644 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md @@ -8,7 +8,6 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 -manager: dcscontentpm --- # Troubleshooting MBAM 2.5 installation problems diff --git a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md index 153757ee67..0e55529039 100644 --- a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md +++ b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md @@ -2,11 +2,10 @@ title: Upgrading from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update author: dansimp ms.author: ksharma -manager: +manager: miaposto audience: ITPro ms.topic: article ms.prod: w10 -manager: miaposto ms.localizationpriority: Normal --- From 6de3ca527a53a47029ecca987ca5c90ddd3f1faf Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Thu, 28 May 2020 08:21:11 -0700 Subject: [PATCH 46/84] Minor update to packaged app rules doc Previous instructions were unclear --- ...packaged-apps-with-windows-defender-application-control.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index e702402c80..a2e114d956 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -65,8 +65,10 @@ Below are the list of steps you can follow to block one or more packaged apps in 1. Get the app identifier for an installed package ```powershell - $package = Get-AppxPackage -name + $package = Get-AppxPackage -name ** ``` + Where the name of the app is surrounded by asterisks, for example *windowsstore* + 2. Make a rule by using the New-CIPolicyRule cmdlet ```powershell From bdb4b014d7c2831edb505c546cad276ea662b292 Mon Sep 17 00:00:00 2001 From: Seth Paniagua Date: Thu, 28 May 2020 08:28:23 -0700 Subject: [PATCH 47/84] keep multiple authors When removing the dups I should have kept the author duplicaitons --- mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md | 2 ++ mdop/mbam-v25/deploy-mbam.md | 1 + 2 files changed, 3 insertions(+) diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index 1fa9570415..cd77d39b06 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -11,6 +11,8 @@ ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 ms.date: 8/30/2018 +ms.author: pashort +author: shortpatti --- # Applying hotfixes on MBAM 2.5 SP1 diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index c035e3eadb..a921105176 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -8,6 +8,7 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 +manager: dcscontentpm --- # Deploying MBAM 2.5 in a standalone configuration From 4ddbe3ad7a2f09696d39ca2784921ba4450c3055 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 28 May 2020 08:28:38 -0700 Subject: [PATCH 48/84] updating version name --- .openpublishing.redirection.json | 2 +- windows/privacy/TOC.md | 2 +- ...-diagnostic-data-events-and-fields-2005.md | 1302 ----------------- 3 files changed, 2 insertions(+), 1304 deletions(-) delete mode 100644 windows/privacy/required-windows-diagnostic-data-events-and-fields-2005.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 28a2f92415..f9bec539d6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -14648,7 +14648,7 @@ }, { "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md", - "redirect_url": "https://docs.microsoft.com/windows/privacy/required-windows-diagnostic-events-and-fields-2005", + "redirect_url": "https://docs.microsoft.com/windows/privacy/required-windows-diagnostic-events-and-fields-2004", "redirect_document_id": true }, { diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 98acde2b5e..fe73e90c9e 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -8,7 +8,7 @@ ### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) ### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md) ## Basic level Windows diagnostic data events and fields -### [Windows 10, version 2005 required Windows diagnostic data events and fields](required-windows-diagnostic-data-events-and-fields-2005.md) +### [Windows 10, version 2004 required Windows diagnostic data events and fields](required-windows-diagnostic-data-events-and-fields-2004.md) ### [Windows 10, version 1903 and Windows 10, version 1909 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md) ### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) ### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2005.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2005.md deleted file mode 100644 index 1a3297b72c..0000000000 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2005.md +++ /dev/null @@ -1,1302 +0,0 @@ ---- -description: Use this article to learn more about what required Windows diagnostic data is gathered. -title: Windows 10, version 2005 required diagnostic events and fields (Windows 10) -keywords: privacy, telemetry -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp -ms.collection: M365-security-compliance -ms.topic: article -audience: ITPro -ms.date: 03/27/2020 ---- - - -# Windows 10, version 2005 required Windows diagnostic events and fields - - -> [!IMPORTANT] -> Windows is moving to classifying the data collected from customer’s devices as either *Required* or *Optional*. - - - **Applies to** - -- Windows 10, version 2005 - - -Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. - -Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. - -Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. - -You can learn more about Windows functional and diagnostic data through these articles: - - -- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) -- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) -- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) -- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) -- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) - - - - -## Appraiser events - -### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount - -This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. - -The following fields are available: - -- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. -- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. -- **PCFP** The count of the number of this particular object type present on this device. -- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. - - -### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd - -This event sends compatibility data for a Plug and Play device, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **ActiveNetworkConnection** Indicates whether the device is an active network device. -- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system. -- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available. -- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string -- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data. -- **IsBootCritical** Indicates whether the device boot is critical. -- **SdbEntries** Deprecated in RS3. -- **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device. -- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. -- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. -- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update. - - -### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd - -This event sends compatibility database data about driver packages to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **SdbEntries** Deprecated in RS3. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove - -This event indicates that the DataSourceMatchingInfoPassive object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -## Census events - -### Census.PrivacySettings - -This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. - -The following fields are available: - -- **Activity** Current state of the activity history setting. -- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. -- **ActivityHistoryCollection** Current state of the activity history collection setting. -- **AdvertisingId** Current state of the advertising ID setting. -- **AppDiagnostics** Current state of the app diagnostics setting. -- **Appointments** Current state of the calendar setting. -- **Bluetooth** Current state of the Bluetooth capability setting. -- **BluetoothSync** Current state of the Bluetooth sync capability setting. -- **BroadFileSystemAccess** Current state of the broad file system access setting. -- **CellularData** Current state of the cellular data capability setting. -- **Chat** Current state of the chat setting. -- **Contacts** Current state of the contacts setting. -- **DocumentsLibrary** Current state of the documents library setting. -- **Email** Current state of the email setting. -- **FindMyDevice** Current state of the "find my device" setting. -- **GazeInput** Current state of the gaze input setting. -- **HumanInterfaceDevice** Current state of the human interface device setting. -- **InkTypeImprovement** Current state of the improve inking and typing setting. -- **Location** Current state of the location setting. -- **LocationHistory** Current state of the location history setting. -- **Microphone** Current state of the microphone setting. -- **PhoneCall** Current state of the phone call setting. -- **PhoneCallHistory** Current state of the call history setting. -- **PicturesLibrary** Current state of the pictures library setting. -- **Radios** Current state of the radios setting. -- **SensorsCustom** Current state of the custom sensor setting. -- **SerialCommunication** Current state of the serial communication setting. -- **Sms** Current state of the text messaging setting. -- **SpeechPersonalization** Current state of the speech services setting. -- **USB** Current state of the USB setting. -- **UserAccountInformation** Current state of the account information setting. -- **UserDataTasks** Current state of the tasks setting. -- **UserNotificationListener** Current state of the notifications setting. -- **VideosLibrary** Current state of the videos library setting. -- **Webcam** Current state of the camera setting. -- **WifiData** Current state of the Wi-Fi data setting. -- **WiFiDirect** Current state of the Wi-Fi direct setting. - - -### Census.Security - -This event provides information on about security settings used to help keep Windows up to date and secure. - -The following fields are available: - -- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard. -- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. -- **DGState** This field summarizes the Device Guard state. -- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. -- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. -- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. -- **IsWdagFeatureEnabled** Indicates whether Windows Defender Application Guard is enabled. -- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. -- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. -- **SModeState** The Windows S mode trail state. -- **SystemGuardState** Indicates the SystemGuard state. NotCapable (0), Capable (1), Enabled (2), Error (0xFF). -- **TpmReadyState** Indicates the TPM ready state. NotReady (0), ReadyForStorage (1), ReadyForAttestation (2), Error (0xFF). -- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. -- **WdagPolicyValue** The Windows Defender Application Guard policy. - - -## Common data extensions - -### Common Data Extensions.app - -Describes the properties of the running application. This extension could be populated by a client app or a web app. - -The following fields are available: - -- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. -- **env** The environment from which the event was logged. -- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. -- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. -- **locale** The locale of the app. -- **name** The name of the app. -- **userId** The userID as known by the application. -- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. - - -### Common Data Extensions.container - -Describes the properties of the container for events logged within a container. - -The following fields are available: - -- **epoch** An ID that's incremented for each SDK initialization. -- **localId** The device ID as known by the client. -- **osVer** The operating system version. -- **seq** An ID that's incremented for each event. -- **type** The container type. Examples: Process or VMHost - - -### Common Data Extensions.device - -Describes the device-related fields. - -The following fields are available: - -- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. -- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId -- **make** Device manufacturer. -- **model** Device model. - - -### Common Data Extensions.Envelope - -Represents an envelope that contains all of the common data extensions. - -The following fields are available: - -- **data** Represents the optional unique diagnostic data for a particular event schema. -- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). -- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). -- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). -- **ext_m365a** Describes the Microsoft 365-related fields. See [Common Data Extensions.m365a](#common-data-extensionsm365a). -- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv). -- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). -- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). -- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). -- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). -- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). -- **iKey** Represents an ID for applications or other logical groupings of events. -- **name** Represents the uniquely qualified name for the event. -- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. -- **ver** Represents the major and minor version of the extension. - -### Common Data Extensions.m365a - -Describes the Microsoft 365-related fields. - -The following fields are available: - -- **enrolledTenantId** The enrolled tenant ID. -- **msp** A bitmask that lists the active programs. - -### Common Data Extensions.mscv - -Describes the correlation vector-related fields. - -The following fields are available: - -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries. - - -### Common Data Extensions.os - -Describes some properties of the operating system. - -The following fields are available: - -- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. -- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. -- **locale** Represents the locale of the operating system. -- **name** Represents the operating system name. -- **ver** Represents the major and minor version of the extension. - - -### Common Data Extensions.sdk - -Used by platform specific libraries to record fields that are required for a specific SDK. - -The following fields are available: - -- **epoch** An ID that is incremented for each SDK initialization. -- **installId** An ID that's created during the initialization of the SDK for the first time. -- **libVer** The SDK version. -- **seq** An ID that is incremented for each event. -- **ver** The version of the logging SDK. - - -### Common Data Extensions.user - -Describes the fields related to a user. - -The following fields are available: - -- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. -- **locale** The language and region. -- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. - - -### Common Data Extensions.utc - -Describes the properties that could be populated by a logging library on Windows. - -The following fields are available: - -- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. -- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number -- **cat** Represents a bitmask of the ETW Keywords associated with the event. -- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. -- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. -- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. -- **flags** Represents the bitmap that captures various Windows specific flags. -- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event. -- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence -- **op** Represents the ETW Op Code. -- **pgName** The short form of the provider group name associated with the event. -- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. -- **providerGuid** The ETW provider ID associated with the provider name. -- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. -- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. -- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. -- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. -- **wcmp** The Windows Shell Composer ID. -- **wPId** The Windows Core OS product ID. -- **wsId** The Windows Core OS session ID. - - -### Common Data Extensions.xbl - -Describes the fields that are related to XBOX Live. - -The following fields are available: - -- **claims** Any additional claims whose short claim name hasn't been added to this structure. -- **did** XBOX device ID -- **dty** XBOX device type -- **dvr** The version of the operating system on the device. -- **eid** A unique ID that represents the developer entity. -- **exp** Expiration time -- **ip** The IP address of the client device. -- **nbf** Not before time -- **pid** A comma separated list of PUIDs listed as base10 numbers. -- **sbx** XBOX sandbox identifier -- **sid** The service instance ID. -- **sty** The service type. -- **tid** The XBOX Live title ID. -- **tvr** The XBOX Live title version. -- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. -- **xid** A list of base10-encoded XBOX User IDs. - - -## Common data fields - -### Ms.Device.DeviceInventoryChange - -Describes the installation state for all hardware and software components available on a particular device. - -The following fields are available: - -- **action** The change that was invoked on a device inventory object. -- **inventoryId** Device ID used for Compatibility testing -- **objectInstanceId** Object identity which is unique within the device scope. -- **objectType** Indicates the object type that the event applies to. -- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. - -## Component-based Servicing events - -### Microsoft.Windows.CbsLite.CbsLiteResetBegin - -This event is fired from Update OS when re-install of the OS begins. - -The following fields are available: - -- **cbsLiteSessionID** An ID to associate other Cbs events related to this reset session. -- **resetFlags** A flag containing the detail of which reset scenarios was executed. -- **wipeDuration** The time taken to purge the system volume and format data volume. - -## DISM events - -### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU - -The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot. - -The following fields are available: - -- **dismInstalledLCUPackageName** The name of the latest installed package. - - -### Microsoft.Windows.StartRepairCore.DISMUninstallLCU - -The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. - -The following fields are available: - -- **errorCode** The result code returned by the event. - - -## Driver installation events - -### Microsoft.Windows.DriverInstall.DeviceInstall - -This critical event sends information about the driver installation that took place. - -The following fields are available: - -- **ClassGuid** The unique ID for the device class. -- **ClassLowerFilters** The list of lower filter class drivers. -- **ClassUpperFilters** The list of upper filter class drivers. -- **CoInstallers** The list of coinstallers. -- **ConfigFlags** The device configuration flags. -- **DeviceConfigured** Indicates whether this device was configured through the kernel configuration. -- **DeviceInstalled** Indicates whether the legacy install code path was used. -- **DeviceInstanceId** The unique identifier of the device in the system. -- **DeviceStack** The device stack of the driver being installed. -- **DriverDate** The date of the driver. -- **DriverDescription** A description of the driver function. -- **DriverInfName** Name of the INF file (the setup information file) for the driver. -- **DriverInfSectionName** Name of the DDInstall section within the driver INF file. -- **DriverPackageId** The ID of the driver package that is staged to the driver store. -- **DriverProvider** The driver manufacturer or provider. -- **DriverUpdated** Indicates whether the driver is replacing an old driver. -- **DriverVersion** The version of the driver file. -- **EndTime** The time the installation completed. -- **Error** Provides the WIN32 error code for the installation. -- **ExtensionDrivers** List of extension drivers that complement this installation. -- **FinishInstallAction** Indicates whether the co-installer invoked the finish-install action. -- **FinishInstallUI** Indicates whether the installation process shows the user interface. -- **FirmwareDate** The firmware date that will be stored in the EFI System Resource Table (ESRT). -- **FirmwareRevision** The firmware revision that will be stored in the EFI System Resource Table (ESRT). -- **FirmwareVersion** The firmware version that will be stored in the EFI System Resource Table (ESRT). -- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description. -- **FlightIds** A list of the different Windows Insider builds on the device. -- **GenericDriver** Indicates whether the driver is a generic driver. -- **Inbox** Indicates whether the driver package is included with Windows. -- **InstallDate** The date the driver was installed. -- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description. -- **LastInstallFunction** The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing. -- **LowerFilters** The list of lower filter drivers. -- **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance. -- **NeedReboot** Indicates whether the driver requires a reboot. -- **OriginalDriverInfName** The original name of the INF file before it was renamed. -- **ParentDeviceInstanceId** The device instance ID of the parent of the device. -- **PendedUntilReboot** Indicates whether the installation is pending until the device is rebooted. -- **Problem** Error code returned by the device after installation. -- **ProblemStatus** The status of the device after the driver installation. -- **RebootRequiredReason** DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install. -- **SecondaryDevice** Indicates whether the device is a secondary device. -- **ServiceName** The service name of the driver. -- **SessionGuid** GUID (Globally Unique IDentifier) for the update session. -- **SetupMode** Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed. -- **StartTime** The time when the installation started. -- **SubmissionId** The driver submission identifier assigned by the Windows Hardware Development Center. -- **UpperFilters** The list of upper filter drivers. - - -## DxgKernelTelemetry events - -### DxgKrnlTelemetry.GPUAdapterInventoryV2 - -This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. - -The following fields are available: - -- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. -- **aiSeqId** The event sequence ID. -- **bootId** The system boot ID. -- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. -- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. -- **DDIInterfaceVersion** The device driver interface version. -- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). -- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). -- **DisplayAdapterLuid** The display adapter LUID. -- **DriverDate** The date of the display driver. -- **DriverRank** The rank of the display driver. -- **DriverVersion** The display driver version. -- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. -- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. -- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. -- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. -- **GPUDeviceID** The GPU device ID. -- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. -- **GPURevisionID** The GPU revision ID. -- **GPUVendorID** The GPU vendor ID. -- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided. -- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. -- **InterfaceId** The GPU interface ID. -- **IsDisplayDevice** Does the GPU have displaying capabilities? -- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. -- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. -- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? -- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? -- **IsLDA** Is the GPU comprised of Linked Display Adapters? -- **IsMiracastSupported** Does the GPU support Miracast? -- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? -- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? -- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? -- **IsPostAdapter** Is this GPU the POST GPU in the device? -- **IsRemovable** TRUE if the adapter supports being disabled or removed. -- **IsRenderDevice** Does the GPU have rendering capabilities? -- **IsSoftwareDevice** Is this a software implementation of the GPU? -- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. -- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? -- **NumVidPnSources** The number of supported display output sources. -- **NumVidPnTargets** The number of supported display output targets. -- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). -- **SubSystemID** The subsystem ID. -- **SubVendorID** The GPU sub vendor ID. -- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? -- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) -- **version** The event version. -- **WDDMVersion** The Windows Display Driver Model version. - - -## Feature update events - -### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered - -This event indicates that the uninstall was properly configured and that a system reboot was initiated. - - - -## Holographic events - -### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated - -This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. - -The following fields are available: - -- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode. -- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. -- **PackageVersion** Windows Mixed Reality Portal app package version. -- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. -- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity). - -### wilActivity - -This event provides a Windows Internal Library context used for Product and Service diagnostics. - -The following fields are available: - -- **callContext** The function where the failure occurred. -- **currentContextId** The ID of the current call context where the failure occurred. -- **currentContextMessage** The message of the current call context where the failure occurred. -- **currentContextName** The name of the current call context where the failure occurred. -- **failureCount** The number of failures for this failure ID. -- **failureId** The ID of the failure that occurred. -- **failureType** The type of the failure that occurred. -- **fileName** The file name where the failure occurred. -- **function** The function where the failure occurred. -- **hresult** The HResult of the overall activity. -- **lineNumber** The line number where the failure occurred. -- **message** The message of the failure that occurred. -- **module** The module where the failure occurred. -- **originatingContextId** The ID of the originating call context that resulted in the failure. -- **originatingContextMessage** The message of the originating call context that resulted in the failure. -- **originatingContextName** The name of the originating call context that resulted in the failure. -- **threadId** The ID of the thread on which the activity is executing. - - -### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming - -This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. - - -## Inventory events - -### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum - -This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. - -The following fields are available: - -- **Device** A count of device objects in cache. -- **DriverPackageExtended** A count of driverpackageextended objects in cache. -- **File** A count of file objects in cache. -- **Generic** A count of generic objects in cache. -- **InventoryApplication** A count of application objects in cache. -- **InventoryApplicationDriver** A count of application driver objects in cache -- **InventoryApplicationFile** A count of application file objects in cache. -- **InventoryApplicationFramework** A count of application framework objects in cache -- **InventoryApplicationShortcut** A count of application shortcut objects in cache -- **InventoryDeviceContainer** A count of device container objects in cache. -- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache. -- **InventoryDeviceMediaClass** A count of device media objects in cache. -- **InventoryDevicePnp** A count of device Plug and Play objects in cache. -- **InventoryDeviceUsbHubClass** A count of device usb objects in cache -- **InventoryDriverBinary** A count of driver binary objects in cache. -- **InventoryDriverPackage** A count of device objects in cache. -- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache -- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. -- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache -- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache -- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache -- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache -- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache -- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache -- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache -- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache -- **Metadata** A count of metadata objects in cache. -- **Programs** A count of program objects in cache. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd - -This event provides the basic metadata about the frameworks an application may depend on. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **FileId** A hash that uniquely identifies a file. -- **Frameworks** The list of frameworks this file depends on. -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd - -This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Categories** A comma separated list of functional categories in which the container belongs. -- **DiscoveryMethod** The discovery method for the device container. -- **FriendlyName** The name of the device container. -- **Icon** Deprecated in RS3. The path or index to the icon file. -- **IsActive** Is the device connected, or has it been seen in the last 14 days? -- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. -- **IsMachineContainer** Is the container the root device itself? -- **IsNetworked** Is this a networked device? -- **IsPaired** Does the device container require pairing? -- **Manufacturer** The manufacturer name for the device container. -- **ModelId** A unique model ID. -- **ModelName** The model name. -- **ModelNumber** The model number for the device container. -- **PrimaryCategory** The primary category for the device container. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd - -This event sends basic metadata about drive packages installed on the system to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Class** The class name for the device driver. -- **ClassGuid** The class GUID for the device driver. -- **Date** The driver package date. -- **Directory** The path to the driver package. -- **DriverInBox** Is the driver included with the operating system? -- **FlightIds** Driver Flight IDs. -- **Inf** The INF name of the driver package. -- **InventoryVersion** The version of the inventory file generating the events. -- **Provider** The provider for the driver package. -- **RecoveryIds** Driver recovery IDs. -- **SubmissionId** The HLK submission ID for the driver package. -- **Version** The version of the driver package. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd - -This event provides basic information about active memory slots on the device. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Capacity** Memory size in bytes. -- **Manufacturer** Name of the DRAM manufacturer. -- **Model** Model and submodel of the memory. -- **Slot** Slot the DRAM is plugged into the motherboard. -- **Speed** MHZ the memory is currently configured and used at. -- **Type** Reports DDR, etc. as an enumeration value per DMTF SMBIOS standard version 3.3.0, section 7.18.2. -- **TypeDetails** Reports Non-volatile, etc. as a bit flag enumeration per DMTF SMBIOS standard version 3.3.0, section 7.18.3. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd - -Provides data on the Office identifiers. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device -- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device -- **OMID** Identifier for the Office SQM Machine -- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit -- **OTenantId** Unique GUID representing the Microsoft O365 Tenant -- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 -- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd - -Describes Office Products installed. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **OC2rApps** A GUID the describes the Office Click-To-Run apps -- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus -- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word -- **OProductCodes** A GUID that describes the Office MSI products - - -### Microsoft.Windows.Inventory.Indicators.Checksum - -This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. - -The following fields are available: - -- **CensusId** A unique hardware identifier. -- **ChecksumDictionary** A count of each operating system indicator. - - -## Microsoft Edge events - -### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config - -This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. - -The following fields are available: - -- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). -- **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. -- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. -- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. -- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). -- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. -- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. -- **pop_sample** A value indicating how the device's data is being sampled. -- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. -- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. -- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. - - -### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config - -This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. - -The following fields are available: - -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). -- **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. -- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. -- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). -- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. -- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. -- **pop_sample** A value indicating how the device's data is being sampled. -- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. -- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. - - -### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config - -This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. - -The following fields are available: - -- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). -- **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. -- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. -- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). -- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. -- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. -- **pop_sample** A value indicating how the device's data is being sampled. -- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. -- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. -- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. - - -### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config - -This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. - -The following fields are available: - -- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). -- **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. -- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. -- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). -- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. -- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. -- **pop_sample** A value indicating how the device's data is being sampled. -- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. -- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. - - -### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping - -The Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate user's version, app usage, update usage, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, Product and Service Usage, and Software Setup and Inventory data. One roll-up event is sent each time any installation, update, or uninstallation process, including an error, occurs in the EdgeUpdate service. Each Ping event can contain an arbitrary number of apps which have been modified, and each of these apps in turn can fire multiple event types. This event is used to measure the reliability, performance, and usage of the EdgeUpdate service. - -The following fields are available: - -- **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. -- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. -- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). -- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. -- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. -- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. -- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. -- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. -- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. -- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. -- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. -- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. -- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. -- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. -- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. -- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. -- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. -- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. -- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. -- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. -- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. -- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. -- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. -- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. -- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. -- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. -- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. -- **eventType** A string indicating the type of the event. Please see the wiki for additional information. -- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. -- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. -- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. -- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. -- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. -- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. -- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. -- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. -- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. -- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. -- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. -- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. -- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. -- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. -- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. -- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. -- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. -- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. -- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. - - -### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config - -This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. - -The following fields are available: - -- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). -- **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. -- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. -- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). -- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. -- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. -- **pop_sample** A value indicating how the device's data is being sampled. -- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. -- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. -- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. - - -### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping - -This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date - -The following fields are available: - -- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''." -- **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. -- **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). -- **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). -- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. -- **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. -- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. -- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. -- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). -- **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. -- **appIid** A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete. -- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. -- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. -- **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. -- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. -- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. -- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. -- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. -- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. -- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. -- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. -- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. -- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. -- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). -- **appPingEventEventType** An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown). -- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. -- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. -- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. -- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. -- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. -- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. -- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. -- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. -- **appVersion** The version of the product install. Default: '0.0.0.0'. -- **eventType** A string representation of appPingEventEventType indicating the type of the event. -- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. -- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. -- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. -- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. -- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''. -- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. -- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. -- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. -- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. -- **requestDomainJoined** '1' if the device is part of a managed enterprise domain. Otherwise '0'. -- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. -- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. -- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. -- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. -- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. -- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. -- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. -- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''. -- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. -- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. - - -## MUI events - -### MuiResourceLoaderTraceLogging.MapAndVerifyResourceFileFailure - -This event is logged when LdrMapAndVerifyResourceFile fails for an overlay module. - -The following fields are available: - -- **Culture** Language tag. -- **DevicePath** True if file path is a device path. -- **Flags** Flags used for verification in LdrMapAndVerifyResourceFile. -- **ResourceFileName** DLL path and name. -- **Status** Failing status code. - - -### MuiResourceLoaderTraceLogging.VerifyAlternateResourceModuleWithServiceChecksumFailure - -This event logs a failure when a MUI has an incompatible service checksum. - -The following fields are available: - -- **ActualServiceChecksum** The checksum in the MUI file. -- **ExpectedServiceChecksum** The checksum in the neutral binary. -- **ResourceFileName** DLL path and name which has a failing service checksum. - - -### NetworkTelemetry.AccessPointData - -This event describes the wireless access point to which the Xbox is connected. Collected when a wireless network is joined. - - - -### NetworkTelemetry.FlightControllerInitialize - -This event is logged when the flight controller attempts to write the hosts file. - - - -## Sediment events - -### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings - -This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date. - -The following fields are available: - -- **CustomVer** The registry value for targeting. -- **IsMetered** TRUE if the machine is on a metered network. -- **LastVer** The version of the last successful run. -- **ServiceVersionMajor** The Major version information of the component. -- **ServiceVersionMinor** The Minor version information of the component. -- **Time** The system time at which the event occurred. - - -## Setup events - -### SetupPlatformTel.SetupPlatformTelActivityEvent - -This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date. - -The following fields are available: - -- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. -- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. -- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time - - -## Software update events - -### SoftwareUpdateClientTelemetry.Uninstall - -Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). - -The following fields are available: - -- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found. -- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed. -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request. -- **ClassificationId** Classification identifier of the update content. -- **ClientVersion** Version number of the software distribution client. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. -- **DeploymentMutexId** Mutex identifier of the deployment operation. -- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation. -- **DeploymentProviderMode** The mode of operation of the Update Deployment Provider. -- **DriverPingBack** Contains information about the previous driver and system state. -- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.). -- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver". -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FlightBuildNumber** Indicates the build number of the flight. -- **FlightId** The specific ID of the flight the device is getting. -- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. -- **IsFirmware** Indicates whether an update was a firmware update. -- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. -- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. -- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. -- **RepeatFailCount** Indicates whether this specific piece of content previously failed. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc). -- **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **UpdateId** Identifier associated with the specific piece of content. -- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). -- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used. -- **WUDeviceID** Unique device ID controlled by the software distribution client. - - -## Update events - -### Update360Telemetry.UpdateAgentReboot - -This event sends information indicating that a request has been sent to suspend an update. - -The following fields are available: - -- **ErrorCode** The error code returned for the current reboot. -- **FlightId** Unique ID for the flight (test instance version). -- **IsSuspendable** Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE. -- **ObjectId** The unique value for each Update Agent mode. -- **Reason** Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0. -- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. -- **ScenarioId** The ID of the update scenario. -- **SessionId** The ID of the update attempt. -- **UpdateId** The ID of the update. -- **UpdateState** Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit. - - -## Upgrade events - -### Setup360Telemetry.Setup360 - -This event sends data about OS deployment scenarios, to help keep Windows up-to-date. - -The following fields are available: - -- **FieldName** Retrieves the data point. -- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. -- **InstanceId** Retrieves a unique identifier for each instance of a setup session. -- **ReportId** Retrieves the report ID. -- **ScenarioId** Retrieves the deployment scenario. -- **Value** Retrieves the value associated with the corresponding FieldName. - - -### Setup360Telemetry.UnexpectedEvent - -This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. - - -## Windows Update CSP events - -### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed - -This event sends basic telemetry on the failure of the Feature Rollback. - -The following fields are available: - -- **current** Result of currency check. -- **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure error code. -- **oSVersion** Build number of the device. -- **paused** Indicates whether the device is paused. -- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. -- **sacDevice** This is the device info. -- **wUfBConnected** Result of WUfB connection check. - - -## Windows Update events - -### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationStarted - -This event sends data collected at the beginning of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date. - -The following fields are available: - -- **MigrationMicrosoftPhases** The number of Microsoft-authored migrators scheduled to be ran by DMF for this upgrade -- **MigrationOEMPhases** The number of OEM-authored migrators scheduled to be ran by DMF for this upgrade -- **MigrationStartTime** The timestamp representing the beginning of the DMF migration -- **WuClientId** The GUID of the Windows Update client invoking DMF - - -## XBOX events - -### Microsoft.Gaming.Install.ResurrectedInstall - -This event is logged when app installation resumes on Xbox console. - -The following fields are available: - -- **InstanceId** App install instance ID. -- **Result** App install resume result. - - -### Microsoft.Xbox.XceBridge.CS.1.0.0.9.0.2.SFR.ConnectedStandbyEnterEnd - -This event is triggered when connected standby is finished activating. - - - -### NuiServiceTelemetryProvider.DriverSensorFirmwareVersion - -This event reports the version of the currently installed firmware. - - - -### NuiServiceTelemetryProvider.DriverSensorHardwareVersion - -This event reports basic and raw hardware version of the NUI sensor. Also reports serial number. - - - -### NuiServiceTelemetryProvider.SensorFirmwareDeviceError - -This event reports sensor firmware device error. - - - -### SignInArbiter.AutoPairingGeneralInfo - -This event is reported at various times to note system state. - - - -### XceDiagnosticUploadable.UploaderPerfHeartbeat - -This event reports a digest of a number of different counters that are tracked locally by the uploader. - - - -## XDE events - -### Microsoft.Emulator.Xde.RunTime.XdeStarted - -This event sends basic information regarding the XDE process to address problems with emulator start. - -The following fields are available: - -- **addUserToHyperVAdmins** True if user added to Hyper-V admin group. -- **addUserToPerformanceLogUsersGroup** True if user added to performance group. -- **automateFeatures** True if automation is being used. -- **bootLanguage** Boot language for guest. -- **bootToSnapshot** True if should attempt to boot to snapshot. -- **com1PipeName** COM1 pipe name. -- **com2PipeName** COM2 pipe name. -- **diffDiskVhd** Diff disk name. -- **displayName** Display name. -- **fastShutdown** True if should try to shutdown quickly. -- **language** Language to use for UI. -- **memSize** Memory size. -- **natDisabled** True if NAT is to be disabled. -- **noStart** True if VM shouldn't be started. -- **originalVideoResolution** Original video resolution. -- **remoteFxDisabled** Disable GPU. -- **screenDiagonalSize** Screen diagonal size. -- **sensorsEnabled** Sensors to enable in guest. -- **showName** True if display name should appear on UI. -- **showUsage** True if usage was shown. -- **silentSnapshot** True if a silent snapshot was taken. -- **silentUi** True if message boxes should be suppressed. -- **sku** The emulator sku to use -- **startedBy** The program that started the emulator. -- **version** Emulator version. -- **versionLong** Long format of emulator version. -- **vhdPath** VHD path. -- **videoResolution** Video resolution to use. -- **virtualMachineName** VM name. -- **waitForClientConnection** True if we should wait for client connection. -- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. - - - From b2307dafad9274932757fb532d24de9baf92da7b Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 28 May 2020 08:28:47 -0700 Subject: [PATCH 49/84] updating version name --- ...-diagnostic-data-events-and-fields-2004.md | 1296 +++++++++++++++++ 1 file changed, 1296 insertions(+) create mode 100644 windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md new file mode 100644 index 0000000000..42ac740880 --- /dev/null +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -0,0 +1,1296 @@ +--- +description: Use this article to learn more about what required Windows diagnostic data is gathered. +title: Windows 10, version 2004 required diagnostic events and fields (Windows 10) +keywords: privacy, telemetry +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +ms.author: brianlic +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +audience: ITPro +ms.date: 03/27/2020 +--- + + +# Windows 10, version 2004 required Windows diagnostic events and fields + + +> [!IMPORTANT] +> Windows is moving to classifying the data collected from customer’s devices as either *Required* or *Optional*. + + + **Applies to** + +- Windows 10, version 2004 + + +Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. + +Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. + +Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. + +You can learn more about Windows functional and diagnostic data through these articles: + + +- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) +- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) +- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) +- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) +- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) + + + + +## Appraiser events + +### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount + +This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. + +The following fields are available: + +- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. +- **PCFP** The count of the number of this particular object type present on this device. +- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. + + +### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd + +This event sends compatibility data for a Plug and Play device, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **ActiveNetworkConnection** Indicates whether the device is an active network device. +- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system. +- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available. +- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string +- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data. +- **IsBootCritical** Indicates whether the device boot is critical. +- **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device. +- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. +- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update. + + +### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd + +This event sends compatibility database data about driver packages to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove + +This event indicates that the DataSourceMatchingInfoPassive object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +## Census events + +### Census.PrivacySettings + +This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. + +The following fields are available: + +- **Activity** Current state of the activity history setting. +- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. +- **ActivityHistoryCollection** Current state of the activity history collection setting. +- **AdvertisingId** Current state of the advertising ID setting. +- **AppDiagnostics** Current state of the app diagnostics setting. +- **Appointments** Current state of the calendar setting. +- **Bluetooth** Current state of the Bluetooth capability setting. +- **BluetoothSync** Current state of the Bluetooth sync capability setting. +- **BroadFileSystemAccess** Current state of the broad file system access setting. +- **CellularData** Current state of the cellular data capability setting. +- **Chat** Current state of the chat setting. +- **Contacts** Current state of the contacts setting. +- **DocumentsLibrary** Current state of the documents library setting. +- **Email** Current state of the email setting. +- **FindMyDevice** Current state of the "find my device" setting. +- **GazeInput** Current state of the gaze input setting. +- **HumanInterfaceDevice** Current state of the human interface device setting. +- **InkTypeImprovement** Current state of the improve inking and typing setting. +- **Location** Current state of the location setting. +- **LocationHistory** Current state of the location history setting. +- **Microphone** Current state of the microphone setting. +- **PhoneCall** Current state of the phone call setting. +- **PhoneCallHistory** Current state of the call history setting. +- **PicturesLibrary** Current state of the pictures library setting. +- **Radios** Current state of the radios setting. +- **SensorsCustom** Current state of the custom sensor setting. +- **SerialCommunication** Current state of the serial communication setting. +- **Sms** Current state of the text messaging setting. +- **SpeechPersonalization** Current state of the speech services setting. +- **USB** Current state of the USB setting. +- **UserAccountInformation** Current state of the account information setting. +- **UserDataTasks** Current state of the tasks setting. +- **UserNotificationListener** Current state of the notifications setting. +- **VideosLibrary** Current state of the videos library setting. +- **Webcam** Current state of the camera setting. +- **WifiData** Current state of the Wi-Fi data setting. +- **WiFiDirect** Current state of the Wi-Fi direct setting. + + +### Census.Security + +This event provides information on about security settings used to help keep Windows up to date and secure. + +The following fields are available: + +- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard. +- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. +- **DGState** This field summarizes the Device Guard state. +- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. +- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. +- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. +- **IsWdagFeatureEnabled** Indicates whether Windows Defender Application Guard is enabled. +- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. +- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. +- **SModeState** The Windows S mode trail state. +- **SystemGuardState** Indicates the SystemGuard state. NotCapable (0), Capable (1), Enabled (2), Error (0xFF). +- **TpmReadyState** Indicates the TPM ready state. NotReady (0), ReadyForStorage (1), ReadyForAttestation (2), Error (0xFF). +- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. +- **WdagPolicyValue** The Windows Defender Application Guard policy. + + +## Common data extensions + +### Common Data Extensions.app + +Describes the properties of the running application. This extension could be populated by a client app or a web app. + +The following fields are available: + +- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. +- **env** The environment from which the event was logged. +- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. +- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. +- **locale** The locale of the app. +- **name** The name of the app. +- **userId** The userID as known by the application. +- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. + + +### Common Data Extensions.container + +Describes the properties of the container for events logged within a container. + +The following fields are available: + +- **epoch** An ID that's incremented for each SDK initialization. +- **localId** The device ID as known by the client. +- **osVer** The operating system version. +- **seq** An ID that's incremented for each event. +- **type** The container type. Examples: Process or VMHost + + +### Common Data Extensions.device + +Describes the device-related fields. + +The following fields are available: + +- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. +- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId +- **make** Device manufacturer. +- **model** Device model. + + +### Common Data Extensions.Envelope + +Represents an envelope that contains all of the common data extensions. + +The following fields are available: + +- **data** Represents the optional unique diagnostic data for a particular event schema. +- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). +- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). +- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_m365a** Describes the Microsoft 365-related fields. See [Common Data Extensions.m365a](#common-data-extensionsm365a). +- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv). +- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). +- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). +- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). +- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). +- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). +- **iKey** Represents an ID for applications or other logical groupings of events. +- **name** Represents the uniquely qualified name for the event. +- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. +- **ver** Represents the major and minor version of the extension. + +### Common Data Extensions.m365a + +Describes the Microsoft 365-related fields. + +The following fields are available: + +- **enrolledTenantId** The enrolled tenant ID. +- **msp** A bitmask that lists the active programs. + +### Common Data Extensions.mscv + +Describes the correlation vector-related fields. + +The following fields are available: + +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries. + + +### Common Data Extensions.os + +Describes some properties of the operating system. + +The following fields are available: + +- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. +- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. +- **locale** Represents the locale of the operating system. +- **name** Represents the operating system name. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.sdk + +Used by platform specific libraries to record fields that are required for a specific SDK. + +The following fields are available: + +- **epoch** An ID that is incremented for each SDK initialization. +- **installId** An ID that's created during the initialization of the SDK for the first time. +- **libVer** The SDK version. +- **seq** An ID that is incremented for each event. +- **ver** The version of the logging SDK. + + +### Common Data Extensions.user + +Describes the fields related to a user. + +The following fields are available: + +- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. +- **locale** The language and region. +- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. + + +### Common Data Extensions.utc + +Describes the properties that could be populated by a logging library on Windows. + +The following fields are available: + +- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. +- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number +- **cat** Represents a bitmask of the ETW Keywords associated with the event. +- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. +- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **flags** Represents the bitmap that captures various Windows specific flags. +- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event. +- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence +- **op** Represents the ETW Op Code. +- **pgName** The short form of the provider group name associated with the event. +- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. +- **providerGuid** The ETW provider ID associated with the provider name. +- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. +- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. +- **wcmp** The Windows Shell Composer ID. +- **wPId** The Windows Core OS product ID. +- **wsId** The Windows Core OS session ID. + + +### Common Data Extensions.xbl + +Describes the fields that are related to XBOX Live. + +The following fields are available: + +- **claims** Any additional claims whose short claim name hasn't been added to this structure. +- **did** XBOX device ID +- **dty** XBOX device type +- **dvr** The version of the operating system on the device. +- **eid** A unique ID that represents the developer entity. +- **exp** Expiration time +- **ip** The IP address of the client device. +- **nbf** Not before time +- **pid** A comma separated list of PUIDs listed as base10 numbers. +- **sbx** XBOX sandbox identifier +- **sid** The service instance ID. +- **sty** The service type. +- **tid** The XBOX Live title ID. +- **tvr** The XBOX Live title version. +- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. +- **xid** A list of base10-encoded XBOX User IDs. + + +## Common data fields + +### Ms.Device.DeviceInventoryChange + +Describes the installation state for all hardware and software components available on a particular device. + +The following fields are available: + +- **action** The change that was invoked on a device inventory object. +- **inventoryId** Device ID used for Compatibility testing +- **objectInstanceId** Object identity which is unique within the device scope. +- **objectType** Indicates the object type that the event applies to. +- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. + +## Component-based Servicing events + +### Microsoft.Windows.CbsLite.CbsLiteResetBegin + +This event is fired from Update OS when re-install of the OS begins. + +The following fields are available: + +- **cbsLiteSessionID** An ID to associate other Cbs events related to this reset session. +- **resetFlags** A flag containing the detail of which reset scenarios was executed. +- **wipeDuration** The time taken to purge the system volume and format data volume. + +## DISM events + +### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU + +The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot. + +The following fields are available: + +- **dismInstalledLCUPackageName** The name of the latest installed package. + + +### Microsoft.Windows.StartRepairCore.DISMUninstallLCU + +The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. + +The following fields are available: + +- **errorCode** The result code returned by the event. + + +## Driver installation events + +### Microsoft.Windows.DriverInstall.DeviceInstall + +This critical event sends information about the driver installation that took place. + +The following fields are available: + +- **ClassGuid** The unique ID for the device class. +- **ClassLowerFilters** The list of lower filter class drivers. +- **ClassUpperFilters** The list of upper filter class drivers. +- **CoInstallers** The list of coinstallers. +- **ConfigFlags** The device configuration flags. +- **DeviceConfigured** Indicates whether this device was configured through the kernel configuration. +- **DeviceInstalled** Indicates whether the legacy install code path was used. +- **DeviceInstanceId** The unique identifier of the device in the system. +- **DeviceStack** The device stack of the driver being installed. +- **DriverDate** The date of the driver. +- **DriverDescription** A description of the driver function. +- **DriverInfName** Name of the INF file (the setup information file) for the driver. +- **DriverInfSectionName** Name of the DDInstall section within the driver INF file. +- **DriverPackageId** The ID of the driver package that is staged to the driver store. +- **DriverProvider** The driver manufacturer or provider. +- **DriverUpdated** Indicates whether the driver is replacing an old driver. +- **DriverVersion** The version of the driver file. +- **EndTime** The time the installation completed. +- **Error** Provides the WIN32 error code for the installation. +- **ExtensionDrivers** List of extension drivers that complement this installation. +- **FinishInstallAction** Indicates whether the co-installer invoked the finish-install action. +- **FinishInstallUI** Indicates whether the installation process shows the user interface. +- **FirmwareDate** The firmware date that will be stored in the EFI System Resource Table (ESRT). +- **FirmwareRevision** The firmware revision that will be stored in the EFI System Resource Table (ESRT). +- **FirmwareVersion** The firmware version that will be stored in the EFI System Resource Table (ESRT). +- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description. +- **FlightIds** A list of the different Windows Insider builds on the device. +- **GenericDriver** Indicates whether the driver is a generic driver. +- **Inbox** Indicates whether the driver package is included with Windows. +- **InstallDate** The date the driver was installed. +- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description. +- **LastInstallFunction** The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing. +- **LowerFilters** The list of lower filter drivers. +- **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance. +- **NeedReboot** Indicates whether the driver requires a reboot. +- **OriginalDriverInfName** The original name of the INF file before it was renamed. +- **ParentDeviceInstanceId** The device instance ID of the parent of the device. +- **PendedUntilReboot** Indicates whether the installation is pending until the device is rebooted. +- **Problem** Error code returned by the device after installation. +- **ProblemStatus** The status of the device after the driver installation. +- **RebootRequiredReason** DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install. +- **SecondaryDevice** Indicates whether the device is a secondary device. +- **ServiceName** The service name of the driver. +- **SessionGuid** GUID (Globally Unique IDentifier) for the update session. +- **SetupMode** Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed. +- **StartTime** The time when the installation started. +- **SubmissionId** The driver submission identifier assigned by the Windows Hardware Development Center. +- **UpperFilters** The list of upper filter drivers. + + +## DxgKernelTelemetry events + +### DxgKrnlTelemetry.GPUAdapterInventoryV2 + +This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. + +The following fields are available: + +- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. +- **aiSeqId** The event sequence ID. +- **bootId** The system boot ID. +- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. +- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. +- **DDIInterfaceVersion** The device driver interface version. +- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). +- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). +- **DisplayAdapterLuid** The display adapter LUID. +- **DriverDate** The date of the display driver. +- **DriverRank** The rank of the display driver. +- **DriverVersion** The display driver version. +- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. +- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. +- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. +- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. +- **GPUDeviceID** The GPU device ID. +- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. +- **GPURevisionID** The GPU revision ID. +- **GPUVendorID** The GPU vendor ID. +- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. +- **InterfaceId** The GPU interface ID. +- **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. +- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. +- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? +- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? +- **IsLDA** Is the GPU comprised of Linked Display Adapters? +- **IsMiracastSupported** Does the GPU support Miracast? +- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? +- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? +- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? +- **IsPostAdapter** Is this GPU the POST GPU in the device? +- **IsRemovable** TRUE if the adapter supports being disabled or removed. +- **IsRenderDevice** Does the GPU have rendering capabilities? +- **IsSoftwareDevice** Is this a software implementation of the GPU? +- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. +- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? +- **NumVidPnSources** The number of supported display output sources. +- **NumVidPnTargets** The number of supported display output targets. +- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). +- **SubSystemID** The subsystem ID. +- **SubVendorID** The GPU sub vendor ID. +- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? +- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) +- **version** The event version. +- **WDDMVersion** The Windows Display Driver Model version. + + +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. + + + +## Holographic events + +### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated + +This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. + +The following fields are available: + +- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode. +- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. +- **PackageVersion** Windows Mixed Reality Portal app package version. +- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. +- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity). + +### wilActivity + +This event provides a Windows Internal Library context used for Product and Service diagnostics. + +The following fields are available: + +- **callContext** The function where the failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. + + +### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming + +This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. + + +## Inventory events + +### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum + +This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. + +The following fields are available: + +- **Device** A count of device objects in cache. +- **DriverPackageExtended** A count of driverpackageextended objects in cache. +- **File** A count of file objects in cache. +- **Generic** A count of generic objects in cache. +- **InventoryApplication** A count of application objects in cache. +- **InventoryApplicationDriver** A count of application driver objects in cache +- **InventoryApplicationFile** A count of application file objects in cache. +- **InventoryApplicationFramework** A count of application framework objects in cache +- **InventoryApplicationShortcut** A count of application shortcut objects in cache +- **InventoryDeviceContainer** A count of device container objects in cache. +- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache. +- **InventoryDeviceMediaClass** A count of device media objects in cache. +- **InventoryDevicePnp** A count of device Plug and Play objects in cache. +- **InventoryDeviceUsbHubClass** A count of device usb objects in cache +- **InventoryDriverBinary** A count of driver binary objects in cache. +- **InventoryDriverPackage** A count of device objects in cache. +- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache +- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. +- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache +- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache +- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache +- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache +- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache +- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache +- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache +- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache +- **Metadata** A count of metadata objects in cache. +- **Programs** A count of program objects in cache. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd + +This event provides the basic metadata about the frameworks an application may depend on. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **FileId** A hash that uniquely identifies a file. +- **Frameworks** The list of frameworks this file depends on. +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd + +This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Categories** A comma separated list of functional categories in which the container belongs. +- **DiscoveryMethod** The discovery method for the device container. +- **FriendlyName** The name of the device container. +- **IsActive** Is the device connected, or has it been seen in the last 14 days? +- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. +- **IsMachineContainer** Is the container the root device itself? +- **IsNetworked** Is this a networked device? +- **IsPaired** Does the device container require pairing? +- **Manufacturer** The manufacturer name for the device container. +- **ModelId** A unique model ID. +- **ModelName** The model name. +- **ModelNumber** The model number for the device container. +- **PrimaryCategory** The primary category for the device container. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd + +This event sends basic metadata about drive packages installed on the system to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Class** The class name for the device driver. +- **ClassGuid** The class GUID for the device driver. +- **Date** The driver package date. +- **Directory** The path to the driver package. +- **DriverInBox** Is the driver included with the operating system? +- **FlightIds** Driver Flight IDs. +- **Inf** The INF name of the driver package. +- **InventoryVersion** The version of the inventory file generating the events. +- **Provider** The provider for the driver package. +- **RecoveryIds** Driver recovery IDs. +- **SubmissionId** The HLK submission ID for the driver package. +- **Version** The version of the driver package. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd + +This event provides basic information about active memory slots on the device. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Capacity** Memory size in bytes. +- **Manufacturer** Name of the DRAM manufacturer. +- **Model** Model and submodel of the memory. +- **Slot** Slot the DRAM is plugged into the motherboard. +- **Speed** MHZ the memory is currently configured and used at. +- **Type** Reports DDR, etc. as an enumeration value per DMTF SMBIOS standard version 3.3.0, section 7.18.2. +- **TypeDetails** Reports Non-volatile, etc. as a bit flag enumeration per DMTF SMBIOS standard version 3.3.0, section 7.18.3. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd + +Provides data on the Office identifiers. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device +- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device +- **OMID** Identifier for the Office SQM Machine +- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit +- **OTenantId** Unique GUID representing the Microsoft O365 Tenant +- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 +- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd + +Describes Office Products installed. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **OC2rApps** A GUID the describes the Office Click-To-Run apps +- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus +- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word +- **OProductCodes** A GUID that describes the Office MSI products + + +### Microsoft.Windows.Inventory.Indicators.Checksum + +This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. + +The following fields are available: + +- **CensusId** A unique hardware identifier. +- **ChecksumDictionary** A count of each operating system indicator. + + +## Microsoft Edge events + +### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +The Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate user's version, app usage, update usage, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, Product and Service Usage, and Software Setup and Inventory data. One roll-up event is sent each time any installation, update, or uninstallation process, including an error, occurs in the EdgeUpdate service. Each Ping event can contain an arbitrary number of apps which have been modified, and each of these apps in turn can fire multiple event types. This event is used to measure the reliability, performance, and usage of the EdgeUpdate service. + +The following fields are available: + +- **appAp** Any additional parameters for the specified application. Default: ''. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. +- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. +- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. +- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date + +The following fields are available: + +- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''." +- **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. +- **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). +- **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). +- **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. +- **appIid** A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). +- **appPingEventEventType** An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown). +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. +- **appVersion** The version of the product install. Default: '0.0.0.0'. +- **eventType** A string representation of appPingEventEventType indicating the type of the event. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the device is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +## MUI events + +### MuiResourceLoaderTraceLogging.MapAndVerifyResourceFileFailure + +This event is logged when LdrMapAndVerifyResourceFile fails for an overlay module. + +The following fields are available: + +- **Culture** Language tag. +- **DevicePath** True if file path is a device path. +- **Flags** Flags used for verification in LdrMapAndVerifyResourceFile. +- **ResourceFileName** DLL path and name. +- **Status** Failing status code. + + +### MuiResourceLoaderTraceLogging.VerifyAlternateResourceModuleWithServiceChecksumFailure + +This event logs a failure when a MUI has an incompatible service checksum. + +The following fields are available: + +- **ActualServiceChecksum** The checksum in the MUI file. +- **ExpectedServiceChecksum** The checksum in the neutral binary. +- **ResourceFileName** DLL path and name which has a failing service checksum. + + +### NetworkTelemetry.AccessPointData + +This event describes the wireless access point to which the Xbox is connected. Collected when a wireless network is joined. + + + +### NetworkTelemetry.FlightControllerInitialize + +This event is logged when the flight controller attempts to write the hosts file. + + + +## Sediment events + +### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings + +This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date. + +The following fields are available: + +- **CustomVer** The registry value for targeting. +- **IsMetered** TRUE if the machine is on a metered network. +- **LastVer** The version of the last successful run. +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. + + +## Setup events + +### SetupPlatformTel.SetupPlatformTelActivityEvent + +This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date. + +The following fields are available: + +- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. +- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. +- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time + + +## Software update events + +### SoftwareUpdateClientTelemetry.Uninstall + +Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). + +The following fields are available: + +- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found. +- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **ClientVersion** Version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. +- **DeploymentMutexId** Mutex identifier of the deployment operation. +- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation. +- **DeploymentProviderMode** The mode of operation of the Update Deployment Provider. +- **DriverPingBack** Contains information about the previous driver and system state. +- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.). +- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBuildNumber** Indicates the build number of the flight. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether an update was a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. +- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. +- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. +- **RepeatFailCount** Indicates whether this specific piece of content previously failed. +- **RevisionNumber** Identifies the revision number of this specific piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **UpdateId** Identifier associated with the specific piece of content. +- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). +- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used. +- **WUDeviceID** Unique device ID controlled by the software distribution client. + + +## Update events + +### Update360Telemetry.UpdateAgentReboot + +This event sends information indicating that a request has been sent to suspend an update. + +The following fields are available: + +- **ErrorCode** The error code returned for the current reboot. +- **FlightId** Unique ID for the flight (test instance version). +- **IsSuspendable** Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE. +- **ObjectId** The unique value for each Update Agent mode. +- **Reason** Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0. +- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. +- **ScenarioId** The ID of the update scenario. +- **SessionId** The ID of the update attempt. +- **UpdateId** The ID of the update. +- **UpdateState** Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit. + + +## Upgrade events + +### Setup360Telemetry.Setup360 + +This event sends data about OS deployment scenarios, to help keep Windows up-to-date. + +The following fields are available: + +- **FieldName** Retrieves the data point. +- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. +- **InstanceId** Retrieves a unique identifier for each instance of a setup session. +- **ReportId** Retrieves the report ID. +- **ScenarioId** Retrieves the deployment scenario. +- **Value** Retrieves the value associated with the corresponding FieldName. + + +### Setup360Telemetry.UnexpectedEvent + +This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. + + +## Windows Update CSP events + +### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed + +This event sends basic telemetry on the failure of the Feature Rollback. + +The following fields are available: + +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **hResult** Failure error code. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. +- **sacDevice** This is the device info. +- **wUfBConnected** Result of WUfB connection check. + + +## Windows Update events + +### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationStarted + +This event sends data collected at the beginning of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date. + +The following fields are available: + +- **MigrationMicrosoftPhases** The number of Microsoft-authored migrators scheduled to be ran by DMF for this upgrade +- **MigrationOEMPhases** The number of OEM-authored migrators scheduled to be ran by DMF for this upgrade +- **MigrationStartTime** The timestamp representing the beginning of the DMF migration +- **WuClientId** The GUID of the Windows Update client invoking DMF + + +## XBOX events + +### Microsoft.Gaming.Install.ResurrectedInstall + +This event is logged when app installation resumes on Xbox console. + +The following fields are available: + +- **InstanceId** App install instance ID. +- **Result** App install resume result. + + +### Microsoft.Xbox.XceBridge.CS.1.0.0.9.0.2.SFR.ConnectedStandbyEnterEnd + +This event is triggered when connected standby is finished activating. + + + +### NuiServiceTelemetryProvider.DriverSensorFirmwareVersion + +This event reports the version of the currently installed firmware. + + + +### NuiServiceTelemetryProvider.DriverSensorHardwareVersion + +This event reports basic and raw hardware version of the NUI sensor. Also reports serial number. + + + +### NuiServiceTelemetryProvider.SensorFirmwareDeviceError + +This event reports sensor firmware device error. + + + +### SignInArbiter.AutoPairingGeneralInfo + +This event is reported at various times to note system state. + + + +### XceDiagnosticUploadable.UploaderPerfHeartbeat + +This event reports a digest of a number of different counters that are tracked locally by the uploader. + + + +## XDE events + +### Microsoft.Emulator.Xde.RunTime.XdeStarted + +This event sends basic information regarding the XDE process to address problems with emulator start. + +The following fields are available: + +- **addUserToHyperVAdmins** True if user added to Hyper-V admin group. +- **addUserToPerformanceLogUsersGroup** True if user added to performance group. +- **automateFeatures** True if automation is being used. +- **bootLanguage** Boot language for guest. +- **bootToSnapshot** True if should attempt to boot to snapshot. +- **com1PipeName** COM1 pipe name. +- **com2PipeName** COM2 pipe name. +- **diffDiskVhd** Diff disk name. +- **displayName** Display name. +- **fastShutdown** True if should try to shutdown quickly. +- **language** Language to use for UI. +- **memSize** Memory size. +- **natDisabled** True if NAT is to be disabled. +- **noStart** True if VM shouldn't be started. +- **originalVideoResolution** Original video resolution. +- **remoteFxDisabled** Disable GPU. +- **screenDiagonalSize** Screen diagonal size. +- **sensorsEnabled** Sensors to enable in guest. +- **showName** True if display name should appear on UI. +- **showUsage** True if usage was shown. +- **silentSnapshot** True if a silent snapshot was taken. +- **silentUi** True if message boxes should be suppressed. +- **sku** The emulator sku to use +- **startedBy** The program that started the emulator. +- **version** Emulator version. +- **versionLong** Long format of emulator version. +- **vhdPath** VHD path. +- **videoResolution** Video resolution to use. +- **virtualMachineName** VM name. +- **waitForClientConnection** True if we should wait for client connection. +- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. + + + From ba63a429c9577eda027c56cec3f7dcd05a8d5b3a Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 28 May 2020 08:45:44 -0700 Subject: [PATCH 50/84] updates --- windows/deployment/planning/windows-10-removed-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 14c2603131..b79a9e0b9d 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -27,7 +27,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | -| Cortana | Some features in [Cortana](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana) have changed. | 2004 | +| Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 | | Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | | Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 | | PNRP APIs| ​The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | From f895320c8e1a03cdc3fd38f34161850c54c736b9 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 28 May 2020 09:31:24 -0700 Subject: [PATCH 51/84] fix suggestions and warnings --- devices/surface-hub/surface-hub-security.md | 2 +- ...d-uefi-security-features-for-surface-pro-3.md | 2 +- devices/surface/assettag.md | 2 +- devices/surface/change-history-for-surface.md | 2 +- ...ce-and-system-center-configuration-manager.md | 2 +- ...customize-the-oobe-for-surface-deployments.md | 2 +- ...urface-app-with-windows-store-for-business.md | 2 +- ...loy-windows-10-to-surface-devices-with-mdt.md | 2 +- devices/surface/deploy.md | 2 +- .../surface-system-sku-reference.md | 2 +- ...eap-fast-and-cisco-leap-on-surface-devices.md | 2 +- ...ll-and-configure-surface-devices-with-semm.md | 2 +- ...net-adapters-and-surface-device-deployment.md | 2 +- devices/surface/ltsb-for-surface.md | 2 +- ...-optimal-power-settings-on-Surface-devices.md | 2 +- ...manage-surface-driver-and-firmware-updates.md | 2 +- devices/surface/manage-surface-uefi-settings.md | 2 +- .../microsoft-surface-brightness-control.md | 2 +- devices/surface/support-solutions-surface.md | 2 +- devices/surface/surface-book-quadro.md | 2 +- ...-device-compatibility-with-windows-10-ltsc.md | 2 +- .../surface-diagnostic-toolkit-command-line.md | 2 +- .../surface-diagnostic-toolkit-desktop-mode.md | 2 +- ...face-diagnostic-toolkit-for-business-intro.md | 2 +- devices/surface/surface-manage-dfci-guide.md | 2 +- .../surface/surface-pro-arm-app-management.md | 2 +- .../surface/surface-pro-arm-app-performance.md | 2 +- devices/surface/surface-system-sku-reference.md | 2 +- devices/surface/surface-wireless-connect.md | 2 +- .../unenroll-surface-devices-from-semm.md | 2 +- ...ade-surface-devices-to-windows-10-with-mdt.md | 2 +- ...ration-manager-to-manage-devices-with-semm.md | 2 +- .../surface/using-the-sda-deployment-share.md | 2 +- .../surface/wake-on-lan-for-surface-devices.md | 2 +- mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md | 3 +-- mdop/mbam-v25/deploy-mbam.md | 1 - .../troubleshooting-mbam-installation.md | 1 - smb/cloud-mode-business-setup.md | 3 ++- smb/index.md | 7 ++++--- ...e-for-business-education-powershell-module.md | 1 - .../determine-appropriate-page-file-size.md | 4 ++-- .../client-management/introduction-page-file.md | 4 ++-- .../mdm/esim-enterprise-management.md | 2 +- .../system-failure-recovery-options.md | 4 ++-- windows/configuration/TOC.md | 16 ++++++++-------- ...components-to-microsoft-services-using-MDM.md | 2 +- windows/privacy/manage-windows-1903-endpoints.md | 2 +- 47 files changed, 58 insertions(+), 60 deletions(-) diff --git a/devices/surface-hub/surface-hub-security.md b/devices/surface-hub/surface-hub-security.md index 4dc2b7518e..faee5ad929 100644 --- a/devices/surface-hub/surface-hub-security.md +++ b/devices/surface-hub/surface-hub-security.md @@ -5,7 +5,7 @@ keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md index 017f34559f..4abd9e0c86 100644 --- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md +++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md @@ -11,7 +11,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article --- diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index 296a57b10e..6d9533bb52 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.localizationpriority: medium ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 35be5e736d..b1aed6e997 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index f68989b045..e8ce13b98d 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md index 70d53dae71..cb492c2620 100644 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -11,7 +11,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.audience: itpro --- diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index 121be61007..fc2956ead6 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, store ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md index 47f14939db..bb8e62fb6b 100644 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index a7220315da..7431a22a8a 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -8,7 +8,7 @@ ms.sitesec: library author: coveminer ms.reviewer: manager: laurawi -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/documentation/surface-system-sku-reference.md b/devices/surface/documentation/surface-system-sku-reference.md index 0d49be965e..227d58d778 100644 --- a/devices/surface/documentation/surface-system-sku-reference.md +++ b/devices/surface/documentation/surface-system-sku-reference.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article --- # Surface System SKU Reference diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md index d51a90413e..36f05515f3 100644 --- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md +++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md @@ -11,7 +11,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article --- diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md index 56282326a4..6eb848da41 100644 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md index abc4672793..a68242b88a 100644 --- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md +++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md @@ -11,7 +11,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.audience: itpro --- diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md index c250085467..17e6d48fb1 100644 --- a/devices/surface/ltsb-for-surface.md +++ b/devices/surface/ltsb-for-surface.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index 36197ca93f..e7c739be75 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md index 75ccff3070..1d78180a03 100644 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ b/devices/surface/manage-surface-driver-and-firmware-updates.md @@ -11,7 +11,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.audience: itpro --- diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md index c5f41821d3..f56bcb55d1 100644 --- a/devices/surface/manage-surface-uefi-settings.md +++ b/devices/surface/manage-surface-uefi-settings.md @@ -8,7 +8,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices, surface author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index f0e6c5d221..2bb2c8a956 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md index ab4c3a46c4..d9f0e6200d 100644 --- a/devices/surface/support-solutions-surface.md +++ b/devices/surface/support-solutions-surface.md @@ -10,7 +10,7 @@ ms.mktglfcycl: support ms.sitesec: library ms.pagetype: surfacehub author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 09/26/2019 ms.localizationpriority: medium diff --git a/devices/surface/surface-book-quadro.md b/devices/surface/surface-book-quadro.md index 79fb762dba..8b1599f5b4 100644 --- a/devices/surface/surface-book-quadro.md +++ b/devices/surface/surface-book-quadro.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.localizationpriority: medium ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 5/06/2020 ms.reviewer: brrecord diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md index 044b0e0437..19eb605696 100644 --- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md +++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md index 035eec60da..d7b8828415 100644 --- a/devices/surface/surface-diagnostic-toolkit-command-line.md +++ b/devices/surface/surface-diagnostic-toolkit-command-line.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md index 795bff7f7f..7734d2a4fa 100644 --- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md +++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md index 2b19282899..10939f979e 100644 --- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md +++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: cottmca manager: laurawi diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md index f21805f1a7..e1df0dc226 100644 --- a/devices/surface/surface-manage-dfci-guide.md +++ b/devices/surface/surface-manage-dfci-guide.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 11/13/2019 ms.reviewer: jesko diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 488eeca1a2..5b7adaf812 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.localizationpriority: high ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 4/15/2020 ms.reviewer: jessko diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md index 4459d6052b..10f3e57bbd 100644 --- a/devices/surface/surface-pro-arm-app-performance.md +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 10/03/2019 ms.reviewer: jessko diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md index c0de20193f..499e718991 100644 --- a/devices/surface/surface-system-sku-reference.md +++ b/devices/surface/surface-system-sku-reference.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 03/09/2020 ms.reviewer: diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md index 24a358065b..34c653abc0 100644 --- a/devices/surface/surface-wireless-connect.md +++ b/devices/surface/surface-wireless-connect.md @@ -7,7 +7,7 @@ ms.sitesec: library author: coveminer ms.audience: itpro ms.localizationpriority: medium -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: tokatz manager: laurawi diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md index 0caea932ab..6750387137 100644 --- a/devices/surface/unenroll-surface-devices-from-semm.md +++ b/devices/surface/unenroll-surface-devices-from-semm.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index c9345502d8..7602e690be 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index 21616dc89e..91c1b17875 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md index 0309d071ec..288e79b8c6 100644 --- a/devices/surface/using-the-sda-deployment-share.md +++ b/devices/surface/using-the-sda-deployment-share.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md index a6686dcf69..b9c11bd90f 100644 --- a/devices/surface/wake-on-lan-for-surface-devices.md +++ b/devices/surface/wake-on-lan-for-surface-devices.md @@ -8,7 +8,7 @@ ms.pagetype: surface, devices ms.sitesec: library ms.localizationpriority: medium author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: scottmca manager: laurawi diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index cd77d39b06..8a255ed548 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -11,8 +11,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 ms.date: 8/30/2018 -ms.author: pashort -author: shortpatti +ms.author: dansimp --- # Applying hotfixes on MBAM 2.5 SP1 diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index a921105176..c035e3eadb 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -8,7 +8,6 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 -manager: dcscontentpm --- # Deploying MBAM 2.5 in a standalone configuration diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md index f2d0494b7f..9dce3b1297 100644 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md @@ -8,7 +8,6 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 -manager: dcscontentpm --- # Troubleshooting MBAM 2.5 installation problems diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index b62b89b55a..9b5f3ae040 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -2,7 +2,7 @@ title: Deploy and manage a full cloud IT solution for your business description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices. keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365 -ms.prod: +ms.prod: w10 ms.technology: ms.author: eravena audience: itpro @@ -13,6 +13,7 @@ author: eavena ms.reviewer: manager: dansimp ms.localizationpriority: medium +ms.topic: conceptual --- # Get started: Deploy and manage a full cloud IT solution for your business diff --git a/smb/index.md b/smb/index.md index 5cc2746261..1f9527ebf2 100644 --- a/smb/index.md +++ b/smb/index.md @@ -2,16 +2,17 @@ title: Windows 10 for small to midsize businesses description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business. keywords: Windows 10, SMB, small business, midsize business, business -ms.prod: +ms.prod: w10 ms.technology: ms.topic: article -ms.author: celested +ms.author: dansimp ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: smb -author: CelesteDG +author: dansimp ms.localizationpriority: medium manager: dansimp +audience: itpro --- # Windows 10 for SMB diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md index b7fea1a9ef..04c86ceb64 100644 --- a/store-for-business/microsoft-store-for-business-education-powershell-module.md +++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md @@ -9,7 +9,6 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.author: ms.date: 10/22/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md index b6abb3661e..8daf0f4ce4 100644 --- a/windows/client-management/determine-appropriate-page-file-size.md +++ b/windows/client-management/determine-appropriate-page-file-size.md @@ -8,8 +8,8 @@ author: Deland-Han ms.localizationpriority: medium ms.author: delhan ms.date: 8/28/2019 -ms.reviewer: -manager: dcscontentpm +ms.reviewer: dcscontentpm +manager: dansimp --- # How to determine the appropriate page file size for 64-bit versions of Windows diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md index cee81bcd72..2f12bd900f 100644 --- a/windows/client-management/introduction-page-file.md +++ b/windows/client-management/introduction-page-file.md @@ -7,8 +7,8 @@ ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium ms.author: delhan -ms.reviewer: greglin -manager: dcscontentpm +ms.reviewer: dcscontentpm +manager: dansimp --- # Introduction to page files diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md index 386f5a8c48..9251f6a755 100644 --- a/windows/client-management/mdm/esim-enterprise-management.md +++ b/windows/client-management/mdm/esim-enterprise-management.md @@ -8,7 +8,7 @@ ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.author: dansimp -ms.topic: +ms.topic: conceptual --- # How Mobile Device Management Providers support eSIM Management on Windows diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 28f7edaab0..d0806c95e1 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -8,8 +8,8 @@ author: Deland-Han ms.localizationpriority: medium ms.author: delhan ms.date: 8/22/2019 -ms.reviewer: -manager: dcscontentpm +ms.reviewer: dcscontentpm +manager: dansimp --- # Configure system failure and recovery options in Windows diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 55040620db..0d01784273 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -2,7 +2,7 @@ ## [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) ## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md) ## [Configure Cortana in Windows 10](cortana-at-work/cortana-at-work-overview.md) -## [Set up and test Cortana in Windows 10, version 2004 and later](cortana-at-work/set-up-and-test-cortana-in-windows-10) +## [Set up and test Cortana in Windows 10, version 2004 and later](cortana-at-work/set-up-and-test-cortana-in-windows-10.md) ## [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) ### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/cortana-at-work-scenario-1.md) ### [Test scenario 2 - Perform a Bing search with Cortana](cortana-at-work/cortana-at-work-scenario-2.md) @@ -13,13 +13,13 @@ ## [Send feedback about Cortana back to Microsoft](cortana-at-work/cortana-at-work-feedback.md) ## [Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization](cortana-at-work/cortana-at-work-o365.md) ## [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) -### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/test-scenario-1) -### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/test-scenario-2) -### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/test-scenario-3) -### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/test-scenario-4) -### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/test-scenario-5) -### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/test-scenario-6) -### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7) +### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/test-scenario-1.md) +### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/test-scenario-2.md) +### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/test-scenario-3.md) +### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/test-scenario-4.md) +### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/test-scenario-5.md) +### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/test-scenario-6.md) +### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7.md) ## [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md) ## [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md) ## [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index d15ec0f74b..ba4a8aff28 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.localizationpriority: high audience: ITPro author: medgarmedgar -ms.author: v-medgar +ms.author: dansimp manager: robsize ms.date: 3/25/2020 --- diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index ea17373f32..9d9c6e8fe4 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.localizationpriority: high audience: ITPro author: danihalfin -ms.author: v-medgar +ms.author: dansimp manager: sanashar ms.collection: M365-security-compliance ms.topic: article From 041891ef97b92c19665146d58c1507c12d1c50d8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 28 May 2020 13:48:20 -0700 Subject: [PATCH 52/84] add links to linux and mac sys reqs --- .../microsoft-defender-atp/configure-endpoints-non-windows.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index dec845f1d0..54109e5159 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -29,7 +29,9 @@ ms.topic: article Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. -You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. +You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. For more information, see: +- [Microsoft Defender ATP for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements) +- [Microsoft Defender ATP for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements). ## Onboarding non-Windows machines You'll need to take the following steps to onboard non-Windows machines: From 4b065e00d909fd1cc4b3ead6e639b5ddfa0fc136 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Thu, 28 May 2020 19:52:44 -0400 Subject: [PATCH 53/84] Incorrect statement - Suggest removing it Like the article mentioned earlier in the article (https://techcommunity.microsoft.com/t5/Ask-the-Directory-Services-Team/Machine-Account-Password-Process/ba-p/396026) the machine will not update its password unless the change is committed in AD. Therefore the best practice mentioned here did not really make sense. So I suggest to remove that part and remove the numbered paragraph for the remaining point. --- .../domain-member-maximum-machine-account-password-age.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 3aa61ca9b4..0bcf3d3ccc 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -42,8 +42,7 @@ For more information, see [Machine Account Password Process](https://techcommuni ### Best practices -1. We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. -2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer is turned on after being offline more than 30 days, the Netlogon service notices the password age and initiates a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer does not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and then configure the value for this policy setting to a greater number of days. +We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. ### Location From 300b181d69e15076b06bad26edaa72636b0600b6 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 28 May 2020 17:00:43 -0700 Subject: [PATCH 54/84] darkmodeupload --- devices/hololens/images/Dark Mode.jpg | Bin 0 -> 106016 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 devices/hololens/images/Dark Mode.jpg diff --git a/devices/hololens/images/Dark Mode.jpg b/devices/hololens/images/Dark Mode.jpg new file mode 100644 index 0000000000000000000000000000000000000000..f2cd7c45106cb19c88c6f5aed5fc9f56d537056f GIT binary patch literal 106016 zcmeFZ2UJsAw=cdC6lunSfS}}fPyrFKP*h6rcmRQe2q-85QBi3kDk4bRSWysT=LkZO zjtW>PibAB@kSb^pLQ$$fLJcI@d2jzCnGI4S9-oQPDDr;+K5aSn?7AkT1rAn`oH{- z{{opaQ5#Leqg;oZ+c|Leqf98KN`A#3kT{?AgdPAz|TZ zBEmS=aCZ>=j)=^eK6mlzjWgz1?GgR`i1eD1SMJPI`r~2YeCulFlC^t}o)Qz6k(FB@ zzjT?hit2JrEp453>o;ur)5zFlv#FWQw(YidJ9gST@7sUC#nsK-`fqPSc_(|qA0JV#{u z;?*hlOHFYpt2{_a3blmsz6Ox|D^BCXnp^n_#E@Ey=zM z_Cqc@A}K5c#uJ`{kPx0te3%OI%jcTUvL3|RO~=~$P@L$Y1RourWv)V;RK{NwOA*uO zR?oK`I}oy@S*3ZoUUd|5%`d?(b;#ItnnhbgTSCQxI5C|toiK{#|J?Hb7rhwH1sj@} zMzwJYo zG+8jLB9mp}#Gb#F%yxK^JYHNMvf{+`6E}8Ln8X;$=rR1^FTJC>gHtt~x`wjqJ$b{m zcX1NIdlKGi*}O~mpTqyB^-wW(H`Yf3{NOqG0X@BgQ!}0==jNQMH zH_8rM_knc>cZX|ElI04Lvqr$-0c}zljAzgaB{r2)YPgD zBUVPz|E(WuEp?@>!fx_6Zy8QEuGn%Q)iG7*{(J63pcQ*{n`Hzsn^6`)Dz5sI;lc`j zxU{sioW&d5wB99i(OLu1T%taOw*?ia>5=vkzM~@8j$F%T~Q^D*Z?6lKDK2mrcZQsI2LW6$3;6P|RMC2S#^m`B z<44O#&L30!L|~feJr67xBQiJjGMe-W*rLw%fe9(L7szD=a%pgN%gg!5umVn}9RwT7 z#Oc)Wk+BhAA-Czr@z3ml3W}dSNBPJ`niSgdj>Jkqi}SGG&?@g@GJ7qB>rqj_@BuB@ z@DWBmP&N4FjPy-Ii$OuL*GVlgq}c>+x!zhna(W#fDU0DFvpU$P(2n)3RPKUuOsj+H zmB&Y@X?$d$7mXm&WywP$Bp%O;mB8CY9vWkUiiu8GclT*b>=jECI~}_KRDF9=)rYx% zkcJj9E2qRG_DN)pPf#%|mtD=f^D~dXazzCm80<4>hi)r{D{q2n(wKdW^XRZ5lZHtt zfk=Y`KP%_wTN_DpK-%XTAnj&a+4Ic4F?48bQkIVkMul)`!#Jbf;yCA0y}^RMLUnzU)~M7iqF{|*}aE}4BCEpg@};N}u&OT7lR z{5d$#5Ek4C4xNr^Qt7hPp|K+Zx^Cz_bojfzduhzCjPu|7bwVqf$_4fk5bh@l%=n!vTAn{2;p!^4nE+dAQ*4o1KN9DXx_%;r zy8T4Q3>f@IhYq5C)088OuKnE2d?aq{EXwo%be|FdzA^ZVL-nG}uY3fTP?4ECDWMzqnk(0sIP~pG+r3w`tV4XHv%h`PsS+S&kbH@P z@$<7Q+$XY^rIhReMKdJ$h(OWN;A9Q#2pC4+FFjA;7!Q0Gjc)hdHGW~N2fUGbo;JJ? z_r~A(NLw1IwGo{|>ROL`s}ZjE8+^nKlu`LCz6KGBPe}Mz(1cQru z7Zbrl`AAqI=+KM133S+b4rRK@vKwxK5piPQ;=+$XRLe(f8@N31E=n&DGX!Gmf)`W9 zFZsDZhykyOQ0D4hYm?>8;7$#1_T3@EkM{oW}{s?t(lW?0sScy^o{*%R3K&Wkz>OUtweg+r$`-IlkGHtX_0<*2!4S!Nr;d9 z5@CKh`Nq=hiGeXo6B5&scwQKDc2WRQA;wsMvQ9t-fdD^s#mQ&1_gjpq3CjBsiuuTo zz*pHH3#y(q!r~*m8G$3{gk2GeWf;_`$H~HysB8S#F&<5S7yRzNIJ;JR`=e;j}Jg3tz1o-djCqFEQ*hZag> zIuqG7Xt4-;06T>dL1h=wb_botmERaK9eqO`ABQwbWTjx~nd6WI3kezMv3|l=+4egy zSiA@@SjtE&+!sXIo!F`7Z&WP5Q9;YD_4$&9hIDw7f%98RaKO6h)DI@*O4wdOqcZ|) zotw{k0SeAI35uEtI)74`?EtP_!ocHN1knS6CiMb}D@6XMlu+3pbAfkG?+~d&Ee;qe z0)}$G>a>G{ueJ~c4bOqLM~MdojcJ0$1|Pj45X?g%h5wX^*!$fiixfi_BgH zPMtEknDqcSiapCmPJ%x~97S7ho13AbdJ#3cZc zbdEH;8tqU9m9_Yz5l0yZsaU`pJ`zM_CG=eb`A(n%kN?34%HCVKfR9v}!%%-Q4D#;b zg>w&(I+n(xEl1G^Z`6H?MwG#Ol7NX{1ySNGV82A)nn1jH@fn)C@glf;NgYb@zysc% zkNisD8pipBfDWzo5_dPLV{w9@zg1Xyvj%Z!b~TNuMJjuU_c@9;p}I$70j3~I)Gzjk zw%{!G%SXTP5fkViA``HGh3h~Y|hFym`z?P3thVhSr&if?|D$K`ilyR&EWvY|P zDD3@IX|(ct+e&Er3M7`-8>e;Nr;dI6snBs4gvz0K1v>#lp=$|CRsy!brIa`%VA~#z z*ot#o58T!S#goT-m4Ss{MyD(KpEP#ieQU${lO~|@tIT}l+)kDW7jg@UEkkWL;jXC+ zBXx4XIxn)o0+ruejb1=;#;bp39P0+}{7=NDes9z_7d&<+X&~WOpWpPWq(tT$1BjZ` zK4m^Kt(NOS`q7NO^k0?ENe=x7yQJ2efmSd`>6X~^6m~sI)!>fcUUC9_=-=qRGV;6C z{te+fVYKS+<0AzTih=)*>W5$?O!}F@f8Ffk-zEO0gCFw-YLn)#imLwAijTSDQ{sMC zz%K(e>K}Fjcl^bPc4FV;{h7*p!CS-Hr{fVPk%wVKTr+Gf_o`I}e-o<4SZ%{e6inIyaS~>AtgQ*#vXF_ORn}pMkF=HH^#9I} zl68$1vN|pKc3oMwp``Qnrn`3T>1ta==9z|Zx2=_CKjqj<@&;zRlPAbW$XU5kpB(GYxRoFGfD$8oOf|0IkVxv)r znd`2>s|I51CPz*ZH+A0jK zV~kcu01I2j3_ zby5ftVHm-}H(?N~ehUc3qlEpF&BJ~GiyeV3f_qI^;H$G45>AunN~rL=1~ zA5khKKVH=w(9k}A$di}*Tqa1*Jb}ukNCm%WY(CaOlQTHe>)AiyZGU`hXSvoZdegCv z?7l-Awu)ML>HJlH<9U->O!kv*`-Tky?`^%_DtyeQkK8YiF=kBZCO>J6Uq=jtG z>hW9$+b;jji_xm`H?QPv74fY9dw3#jli}=#cOT{2KjQUVuP~gyQXxHfaqpV>>_*O( zlhw~n(mMHwa7t!lKyoknd{hJXW+mMNE7LdUBjza?w>4PZ6Pa({rM##lE}E{cB0TLz zu&s!Xs1|4OkZ2Vuf{ArUk!bVj3E zVQNW&f*r|+Ns?z->>4d$N5=K|ZaAKh*mc}D=bdwuSk`r0V^NVgWL;yw3k|nZL^^UT z=x^R^$$!_q++9pLVbI_N_BJ2#vKo~$$Y`~)@X~rZZAaqy*i(P1aeEnjq&4Sx5Fasc zQiSP%z1{7=ZS2yFz}?RuJ*{tjaL)WsRpJNFGryhkez&0^eT&}(v-iJU9ier3oBq+< z%bhhV%rPt4;`oB;(z~k-6|XUKTUO??Tuk0)J8E-GYmf2NudFcmpyF8LF-xQ<0m2ejBe1kdlI+rIu6Vq&z96_@ zW&ZkYIj=stJ|j<5^`BKSHL2uQQbzKpb^ckOt*%v9vGmM<$fG|KGqzpc60|Oz5LzHy z7re~x&0oxSm-jfDZ1rAfahRhdqPllSOUrI~PHoX)wuc2%zaS-L2kJ3SPfqmtu%f={ zZTS)LN4MnWZ+-GxrvG@rsK=Aq@;=A7H!kAEDcX0uKNlWul~xTioD;oHF~-B)Z+v@- zRqDr5((_wZU#|On8e&`^iw_hmaG$-isV8sCgTckegA_aa#AL)o*1w=1RlB^)ZO62S zy24dwm9<8xp@GYeQNyoM=dkDf!E`y5aepN#yF@4L@X|A+i7MZ@OFBdJd($0dSQ-T? z%4d$H&+SprpJ!pPV6T!Z_v*q6VtOaebgm!R31#BCB~b;@O}he)!2({0-GhQ$12rb0 zc#%n)D0j*4^*j1@8Pz7%x$Fwrs1mbH(r2P!iTamSPNVIT~$|yGS2h**8qs(-A22*)$iu$sy%uwGSl)oJhE=RQ$Wa+U(1xDGqkc_6GT_ zXIQyK#F_3gd285*#*8lYf4O+1|7w>;f3bnz=UIgIUFyE^8YPvY<>_50Yi%}Gh32@Y z9lTO0cOk6IR{OUQ|9M@@V_j<>r&Q!OrBjAxew&m9?)(SLeLe59uWgzwUo zbnU1ac=SK)niMCNbIo%@n5GbfcDFjKI6;nsv=JniD6Ep=DeajIsmc?w22Mn~3i2Fe zm-v>Y(pgrA=RxlJDZxbp1=j>ah0{hG@buWDiqKUXjh4|7L3V>w;h5zaClY^AUI0yy zgJd?n2sWu#N?RET9R{$%qF>I0ROqU%aUzYTklBP4AkFot2t9+e1+-l>ZMs#2vTRc6 z`2TaNb3#B;Pw1$gNevqz3$xF?*;Re0x!n5kWmD>8JRlw0$5!Mbl1DrHJvG1 zxi0J1bv)@+dt8{_tB_ExDb(<>q9!MOU$;YcOu1RpV`>s|%y#fty2>uC3!d6X>~9Vo zi<4SsvGd}4xqTh!#=}DHvH5qG9#VY`O|_((>HvshWorK4S5;~i^lgY@91l@SjZI2T zj1wO`c6Y7(Gi9>`U7t9~UdWCYb3a_r;kIY@8Dz~^}@66%P4Le)OVH+aP z>M68Q35N1Jvb*kF=ycnmH*HPH!C}t(GAk<;WA_@PW%a37&7WP^f7Rsate#y@TdVE%sheb%+<#fI;^M0@v7=@@{pD^W=8b9d zJMy32s@r34dh5Jm$hGaMr7{~+uUoe_Uks?7exj!y=%6-(vt z?xz(W4};Li@Ykl;uT+zQE61yitBs0^wX3sgb13%O1pAdT3R(C`K=tG1@U!RoG_Ajm zfpD@CFn7ppj>vLYA&9NjM?QE;_d$r9Jgt(!gBrwZh;TK|%@95v0;(zgE2mkRQ~XyC z7?mxRelnJzIP4%2AL%-h;2PiJLzE13bZ#LjxaE!BNhr=J+*h{!(UWz?K`DC-;$DyRGoM(hvjn|u*8ke*v zp$5wzvSyq;Rv#4+-EX@{&ewKP-KF@fU^TzC@-~f&{n;G#xl$s{%kxXqA1>35ChDGS zRK9IT%<`{(;9vc-l$DN18I-itAfRF)m-n(n%8K)VXfXq`@H~c1E?1 zEvH^x?e~cE7^5r7IYs;MmcYDqhsSW+yY{4D*FYo6D_%BNZ-cXA4LZC}Yhu02`u2{@ zGRs6=wFML2jxy9$?NM!C59l4p(>HLsT_x(`{M&EdyGA{0qdp(puV=T(d39UJh5*}c z`})2eGLK#6r+Y45sm88;nr)UTkrf8#tkw<*PDSAUg=kK_$4m~q=)P5tD1uSUM|iN34w z%Ax#VWp~D)JcirO;>yKLFSG4@HC`-zv?Gn+V@CI6ETR8^XFr-$aUd9m18CKg%gHw1(5c8?` z1`ND=M$j9vUPk^VT$TI)EO-Sv0BeELPEc`^WQb#2tI0c4QM-HG`$PU}H9yl)=BlKB zYr`=Yg(h2roH7R=zf<+7rv22P2GI6H-&BP1_=q&>wj1`hdN{?<^Yx)iF|Nz<6)@=o z&!Dw7X^d-)7F}$B^?U)-Wcm)$_(TDV2UKId&9fR{F}R4*V8VUA1NMShumB^z$q@tz zCvq^=DZ<1D_qZvso+Ali!y0UB`A#nP1AeawS9Ou^qwr+fn3iHjsNDbn=@_!SpPoRsx|I>ZWU9r35VKG6>)7|vxBaEVLQ3S3%v z3%Fz^aLmPkz-(Nju>q$|okF3t4Qwvp(sE&?@~mnGT3JfrVW3jH^GU(2{`EfPU+*LA zu^G42ix;p6I|De2lfq2V##FGHBDAtZu_$FQ_JonYELT;1k|*3VZca79Jwu>HgG?Z& zACK$i$8W%@`9H`J?b5(5)lTOPX7+|+P6xr!QV1vW+QBav$XNU`M8t zUPOMo~SP)F0-2^>Q5eH#oc4Sz2n z?aN(Dx&WjHptEnJf5Sa!aHVTUeqiw1U=`Bfcrx0uIfd{MEmg+Inl!H1lnn`c?8Yq> zJ1%*E&$dSDZ3pv2kui}lGOSt7M=LubVLRY=O5X})E_dVC<$Of7J+QhWU={BMcL(}q z2+ElkSGEuzQNsz`0yi>S`nx5;g)~5}Y{JJ)r70NsSSIv1z~0A@C5{Kx(3mRUj42or zmQj|k^PdF2GSDCm@{-V&t-vU;v{SG-A^tO?1a4}h6D$-`}U;sf$5WY&O8?rJ`Akv6%)e+RggJkh=u^hP(qria16K!;d@o6q1kzu;X8bVa{# zHiJ+P!A$40S+L+A*{1{+DFxe-#@VMoY{zU0k5^|k6c9dCmVsbdC|5$7#w;_?f^otl z!maf`YpX@qLeAjEuqbym8bRxv-0R7PMZ|L}Sm4%?f(AHk@EZZ`&VDzwE=%@assb$G zV-!&S-bhR?x|}!!+d^oIef88Bz#WIGZ$;jO7SCa~W9YD#fQ=G^^(0sd$9J%HC-G9I zf{x`E1HbqJaFKJ0tOnTp=%TUZRMFORT)>ZPl#+#I9B^Gf0SntOn@)Q*xM2@<5zaw4 zaB%82X%DJM96#?0?NqQ@e5jJ}A$^-BP7Y$_D`PX% zey41i7-!LF#VEl5TJ5YTK`pk``X{miZ>)H4%Xg9{5tq@l^5amv%V zunre@4#LvOdy^yRw^1$9_3?Y23Lf2F?A_G!#7SaWZVcuN8tk+$#`hClzYidJ>g&MD zoNM!k8@Q{KOEe~C!WO2yDyj9P0c_H5+5~og|I57Mvzu|iM z7an56CU#+R%CIf~SOb(TmlZlH!Gd){IHTfP`ySw^T2^FJ5M~CO14J#klG3nA%}0pn zq_V@m2{s=D%L|(@#EJ|IaM!}kBohtXD7Q1l`A9X&TMzk9%*v4 zK^hW$05Q38mun+=BlSZHY;BW|;RA@l-b-7ER`v@V{`>erRfk6DW)mVK|4M&8N(j})etKu4yebaojlH~Au(526F)SR(T2toA)b6oz=C)yYTrDs zvs502c}gl^V-`ETM4c(}5bLghGXBVLMIYIPAB%A>8*Lji-J#xLx{u_(P-VT=+P4ob zsV_f2Up|s;Nn$@H-ryW^b*^=&p$)I|7?yc==*IXL)>?-LEYZF@iB4|0s=n@dqtS9V z*WOt1=+E@iBQpxHN6{%-<8A|s&QW!?cqG(zbUPfNYHaaHd>EagDMarc8t%wbQ#FxW zm$9a3Pq|k0jyE+S8yeT=dGE3v+HZ8U-g~&hqtU^6VU?(nWbw3&#Nx2x+~{>38RbxB zYCB)vn|#SK>akMPeIsQk={D=@JEh&fu{<{kv6nL6sqztJtwQjBZ!V%x^p!-bzhwLW80u||Ej3R{kl~%92x$YFRY*4aw5{5+n$y6DP)Fc z?_IEECLj4LG9Ud@*0Gm4RH7)x96L{QrBNnw&wK7G$f?n@xNDZv^~LwV=)vKMt)g#f z%qu;NVd>}Kc`)MSNv%rnX#(atPeIjZau2PthS4;Q$aUo-XDGH1dy+aa5fZxr`0)sYv~b5@vO#To zUBO&kM33lwjgMGFb6tfC(bnIARb^lmWeD1bvYA2xm~jA~3;Tu0|mnU6&Q^AQB*#?43km7mch-i={M zyjsM~#FHtMkCvNAL)OQRu;um7dVNN{XSt5)ng47t6L8#6a9mX2xG#cVZ;<6l=Mx7t zSsZ0o^03XZJwG>H`;Vqk6yEehlRjS;{K{X9k3>=9G2>X;BZCmMBh@v5sR>2)ORQsI zb-y2U6&1;wo*}rO!Z!8Mn2>N3jLCp1-W5Fqv?I;+G!r`hjU9l6C0`f^p2<@@6R^3S zme{E=GJ7t7)woOLVX*bX5MBzSjU8N$Eg}tVKSp|48#$`W>;^8~lH1Oc?O0Jj}D>E+it9NVVgqpk@S86@#j7m|*@7WVRgUZp# z5i>r3%}uw%PU}$FbNNU+J_2mhp?x&8hv0K3^s8HI=7gF*;j>%u=xSyq8lLw{a|Sjy zf0v*+m=k9|Dwj9Ii^Nm~xLH9MjByQSId6WSD6aMSY-cQd#>sJcr=rZs5l3B*7VU)C z>5j)vDjqG=-$Tu*1$Ey^OH6Cnl@}Jc676`vMh7(q*n3e4C}#G;mg;9W&Ntl$wgSt? z9|FtI7+i6b1qJh&XE0rjYZ}9*L;S5#8ePiF<;jo;nDO=ClHmEIp`C&HKN-Nl6IvAS zgce_*1&s}ZqR1IWOVv>*5r8R=ZX@1#z2#`fW50kwz(yAr%!jh6vX$`?@N0_SCDB5Q z_NSwhjV7b`8~g7x8*17|6_~fcdexKd^n!~G<^h@alcyTr?Rg7rT~kl%S|0=&@WM1F zi5|x}VE`wU>^)v$Xtf8k^D|lor8XH(4hl{v&UWMEPvDDzu#7K;uLEpsgpyJMg(x=9 z!V5dy0HAD`ezub>Q7F4juy8L3?n;B2mmE^jvuhS_b904zw6{2-F%UvJyVL$Lz*L*YpQI11dQ<6&?&+ zVVLrS0Xv?)0y;BbB0QgLP57Wu*ok>Wo}&Rb15lZZqSfBaN}L&iRu;Z_I#|hFMjzmb zju5z#D7HKjn->v)os;@TGBd4VbO!SXXt%qSidzMy8S@Hh!;XP#10$%t;cwP{HuCM>;=lWT#&+xY0nq%5u?r`*ujA0br^p|ZiA&HX2Nx&G7Al60cV|)c2q1A#0l^t zu$tJ)^=V1O#ic>;v9}(i6;w}PhzbPi;%J$-}@;VLLdcyVqZJ9j0$Ia}Ywg1z2 zC^m0k4qEjJVr0uPkV1p2jN#?nH5tXG4wwh!L{EUpp=mRTIi)U1WMm^l`17m8~+KZ5)P zJq%UTkk>z@umt@W0hwjr$xyhf2F}pBve>@3_mCby&@1QGQ)YqMC$m8zlo0QTOsZcv zcFy9P-+_Cd;gpbuSND+F3b>&7%rUg+H0GfbN>c(n{kf&gOr8vx5Nu3^l@usM-aeyl z0M7|(BTmSTOt~C*4r4ZG=ez4b=##W)B~Pq~C2}J)u~J1D;?NE*>F1~nGlDZiKlg0H zRgQ)E^qp{+-oN;WTS^)$4VHz5fd;7XW^^z9U_tfnDw2{pth|_vtpfLxsD18x&%tDA ze!~SVl}n#WH5$p{K?J>yRGmwKhW9tJWD+hPDIK~p-k%v~`E^e#I-xcJi7s?>E%OCL zfM;?4%(O!##NpNMQ>rli=cwI2P(G@~gdr966k0~XOi>E0wy&bJ{K!^*M6NQV1)k&v z3N`}>2qMrsJSNS;hyGPC_<%AbdRSqLdVD7sC&G{dv368d;&swg(q^LUEm{K;a$1w| zkn+n}ejWBwaUpSNdlnQ8mS00#tD$7F`IB@qVM;9&?_yG`P6OJtyN<+M4RPhJCEFsK zF+u1dvgIJyZx5hw*N{R(x$pI7V>A9n_hk|Y<99cxa;3g!yI62Yu^b5Q|J%6k^nvl{ z5IlB}(v`y0Eas@VDq-%2E~3IFlU@S87LFEqW}sE*Rxl@|tG2X9e#JYZv@cm49j`vO zz`pOLQq_=C6}n$v1g-cBWKjCc>m&IO;*fQgH(s}WE1xo3Jx7vbSUN>IzILk`cWu1C z^UaFdb$>?4>|61+qy-UL62<#1oBh6JdRd@%>%)=vkObIy>=)P@dyqBiN+R(^E#d34 zJCyNMx+Pv0O_idYyf^JB#aU&6L9J&edLeOg9lbsV2C?0rG_eRp3BBpNP?pblGvo2B zFj7ann=(^NA^2_Hs&1Bq8Lnwtfdf*!hhJBYo@4KZMoLASdNaWEtk+GCd5H$|GuE=! z7Pj|h3NCTeNsqT&B6Y;Mp;wa8V(o6?FbNKS&>6{V9Q~X9R{}LmQIa^e${uCCuFK`6 z1kceRhsBD+m5(@OZV(Je&l*zKWM$7?d*}*yR)6HUyn$eTh8K(~^P~4`00E?Pf&i>gM@u zh;Wi06CWaeW9Cbk>$F6R&}q%w^}O@~nQps`Yiro|Hs4&Iz zr*zFwp!h#t$gLN#bFRah=EIFK-)pB2Dfg?dyZAXz$u}-G&RY>>zxKmzNQT)jWvo8L(Ksk?qpP6f=;0 z4`C%!2Yy64>XX6g9kLaajNe{La@-<*<)y)O4m$G2P<~p>W>r_=2W(PhF(0|G35!m_ z&UoBtbhIlR7>5u%mj*bAF5{>EJc&@WDW!Kpsk|)Eqv{Y{n`4ujc~6fO9hBPGXBmGZ z#M-c$D_2P zw1nVhi-ejOQ==Car)whOZ-yZjS%4M=XK>HvmaucVJx! zuGl~~Tz^uLz@a5AtL|EErXq2rPoN#>S$cZeq^4{}0Zati7T2b1v;-B;SPLqGpJHGG zze@NxWutL*7l3D%B4B3tlin&Muner;eY=3GJkoU-@Su~9p%N!7FwIXFz#XP5h$g8^ zO9nk6WEGdQGKc2(OhkL~9%52d3+GLwah>@mENI-oP1pn<*)XE+nS*^G&LkwK$5Xjc zmkKm4XeSNv2qt26yj$mnnzPjV9~DP^P9Ipeus$ih{zygO#;%xsI`e}UGUaOs9ymj7q34FU8` zjD^=T!#QKe74XrS-WBRUSJu>bbt%5VE<AG*go#j*QJ&zP8(myhqEZUvcjB6HUh z%|6zha;WICh%ML1s@dI8t*FYQWDLK`t{@q*azfiEv%9Wj<>oEQ>FU3+ZGX$8xJNiIxl)$VxaqLLp@3Q0XZ5zrUpaa)i(Fs&WXsBm zg)#G=-S@NRSk%9xN~OQAx@vc+#`5t7g(O?Gr_vX1w~3f^xN0&t%Ai1={0a(oKi4^d>A0NszT_6vW*^nZsz3gd{d z$umF~#fQuT_~zte2oRympnv$1Don(4!z8%hXA;|A4aoop=QkQECNZClda=ApE5&+( z7gwQ=>GefEIUN1>HN{#b7uU>H|0MIG-^ik!a(Y#F-pz#RQ4GK16CdasXPjcFRo2Sh zD1F2%G5_`rn8Xq=Cy%$cHr;U4pQVIbJ)?b&0PVU}HzHj_$}f1JH1@aJVGp4N`31Lj zpD}BdJ<@$sPrNe41aQ5t6xM8rdHwqE#zm#d0j{$B9)7ij{*}c8a~ZDkyo*u6X$Lq< z&utu^9dPp&6?Qo8*pHpq2;_AH6zt|LK*&D4;WLSjc zhKb7LiaynkO7Egd9UJ&4VFoj@XKnfs1qrMfe-syEatG!vSs_Mrr}8cbcMXIM1wVb6 zf4gBo*LTQ?9BG5P1lg8X7U;3bZKQMPN3}Lx!q<=4x>hHqKfkJa-Pp8jM0B~O1JVAA z8d}z@Ss%QZ9mR2K7}!^*rTa?a)r!!;t-3;0;ze||0xD_wX!Q63?aVk1nLQE88^L_K z3zR%*+2utx-DzFrd}Nt(re+SY8!EQ~+Pi$EQqSDcM{MgLtwpflWagYnX|qTRghIHg zke4tLUqAF^VSRo~y_|RHksLczr6cES|11+NmT2N}+uTL#)5CYd!$&cO4ldZ38wyoJZedj%c_Iy_hs8PFwSN7%ys{-cAj^s|{$Y}{MS00C+HMHG?+00V! zQCL5Ecp9d~HQimpok^Vdn^%InlH#V_a8tDnkseM{M;p|Qn^ZVvJ2Rsf7ilaD(Mo%N zu|VYksf;o9DkU>)1zG?HaRei_E+6@wP?8A`t4z$vIFv^`H3-X91Oug)&+olaAlz|w z7@157d_=a3BD;u{Y4`$%R|oCvRP5vE_V{b(w@}ZMXJzXjXeiDNUYdO}i)YNr`NQR$ zVVm-y*B?s#31@B0*upKkgqgjHzt?121e6#ouNl}EYM!_2{K53Nm<5SfjaueW-gJ|f z%!!@(GErQ5HzHc|yytH%Yl|UQy61^Z(p8-Zr)^nv9A{g0X(BspsIAUPwLyKvaav`W zjE=oe;>8S_%dXI&ztozJ3*Gj~$ZX3kiBR>CaJ-k)?B~xZk@2;K0=)6nQO_zJsfEaa z`4V-)_$wbA3Xds$NX1*aZvJaUg-zWjW`Wru!6 zujJ+gEtc8cOe5hg75e%X@A^!R_L^M1jGCOL6*Zj9BLTkEJ2>7&w0Y0fPsH_L%I~$* zU^B~Lk-L8)UH$nb38(aT?K7&m8<%!=Sse36OCx3n601f$Wu$a$9#j5^mD*+btiGm^ zw>Wo!dE=a04i8@%v=s=^*R`jZxovN{8b@{5X1+W{BfDXO9B?r6zWIahg{De*8KnnS z$X3m(i8jAt>Qr4OZQW80VADxxDLg|3Nd?Dp=0pN=6Y!q^8ij&irO^^kI!|6g9hxXO zngfU!Q^;dhho36KQ(;qw^XIR`QKscbmoJCOL_|VO_}Q0TX?VpczEb4aw&>~03XNXu zm*!nR7~ih+0x0CtuX$zvwg3>ayn;GUX(2_rc3rd)WDk?9>eJSM{gf7(q}gpa$I5zg z?gCeq!3?9&a89-LLFt3i4l}z_z9x8O>xR5m<>2!mqZbFNO>+_(`%JT}g`!<2dH?Ca zVkyqD&4Bd=8(T^suhaXc(NqM%Oj+<*e0{_*D* zT;oLpAO3waw?_R11(PZ%-5Wfn+5VLsg87+BxmhJae77e<`4V2 z5<8yPwrLcSdW>!zh@rR>#Gw*1E(GD7Ix+Q8_O>lc#+3 zDJ8;Gp6++BTb2irL5i+}3 ze^q!ScXSl>HEaK+qI}Gyqr0ZShm{$zjCJhh71QZihj)ypc`ezx;;5dd(z>CUoRULj zmhK(Ncej=1T~c3ilaGv!z3O*UmaF{&D_n_3hyRv_DN}s@>Aw%qEwY#4?lh+_Y37cQ z8Kx~lmUK1CqKV;x`7D{}`@0IKza3qBzgz0HS47zDkT;*KJsUStH*s~D%fdN2Y=g=+ z7fRpNp;8@>4nLQo!Q1P-TJ!$)nK^6bNV=Mrq8lH{Nv85nwws4r5Zi7%@%n1vF>Rej z&;DksB7~3 zs{O~7thw?MphF!i7N&6MS9zVrc_%bh@+x@oPG4=$4oLfvw=)mr2PAmdT6a&}xP4AF zy~AP611xsrh9j+n5-vYbdO|atGDlC=Zo()2WB8ZzD;j2|d|8vrTD9=NlcxB5@k58y z=<0ttX2#uQuto@+UT&$s#>Hr_zMagh33qu|$bWUdx3aG;D4sahFy0WO*_f|5Xl~xS z^L~HAI=@3oD!n73QON!GmUi%z<}sRC&U+hJ^}&yjFSdzh5grN5%8-!(*(H=jx5rLP zTqJwXZVg(qc|jb(iVfR-OK4DS?4aGcZ`Ktov9ltDtILk?II4fft4kn_Rer{XPu1czLy+N=-9Ww{Pfd2Uz$}H?Fkz-E#fl|Hf=O8T}i;f+~OG-;hl%AH2VhWG=moz0hApUkK=t~Js0HhQ5QrOmOb zSXh1Jf*>S4P0(}@`Dk2h9<|o2Wm&Q5gWAW&u1}=sK`Qhh)sOJwj6Q?w(H11l1K}YR z@Sra>%50@DzTo2{-9Po6v0Cu>(nXHdVFdxruN*6?JKV*wKA6%;$FDDVQ2n5GsLwbk z^@-#MH*KofHG?`AdWe#so8^Du_ahW|OgC*Ue$N6(2(^{~5{N<8;?M5xy$BBi3%Ueu z@F$j4k;!L{g$2(aq^SsjP*L`(ApTsv z_q%q$a|>|bsfoFE+<0*S`rQ&Ae(})ccgSQfvQv*|?G^Nv3eQmEJWM{cr7kxXCjv@# zgO?(%j}r!N6Qb6~w@W2ob4%*D|!zF;u=D)>-4&2ZA(?QF)3tigvm5 ztrFCp&!~%t>{qmNl2FF?9D*({Uf z&UY(ICP`Dd+1ok)uJueg&N?_T+e;oVPEd=>)us=^jO@ib9A$s+~6DGUcbFa zm)qY>57D~1<;DS>`!7FtSL}+w?2)|tYpoC5H6B@$k61)GzL(G55JEK4(dkhgSRh|VEY4|Gto@Q*b?~>R=2~v?ONF1UR=5@R`SVzYMBDy?w07cYdITe^ z?F{=(k^j|?pWJ6|k9ezbQPpSN(ZrGAyLlZjrrTwb1FZtu%o)Od=ejq!+rAOHs(PTj zV#&e#Ge4au?Dx3Ej$w%wSF_iYzbKI8Y=1}bI_#yPwTp4nqw&=0n5XNkPKKDq5tg{8 z-Qy!KH;|JY`j^K(y?sXH>5GL37;YBZi8ZOj}*&6D)~BU;FEad)9t> zl=S|M=T5WDughaU53w8ez>+&3@y2(FqTy936jtWdOpRrEb;@}+Z38YWbyNJ~#ELDZ z@I)_X3%o0=6EJQOm{xbI_X^`#v!orbH8{s6&D`#L)gTMp7KPpTJE0cfuH`sd_<6l0Hch?baHu>fI?H?dgO9^7jfV88T^b?1-QE==QaNKa3$v}8ljIKc$N$V zufdud?KIcpGojC%G0uGgXYgLOgl$kiP~T8E6O4BANgA6bVie0im~+-N<#ONV+3~o< zc5AeF6@Esy6L6u6)faqkW%yo$);T!!+OnsYu>E7d2?#KlZ*n~W)MR`^pw|?Qua8fF znzul1#npVt_?|!M%VfJ+T6QKN=SKxZYOqgbd}Iyha*%bT^VcIBwPv)cHW5&2&RmH5 z%-4~$VJ$b(7;NLovp={;He~{Q58mge%drI{@1e<;!ZrTQ=-|#45P+BBNK{V94^ug8 z68=s=$!MGlTiCrpMcEBy#oGWJKy4JrzXhwq#hN@Z=Xfb_8K($$t-l7{q&+g~1{FTu zOk}RcaUDuz;&}8i6jyJc3oi`?bZstaY#iQo*td(1jPt+|a4aP1*^WjtH%+9kEdR)0 zzVu}b>$t*;)EIok3BXR%htRi-1Qg`*XcxLi20ZgfC5}Bz!s_ctofDIo#%f+}1m;yJ z`rhrhK{fe9|2VC~tC}`I!}8Y!m&f}>Mqp)zld`h`i~p@-4|n1a54;)$6eLCm zed@HF?#X&a^dNkw=kk%a?eU;cl;?k#chReo`_5j22UmL=00U1Cg(F9l(E<9Mq?z}# zFdIkg9Vs~`Uv~wg9p2TX0T>ZZv825*8)+T*8%_l01xi>0NPzVUV4T&whp^RM$!ox6 zOZcYMny*3Nc#`ITs_TV0Hlq+%>zp2C%*By_aft0?0v|c(P8#APK2uVBs6&5{%*K@> z(R2M7@d)7qYDF5_(1i+I0_Co1jzc?qab8+*7xCga!}LAw>{R!^oOs|CCgQ5?AU-I7 zW`0#Pfdqj6u`mQR4c#GdTw&PBVjlr&xfo}q5m)FhCqK07gBH)kMM#&xZ31tz6m`eX zL;%FXNfa~2!0|H4R7PV|CQrm`5+5u$&YU{l!RUklV;ku_3~xiN1#UJm2L#*z#;y42 zh~Ul|M5wO$VrwGMROcWNU|kq8IDs?5~5TzhtPHslF~A-EQzSGB?=R1 z(=yUV+o)8B(B4pLnxcJ~X_=;3UVhhWrc~$iInMcf-tX_@`+fW#??0U5W$yL5ulu^L z`@Wyob&=)+$tXfk0UxcaLRuGt*ugN!<3F&iNf2+%aD>%;-wX}F`-@jP6lu7h0n<{4 zX_cVaBm_CuPV1iu;-A(7qUD$)t$zmg(FK_6v~SDKXhEkip2!Zx=qZc42bp>9jH4~; zDC;lg?VJhdCm7E{Y&;kViY`_dmt!^47AZ$J%Of}#|5@pFd%Ok z;fp6osX-s?ax4t$xDVK$h*)S1La4*+?Z{hrs{M-N14GcGF!)yL>Tk>dvdmk4eDyJH zRfxpbFpbVoK1iD3`v}8BisndG770o+fWAo6;5?DEc{fOm@!8ep8pbk znQ;fCc^~X>Y=Inv=KxfSUnk4&!4`e;SDdpW%|!-4K5H~bejR>EcAmVmEr>ELMw(m zbibb<(oed=q*&ye_{HQOg-;c?2SlNX_op|S&$|RPsoetB3xw3^uK-~ziP|}fh4BpJ zcSj;@iBVZh`;#mdDX3aP(#mi`^Jz@@CSj5A0$hrSio=qbOW_lDed~OiFagsF1H)o@ zRN}-llAO6Pk`lP_13Rk1nxjs`_i5SFL~1if6_g{=!W&U72{FiU8<9ehPLRd4oIT~k zdoJ?!%dnDzh=M)-g7+Ii$$?^-gE+S1`}iYMsRB*K8EH<`glH;n2}xBf7)HLqFhL51 z0ghGiZw*O;8c3T)3if zU?3%5hJ)-HfjuR*t?;$`MD`SjyAD^rS{->P^b`eSE(1ogObxVG5{Y2V4Xx#mR#M>v z_XyDa$e*WDt-?8yiSJw6hKN@54kOtF_~mXGn5P)$4fK*Zfjt7@r{Rhz>Ih~t^8mBj z^^N5R%t-GBp~BjgAtD0A)N)*35JeWRXb-PIuxP=cC&ke?vDm{9>RCVl3V-8yULeix z3hbD>S1^km>sg6Zl0KFGYNLyIiSOt!K*VDI-d-Pd<&urLIjVqsCM9eE%5!T z92la7G3D+Y^EGs{i;naSKtxgKxi%3Ns9hYN8=Hyx3lXEisl#vL2{1_~-4{&-Ty5ox zgg+{}i!ANKd^d(b2m^#j;ANZ++7M3^3AY(cOO!qlB*E~GGLnJ%sZz*GI>D7sr zQyfZlbc@28j_KC^Ps>5QJGR#HIVke*hM;18yk8C%4aC?s(A%7l++;Buv2`;&4am+^Gd>)~HcS7ib^b zNgx9wE9hO$bWedrcKVH;CVZFfkH#5>>}ikXJSpj>CMqh2msIZk*!M(OW^8>vcVnRx zPaV}+hA^j86I$qBamwuZIE?1aibqPQP}U;Xs*uox zm5pfMKph%Tf8kGmO6%hgJXi4pqT?a#l1ro;p5@mu7Y|;ztoWW8Tnn?LvTl`7#^J3m z)I#t6mbBU=<5>OGn5I?brvvqoJ!g6=U++xV9$a`@IhSQ<#1fLvdlMTIoD9g;KC7?W zrUyTLu8Sxp1L~yqC82-2Goc66OQU0YK4EA9VJ5=3GDN?$Qz{F|f^kM z1nQmr}8G`)92TPTDg*_q|NC`s?WF}Zx&nU69zc6YF}OR4yIv#-I8W&ZH9b1 z!|CkRlUW*@&A<{3#x zC7O!o?phxoM8ztYj#MCXEeJA%*59iMJ)kNTzW^>Kfl$?{a>l1a;5YE*{`G1kFM|tH z-f}eQD~?3Q?pvgLn9)L+&>|s^(6s*nyq4kH(OFp_*|`$KH8Q_f8z zrgkxCCtv*j*pKsF#{aG&P-R@Cj21ryTE~KQ|H~jCcx4m!bOt4(@;xH*P%wG|d1xZ? zAR_X7ZjBHU^V|_nxHjW`+3`mQfoUUH2ZAu!5)>Ao&_Sqqu`1Au@9a<^o}IYksx(GS z_kY+r2LkV))PveI8jABd8GYD|!lIHCk3Y~e@u0a*Wj_NKHxQ_p7?G2G#I}Ij6Z#J{5~u?da+JC{w;vDArBx> z0}oR0E|4TUg0&Yuh38~RX1Y+O zhAzZ{VhesE$iS)kST(KZBk)_3n4lqGMd9>bm_5^$XGY;h2G+Q#GLCDEbRqbTPmtZ6J0K)niYFS((7)4XdZ22f=gw zQ9(MF9#UpHws2)pKJ`4YpTNC>{aWFlPdPsy{RzAw1nJ=SV6#_WeE^v{N|AvRtd<5E z9O!2t47dtyjLl~j<-#1N3k-oMu+ajjOU9A~IDR0P)zlDzTp}%k@v6aiAs~gdU^>V} z|3*_j3np|%X8eAo!v0R@&Sx~LTqgA7gI`b&*PJ1#EzoDH3%TIlr~Fv7r?B}V`zeRL ze&RZ@RB5kVW&+P�JG+CFp@5E;A5S0E*hdYxTD}MA+oYm{2NdP)9DIi(wz1#%dYn z<9&V5MIIqvaT2xIOlAWT0OQR*hEe(G189fP+_PX($S1uj0$J;2w65pH7>P)YDp^>>Dc7okla*v%tS>jjdRAbj8@ z7%l>r7kP2Q`>+!pb1BdjFkt>FhovBko@Rd;r1mOck}gx$4@ssXmu;|q%%LA5cP}wH z8o5jw`3F|OXcbI)kc4ZHP_)emS?xkeBV(qn?di z!vu^ML$DnAm`Qs@lS3L7V$R0$gibo6(Jp|%l80m`(ircmW4hoxwwW0;=5F*IxSi_k z0`VG%ZO>TbD4DnH0Sx1%0gR9(y&WVTCIC7F{sXT$dgow3hWs@^ob50K36XcFG?{Z4 z7$&TdERX~SpkR@`M*F$h=`#fu<_hN!l({c11D1;47XB(|We3|7YlV)*R50Yx{7?tc z;9T|m@sp7wps8mGK%)EF2^?bPA}7;#M4iwKObZu#t^0R8xLfX^R2 zY@}jiiNsGP9D(D592OYH7j}9dsJDu-{q*Vu!B{r)SHM_yvUkFz1Mm(k40Q60CX~m^ zBMr0Qu9~@RY^6@}V*+z0=?ys7?eVq{wG2_QV~`_c-g4#TK)UtN#!#M!2x9iMqS&_f zaQ6_Nl?dfv=OPVC2xR71j{oR_1|R`6mJF>h=Onf@rwYn37ORf_z*`|$C=4OAMtj78 zFs+3|1x$QrHr%pl7ZACVkiwkPqVmJL{}Ue%Heg1Qxo0~pKR)KSsCN^ zEvQC=NV$6zV;dMKR9})u{zy%KMVvAw- zC6=RiUy`{|$Oxj%kScF(`icuO^DD}$oRzxB6&k(@<@qY8kND1<_VU)Afp~78X934s{F!d+>wua9`P!YFMag z)f~&}d8PL=*PXvfU{JYo-5gSxn~P6^jY0f_qIVs{HO}&#v?+^v(J9`)5qlhLdGz~t z4s*R%D((%hqYv>E%U>C}?y`fk-!@9XgVo#%4B$ql8vE#rMlzU#M|?u~PP;>U{$Oz4 z@pTHFGt&}J(Cz!>d5dL=vPlP!T;(Ob){P7r#}KWjxBad_8esc}pSt$RJCACp;d**f%z-0pC6+8TV%p%W@~x@UW9_API;Va0azCfexkQznYT4F4vrIzwDYH?bj#hY z7*I{y*4Pq(TXwdoGR|fQ-imUW3?8UzJTmU|FhndJs% zoW6UiMCZj%-r+$f=&W$r1(8-p9^n(^KM3Z72T}r)!s8P=_IuK80gZ2zev#18g(ToS z@gO`upA;QWgwju)!r2T#kQH6%vkgo^`#Or;tNPTlfn6!k~7zoW_eW}85 zRNDwZU)R{r!9uA!ulo&LMat5|o;?t+b_Jj^mR0V43h*{j^!PMTD}X1*0@ns^5`}z> z*r|j?o&@h82+j-V7Ex&S%3Jmmz%W*m!~W+G`6v)~tYSE_t|;s+w6X%i@q!s(E`}4X z061aFxA^fQboqA>=08A1D}aQQW5M6S_o&8A?#E-$H^kRHA_q=Ax6G0NLk43`*@eZ| zh2a5o9fQ#OV!?R30OKP1%ky;rws{Ppg8^utQuYpW9fH8T;VU8VJcdETFnbWv(tRYB zB?h907{J+U^Jo)Nk$K*$s&o#7f69+FjeKi9Xy_ky=i$qrowMm$^E@p=#X0NzAP$zW zBTjmNa?$JzG6_{xA51AF+&`n?Y2jz5Z-=M6^tB8x_{(A`uxneMlz=&*zh zvq4?XTQ!N5a8+?ISLpuA^GR%9s_Fr^h9KJq4}Xv$zoq-rV?9hckGRwZlL_=+OLg4h z9IQ-YYGop`0%k~sH^xlkqq9uUA^n?mjKNw^g|N#SuC(boyIAQvS@%1Y@m#}14<~cy zoE?$wi5jm?oLqZr)yk6_I_e(*Zlsh8=S+Q7F!*R-@Vu%vyh?Cj1U%4V3E%rS;^#Sr zrd@X>Z!Bk4Ml^i3Bkx=)`F2@;s)lDpwXbsO2XDMcu#rWA?OZ?y3i9!_1w;n%p@Iw3 zuir$OphG%c0FNFEZ>N665qE=|bP*!^zKb0?ynu*t%D1k#xqrPdC2Q=LIGv`Y0um ziuERCRHbrtG@m#*daFIzeB?>~lUJE5cNgxyauc$R(pBGXTE|j$g;?G7@&t@My_wkT}t@#h@d{2Is zHM4$3Dz{PgCvu}>)(vjFr&t(w#4F0`{p0vJx!gPRC?Q|u8!C7Mnsaqe)i!5q)D6vl z##xi`p;wK_ap9hS=&;&Rvu4(oV{b1tz5j)EtdOyK^BcDwYsz%w2wu@crD(REV%k}a zyFF?VFM{mn@7=U??x1&(y^TQ=UB2ysCbz6%t1UOUaX$W4#_iNtZuO^p<-ijX`p-U{ zv;*m}mD*F#O%^$-a2o zlzU#nkQ~bGoHUh>04xR&Tdidox$!Y=L}qJ zaI$=}tpC=uCdhDdRwVxcmMp?-kE%;sI9XMsg&M7sSdZyRD_oev`id9`9S>l1Xh3Nj z=EAA3cXI+3*d2p_i=D8BeVial^HKmQ0`&a;HgN)!T@b|{@}PhZttj=0f$#bNH#y7^ z>$lyQo&`-gTD4|7Tw2c&Ig_0AgM>EwM^db4kNcW%XxKN`Ir7oj%c21Z-o9*;9b)OFrS+vb7IzjT?)dy*6d6`ebmrc&e-XE2Kb)>h^O^%z2J03+b9= zD_f8~ftj_Ixi#IS(OIQ<1amEm3;#jE4*_7?ME{~s`3t{)WKgYi!_BUqj-yLj~mX~RA zjAxzP*Y%+-+P-KoY@T|NdSD5AO?$0=nHu3~*3`$O7UQx;9p`yxo*`#yV|9}QdP4^R zPK%$K;)3_sK@31-65h1^$Y5)i%5{er-4ixO#9k)<#Chj2t)?e0gY?cIG&TKzSzn*v z?Gsnm1A#9S2Xh79tGE}W1YA1AEuc+4!OCxx6?z0P-xEGLdehc9T|}4bUO}hWY2JWi zFx*EZ6FA+pU*Z#cr8I`%hUABWus1gw4QU(~w9bOT(KMi`>E9ea^jB- zajR2tJ5s*Hq(j6#099wkZvN*1oc|6={bysG`mq>Lo4G%}c41d=Zr?DNe5KLk*JS1M z!u6i5`6+Rmb2|F8*i$mr8Yc^aNVlIAT~5hDiaLpdr4R+pSsg{-Mj^+K^kU!%{(VkA z$#4KJ75ln`Zz~>pn%fB$)er?}0Xz*#OI=QRixhn(4px~~+anwKWyVv95UT2(dSjw% zqq^WSkIWB#2*D#(-pxb_SetQ@MHvHrbU*dRfOgI6HzhWIrYoz@Fxazvu|{%x=KMR` zb&uGD9rsEkzhGW5Tl`Dv8jCL~?M2C$jZPi0(WR+wELp*IVgNzpxN0MBHvbwVg4!do zBMRPuig#E!R?t&%TT^QU^5nPNT;{I>S(^nN0aiUE$>_W6%-rG*Z%VbVcFCpdL!^y# zi}K#hUvXr`7N;0)cnORucSV^@s4Pgv+oMt#4vEA*PBptJ6F`*0p|jx3PdIa?abOC%2AUOIauMmw10wVU?sSlWmM zjGup@F$i2SpZPw$x2r(;fbxN#o}Mt2J9FxcUA6Di6WfYX)o(kjSH!K-g~Spcz?=sO z0*RzjoTFB+2N5F5UI89DU<0Rsz}g_nilG?*|9@P&X-dJo-JKD|;XgnR-WfU>n^fdZ zbQ#|EvG09{!<;dU0oh$DY6dXaWyfVeCI+TBKVlvP0f-Il`M&L#aSgHHA%m2Ct$tqK zxX+@4OJDX6hnpA08^CgLsLEjDBf;NhiyV7W!hBk%ilPW$;pp*J5Sm^TNuX0N#aS<9 z;ze+1wf|s`MV*IJLb$l2P2%A8XFrH@bciG0<3wZFB#MSFHu_T}(y^cZ9JEoT|Jd{mWicK8uxN7x|zXuBYN)pbgDUL0^piXBn6^B_0jo+uef7Q-Pw9asm0{uot;ZQ zyB=74HCroD)if+P@phqW0q*qdHK&@><7=Ze-h9{(sPL&;MRF2lHRE%q+6l#2}N&rW6lLh4*W3s>yDyM zFo3s^;6L8j^J$j=Px(ZEhCNFn*XLaN$X`Jj3QMK(Kf|+W4zUwP^Q~+Mha+3kjjwE{ zXhZ1fGQIJ?-rB-n;m#JdOGcN7%gV-9>7A}MoRD*+7de9Plm2)x-7@3!Z=>1F3+KU&kSq=GER%BtVwt0M651n&-Ta=9ES%)ZdaKi}?VdM}0= zkwyM!fnF54pj;@qycT_PUqBow8Nv6O(lRIuCBxuC8A3!GcfxHjML127A!Nbh@-8R- z(n0pc7h*!dfM=C-V*~!ZD0PW$T${@?^flZ{Zs?#4zJ!+x2gYIHOxXS^z5}sWr^2|jz&8kHRfkH!xN$6`zzm^kCRMj4>&m9ux@$Q>7AApO4oG?DV z6AqqRut52uHGtAY=!iD>2XrJZosX5?u4u$_?W8@kaG5jwqeB#(vmKVR=m0D>+=Rhm zV{0NCTd8;CQO;eydMC_v%SEhVScEVR@uN17#~rv%V1lpxKp;HVi{3f(D1f)8mh@Vf zMTARr#zLTKl#s&Ng|W$hZTI&_IXC!(&gj~L4DsY#KEf3vyi~iDh?oR%`AvW}@a}JE z=Bc*!sBrc|GwHyPqTy}(OnM{Cvc{GK>jsuYs%22BvK_Cri)b(hyJ=U_poyAcsBkQy zX0r7+E*_bf8w3sSr5&O16bGmPq-C$Gz;|ZW7I@M{q$Z?4B_YRsc0BAWkndkW<`BC8 zbRe4VI%;QbZ2{b4VJk9HEVi#pzJD6yBSa#*FD|C((h2LlWk<4@X5=o67YVUdIun9? zR2gaLTU!4*c({e7k#-<{q@)M9QO3>N?B!5@1jT6Z5#i{A`epE7e;wEZ9Fx`(g))jo z(0LxY>yrww_ns#n1if3XZ8n_@WN=L)1zrk#hnF6k;K&wriOGf=y*x%3+|j#_0R|S=-?J%vdN`mSfl1QTqzwWr}(i zZLU2r9?_!S%gae6^Pwby6^t_d*nwWuwZ_DfA*UN-r6+rIh^z<}_2?S3gaXmo7^0~k z4CDB8H3CXSRB(7{bX>852Q~3PJD2IhC0%OtaPU%`|3oyDr6S(X9We60W?OU9fqH;% z_;N@6PgSDnR=Bd1(l2S40zLhPxifZWuL=rMct!Gk<@mopuckf#hxZb%c-kNYr0%`yDua1vYiTbSw)0hQKs7C6NovmV0V z4T31c7!2<|C{?w5-g@2G^>nxKt&H{{UgJ!Vp25=;AXslX7C_xqucd0sIJ}+{MA2_c4eaYMbEB~n}WzV7HLqO2s`X0J?Ea0KdmJtANXTdbK+)A_?NxJfKaUs z@%K?eQK}d zy$VUXNs*r(jw_W%b#J)8u#lwAo*&J5T;Y_r%{f8s%Co}jh4JCZ&Wn=Xt3KeqX2O$E zM~)P$O55AH;m&QAGnZ>s# zA0W#|`z>(V!?vNEdiwhKmn+*8V}FIv&yW+WAB5uKjV_);x(lx)37#IqpfMF@Ky<=WWHx z+WqLY(t()e`9BSWPjm3bCvLo`Xu|yAFn%#DF9e-l=Z>CLpbUPY<>dskLkdl2wW7H~zvLX<|RtFdQD02mx9cc;|3aiw>YCyh2F-$MlS;C@Ijt-y5q#c zuDfk$Yxp!nbb8lux$p~g4fgb zc=Tz4@;zP^l?$b1kXAP^V_$l^EMF_HL5Qq}(Xe7KiP)_piWIra{Ro?s+H~C@;p;_Kt+)#d= zB3(EE$lFtF0sqYl5dj4gN>Ir%XxJ8DfYay%uB>5Y60xtF=ql?V+iZ9p$y)$`xzd## zs89pXy3|4FpPB(nWrE6g&{$CZ2Z0H+DU-_Y zXE3qENMq^=mQer*sSOr!gD!q|0a6m{^HvulD(IiF)eHqcizbJm)%-jea$1VzT}#BpF%We~Bb7{w*Z=@*k3nZXz+4{Le{3!FUZB z-ihNIS;e~e%+tXF8Eg{?=`I)a?69P>MddK?^87@ErA+3UVbJB%B7vkgB1XKnx*Og? z@)RH}uUH~uLT(l&pq0e}Iu6_Q4sZ|??RwD;ivF_{nbz7%<^BTUi6!fYWf+mW8SW5x zl5ib@p%SGBOvm<4U~U(|fNL<3*2=rBiux3HAM9FCr)&v(4-dh@r-HRhQW5}megec2 zmr$nx6w=Q#1lxR+kv;nt1nDNP#6YwVs#_8aPnry-acFG35Z43Z32TM?&stH3_foG$ zQ=SCe_cUlDe(HdX#*PG1fMUZilhXYF_83Fbzn+vW6z+J%=*L0u<@rEfKuKd*$Z#ws zy>AyP-^Lg_m2vdOq^wvRWat#5^0WX#E3pz0wGx8LQv*x|#WfK8hrqRn8dvYH)~S!c zHP2ZF$5k&7jxX(?7?EpE0!-aQFIafdKlIbMX2frdLSUK**22$YmdaSXRKOF`#RW+J zN{AEwBfy;Cz#?5#KPt{W1^}^BKZBDsOs~&}upSiKT`d9Rk-3fth~WQkTV=8QW6#plU4pEO>F*?E$*N-GDT}>9{YE zx5-bC2344pr{*|{j2oSg@hs3JA{o(5)`G%&8(}leb~6=BL|7P%&_eW`D*C1xeuqTJ z2#H$otT>%96p^C<#o$h7gkth-_;Eu(^8SKAwWvID#ZXWj8iKJMaFKNW*hRnjokf2I zzE&cQqW!=Lij8F!SZ3*xG0bEW^3U4An6RRN*sng!bXYs|0s?#!#7ubipS1(LAYEIq z5IrIUY62TV);DX&F6k%S0-p?lY6UWGAB>}T`##FhAUNuz_`AMEnESaD)K}3Tl}zVC z>d;KKrV!^QE0A(wQBB9y8p}tqhep<^1VFofXBvq-97JZH#$aOe8GJ?QpFk6dGWqtu zUZry0Z52$8+H$USpK%uekIevfpY|1p3N*2yNH(hTCJ+&^I94CWx_{o}qIN(Yf9hp$ zH(^N^HW~K-SREV9WR+3rtXc`%e5`mFH^DJvc?0Dp(P5{^c!|Y2fjOB@Yn8>mtOcr7 z|BSeAz>x}4t>&qV%x@LJg3yMJ$Mqs8zVrYxZbG1KL_5>{1#CV~y~xYocBW1QSoFUm zZ?i6IB~#mTm&5 z@iEM@WPGIvbjEx;^sGA(GX%2j##S0Pt#R}S8(WDyZdwDBan=4QHO}?r^MWY&yRNn; ze(=%UHg^JK5EBbc(fG%;sTV!EG`b3$sV-_+C*aYHz&}Ae>M$r7kLnUkeqX6I zk8XU>ts+zq`PZ~-{I=2PwMy}}p{*;x%aC}LI4t{mpmXe;BbI&HMc6qPzOa zz19wTDkXYWwXR%SPn!p3#f_)0qtJ?+W#@LK?aNYgQ@Yy!Gv_V-3z0f|P**GQm-iR7 zgzc4UrSk(?HZ)VMOA2sK@u?fLj}~cI1{vXU5_YQ|eNtGpCKYG0BPKUm8h1?;H~+iw zNdFJS9KDylEagkvCaDv92FOEF@A~8J7noHOKI1jZeYN(+-gszrcd6vZEXi@`Hj51I zxYzvHpg$(03ACG>UGmmvJXX|;SWi)omim||IG^%b`Q)Al&*P1j`|gc=Y-NS>(e*N0 z)=}fT*r*egL0G)QTX>{po38*Rsh%)sppes=zIo zuX2&3bkFu}*)Ce}85vUCE#!GcztB{2hQJb@xdDok?KLm|bm%IGp8p%bg#Zq_G`jq^ zos#z0)4ZZDAaw0(4Z`8&KI*C>Kx-io90Va-1~Hq*poXGu2dooEf5y-}F^^sXbZCy; zzDZ@+Yy3XQtquW$aS*g~-JNxgBhIelkwOZ<24_Ewpok`5u{5#B`;TjPJUSaF!qpCk zVZ*JJGi!yo(x#6wJQE-ZFmx>-i*SpVOoW^PCOAz9_pCkX#xSg55KJ5Eo)?A5kf0cHUC zSM0Om5I(N2?Lrh!{lUJMOF*wUHWYouW$XnvRY71ZGE>C?06Il3$!K-`#`&us5~-+Z z4ZXcCp?Z%i5lj%)4s$-C%e9GJfiB{mgS%E?D(O*;&8cSELfwjlb1n5L3CA{c>`%z1 z8_`pq4|$eK8UFaO$Kue9r(MnS%x|sf50}~ZIZnFj7X=8l_H5~d8bzO90?n3%OHB)2 zY>@ILTnYkW|7B*1e|OdiHJsd+Hj`*|Bb@e#3-I_@WZQ$KD_?I?e%F8>`WZZvM7bie zmS@vn5_MIZ3TLi3}o+`|pB>Dp;G$zgK_ z6Zaj8HMRa|Q`3g*0365leAp6110-KYu*pTvUQy@7uN_bJ`Ml_nAg+{rntt1$^JeMc z9}m-IPOu0T)ExE1cf6ICQla@o*T$?@n0xmVJ>g67#41hBc>CGcJ z$pR)lvt*|CkLgZ^9r3dAtW@Jbi#&_! zr&(pSsuOM;wb<~h#6H0*c2H`1_0qPU1n)APP((amBf?C!^?x!^h7wzi_NxbCtgCKSM zAX|jWx*tta#Bil0fU@5Qff0YJh>83SgE?M-*tb}M4*)xkl~|{1;0qHLvtG)rLMx@lJ%xc^P z_)S14jrsxYhvdxFK^q6C_tWU5lzDTgoeb9ETfqk%kaHWq;);stla`xhE!bh+d|IHiKHAyZ zdfs55o>bWU6YHAOpR+DzySbiOR-Rf?SF`0<^eI*OvZ2F^Pv(4{c9*JJm8BhPf8yh7 z#8xBT{dR}j@4X8q*zdcR7@cuLRUzIeSCVTwPVX zleKK*UN=Vc5cR&$=*v}fe#tEWYh}s?@SJZ4HzoYS*zqj+Y4U{iTi5aP-EnUuZ(SRZ z(klAB@r88%!<8PfE2Cr$4~o1iAQb@?`m%DT_Whzf!Ua$NLK8>6LAiQoLaM#9VsrKT zZj(UI;;*}zO*vbCf5B?`|LrE z!Wzr^+UGasG7lwQowoT0cWS&2fq6x?Hr?dc)b%{sLYXy-`G-6GoZYS*^y?!^ehK#C zeZ{R*tcvsx(KThFL>9imNiHfrT~Kn5G+VHOo}&PmEYjinptbr;L|LV>?3mvzbrbb+A4b$KRtzdu6|w?*O1k0cp%{m z_vS0>)21=+H`rer*msK^G|=a~cS>b^o#A7fVrm>X8yJ;U#Jm|qK14CP2>6s+g|03j zx*mmQt<3Qgo>(LN`VDhZrbjzr!8T~hUb7x1D~s>FCuU+rgzX|ZXdmZ!+A zY+7S%2fkM}tj*$^M#7zp6G1h1N+o$~UMps4Hd?3GJ1kUTYcQ+2;Kd7c@C5;!A4%#h zHVZZZQghQkP(#RHsG%yCfcoW`sod+08?M{dggleDj)LA`-GST3(}Xv^+EzZt!3G%q zqyR+FuV>I!5F?o^*WMUXs6eSB_eRSq)FYz8o6BDim62kyFy$-mqoX|AxdqC`Y45L! zs?s5^TiQElYd=r~Pf?$c)cz|f=Sk9C^L5tFA#l6AD~P|Km2|v4i<~DxdBOan2t7~K zwP=4q;0F>q;`F@a1r9J#o7^`(CM;@E&McN`UZ6qIE5h`L?3I_1h(Dyx9eH~FOIpt1 zA)~E~<$k1-vOihuYC>vM@)e8n>6KZ8xYmuwqBSp87(6duney5S*mT00Md6)O3ODOq zwJ2O?5xgSfUUb)@x*ihc3)n+#dp`%?(90pi<*>6FSd?!56~+I8Sdj z3rhV^XKCfVfxGw#!`h?UDK(QF8QGPV$|A-9}`SXg)v!X4Yb)dt?pJ6za+*s8dyeFr^+mu`_t102HtUtPR{dxshu&+ zkjdP)u3fbvLVsseY_!+B-Vp6(TToTj*TA+OPFS)n&3D*y4ix2*3gA=cb%%VVw~JC$ zi7oY7!1s@FEhzu3LTvxaO>0^jJ)GDD3}%rr40zU+!&Wo|JKhE6ai|gG)f!g1a8kGe zHaPeM#KQ>za%h2rn+doXV7>)owJwHD1FgFX)UFY3eSk>{X2*|s;9-t{Dzwfepy{A@7xKk&eVlY)|o$Zq{{RO9m0x3LX zzM#x0RQpPpmcrckU%rs8PV|)Re8OOF7W}>t^?TJt8FFr`&q`)83SAVu)m|{d9s4%_ z{>j)@vqvpbIZ)}izUL=Gs>($Ib1M7sYJpx_S(as^@q&XIoSW*wj>XT{_bD8G?`bjV z=M9(5I6HLcPJ5&GW*`q!=BdB)Qr^XWab93lWmNpbr(dU9e@uPUQcN5=e8#M!-N`SG z*G-GzhVAy*vN!VvkE6f$OtaQe=?PaU;qt#^Z#;4Q!Xe(mDcjb6*uA^VYO>gUL^6u& z!lEDGCNy@aPvd%)B~rVsCuSH*yI-&6?wPiY>duBh4hPn9+{&c#OD^!pf*lLpe2@Zo z(d}3nO&mHh^>m=AGM9>DQGy0~B-cNxnH{Znhv%1U`6)#vC2RX;)dzK|6YnI?+_tE9 zTjIuB^BqHC<7XFV_6cXi+r7!ID~ah@kwU9on17P^Au=a~9b$6c?cJls4Fj#WPPP(S zVkEEE=lqtH^t>XmIW^;=vD2OXMT^$Nnj6fUZkVvI%q^~GT6=ZIgS+l(fx`H6`;ILD zWi0!{j2-mU;+|Pf3ZaS7$LXGapDtQ9lM;(!*R_@f&u&uaK6M}~o3Oyh$SV7-Fe>M) z(C;W;vuj4g>x$WQ0&iK|OVwJMtrPi~;B@)pwkuv_;q0mh1YtRqYqb*xC&iuW=raI8HYE;G4A-f?5} zl(=1`KlBg86d8G+!tuVBf#v_wZN~?_x!~+Jg?kef5Z`D00w*zPg$8N?ZW8V;K=5+n z@;0%Mlx zh0pYrrzXAt@8I>P((bKGikYhe*Sud2c)jdx{K9v=uu$ta74j{fcE6G#bBjqqh~EYbA`=IH>}EMm7}z<9vz32*7ttB|xx61>AI4~ecW z^heK0nCk|(Pv3c5v+Ou_NdsOM!=fJ~tjH-W7!%q{pF-X%1I#xWe7eeF#MdW^SWXoP zHSaiKm+^Uh1&LKlYhY3`kW|q=Vv{J#m&maUT$5p1!$&32fhlFT^P`s{SBI@XJQB}h zfco)dM<=4t-{yLC3%n5gaWpF=w4dNRDC5Lde52p~GrX2;(#R)6TEsXAjG(j&UF2g@ z@&S^(zNRYD22=QOe|__*MXMe~-AK?Qyi6pdxLo-#Sm7dz?$}HW=Xv#0{~$lwDAd~# zT;Wi%|KdG?nwz52PAQ8+b*c}ak%Hejv_zg-?-L{WF!k6(Cu`;4z@wh#1vE!o>BWRd zvn#3ALB1+Bx43Or$|>`~31R79r|bJWZ{dHQiZAjp-EhE>E z;nVgy9*!}OGQx3OVAs8t=SDyP=?ZxA(qQft1HDGwZ=cvcll02XaAY`!eLA|qpi!4^ z(dI9hdETI+2VD5i^)}A=oRyX=%wP3Gl;?HgJ!G0hXm?}1hWfg&Ut;DxI1wP6Bn(09 zh(Q!-mo9X1tLO3}rytLR?08`EtnL?2-)!y^$$z1T8i=qB-zCM7*8DX~b;j|qW^H_`=*Z^$lQ@L=Y`fGvgl zc#=d}w2bg9q)>Khog+z;Z4;XQ+OxU4yZK#K?(C+r?A4p_a$MSu*^04CSKSC~>Znf& zNp&MkUu5Ryc)n-iBGj!|-4PcI_oX0OM(#_Wze+4=C=uM2m4^GG8UR@0O8z7bPUGhg zK1XxIP#WB?m&TF9Ct6wQM}|wO>3W*!!xH@PdYgAK$72&-uUVzduV^6B$hjTuUh>E5 z6{{In5pvsh!-@y<*%rPzKYN(|a=`tS2;J zv}6AI?nYg8} zq}}4d;|aqL>DMWMaCNiE;|4?IE5j?AcOn5p0O7~CS6zgZRO8Jf1^;CbTK{MehMY8Q zl=PIBs{Ta}Ak7zCm=;3W)d-^s#zXTXipOJ~V=;E%h8$f8$2tTdOtCjBLTVDDZ@|AQ z7Fh;w<_i&6z}7QYP*e@i3j9Wt)ZU`;m68Ar(ekDV6>4&K2@`^VC{&hgTsdk6>CFw$ zZwoncTSZfp2-M2bX(xD2P<;d@9qNO!2wU=8y|Qooy^Fi@stliSMb_AW>(%w!m*Xc zk4Uth|AuM!*o5>_%-{`Qb7T?A#*K)$V*KRC@<+{wo*`a-dq40L1zW>Wo*F~fA=|&@ zDGT5!cwil~h``z3#zQau6C;jc>=B;I2A+x@OMMYfjf^K}-(T|-@!vBEI#;Ty?O$Na zz<&c#Y5u@z$oZp(1I|NW|hq@eW;pc4P$7DHM( z1d{&}e;0x<|2OkS&KQxU_)kUFpLxT3j1JKl+4+C7)5h=yjX9UQcUV|rQqOK!mV?wo zz9aRa9at5FZMmr{R4M_6Hux7U#H}pR#)3J=9Ii_Dc>#6|m zUq$*owYTJZstl7E@#4Muzgv&}upVM9^uMHoV-wIptb|;~%$zWWJDk2y#w)IIYioh= zdIpm~eMDl=i;3g6(|D6$jG#h>JI1WKZ|ea@=l9nG z+Ze+-3~*DTZezg4#st;q;tyqa6cZh<1pWFBsq1A>;VMl&haJ!jS~# z>@j>n`=@+C8PhZHg&M{e*aFduk$=b+V>@;%xE;+ZVP?Hc_{dFiQ+;lGLjKA0f)BBC znj*cU$I>=zNwC*U1+Q&ohKobj;DpOn?%FQb&)ciC-7#=O=3^f<{uG=0Tbj}@9edNc zwsml3uvAn>oGZDSwxyrmM!d&(iWl5AA)+tMkT(5nQh-Br$|GH#Nf5CwE!T7RD);q&i_YgG>2)@3hBjIBvu}%U;H= zP>9sqi1UG0ChVo@zx@M=mp8&~gzv(b!?921E}amMWu#150x9qMB|_ZlX>zG9L#mWi zS>aX15H!S;2+?Ia*v97I9`=F{2=EWNu}Isgeu=(vco^GCI|Xs)ApkdlWm&!L==7SmPF@22>T^OuR@Uuo$mOCbng?__F*bbRXQguXY|ZMyt@9`MQ=6r;4I3z3YuR{?SEX`C zuJYoH^2Te;*6a0-q|kZ{JW6O*;e^Nb{a$lcK4{k7x|@miUzzhGDeAdtjbwqc0*ji5 z%>2a7+?iU@@Bi$!mSWpQrRAG&Zi^n|(H6-HW-n|qb08k&%la2oujZ6I%jrqfwC$(f z(OX9<$Il?x%b2L^xHK9kSlVh`q-(1+!lT^kmpt$%TU%fi@A;nQ6~nuGOgv&tnN z_~4`J!yah>L-|+kDwmg+tEu7ihQVmF78{-s-~+b?&u?Lo)=Bi2kWtlk%48kwhFY0P zC8pM12^vSQnH-zb-9)K=PT@M4&Hh;lxzywj`J{}lNTUBt}uA7=Q^Cix~w{=*FaVTS)dF+(QtJj6sxh0sf= zW?HG6mx)IF%0oBb&Zx!hkP991%(mtn1p6pE3ZXBf^-FG2j^xYd-KM1&UO9OA7k%Y0 zk4tf-67IMOv`y>kt5^!1;B=#cZ^HAX0Jqb&Uw*LrevR+O1kG-0c}AdS>PenU9Wl~P z(ZvzheyXoL!&v#;iv&XIsWjb*xKp!zCW6@)e?{+HYFFmYNms$}i<7Ym@?AlNH{pUd z(;!HN{GBvF|I4&Le*#S5y!*lMD_5_ROTj@NpY`{$m*T!92@ZB0u>*HXEl*vuN7ZaG z&I_L(tAm9pnsvBP(^!dgG;4h}jY$z)qd=~Q0ztu&J75ChnGM;EI>F`?ByIrjWMd@J@G5K%pJIH6M17+Ziix5Y@MUO+@>IiHq2pzW=Jc)4GJ;JMiRcjL1!u~u$5*~J9Iy$1opFfkbT^bVX>N+nw#1>gXZ z^WXmYH>Tyb(&scyj;wSFhIsVKN@^w;sok0X^NkrsxFrZnNS{ePa{=MtKt11F1 z)x-Z$U103uq){t>Ztjxb*8J+Y554s=ACCQo;A9u>O$f%bF2nT$RwePA^UB`(wTsej z8eFM@W8{;{mjE2OVEV0KfCIjdDf`*U>c%x?LSym1-`)6ke!FTovq?I8;_m{0TinQH z60umrmL$!uxa*-kEOc)y%MLY`@* zW_ycDCnTu-TwW^KCJtsNv1X4uC6`-yc~?Cm)wD_ZHGdmYME0e1PN(tJJc7Mkx)y^l z)SK`X_w*M??w#7W=Px}1zUM9Q|LSiR@o2GAX4C9jgtmLIF{n$Z2ZX^E?uCJikP0nY zzh$_rsW8w(_&DnbE>w-F z@Ul>k5?1jnc13Z*r$v}{9Z(~0-d|0r$*@*F=eu#LNSd4LQ#M<1ppt=N>ioU1SvJkK zfYbb;{^+9bN0Rx!7DWaex%>q;OD^FD2Jw9wGA67o=(d(uvOGTIqr4cU{gZT84!&Js zqq%=$aoo1h`eyCLA6MA@NZZi1-{kZIiKOS1DYCO`t@7xzvTt++t-ejz&~`wM`YxLC z+0Klqku{5LWKT#@6Kshwb$4=|8EzTTNAEfJGIrsU&vt1}!R+Rnc8@%saOkEhe`>$V*e32|F?8=vr7Ep4RJSb#qv829eNbq zJ)q@iWM$O6UgsvH%VR#J4J*2G@^&ymRLw%PYrX27K3|tB}{G;NptF z4ei7KkGuDdYI4om#-j+RDA)k$77(Q#rPp8qM5KujsW}RW5CQ1{0#T$_1u4=I=_Mir zkdjCjkzN9!hR|z52?0X zuZs?Wt+&R=Wtsw;olg54u-2tvuyx!RxlvtU8MuSqb%4B~%kDr%Bu<3xk}&{T?h9-! zRSAt?`vF6?eS?qCYf;$EkKB7iVAO`sIC&egV4;zW|K$67!US^X{(+5oADu0y5A+Ug zo;lEMvdNBez<(6mJ&LPXQRDt)An$(wMg}kw4uPlB5NZH14WJsl&9j?ea=cJZg^^k9 zQXhp%yecdG%$o#k)qoleAdbXg_bDO(eaA8fjrsJ!g@QX}_UWwn={P|@b|8N_;sK!V z*F}+g%LadZVRWD$*`Qg7?AHC^ge*rL5DgD?%&~j?dN!`QCPs?}J54_|#zXf9@V@OK zKo0q@f6w*UW`B*+GJ%rfe}t}+l>ncwS%4Hb|JN7i(_D$j9WFpZgKfq%o$0T9yFt0| zlFT|XT&*_CSX^W^^W?nOZ&C7!%+(-t@yzfdDE8LCVB~6YOD>P%y|dEobc6c z$^#P0p9Y|l+C0z`_IPE*!Lnj=(^lnm<>oN8z1VvusO#36t$XtxJJ`av{N}@oz@Xqmb2`vZow=VGkV!qRn10dX@Vs9vFxpG)zn4$DYT3s=avIf`tn zkinKbk1EAnMqDP*_zzPHC)e19TbycTd|^`#vKkS-nMD#OZ@r3N^x!ZpBO6XS2Ktg* z2_-Kx&D4Q2XB?MjW{00HJ;&N>k@xKE_DG68bBjp!kcfZN=D{H2$gq!b5BpEPgt|X* zeG-GvqGrCQUJz$$oMK8~tawXkMDl8%E)wCe;wP7NTBVsK?LdhYXrhW$Ypi6nTYsOj z7VK2LGVDqGGPRS>A9OZlpD_4blEy&=KO`S)ZL+*TzVu<2`DLxbQJuW;M$Tj@sfwYg z&}#=gRCC$2r_z#1n8D5lr{LYrI^?s?c6WzjlU9yqkb{l2RZ0pu3`b=nhij1-D??~k zr#eJ*Z0l8pUx;sAc1X7QCd4{F8X1GEX|kZ7AW1S@=0SOl zgZ`zq;!BUs8x@f(flqgN^_gFY>GmWXZe})Scwr$B>?g2@5hkHR5jU;R)4NE!H-#2n zlc;fDFZD!uF=2N5m8GV-4#9Vnr3icJ!Lk#_-1c5r$wvD4+S}At-a9#+n&`N3d(`!{ zKP(972DH&nQ{^Z@-L-<%;^TpYy>{oEuY>xdS??1h6kOO6Gu%3z)dbF&(3A$&F#HqL z&Z}$`nYhIVcTDeU&3;@xYwmJ&JfSH`GN?#dlrYjEY?*Lxu!Q(((c1@~IN0%`ArL{^ z;l=f1IQO$^@27u+hHhPTc<1|$&rj6G@O}MTIm!tK}z`buEF5wJzNA#`RJ>tyjA7rS^s|4ZBKTFaW0!qeF*Fbfac@HQbjgy!(j$~GUKv(ywzb-kUe zA8mOl zvvuz||0hMunN{)lo2Nq4=1*8dHsla_j z+aT9({Pf=B+(4bk{=j$!a+3fJP7@?Id7gTrC^MKBKVxiMc{e~fLwG!qcefW;Ah|q1 zJTE{4zE2+%o})+{atF z%x&WS>D%=!qV0JZY!>@j7%@9AyXrM_SoQJR3P0}3^^Cq^Ykls^hACEyrZp^U(P=zY z)NHb7)8R_wLo#zPRJ;6}m1l}W%+)H}7oT(xGwL93)aR~HQ@zFxxhX;Jj6_Tgp|Dt_ zugzj8NlkWj?nSHV%Br#*sh#NQkGR4ag)Y`>;1?y0`P*qwI=fb0+jHbKX9+qoS|13T z%RPv3efL~7h1|8mMbKj%MF1AN%d3Nu2ha^b0RnPjpC0`-1a8S*S9+X3YC`YgP6)*k z#2t{(@-i<~oMZq*?-=6S>Q(WUWiKzHl55xwCJeNzO~_r*w1MsE+6$aOm^|uz!u{UG zbj*&jR3(mKPB_b)cQ16uDE%e2d@zsz4HY=C)pZhYZoaVF88sWfGIu zF67%AedZka(TUF(>AJyHn)_6$VWTO!X?AM-$N$8jOp4>#QkAR={M=x|%6YPsIyJBa zZa<<{RoCyf#x_s3yOO^sS}{e+Qu2zp=DhuZNe={h)uYBAOiI_FI+sXfI}yixj7iJb z^B-&aij8NKR!^Njw`;{z$Jso=S$mO$BhZ5|5d58is+ zas;21uh51{1^S)YGz%o4oSGhLL$1i468CA?P72>Iyib}*OS{BG_=LRl=(9*{S_V<( z8;y_L^+LKvGF0_6nQ=V(J>03OyP+Z}u=c_f%=K7yx1zPh0|Dw`A+2>Ec!ShoLi)Q=K<*o!%~s@tS_TQfi6-*kS?Qnfnykn%ElV)J)Y>} zPy8m2D2U6OB7I;DVyt?A1mHlPWRb3Voab(@R*~Hi&ytA|-{h5h z!LI}KTVn&&kF^S>CmIVhPMk$tqDnZ?^Z-&iRMfzVy#xmA%7mzc9OW{xU;G*}SOb2-^C$ z+V#0K0F@3ru8_%#r+`GV}F!xIW4aFrX8iI8Ngv-x`EKt?jmISnP!8%Z|KP zX_0UXZ_P$%7#{jkS+Z!J8y9${KpIbdKau z0LTb{D*_H#9H!W=VC}ZLI#Tu^ui(48vwM@MAk{t}*^Eax_shL@DW60*PAJF>BO6Wa zA_40zfrD6zZkOcp#E1*gcH6Z~p3(^j;0huPdTBO2ywO`>3vnN66LCrB-e{y zPMp#{5OqSIIo%M4zLr*(ckuq-4T=y?)qr1u*B>YY~?k>@y`YRLYO%c^RpB2{!Y{e70eCV2IDh5@Cao9SLH>1fxN(V3!vd6 zFwzqJGf={xhl2m*LGE8w5&xHdk0o)BGlJfo#xJnk0l+}`TE)69iU<$(36hn~4!dcl z&z$M^1%Tz;EP+o1WpNX5S$&AA-CP|YIV}T}17R)V#4e>Dyjj7$*Z#j87+MwpGOItx z2>fIJm|bs54zOQAcjAWs*c&i^1hM^>^#t0%K=W*kQf^TJ*lDJ*i+jdMLmVs0XE0a(>n#zzEQC z9Iz*Kh-<&^$yT5kVFpZB*4^k}VE_95W&cXA_8%Cq`%BNPFyZ(1fIhRqZ(Xwz*l*1N zH9p3l-GIUiKbvU%2eN=JZ$YDRRtAeGFl=}g2niX?KSo3UQE>b35@V|WqqPzH%AY7; zK-@_v!agc|70steh>6hrX`Jj7BX6v!?Q4k?M9^;RxrF!O4HSZ1zQGKG> z>^bk5G<#IP^eunNAfY+dr6StlcLmNgQjf#?uDZcaTKxveWyo}r3j$-DfJMT z7MHT?cJtY`}{!f@wFUv+my3&lsBZ$-$5mSA#@%?&3-I$dQtTp5{JnI zQloC%I5&_Q-J}4+ZLtN^mq6QWH=3Ss6Y9C}zrI8E@{c43(GmLJjK@Dex-}65R5XPI z=4fTPT-klwZx#JhXeieC%&ncUtWTiTR2V=J9_?9?WcPFxzc3YZL=YtKiY@spFLw=DN+-Di%u>rn=(rU)&_22t zV-~wH(kxrg{mZgmycz#g9MX;t*(LY#Iw^1PDv)CsylbXJPE62O*C-XUwIim3D4KeK zxxHfQXk{htI7Vys(YMwmHFiLS@ZW!|PVU)A4AHsRb`#FiwV`s5UTnql1_bbwrH%sA z=nW$fAnEqM=8GNZ{d~v;mtzBi_dR}u6w3opHF^UBxEvR#`P+&bU)ORL5Mv-@7J8LE zc-P{%?-3< z^Y!1D8DD-YJU~x?@KW$$AaDNQSD@#77Z_}xKd|}FKIH!%ouv;yuGW~-WZ``(HWeP| zgKPxvoClvmPK58^LVgOY{my6jw{24(1^PW}-&LaYTNIM8^yWO|D^!x`0(Rt~2dZIh zkKcjQ!ez|bOiKRL^2jNQz#}(8EIX6B@qc8(n7iW!7Q>9vr25 zh8lBNjK-7GhLGMMv@c!0n8fkRde2u?n)S9SI-RsCFXo12UrI^{Dv?R&8l`@m;9OtOia-}bxxl{jk(qJ248Y91))Jr!hZ?syMt0DU*kNXCS}TY|DEgR`lyTa~1> zP?~y)*&>H0g{&=d<6~3dNx#n=PkAX*wLFvv@&&{Vs_;8%*lzpX%0V$@i~MMK{>Z|rh}#OS-jsEpB8$OADHtv;?UJ)?K-uuuBfGAJsWPpRmxAoN zp$kQ);KZBzNlesEIk0Z{EmhfguQ;oI>9z}d&{x(v@+U5~AUc^*>=K!7PKfJ|p%$+v zWn-GQ8T48@hIpK#=$HZ5&lPf}$RN|!8#R%x1&T7$B!5K4TVW>5>Zzvt#cfUJFw(!}6g%`|;TUv`3#$EY$2=DvJ08(z(o6DngO_P8vu<4kEzdU?T%fTzSd zxMk+qpj~&P%P%^+KSxP5`-*!Nk3&s?*~A@=MM0C#)#dsLR~_rEWr*qA&jC^8mxvn$ zGZzIff9~wD)IbI!jUzQx9U-t0pAuS^qeX3(*|`!-nTS1a?Nz98p$4!bVcyRqBFf>!~`KwVq{_(H{vSjz-5XR{?& zZ>?t5e3}r+p*gUkxWIfKjK`;D7isa8lcixZhoiq0%nGyms?0NN6gJY&(#QI?U|IP? z3jjUvW!K5^+Xkx&Eniw#&G4m&3OtY9$WoN(+FsXjs%O0)4>`EeF0;>3m=qmwUVG`o z>oS#P+(E5G@I5t=tnQ;j3Abv~i8+CUV%x@Di^}@Tj*lF;SMhiOiJ7KDpO4jPS;br@ zUU&{xyz6-Oit#b;W3IQq-kxP7X~_3d)zgZoV8f!3Dnt?G zkSsW)-urRv`w^I*5agA`FWP)E@?M>A;cm!j!iuszo|66;e!BB@dgia9civ3VfdUOLvk z^PV%hAChd3^FbF^NGbc0nYun#QoMCzGZz*FoeRebZ}A-3C<6}`QPTvN;aNI8t0mH# zy?w?yrBJho!#R9Lt=X<=!sNM^616w;+B^xG)t@$oEuG3w*1n7&l8V33bO<^(2`M-S zLXM(u;8X#gtMjIO%Oq?u{?gg7sxX&gUHvk92}yNp77a?^_1fcUbm(V-iGrYby!=B*MqOh&>&;*L=FC^ATl*w?iWSQ=u zrJ3yPNJJDMvU3UL|LsFRsVbOTf@CL;6-Ln*)?7w)?i%ym`B>g(uiaq>P+!=!e__a< zs=EldC6r;KmHCKHY*ant9#fnNE{02bKHR^oC~@ef+Zq*;dXrua-VWYC^|Ry3k>LX6 zE#Z?YjuiZeA*mn#xRfw+_F-<(mqN}RE4i?NR#_m%su z=r^x4XGJydkt{2-s7P&`r1bF0W~w1_Xf@SOtAbZ{BHJ&RcD{mC5lrgj)6^x+OoU0u z9EaZH-t>^A^hOCjJN5X@YNW^d(LT3{5S(dn!>?W-n9kmpdeJKW@^i`Ed~@rQX>q$Y1T5c^Z2?{^fobqU zpLF!WdeWx(ct`F?OKfRO=Xohk-dKM)1@#&Uic(B2go2i! zr(`O6-FToCP_a|yXSW%5PI_K#+hpH0kqp?J2pLpNZ$y>pWt%)1$- zt&QW+1QlrGV3N&X)1+$jQfWijfXlaz@rd)AP7wqTmJ%_S76@$;#LBwh^fAdN?* zC2Q8S$;RvX>$q>JHxIt6M2HrSA#PVuB`|_zW&MbY%)uo|S1$Uqy59~DxzP4`tbvy6 z|Ab*fx`hxT@_F}B^p%|*o~T;Lf=2d~j$q58*aSR zgjc5oyGj%celRV+urznfCa!bSM*cHjAiQfOe`?>e8JHaQJ34-Cq=PWm4R}aDig5UJ zY|%={>#V-~f|>yTpFv8HZsZ3iaQR#yc%>46zjoFEX;^=+{XAvi?;wYtNUg)(6`&Q5 zLjWLGi6T(jt3y2&#tI2wzzbQoaY}gKxgWb(EwWekzXGSNe(xY2kr!qXGI^lGbXCO6 zX{%k0*M1?v3z#Ob1FyvzN+bhxM%8uX#HAX-c$$(v6SmRl3Q2P6-iJo!kP|+xmI9XK zNvEBQ$TNU&A_2L1(UJ{-OCcF>DMB>uk|h(if5p;xAZx%udc?=QrDdbiIz5LG^lZ?> zb>eoRZ*D$q zerNsW=8;(=(1$KGJa~nZ0Nkq3mRFa;+F|bQPb<0OU-LLw$j*Fva+CEipKn1}g zEMkCO^_Lub!v!QOLNxCQ1wvl*o_+sL>22{&)Y*-%FGrIAk6wkx_i-|J?%%i9GO4K% zonNko4(xDiO62W4G%kyiugSLYbTFDQ^OgiuzeO8V8dgdw^M*!L>d^ZGbv66*kKV@d zEFP#Y*=|keoFs!ACyr6Ux4YkUOV;hDIU31QdVUL9#@znqwKI$RdL#B z{&aVt;-YxYzIM-oLv4HVYS*_^G#FiqNgh3J8zp>RfWpNdI88F(nDwZcW0z!!s~W#c zb>!&d3zddf0^%b=4-e_xQmU9efJDolG+6#k^2jfLGwIbG}1(kJpAKf@Qr|j>&(F}s4*_XJ3 z>sfB~;)#0XW1g(`1>$)a zA809B;=^;Es$a`(A6&N>mAe@w)mIGiie%r^cuR^BV8M^soz9NRca|;8Nt7tLAcXj2 ztoLSej@RYD%6;XBq*iS*V`Z@TQ^(1^t%{yBg2Tni^TI=&56Yr~K}6Lz2PXR=C1wbg ziYoGjd7`;zs`$IKsoN_L-d|E@y#C0!dvHIvzD`&(TB{=I$*McCSm)Oz<)?$|hnQdb z%eP7&n0y1tMb-CLCoD%6symg8nyJtfy_;IVmrprkOFwsB!H802ID_3%b>T93Yff%M zgrwQg8(-N48O~buN8bT$i2SX7<@2LMq`7dk(~%CbY73%i`AgXI1IJYAi@ZhexC?98 zyG{357zepuX(%@rQJ3CT(Vd`kYKCLyFC*9RKyBq-Ef9&?#0HaLsPMv^fsqbl-rHQi zXwF#5S)wQFWZc(+N{1WsOiV4W=kI5Tk7iy69oxQ3epG{Qe z=Z_G~S66Sd{ECOwMf!R+br43*T9=ddDe0FoKeDHh+XW5c54~d@Xr$Q#0MZNKzBYdc z2=6g^cSW90Z%#5Qj)5-7Hm)3TeYWN;AXY_Se%S0K(4rLLSnK6Y(%~g9N8Wl}F(a?9 zh(o1oxRLt8icfWDM1GLp#g6kBuplZcU$n-rTnITirluTLqnIXvrN&_ zE1?%(f9bN+lwtHhGP@<~xK8N?TlpUHlr7T<4s)t%WJaO=Jp2M&5|ZM^Go9zgEOcDu zXq!nlR(4|bY6m5^m_o*&=A((&fwwuf!<%hW82>7gMuK?V^wPteoo#L*lHDd5Gi(jf z4|LJxyFSO>FhXO*Vg}I;vV(L5+fr;$>zi}n#7|??18V$F@Nv^IdKWG3_Uc|0r7pCxL6nSx#>p8#95wQ$HptIb)aX*r*uq8Vx|`p za%PwY5=T|H_@B?6GvZnms(w3@q?rU!uzekVRrP(+7H|dAID1PF*ZInm@Ds&>%d)%Z zTIXwL#&7fRP=l^>l?3ZkZ3(HGjaThFy#0qeF4d`|7B}K!1tXYGmM)b8W+q*4j8gA3 z=tvq=mnHK%)E1w%%DF%J9VAlx*I4qWk{Ew!KXR7y-P{v4{QyjkqYoBRcpIAc9BHt*uuXv@@WlqAR`hl9HRbrLvU}P?EjDP!p)K~! z9a-5po}PmEMFW?*Hwig73lBZlS=SUk)4^h`x)kdySQYmEnr)v)g>0<}0SmGl7wrEP zGq818BH&xEMtoDA;M~hmS2I`+RaB4q_@QDpwNHkn+t{fr{c5VlGtS=Fmhodfe&;M6 zEGBt|N^d2%KUhtI9EA$BMw@%&BlJq(at##kyDV-pIlWoU=oIkBm?W7@viB?;9Q9;%QL?UTBJmvxJBQfGLc5-Z4kW~Tdc3Tt7qyH0@!ws-T~ zZhdzvPoXz_Gd;eXi8vNDFg=hvrFUW+p7kKzpw4&Wj<<)wu;z!NuTvPvNr>Ie z+qYd5Ip$)wa@&fa?ba1ezAhBl*OBrfD*^RR(L8`{PvH}8Ot4gs&{#iWJ@%-G;n9t2 zT7m*kJ&Gld(L_HEmLKP)uUVM!L|QH^uZYuv5MQboocRt29_wa4f6{A4`zBc%7bC6mWKrhDi^+ z4!EfYoAisX@DGYEC9YWSk=}nhi78Cs4%4}@2z#(%{psyWmcnh*8wPrLmi`&PsT?2u z`+&5|Lt&hwyd%BZ{=ptbBQ~J7{61d(oes^PFln-R`?~({!>fEAc6(ZZr_w$g;zy7GPyg@q)e)E4X5q!U5Vk!RJ zUrH73n{~<_Ijoyx{Bt?lalo9+X)1jmAxRH_)h~@J|Lwv&2<1TKAx3gGrm+nyqm=Jp zxCWVWVMrTiq42Tu>y5U7^Im+wpfo^>tQDOaW7ec5rb+etNm)P_1@Fe*mCmP)#bjL! zX+L#l#VSf3mAV!F!mH3y_hXx4o79K+d)fdm7gEPlRbs!M@NWCH$4KAGBN~MrL-l14nQw zS1km=XVGzh0|zYEUUvDl!WX+P>mB6-nYfjK19x{pT2-s}v}$MO$9L z_&7cceAPLKq<(lzZL#r;WF(M9ZlViD|?)gupyG}QHze24!Ui=vQNOjpkaMEf* zrq3>&(XCijMdXOn3JN_tuv)%T?07z5d2ObpxKiXg(PMco*;qt^_EjJ*PD#noldeiC5$d-hV!+8+$SHG1BS%f zLNyxh$q%*~t=-vs5xHHlxV6nrg=Q#*${@)7s&A!M)5g<_Z&WrxYetd9RYdBF7#!>t zr8MMnu~x6RxM-BYEk~d=cP| zCH;`$POFl~TpYv2q#1-W!HDEowfm$7)~e1pypnb>w-4q@-7fKauE@p?@11LgyfSaI zwau-)^?~E+N2W(E4_2)@kw@pPsJJ5WDNEVZ_igZ=vl5QnLu=JKH6CAXy0+#hLedS? z_`}`FBTb$V=dPI{^_g}D5zRA)E+jG>{>)STFv|W4Mi$m*R|*)7=|;gFOuve5J`WEF z3>C|)v`R@ETk4w6U|sAZUi##eH(}An7&uvbo5Rc}L|Zda?c|38FTS*vs1&$S2~&)< z@e70x@g7(Qbv^>P`b`91mE(a;1(fQ$=Soj7k}zjGx@Md;PWxn~j(R58F6x4d)$tUE zl|K13Lp%c7A64k%nrDh1H=7VN7#&&u>>h#0aNX>9c3=NcrKf;>b&^B4K;rV=iH8tj zd4}G1|6uH2>PK736vIgtnh0=TQn75af)zr>!>`5PTvodn_7!-PWK@LdXrY)f>A?ae z#;n~@+~J`p_mRUAjbggQ7j2hH#t?9_P(x6dxN7H2ZrH3@p^wW)9YL$3o!TehlK^Pr z)p6zkFqUWf#=CFv!~));Dh97@;$Rg>duz~X_Dn+8bzbw13Fa4AncXa7)K`{@K=Fxt zVW%Y0gj)K=Q>}!ogz3uM8*;Oijq_Zqt4eb*rcL6#UbT(F92Rt-gERfC zOkqv(m3VvuZaJaVAo5(G|J#u1l+sDuadnVMKl+Hf#f@2tFUB39Yp-3UkBUI{jY?_8^Yn=uwQy|!y9Uiy8>ibi$mZKRD>uxp9-kdc1ffoLjh|Jy z&L`S&IfJzt9L7EBJ&=>raj5UQ&3;->JO6ar>D2afT?(VF5yo%8JhkdJ@-g*dZj-ND zk6p#r2L?&I>~RXxiu5{CW^3tTpiQS!2(6$E!l)&G*;6fd-%FVurHwP{M;u>kT+@*C`s;tfmES=xu+xz=AS|K+f%-TSuHw`B_bWdm4qD&+4fF zhwM@Dk64ZNh3vs2i%BWS{(L6@F3kVa5|57~mKeS-p!KmY^LB)6bgVrqBEg%YoKgMt(pSXMK5^RA2H| zFR6!P%-=N%(@*ug2CLYv+;$ePb+yzx-uNmwCu^1bn>z?!YXN*_K%RetHjgf@K8_}XYi)}?Hoa@*~DUtaJ^u-!Q0ykhC9 z4)Vm3s!4{=T~${0iTe#%&-qx0 z$7$|316*#$E(Ew;oT%+B5I^bubDyfic-$*rI1qwPc)XLm9-{>gEjs#7Y%2blg~fmR zJq#eu@9zWj6$ar-`wQ4jLrAC0W-#q^S2`YBk6ru0K1_P92q^Wq(sf6sH1}PB1Q;W- zmkSVYS?KN9b$~~83b~Y)3s4ZrkTHOQ_#c$5iR^uTA@6;D!4*JXGgaix*y1MeXL~cq z#zNARraxe1r}~Ru|K%`~=n(gF>>66%LAq&J2Z@AYKLNyjswcUxA-x>g>}%VAWUYOu z5|lgTtNUd2A!+6tW&0QOXi-%0Oq|X67suq!%|2IFaH|>1+GqXgXmAhEZ3Hx>x>A2L zj4*>mJ8#|P(&Y({(d%O4IxjK-=%6G=`w2kdix2$XRPY^(~97YohKkX z5UupnCc-iY-@0-R>qA%zWyUqQBFP1|l<%OGGg-4F&Jf5F!30Yk0C^!P7OR@Od_Vue ze22}E`fIbj&fh^#yQq+?^wWOb;oG&xQEaHdneQOt{T4E$b<)p?5%!Wk^A<@R13ACc ztC`#9aN46F8&ahAP&<@l`hL<OW8wa(o%vHRS4*gSj;C4R1R$^ z-Q#%T8HB%m=$OCe4bkNZ9)u*R;w33<#H4Q%=3`;Nsr}k9>yW%{49=_5XU*vw?wdfl zfiN*RqO6N{S77HTXyfa@vj?-@MccjqL*1tx{G$tV&u_f(6yg#<)hR};HCxakp4mL@jr2${pS@Djc@$@3c)y`vapkBa{_3mm(hEM$oZTM)^>^o zz*VlK0z1uo3%oBGhM5Pnuo@;l&e2jUo1%B;fb0Naw5|Ieo9)ubes2$otnL%cMau+& zjGPAx?x4K}3%-^gc>C;AQF7ky;7r3-(MSm3Tdd&4Y1&vDjAHK}yYURhzc}jJ407Qd zr16U$UB#&se#D@^rW|dmLIXlXBJ2IrgEC`pg|j^>Jv4>GzEpn%Rxd4f%_bM z$mq@AHR4qB_p!)98j$&w-WdVThAajR#H8oPbV%X!W*(<$(dmN!UF81xE~+q&mI`@E zF9Qw&DrIRNOBG(DrD_JK{#eLh?W33hCj(85{&6xSf1HekA14F*f9B2qK+*7DJ@xqW zWLO#MC~w@&IGk!<8=h1#wpb$$(tmrT;IyV`uaIF9*dEkW1ssS3cc-+0?ylpuqh_mJ zyxq)KJz@1zA05S|(nO1@&|lL;ufc#Hot7x_S}=jgs=!M+0a=DJN3p5}HD2|O=x^|% z!b1L9h?BEb+tkOBBHuiQb!=06MHeL$s&{fM`o|G4MHL{-YpnLO68f5OFTaB>y+_6U zlo9-05b8gpZKw)}@c8>9OQ<)2OFR&@Zn|>;^9fjb2`pXzxkUFDowonO-mPQMp;|e> z-q+_*6HLNy1`#|PS;saMcUMZj$)2hZM{7CMI0)96_3$P}7>SAK7EV~lI_wG+D$~O@ zdDa3cm3V91_}RfM90%i=IA%h^25OO8>_tArd-A1*@Da1ay#?hy(tUb8#f(ACJ4|h*Diil3ow`vCA6+buZzf|9bRO zV~hf|0nG5BGEz>aZ}!9@3&$6+I7_J1jJ(QWz9s(hRE0jR4%0n9jc55sBlBuTklz3u zjc?um6)_Fb`Sc-Xx-KvWVggWgAe{r7;N_#vdj@drr603wpcSl5`i_!h$i!AVkUjR! z7p~R;+FQbVz))-3&<_je5=B4;9w7Am$K>qZ+nWNGf`hrQ!)~e_lVK^=(Xr_O8Mzm% zYeG!yIn2A6o_5oX?mh4=G$9tO-&{~T>&fvQbfw^w=^jK~TA4dns1glwbv2no+v?cj z!WM-p=Cbdl;ZSD|w3(Z@Xo!l;wxif_qo%e%j2p;BgZxyf!ybUfA)DSAC>t#~26GQ^ z@Aj^7#M(Vvm?{Jij#w95+a@q)=Qe(tB;FPJE`A-B=vH@uAr#G$g+4%E{0{P}3zSYt zeU+^3nq+Fac^Hs0;=C}7(D8QkwCdX9TE|o^J-~>Q#BqVdum$1Zd%d~xLG=FB$mngo zZL^_)D(R9tG2Xm0zX@rSiT%qA>i%5!^v~{wpHVHP<4>a61nGE$VnU>}5A6A|Yvz}K z_1Q=|Rz!nXp_cofTkp7fqFHNxEOrTv^`EbD1tAe2CkrNn76SJBSx1OPLhYdNy+3 zjcZQeEy{pY*$6{2nRcP-UD-n2m5eTp12R5FPHX&g>{HdL)7!g|9UVQFW=*)J$8gTd zeJzB=$!EW0hFEUCpROJ@9a$-yudzR?tS;uE=spkjxN6`lvF2OZhfNE#zx)pKbXRHt zI+RQ3s0@+8o`RR%C#8&E?Um+%KXkaJWCczZYVucJX}zzrvJ$4OzISDWYTF7uIZJjd zmJFov5Pb5wM_V0cyRKFVWkkuh@y1P0lfyQ2IElCr#1&G-NPQY_k{%n15|I=+o}D|Y z4B>ow|H8#rev2WAPfn^K9f5Ue`Fzv8MG0L8RPU}__+az; z`o(h__;dDr1eod zel85TwgP*?Jr!UVDn96IH)FJU9Ht;N7UyBq#lRr*EgCO%8$(@9Ec%FGW7?fH57610Q$wU?5;EYEZ$(2H9J z@A;9Yap^Q0YB7?W+?wDg+%Nv{W73m%FMbUuV~mnM{OPe!B0=LpN^A$n`TtLdVV|Ek zX6+!_K$jd8Pf!d*ziU11skRdIaFcybrVq~2!rY+vK3W=V-?y6ei-lP_Fp&Z4Z-?Co z5|PSVMnhKIdXbk_z23%g;Tpc485oZm>$O8~+-WtNv=F1F6LKnZG<|KId}O9w*eY}{ ze&N#vIOOn_bl_U#qI&9ASH_(W(B>GvdF743qzd2#(>g%snJ}T=g{NI8UFcJ_subJ_ z=X!J|X;oQhO7d7`@MfX9!zDcBGPu_oQ!#3?(apUZA!e4Zo9dST^_Pzh3-Vu=9F!*f zg1RNG>q51O$1BuDo_TZoV^VMu;)IXE zW&=DoKb4Q?nQGtQ>puDF( zc~BJ1^+>)=_?Uv_K&vUe#gFxuWFKq@jw7j-pF6l2Vhmtd$uUYA`W8l&v`(qdEsBuD z#q{#Q`~t*nGBQFyvrIevJ(E*RU#kZ)aN2LZH2|UHC%A?&faBqEFv`}Nc;jXc6$o!GUm#?4ec<}S@e?U73==5%e zqgaRR71^=DnWUA0@OCkzeUzN7mRuo|CS&y2g<5P2_>@_bs$vD1KOx&}{$R&Dn3`N!fv&p9;)|@eA?B&xA)dmo{%~YphT5 zO3cg`!R7>p!42GgpU9%kijFn8*AW$dTm#uBMlZW-Wd*D}Tz&rxRsiVFthD+PB0ZZF zJAz+sZuTSY6jk@B%rvSyf4WnqkxV|#JLj^l1c^uRP&-vmAa3?6YjFfR6`76?TMTLE zjOkp+4|5j*nw7(#tqzbAy36BaYMAQ!?IJ!BTB|WN_X#eJFm^q$ATAI9i9$* z0&vfU_TtJ2nv-kxesB|(6s0CsPF6?_W71M^E=P=pwUVM&9J1k@TD3iH&>*}+NuaYQ zQ-)Y)mRqyqqrDQS-z?Nfm_3-xMkyG;ocBeoD2m7B;*~Wp7ge>vrw$#NiAb+$9el1h zjJ4XoSnt_`r+x>u+?&5=Z@Rh55ls;lDEEEev{)$Gx5b$d=fQu|?h9Yj^ ztn|rm=x4?#&uVV@LD#CcHxzv!Wi)YW^#rek15KUy0KvlgI)@sjW85PXdE-HeTf?~7 zoqN9^5y4N+n<mONF*A<5A(rE_dTxm2d8xngzatfR4!A^M|~ z8n-3me&9oZa9peR?zksJJ5|cCy3b*Cs<+bgY5=cvOajR9;#u>lj|iTAZi!miwkv1lbTJ1JWBxmYN=&qG8@Wz-IZdt;C_TD`;f5LiTxD5lHsQZ zuYb;9Wo|%{^nljR3HWsxrDB)auj>@0x68@PVGhRf;SL+`C630Aw45Qztn)P;hdGN$ zMv_Z4S}&fP0>(5A_KT8@Nisk1hr!Z;OpsSQbo3%vohoW4?o$RgaL-lx(?lm+q#Tia-#<=g+7s zC{0pyGYrW}1?%_P_KL5T2wIfh)qjYc*lISRx)!T!6>rrla>U9FKl1ssS~4Yedy}#Y z$u&OXDp1%sGL9(Om0k1r4l?|ft@z1vPYR?7cA_PR+bIch zr%+AWl3ZpB#)BTe)KeZLAigFlm421nyHLAYE9Ss0E&4U}$VRif$~SiV zfq9K=xQo^%-{Ire7`i{8DzGr{;YDuU%!h0$oOkT;xc=M;hOZ}zCpY@Jc|`kKJMwr3_8VX9~=PG$@j^~aAiX$ zhddbRiQ*CeBc?>H2Wx3lcWLh~y#i$%TOIpS;@XTv7e|MSZR*Gp36zv1jnsT|`^cv< zELnnmcQdYDOBk=Zc#$~_o9{P* BhdRPQEZZsejkD=?TdMy{-;orcE(|c-2ndDNT zPiGD^z_Ap!0cE+p>%t8qKJzF^;p!k3pKlLMtPi~W<@bL)o7irk)G# zS6=#1wf{~g^7Qq?gWOi)fpxXASMebs^6Q`Vuu-a3Z5`g&*8i`)_l|3FTepRyDA*8D znn+VXL+F5^+IyYzt-H_J``+LE`3I7>1mfg*=X~aP#xurJe;W1hcbSxml<%9XM7K}Kdjk>g z;h|!gXw4&ON=mj|&zNq(rihl~BJ%|9$i_mAU&^Xt%5U@vbSETzeq?gwSn{;9@{-l{ z*Hmk-DMF)?2nH{HkGwzRdEp{oWjCtmF3hV2KUBy$J$cUcrH?-Sa=va50OrPbS?x)bbTFvc**U^RPSq{cUtXZM&9^ZT!JOOW(Qs#N;OWpS=1ICFR ztkLy%%{Kq0ieM~C$tl=M5{WuWbrsrkVB!g^LqUZq>zK+*IWwXpkI(VLwMkm4I_9`M z;f^d5#Vvllu5tNHbo~!VIepS7^d$88{hB?uS-&3UoSo;%aL*oez<#a2)*9Wyl-%7x zHMc_43yrlY;p(gWV^L$zCqfK+Y*X(<6!i;O#x6G;ef$K}iw^x)bv)47^B5GnXB32f zt%#TVt=Xv1KH0kvuZ#jH$?Df;A2%v6!fg5G_sid61ISVFek0oT>R+3E5WCGj=zm+Y z&u*1pGVNOWzB5UBnP&nyS`&j}b29DH4;7T3&@eqIWl*BO|KOcXALDz$dAwlF+&P7yym5 zz$U(I^^HL}bBLFrb8sL%RbsJuK9JYt@XaBOL;jl_d|T0>OLb=y+onF`P@p=&TJW+m zORvH)YrEt?E0TQFb?Bk*g+-kBG2!T?=22`9S6?l~Uhf8_Hk(qZjZ7aIP~7fwM)dBF zJf6!>`E-(Q1f9cU=b|cHXZlbt2+FvvG71-JEWPO%>!V&%Tz`MbqgUmAuFbT5$MOU(UzKv9&w!EYL=ynbUqH0qmBo^ci|>(B!X#13+-eumb3UoHfNm z(Oq9L2cf&iSL?3-Rd9hxm11uT%b4}a33D0M8h^j{idp7KM!6Zpq49D8vlEX%k6;bv zLzMSjxy{JK3koDmtX=rA7P7C$5e`(>d zJ0cS96CXOzQZ0V2DDBdt)-BmuM7oU{*qaE}kdvPjZgCO=&R7mmB2{pHHuif5wcMLW z)&)2WF7kT$!`kP~0Wef|3eNQK6kAe9Ga<~ow2N4kcr7TrPX2WK-b9MwKVxULq{a!wN2~!;wV*w zXO4}Nde>4c#r%|9)97V3nmJ+91NCWfOX^x$*S-3s**;>j^_T$Prf+fk5MVog))*xkTFzd;U9W;wHd_NupTV5E zFy@;@T)*}70z1?`yh6Ip2+lZjUB0iA=R75Rw9V(#pdz&K*sOdezT)kg!!0{4PRYS> zj)|ihljg_0R#d6>Aunez9K{OOAK@a1UJq9W>+YJiNW40-DpfqPMSm zs*v>`W4JZP)3XO=y*xZs@J2S>4C4Ru8E^+ zy}fUtCa|CNsQ2V^fur&HRdJ2FObsJURXAyXw~n3@Y7y;M;`xOW)SA~JscGUqkmb|g z72RmegN65JS44vfen9LK5;X1n>|aO3gs~RjnwPlr&YY!_%;U4qh7rn99J9Q~3f6S@ z4mRp!pBhA(Z}-PM(RqIL^U*7d`>1^fN$5t-OV75=^S;fq^E?W1J=KWY_gO4N;ytec zC;}dkR#eNB2s;(ccPr=@-B;N3S$viaqf?vLdRjjk;i!D_-LmDwr$aB@Q2`iA*J#`I zWxRtkqSRT&Arsb*zpxYWAdCO@d@~cb$ocWH;OHzbXFyR1vw*9b>hcYW6+Bnfbck~!t?ED)(lGjw3A0wHro`;vj^(dO4 zAz7Dn!IO=hS?bHi{*t|^q4B&a5HFi;{(W>Fb%nCj!^oS~i2c*_#gU zh#Qi_hnrt}DiV|SHYtyt~5wfPteO$~h1zR2ErIaYoJdd_hA?<4P$7#QDxG4gK!>9#_JR zRCJxXH3i;Va!9X1<+V5jc#B{yepkjGuZO{p^B$N*_jS@H%3iE|us*1?ZOZC61|BSL znRvk2xNcrUKF!;dj1ya{t}eU-zXpBnDG+Q(+OFJf1>34I@jmiPh9UE$W7)cAm?zb= z^g7KVO(dvADCA{cPn@KqOjTJFy1yJ}veLPp7RI9#aIv>8be$%!hJTTt=Hh;|C z8cVC5alDLH(O6k%lfdjg{zDjTq=&cSYMV?WN};fK;*M4>^7GeH?GHib+7@b{rP5grG8QV zURj}^hhv^2k08FNskVN`g}XV)YHrv9cO!vp~lsZ(}}j*%A``KIGmHx={UpgwJVhZPrh7Eu+%edY4^1a8n1Ams~>Ez zC>h>)GaGkj+CE{@TeRAxNTM6^Ql2h0;vFDw+v9DF9*spTp>p>aIcmU5_s#@jOP2%D2~vv&m`k zwvz%+==HAYGelZYjEpLM)uYO#R@V0jA6290 zapaoq=5?uLS4v;^2IpEzcyMju(A+YhP3g!c-^NWnj$Zg=bx@y)0m2j0)=Cy{h~o^Z z%c8Gd7da*DQrDIF+;ZpA*VkXrZ$I13<5>25k9M$#seN7>TR(M0_2u=hi`RYJUb-0< z!td3loJPNxPH1Pl+*8V%&bnymr_#M`kdJ*=kvB23Va*ewXEtFotl@t0qUIXc%1w<1 zqUtqLWO%umm<(&EP(^C{pz#d>)zi)Wu6@P4;gEat7)B2(o<6m^=*kZtdf>V^O995Z zV;n^Xwnda|_RhbeJW_R1BD$E9GfV!oKL0%P z;)mn04>U}!0A-}OvA*Dm-qc4ut+VS}^HyO-r}oF5)vbQxzG(@ZDmplW6TGvoovA5L z#9x&>e)qiQ+7#0Co!@P;Ohv70)+e|>JWnvcHS9TEl@JHs_lr?y zbZQL3q$m2Lk5blX^{Fu5`LH&OV;x#(lCHoOUpa*rPYalDX?ehk@$#lC&X4I@%V)Vm zL(*q177efZn460wVXCmuUYJSLRu3+;w8W$r=J{xAp^h5FVqmQ`7v#YPW%3YJ{kV}T z^s@N^F^f6=#m+eD>UV_u@jXS>wHvjLoDQE(PVQ9HL>?vF17_V-tKHjF1i z$R;?kz6Y|UdvgWkRO?g2SBp@Z6kGpX2k3z3^?^GwLyvOBZr|dNjIMP3yk(lFHjbhn zY!fRM%Z{_YmjJihNt%!)cD)~t#&Mj?GaWno`1TnE+IjgJ!+8UO22<2W%d0Fe-DZ<- z`RFq|X&a?d-c_cE3MIC)--TtqsHrgMYwR*m3qy~?6*@rdqx7j zAeKD{$AHQ~a0Xyuc9{TVknhr_#5AL*dQ4kMz$*PhY@H?wrNnR9>V~4>id9eP@Oxnl4n3FD+qz$ioV1~+ zdmy&wp+>v+A{N(G*>eW=_RNsuO0?% zs2D~X3!+{M30T--E41xP6l3-4Vl%pD3)~rF6Twx(!x3t+QcMJdAdS}`SPr=AkabJTxW`|B3y3~LO65r;xK>y{yD0iUvys(o# zFx>?E+yf(pKOoAj7%GV{dY$J~FCc`zfD?8$T}TD3!oR0@%hz%DB4$p3B{slvTO^mF zVXqk3tanJm^~fu^D)qx>VlHofm-?dAdOdAIbMcN2f(ob-g zp}5P!Qm;eq)I>~Et|8`bpuwK+#$We*d;cqJfO@(9om0G7;*5QNODbx3sZo0Rr z{!NbNJ^?ben>F}y#;Yu$b6ZnW0@OU|f;o(`uF-$e-ty0IIR3Nuh!7CBpGFQCH89Ys z5i=F2y(r(E;C5hR+8{Il9?G6Qgn$;HpzUFE3^7jt58bXhfG=^z(R2wqZUftAgkvnxM4?I^N5T5un*<} z>dd2W^7aAgzR(uf56A%AXIp}-3~0~ufIi%}$k^i#V_Oz0+e676zz{D0nltK!Mqj; zS|@U&hM_1D73>V9gznf>m(MrdCRi+cr8Bi=lOu_cT0f>jCRFhB56GBs__$u=O=ptz zE|obASPG-Msnt-Y&sC*hSGw5-a;Y3Fbd2<<0J>-cN*6DRJhgfijFADIJd8Uzup->%~&2N;Cw-fNVLi9WApbyg<~8XYSIR%qo7!n>klYjpEsoUtg!#y zopAm=<+SI^-F60+J7OvXN`e4^pJ26Oz+0K zPn!uU?+3&=Bbt;!1I2_1k;(sA+pVm36Q~h|VT&?D#tIZdo$=kN?~HhW}t*+vgOX zubwRfkqA;b)BDswzH`5@N#6BZHAl@4`O#+`=s3re81GuC;;T-M7qmY2AuDsW4P&fD zIG6iStavNS>2kZ90{{WNJQ!vZPc~YyJi%2fF0wPtDmH8S+K@w7oQZz7! z9Vl4@G#n?$m~(*-+2$AxC*cjP5NZIs0{vE7FevQC8#}!r)*|0K1}b=k*1u97)k4RN z?<1D)%mpgx{9PzM;{AP-Q2Krg3$~4r?=p3#y91Syc0MF|Zl6a{cg4nEpscyG3UC$=VJZXRh^(IvAXUuc$M8bc^#!udieVDOG%2dYmNY>~~;CILNrnyt*% z#xRPQ`{!!X22Dr5{DAcE^nm(C+i<{}VKXu=aeHj1e0&)JCj^hv(kno#&{@0|&()#T3ar7d5d@^f|6?{D1nS8O!T?>v^sfPE z`W!gtG*9#Ly3^6V61FaMGGqpP#w@$@TmbaCU9s>OD|HstxMq5dL{dK=)CQVpP3HP0 zXKfOpXh6guwvfIddXDZ!VDDtWyJ5?hJW@9CHt2lfPE`OW)7E1P#He!c&zPtp?S9yV<4a{de6G7nmPoGm|Q zj&_dB+R*@K(&#FaW%FcbLwb0+hhD0_#An}Kdx3{D#i6~>TjqepdT;f@>!~ra%(*Wt zxlMBI>vb?vu>e7{IUer5WNV#u&(!YOk1PBh zC!2jkm$MBEZmcn|+#&VMsWmpSem#r<=RZQFt7zL~U zik{{U=sm{cS2{|D=1feO>%M}^1_N4{u|hGon})i%f# zN5C#=74aJe+=}l|>ButeQR1THXpy#kh)W^mB37L0192-BRrT1*AMZ%u1LX!pig*wB zIlD{aHJ+_SE@Z#RvFs?;n&kM{0{_+wIoamcJ%c7WUUZ5wZ%=ezE|aj5zN@~N&Za+n z5b`q82a@%t*A>>%QQjjrDb-eJTw$Hnw0jiK>-34@Z4rwb(-y8dx>mK!DcY|x7z{H? zEK0@j?Y{lLJR;R}^Mr9m!AwBI9iEhMw_B`R!QS=xShb?f7;DaxgtAD6Pb@l2EwVXh zf}`%uXm+TWUG%dg+tp$dWfF#_1@C^c`BMAh_VN}}KOQNp{gk0vT}4YSS{gUZ5MWIdF{tKnuzkF-v$*j)W#%fr>`s*liTRcf_XCDzyS zc^G$+0#19iVmYBf8Km}%oH_Y?>DZ~Q{_(4!nQ<-Lmz(`H)0rgRRm%k&p^VBD+Gt1C zSCws4=`eejUP|Tg4{B&#*nMm z{SnW6uBYS=!d}f+dGro#`F?&?Cd%C?bhO$s3Oc}LKuY>9nif%WDvwg#Xf0YoLIf`q zMPZ4a1`63)@psP|pPU^DRCp3Pj~TUa+QOF?SyBw!SDF%?6GWcoI^v6Fx}Lb6=GauB zQ|MJ>80`yHFuLvS4^(jtdlnX!#e~W$JT;43hLnLk#(;=3f{qf5U*5vQ*|x4EaqMsF z5q19b_IaRcCHC;=iLE~KbU)U@oELmaI_cKq+qwVzA2x;jCvrglJNE*g(Y1t;e%;Y)0fYyRlMLQE9mc%R3FFZ8jW)F|P=JjNxu+2a2ELDaa~=jzNtcDOTT;poxMWCaT;O|*R$6N@&GNJO0eOx1gjhdHD;sv=_`2V$ zIW(lS)C9h*D^$HKXi)eR+x-S9N7c!3kE>6z6qjmqco(|qHpi5|Ek#v!fF8!!>jig# z8npNezuUL{^L6*db(d;oNoi&YEIGb5LnxI>H4Fub@`!M zZI5)v2_ZZuDVK`+TgTwymfe{+_YJgVibv6s*sv9+F;)1=?em@w=yd~}yOen!cr}b2 z&3PNp8EdW3P2-!b6D08z<~G0?Lhi2_@e98B%hLc(w zR=g8=pTaF5rjG?1+wZ;pyw;$OA#svBLJ-H+Y=UTK!>qb8O8u|0+p9Zm9Azj86Ouk)1WtH^{KYXiQ(3K{*0Y5$D%`4F>ci*l-7 zf8!m#dk(aF0=9e+IjnP&@jjG-8xEtBt(W|5GB5!laS3DRZa*kNK97`UEsD!WJLkOV zva)ZK?HcWAN=-jws=K#h?~If=b4W4QryJr%{O7`(Ei3 zRV`ZQhtHu5m1wW7MuiVzufwwsp!qh^xR_}!vY%!F3y#2 z@%O(n)IL|O;(6z*GO;C{sakr+@>=)y;W0S-7;iKDQlkix(xKCHCi;4>QV+@ULJ50< z+XjP34BaH%W!9m&G!6yc(G;E0R6m={tLxSmY9w3i#}3LcM0D%Gb3qrxX>*cx&z*-V=hOm1A3xiBSMv><;AeUq-w{E*HK@s9(G0zG4pJ@%~}Jo4u1lffaT$&_sqfD=&vDG?EL0k3<_&1@L^Q_p^P~+z2j(x6xuhZzlp+VLe#e^)@oER@; z|3scO<$RNf58=rLfRB=+7^j}3%;vQ(pN&n6AXrv%49lL4j`gx)Jfdrnp}fbB+ng+He#{#f6!DsK1d$OI zUXgQGnaexDWVVB$yN>T&AXKHG#@?2!IyN0Ft<%BUgz^%?j&Pzoixx64jyc7Z5qu-I zP07uwD4|-vEULa&#b6UJyN8Is+=e6P1=pE%6}{HUkFs}<_VcARf4~F-yI(a@O1Ye$ zoM>U;@HYK0N}xjPY>*~jeDce;e6L^Myc;FmEmh6_NH8HON^41(@m(g&+hl)o;}{$K z-PIgN{tAC5dC0jeHOG_2H%cWw8lM!vWe4kcbIKWHyuN;t>zK;wnZT2OIlP}11tG#h7{Ceun1nUYe?#2G50cU9&;?x}h0+G`K`i(Jj7Mr5v9(+W!2Zv$rEmcD zGg7(Ts5)NXen4>H8?;ze8^2kwy66AJdC*k+FV^VkM>Br&9=wVF%@{pU{;<-Ma$>cK z+OJlGxpeA4&CocwP(zu`G)qbT4ls#QX8MDI?;jO`|Nh(_;RCxHZo9L>gARkrN19I0 z8o~j0Q>5qNp_I6R_*tSd%dpd%t_YY`^gwK^M=|0M{=^8Il-R74-z{b z@J}84Hf+sens)FLP|8ceFuDGKxE5*vC1H{C^R$D5q`eA656-96L3AAxr;Z|;G1_9#?`fDl<_f|(zKMT-X5;yZ z1Dq@00H@NK+J8X!zoQ&?+i-vTA?(-_ln@%lhK#BcL)^wZWuA6Y1Jbf2`-wrJx@W&M}&R&{G`s3XS;^2C zxwUEa80AH%E$Ug9KjGjwZR`?a`%&G^ol+%cish)Km$H|=Htj1r;XYMk>z9(H{t5UG zh*{f97w35328X$SqKY>dvo5X%WSFLb&}LtF6=4*;6GjGT*OkAbT?}p{RHOX$AP*$A z;ARWV#rqz9OmkdJMW`FVZqE>-OFNA6Av8!|T9 z-(fu0cg*>46hjP7DWAp1j|%+dvIYh1^^{ z8YV|{uhoWKaZK`ieR|Wp_~rPl-Usr=a~J8zg%9Phxc8rxv;r>6(akFJJR=-kg;KOp z?!Nv!o1D3ysm|=%zkiHBEi2dcrCk8>pZ-s>r!Dpr}}M&tJP)2ZoV4{;?!b zx#ij`rreWD)*`%3OswkoNsrc=!R*iNw6K@91adCWKzfllHuVVaoCte`6k%_9fboQC zL)I|Neo|ehnp)tw*xb2GK2tfa_v7%3`4x{3>`Ayf8gX57{IU5!PCbIrvcENZFbs<~ zQiWR*QynDOOwa3|l|Lqx+?UuuKGldPji~XIy61UKX?;Z0HQq|gW3|9FC-$aHTr!wD zaq>=}MbXsfWtH}h4Yz?nnK~|t81HdP)KrJji3Y}$0`$YdX4$s0P3=t`S7Fs8XoDhM zv+1!fTWTW-wz)S?>DVfcvul{ON*v<9@&OB|(DPq_BzGQJU|`Ow^#&qRjFACRu<0mSOwKQF7SZ>(^yYB9L6syr{Z-pz4a2MCSHeVM- zViRt7Q{sT_!^@`*avk;RD0juM)iA-n?>ySy-F*)?T^c+u`r(<~%JSlQCTGb#z-OLw zKGrkVQ-98rdB{9N;5fsSjBOM{@!2fAf`5_MlV+He`j$>vLf3HSWW>j-FSi)6p^!Ck zrfmsQP;*@N;TiFXn##^8yg;l-ATs_NZ9z=_;!>)Jo(@GPXO1%<>$aV@>+KvTy{zkJ z9+t3}?<;7H+9LqJJlmH@=Ge9>xLW+IN63J?)Z*-^Owo<#8OQ17#L~xtN z?_BBR4+uf-G9Y+nSW=8WZ6tzrYNK~^v0+(SEX)luBl`-LCFw=cff7-QND~5>Mnc5P zkwiwm9?>G{e$nl=tBx9R?j;wGu-Hamg!fIePFi3anT`R9rGpHk$=KA%Coh->g9jc; zQ4(vjw)Oi87Ny^MUY{z5wN#+s8`w>M9MYjNQ#^&$+P z(Uh#&-pk+b)quv%W=?!=-@SRmR75#^1ug4Il)JgZcry|_s<$KNWbk57tZds(tyCXk z--Mi_OHGwv={{4jX2N%I=_x+pZ`^%NQWM5>RW)!+7l=X^8{G9<%N}Yc=P{sV64V?I zMQ3lOgO19tFK|I>tuh`ojjV=oB3;vZ@uzWaB~?#OqLtxiCh5nx2TS_cjBQzTbeq4Y z@rTIV$MCDs#Ke_+5j?FYd11c$*+f;@(n_i6=Fl>U$A)QHmU4=@kA!Nw|3Bf zaE^7@kI6u&NfaU(%;R}gYWr-Z1v+!CFOlc%{83|R9P+?erkC|wR@r`(~RGa@Ziq!8{#cVItigVNI@;bXxy_k ztD}Qv)jHvleTIofS}ov^ zbSl{GDW%T>b4o##J!tS+=%Uxs-D+4~Ig`|MH2*10VBE@+@f{K3BOXZOn~5FKokIG0 ztmmDs3%;hdH{I?~>(k1uWeKwZM7=+gUS~$n+F@bFwdes|g}n>!69iu!xztkb#rOTV zKkSP%=J|+VS0U#>t9cdraY}MNhJ0xR8ZOw;sCV4jQ8-(-z)I`RTjij%$@*l}gah4x z2QSm4a!3hY+<21h$ZH7HHxAUD6o3e8Rv2oro zF4s>2s?Hyu9)9VW&SZt7u~Fog@xGhC;42vObh3q#e1pSUdFM6zSB`6LDl%9^YEvZA zVO_J#j@_-UN1_Wn6VnD{-@pr+rI-y~244J_xLha>8n#2@9PRRNS{4qnCm2^gQq=29 z^h-Ndqb69GQrx@f7k25m@?#Qn2!zJ6XW|^1&A^sTC2S*0=B|fec`R= zg(UgZ+RL-ny5DUWB3Zl!8q{l63f`rJT^^*irL%ox_&~QeK0v@Lrre`v(4-R9`?6u` zMDM{C!z)j3l@;C>`B{niC>{rQg4JpF5CDq;TgO;s> zIptNAo0I1PZ^>EjS;BJRIk(wK&9#z@Y&4UL94_MHE1m^x1ss=6_?*vwQF2+YMSgWw z680*Zn>(D~(OQv6Zy%1{=~ic&zL808t`#Lt4m!p0I@E-GPF4OUsj-72D)V6NNSOL6 zhi)KbbH}4+v z^L;P5vHSvDuGZpAkunr%ud=dUF}8ZiL#ow5pFU&94F|W?$)W|9T-6GO1w5~HTx8lv zs3Wg~2UL50cX{ED#i?teg5SDk$Y$;2+wokLf8vVf%4?QNJ&2qqY1B*1v&moED9P&9 zJ^rO@$OZPsp;h8A`hW`8LpN*NF}*NOd^OlpUo(|5pT*-P`djvDy%uXP2&jum5NdQe z-oluvTX3_);@IuY&1*-F@V?z`S32(hl&CA9eLL_ClTQ1J|er@_4%oQPL6Z zST~6lp%0mVg(m;o{Igo$^&4;ur!?5#T$=){KSpmxpT32%!2n4|4O#*q2c>gD*7Uv+ z(guv0Lukq3h}9BK>XIIflftwv1GpAZmQKWyQ~|FX}u0~xj3IgbJ8Qdt+T`X zJvd!}2Il{?0M{P@aeseK+d>;+Ys8t_GXN=CvorBfrOYG^~o#4k{0%{*i6 zxkW0gO24cYz*@xt14V417CD+mIk&2$jde#)6TxC;`t^&VDPkG3cbub+JRY* zqYZR2yr$vXz&-`L6Lbv zwCVvRaz^~Mt^6*kRJh`Ij~Emp+_;kaW`w|D0yVq!wU7WjWs2|E{_)X{KMeFnW8ch(-qT4WrqYB$dQ z1t!yf*AnxGtmHRkZy*D9O0RSGp0#+4FJw*(R!cwhP}C?^sXXh<6jF=FfsSWP+^N0t zsa#?I+k7__P`M3Dvevz4W%0nP=-t>iX9W}gCKNy!UR9Qka}kC%-Q4sk*bS{!g|>ekd8-qsf&T<4NRe>h}kjlI*uwuOXUOD$IRXsR!^!p zE%g>SnElJ;z%#dL&q8)exAPBGdvJcT=L)!^Np0CY>Xm=vA3*oNFfIOfzMCQgzCxEx z%R06uFVO;FUtqnMd%T+>1NJ))lK@FsdJiB<7l&*ohrGlra0Bow>y;^CowvaTLTduN z*N1-_!ry?6N8I%pkzAawsrYWt&eraSxNrUD-7!^0>+Sxw%Ce`^e3caiA1L|F%0rp+ zVsGwTfee8AN@|74ICg+~LHz%Y%k*D43jJr-4yZepZNWU!={aGd3OI+o3>LwfD<=JJ z`Xzv=$Dd!KY60hQVhatF5Jb;68CIg#3;R#EDCQTCT)PA1`U|~g&Ewd>jF@V6xnMpi zKwh6g#1lxJZ4Uy8zsiOQbUg||wAm>|;aZV?Pn!Z95T9;kEE7gAVb;;Ketm{k-m-D$ zQVIgZ=M7rSsK+92S*dd|iD~C?-(jP+8UQYncD%raU8N`RMaN|-yxApGw_*=xJSNVB0 z1q9F-RBYqw1t|kzz$Yp+edui!SEb0+LCX(;alA zNV8l=Kup|DBuSk1l#{TtmCnTYuC|rR``u=TUIs&5(^!Xo#B3dbAvWd$6=Xv<#1{~c z5vv^dACRS9UQol>`vWo~Q3!CUdLd_+K+_A?g5(z!1PQuT|t| zk&1HlcaGo>HLElE@;VeU553(x4BAG&B6=kMBiWkg*fO1V**>vFg7KC?L&aGi9S&!k zyOmQhU+or&$7o(C+|sAddgd>Zi5s6aTfdkp@~${63j#M2(w@11%d$1YcB2APgYKFC7K#%U8wz<58$WL-BU7cn z-`>FZo=V%zDCD)v=|^TeZ}owSZn^k^=Xb(DCFMQ^ZP@3&w7^uhlSE}3<3MlHOm=8@ z4efcf$2sQQQYBXJx0<7wI~hKn09(w{G^Qq8W9sE?7a$$7dAzg;`aPQW;F)#;vsWLv zt`u;}EvQp-O68H>3>FZI*f{N=DJlB`k<9cGb81kJrdH4zNfBJCr<8^xnx^NyVW2mx zcf)G(!*nQ6h?{SM_$flSPh1*J_Lm{Br4l4Q}QA`N@Bd`Oj$i`Go#%R{J@({G88! zu0;QPYpCh=mGM!~WBA*W3)mOicj9Q=OC&1osnYI>zMF8^SojBS8TILbX8UDBkX9)M z@B#qAz7ee6th+hDc{Ko{dTlF0S5A_lyBQ3~NV@JHAQ~3FSWRb&<_A|jwiTSK`a+?k z^B~1|J@*wsx(*GI^uTWeR`+8Q!gi#MIo1{z`eA<@e<+01@fcIW`>bvsrD(d5^Jqrl zi1p2W#V~B1-r;6`NB)P(ny(hW!U!Bfp<74W`?BOmItI$&a35FY6J~?%h17HM##gS` zVp%`fJ9~`N5zs+VzFDB{puE+Q_7p8zy20 z0_9F#@Xtp&(t7b)Ia{HR%YZ`}R|YsdiK|5-;ZVhVSsWhE?jUn%ZGg`6^Zd_o_!$pBpNrqm0}sGdlKtEKkj3c<`nGj)s5g+e ziB<=2wfV+4@<8B4e%wxej|oq2St6p`ETUl`Q1W~6Y?I?)|LRy#1DM+}jA_@;?LB3A z(>4@efu7ZIf#E{C(dgMGh!URbPPyoK^Z8R=Fm;aNP)H)ntm#|rV2-&VSSTcBznR4g zwrmy%QqRH(7aPd^FQ}i<37^VRc!_h^6LX?a_ZpBvE)jDod)u zA)!buM#yblmt^vdsd83~08g)pjuT}1ZfS=TQV>}GWx#Bl9xs5YHYuvn=f>Gaw%b$h!IF8_NaK#8 zh~53#e7n;1^ds>L*euK7zJW6SvUMc$09Aj#CcHL(Rd!9`5v|whvV<~o0~4C{(YaaM z-~tV9h`coNP+6}5hPI@ED9ypw6QFzqXh?80QB%=%Q8ddPV zH_wn!KnGFzB-D02dnaz7d^^p_r60@>A`5jr{@@r~)cAS)b3FcEhzE?_dZAt^)nFar z1ZkxTm5YDdL7KL#XHlW$5WB+`ui>>wO;xP6!GZKchv7scQB1kju~45TqB3hNuXe(j z^}N{gF}8aH`8DT^ExasVn*?&^8Rlluv6MlK^7e~D&auq>>pa;1;)0+io2CZ2SSXD( zglBi|6Xll1nn-Ax1d4F%4!#)FSTqSErk`TAjnCBNknolN-R<=@cgFD zw6wR)v<$2@qc#0do#|#95BRcJo>`vRi;AJSX@D=2nyO#lhDh%E`Np4v^Dm8@Xq^da zZ`y8X@+}AP7@IB6^eZ1bu#-o#Dc9!Dxu1UEnfqi!=Ae!;uPGpGO+Kj#5$e?f>8{4CB8o&kqwly#N$B!R|O=I`A%svTuRArYa`4jB&V z2WIkQLw_Fr3r8b1t;~>^eqcROHZdB0%3)8EqvLLeG2^?GPz#8Ig~$JYyEVg){{IhW C1DUV@ literal 0 HcmV?d00001 From 55df9a32c02fdd50903b1160e5c5a5fbe4e51cec Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 28 May 2020 17:18:20 -0700 Subject: [PATCH 55/84] delete file name with space --- devices/hololens/images/Dark Mode.jpg | Bin 106016 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 devices/hololens/images/Dark Mode.jpg diff --git a/devices/hololens/images/Dark Mode.jpg b/devices/hololens/images/Dark Mode.jpg deleted file mode 100644 index f2cd7c45106cb19c88c6f5aed5fc9f56d537056f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 106016 zcmeFZ2UJsAw=cdC6lunSfS}}fPyrFKP*h6rcmRQe2q-85QBi3kDk4bRSWysT=LkZO zjtW>PibAB@kSb^pLQ$$fLJcI@d2jzCnGI4S9-oQPDDr;+K5aSn?7AkT1rAn`oH{- z{{opaQ5#Leqg;oZ+c|Leqf98KN`A#3kT{?AgdPAz|TZ zBEmS=aCZ>=j)=^eK6mlzjWgz1?GgR`i1eD1SMJPI`r~2YeCulFlC^t}o)Qz6k(FB@ zzjT?hit2JrEp453>o;ur)5zFlv#FWQw(YidJ9gST@7sUC#nsK-`fqPSc_(|qA0JV#{u z;?*hlOHFYpt2{_a3blmsz6Ox|D^BCXnp^n_#E@Ey=zM z_Cqc@A}K5c#uJ`{kPx0te3%OI%jcTUvL3|RO~=~$P@L$Y1RourWv)V;RK{NwOA*uO zR?oK`I}oy@S*3ZoUUd|5%`d?(b;#ItnnhbgTSCQxI5C|toiK{#|J?Hb7rhwH1sj@} zMzwJYo zG+8jLB9mp}#Gb#F%yxK^JYHNMvf{+`6E}8Ln8X;$=rR1^FTJC>gHtt~x`wjqJ$b{m zcX1NIdlKGi*}O~mpTqyB^-wW(H`Yf3{NOqG0X@BgQ!}0==jNQMH zH_8rM_knc>cZX|ElI04Lvqr$-0c}zljAzgaB{r2)YPgD zBUVPz|E(WuEp?@>!fx_6Zy8QEuGn%Q)iG7*{(J63pcQ*{n`Hzsn^6`)Dz5sI;lc`j zxU{sioW&d5wB99i(OLu1T%taOw*?ia>5=vkzM~@8j$F%T~Q^D*Z?6lKDK2mrcZQsI2LW6$3;6P|RMC2S#^m`B z<44O#&L30!L|~feJr67xBQiJjGMe-W*rLw%fe9(L7szD=a%pgN%gg!5umVn}9RwT7 z#Oc)Wk+BhAA-Czr@z3ml3W}dSNBPJ`niSgdj>Jkqi}SGG&?@g@GJ7qB>rqj_@BuB@ z@DWBmP&N4FjPy-Ii$OuL*GVlgq}c>+x!zhna(W#fDU0DFvpU$P(2n)3RPKUuOsj+H zmB&Y@X?$d$7mXm&WywP$Bp%O;mB8CY9vWkUiiu8GclT*b>=jECI~}_KRDF9=)rYx% zkcJj9E2qRG_DN)pPf#%|mtD=f^D~dXazzCm80<4>hi)r{D{q2n(wKdW^XRZ5lZHtt zfk=Y`KP%_wTN_DpK-%XTAnj&a+4Ic4F?48bQkIVkMul)`!#Jbf;yCA0y}^RMLUnzU)~M7iqF{|*}aE}4BCEpg@};N}u&OT7lR z{5d$#5Ek4C4xNr^Qt7hPp|K+Zx^Cz_bojfzduhzCjPu|7bwVqf$_4fk5bh@l%=n!vTAn{2;p!^4nE+dAQ*4o1KN9DXx_%;r zy8T4Q3>f@IhYq5C)088OuKnE2d?aq{EXwo%be|FdzA^ZVL-nG}uY3fTP?4ECDWMzqnk(0sIP~pG+r3w`tV4XHv%h`PsS+S&kbH@P z@$<7Q+$XY^rIhReMKdJ$h(OWN;A9Q#2pC4+FFjA;7!Q0Gjc)hdHGW~N2fUGbo;JJ? z_r~A(NLw1IwGo{|>ROL`s}ZjE8+^nKlu`LCz6KGBPe}Mz(1cQru z7Zbrl`AAqI=+KM133S+b4rRK@vKwxK5piPQ;=+$XRLe(f8@N31E=n&DGX!Gmf)`W9 zFZsDZhykyOQ0D4hYm?>8;7$#1_T3@EkM{oW}{s?t(lW?0sScy^o{*%R3K&Wkz>OUtweg+r$`-IlkGHtX_0<*2!4S!Nr;d9 z5@CKh`Nq=hiGeXo6B5&scwQKDc2WRQA;wsMvQ9t-fdD^s#mQ&1_gjpq3CjBsiuuTo zz*pHH3#y(q!r~*m8G$3{gk2GeWf;_`$H~HysB8S#F&<5S7yRzNIJ;JR`=e;j}Jg3tz1o-djCqFEQ*hZag> zIuqG7Xt4-;06T>dL1h=wb_botmERaK9eqO`ABQwbWTjx~nd6WI3kezMv3|l=+4egy zSiA@@SjtE&+!sXIo!F`7Z&WP5Q9;YD_4$&9hIDw7f%98RaKO6h)DI@*O4wdOqcZ|) zotw{k0SeAI35uEtI)74`?EtP_!ocHN1knS6CiMb}D@6XMlu+3pbAfkG?+~d&Ee;qe z0)}$G>a>G{ueJ~c4bOqLM~MdojcJ0$1|Pj45X?g%h5wX^*!$fiixfi_BgH zPMtEknDqcSiapCmPJ%x~97S7ho13AbdJ#3cZc zbdEH;8tqU9m9_Yz5l0yZsaU`pJ`zM_CG=eb`A(n%kN?34%HCVKfR9v}!%%-Q4D#;b zg>w&(I+n(xEl1G^Z`6H?MwG#Ol7NX{1ySNGV82A)nn1jH@fn)C@glf;NgYb@zysc% zkNisD8pipBfDWzo5_dPLV{w9@zg1Xyvj%Z!b~TNuMJjuU_c@9;p}I$70j3~I)Gzjk zw%{!G%SXTP5fkViA``HGh3h~Y|hFym`z?P3thVhSr&if?|D$K`ilyR&EWvY|P zDD3@IX|(ct+e&Er3M7`-8>e;Nr;dI6snBs4gvz0K1v>#lp=$|CRsy!brIa`%VA~#z z*ot#o58T!S#goT-m4Ss{MyD(KpEP#ieQU${lO~|@tIT}l+)kDW7jg@UEkkWL;jXC+ zBXx4XIxn)o0+ruejb1=;#;bp39P0+}{7=NDes9z_7d&<+X&~WOpWpPWq(tT$1BjZ` zK4m^Kt(NOS`q7NO^k0?ENe=x7yQJ2efmSd`>6X~^6m~sI)!>fcUUC9_=-=qRGV;6C z{te+fVYKS+<0AzTih=)*>W5$?O!}F@f8Ffk-zEO0gCFw-YLn)#imLwAijTSDQ{sMC zz%K(e>K}Fjcl^bPc4FV;{h7*p!CS-Hr{fVPk%wVKTr+Gf_o`I}e-o<4SZ%{e6inIyaS~>AtgQ*#vXF_ORn}pMkF=HH^#9I} zl68$1vN|pKc3oMwp``Qnrn`3T>1ta==9z|Zx2=_CKjqj<@&;zRlPAbW$XU5kpB(GYxRoFGfD$8oOf|0IkVxv)r znd`2>s|I51CPz*ZH+A0jK zV~kcu01I2j3_ zby5ftVHm-}H(?N~ehUc3qlEpF&BJ~GiyeV3f_qI^;H$G45>AunN~rL=1~ zA5khKKVH=w(9k}A$di}*Tqa1*Jb}ukNCm%WY(CaOlQTHe>)AiyZGU`hXSvoZdegCv z?7l-Awu)ML>HJlH<9U->O!kv*`-Tky?`^%_DtyeQkK8YiF=kBZCO>J6Uq=jtG z>hW9$+b;jji_xm`H?QPv74fY9dw3#jli}=#cOT{2KjQUVuP~gyQXxHfaqpV>>_*O( zlhw~n(mMHwa7t!lKyoknd{hJXW+mMNE7LdUBjza?w>4PZ6Pa({rM##lE}E{cB0TLz zu&s!Xs1|4OkZ2Vuf{ArUk!bVj3E zVQNW&f*r|+Ns?z->>4d$N5=K|ZaAKh*mc}D=bdwuSk`r0V^NVgWL;yw3k|nZL^^UT z=x^R^$$!_q++9pLVbI_N_BJ2#vKo~$$Y`~)@X~rZZAaqy*i(P1aeEnjq&4Sx5Fasc zQiSP%z1{7=ZS2yFz}?RuJ*{tjaL)WsRpJNFGryhkez&0^eT&}(v-iJU9ier3oBq+< z%bhhV%rPt4;`oB;(z~k-6|XUKTUO??Tuk0)J8E-GYmf2NudFcmpyF8LF-xQ<0m2ejBe1kdlI+rIu6Vq&z96_@ zW&ZkYIj=stJ|j<5^`BKSHL2uQQbzKpb^ckOt*%v9vGmM<$fG|KGqzpc60|Oz5LzHy z7re~x&0oxSm-jfDZ1rAfahRhdqPllSOUrI~PHoX)wuc2%zaS-L2kJ3SPfqmtu%f={ zZTS)LN4MnWZ+-GxrvG@rsK=Aq@;=A7H!kAEDcX0uKNlWul~xTioD;oHF~-B)Z+v@- zRqDr5((_wZU#|On8e&`^iw_hmaG$-isV8sCgTckegA_aa#AL)o*1w=1RlB^)ZO62S zy24dwm9<8xp@GYeQNyoM=dkDf!E`y5aepN#yF@4L@X|A+i7MZ@OFBdJd($0dSQ-T? z%4d$H&+SprpJ!pPV6T!Z_v*q6VtOaebgm!R31#BCB~b;@O}he)!2({0-GhQ$12rb0 zc#%n)D0j*4^*j1@8Pz7%x$Fwrs1mbH(r2P!iTamSPNVIT~$|yGS2h**8qs(-A22*)$iu$sy%uwGSl)oJhE=RQ$Wa+U(1xDGqkc_6GT_ zXIQyK#F_3gd285*#*8lYf4O+1|7w>;f3bnz=UIgIUFyE^8YPvY<>_50Yi%}Gh32@Y z9lTO0cOk6IR{OUQ|9M@@V_j<>r&Q!OrBjAxew&m9?)(SLeLe59uWgzwUo zbnU1ac=SK)niMCNbIo%@n5GbfcDFjKI6;nsv=JniD6Ep=DeajIsmc?w22Mn~3i2Fe zm-v>Y(pgrA=RxlJDZxbp1=j>ah0{hG@buWDiqKUXjh4|7L3V>w;h5zaClY^AUI0yy zgJd?n2sWu#N?RET9R{$%qF>I0ROqU%aUzYTklBP4AkFot2t9+e1+-l>ZMs#2vTRc6 z`2TaNb3#B;Pw1$gNevqz3$xF?*;Re0x!n5kWmD>8JRlw0$5!Mbl1DrHJvG1 zxi0J1bv)@+dt8{_tB_ExDb(<>q9!MOU$;YcOu1RpV`>s|%y#fty2>uC3!d6X>~9Vo zi<4SsvGd}4xqTh!#=}DHvH5qG9#VY`O|_((>HvshWorK4S5;~i^lgY@91l@SjZI2T zj1wO`c6Y7(Gi9>`U7t9~UdWCYb3a_r;kIY@8Dz~^}@66%P4Le)OVH+aP z>M68Q35N1Jvb*kF=ycnmH*HPH!C}t(GAk<;WA_@PW%a37&7WP^f7Rsate#y@TdVE%sheb%+<#fI;^M0@v7=@@{pD^W=8b9d zJMy32s@r34dh5Jm$hGaMr7{~+uUoe_Uks?7exj!y=%6-(vt z?xz(W4};Li@Ykl;uT+zQE61yitBs0^wX3sgb13%O1pAdT3R(C`K=tG1@U!RoG_Ajm zfpD@CFn7ppj>vLYA&9NjM?QE;_d$r9Jgt(!gBrwZh;TK|%@95v0;(zgE2mkRQ~XyC z7?mxRelnJzIP4%2AL%-h;2PiJLzE13bZ#LjxaE!BNhr=J+*h{!(UWz?K`DC-;$DyRGoM(hvjn|u*8ke*v zp$5wzvSyq;Rv#4+-EX@{&ewKP-KF@fU^TzC@-~f&{n;G#xl$s{%kxXqA1>35ChDGS zRK9IT%<`{(;9vc-l$DN18I-itAfRF)m-n(n%8K)VXfXq`@H~c1E?1 zEvH^x?e~cE7^5r7IYs;MmcYDqhsSW+yY{4D*FYo6D_%BNZ-cXA4LZC}Yhu02`u2{@ zGRs6=wFML2jxy9$?NM!C59l4p(>HLsT_x(`{M&EdyGA{0qdp(puV=T(d39UJh5*}c z`})2eGLK#6r+Y45sm88;nr)UTkrf8#tkw<*PDSAUg=kK_$4m~q=)P5tD1uSUM|iN34w z%Ax#VWp~D)JcirO;>yKLFSG4@HC`-zv?Gn+V@CI6ETR8^XFr-$aUd9m18CKg%gHw1(5c8?` z1`ND=M$j9vUPk^VT$TI)EO-Sv0BeELPEc`^WQb#2tI0c4QM-HG`$PU}H9yl)=BlKB zYr`=Yg(h2roH7R=zf<+7rv22P2GI6H-&BP1_=q&>wj1`hdN{?<^Yx)iF|Nz<6)@=o z&!Dw7X^d-)7F}$B^?U)-Wcm)$_(TDV2UKId&9fR{F}R4*V8VUA1NMShumB^z$q@tz zCvq^=DZ<1D_qZvso+Ali!y0UB`A#nP1AeawS9Ou^qwr+fn3iHjsNDbn=@_!SpPoRsx|I>ZWU9r35VKG6>)7|vxBaEVLQ3S3%v z3%Fz^aLmPkz-(Nju>q$|okF3t4Qwvp(sE&?@~mnGT3JfrVW3jH^GU(2{`EfPU+*LA zu^G42ix;p6I|De2lfq2V##FGHBDAtZu_$FQ_JonYELT;1k|*3VZca79Jwu>HgG?Z& zACK$i$8W%@`9H`J?b5(5)lTOPX7+|+P6xr!QV1vW+QBav$XNU`M8t zUPOMo~SP)F0-2^>Q5eH#oc4Sz2n z?aN(Dx&WjHptEnJf5Sa!aHVTUeqiw1U=`Bfcrx0uIfd{MEmg+Inl!H1lnn`c?8Yq> zJ1%*E&$dSDZ3pv2kui}lGOSt7M=LubVLRY=O5X})E_dVC<$Of7J+QhWU={BMcL(}q z2+ElkSGEuzQNsz`0yi>S`nx5;g)~5}Y{JJ)r70NsSSIv1z~0A@C5{Kx(3mRUj42or zmQj|k^PdF2GSDCm@{-V&t-vU;v{SG-A^tO?1a4}h6D$-`}U;sf$5WY&O8?rJ`Akv6%)e+RggJkh=u^hP(qria16K!;d@o6q1kzu;X8bVa{# zHiJ+P!A$40S+L+A*{1{+DFxe-#@VMoY{zU0k5^|k6c9dCmVsbdC|5$7#w;_?f^otl z!maf`YpX@qLeAjEuqbym8bRxv-0R7PMZ|L}Sm4%?f(AHk@EZZ`&VDzwE=%@assb$G zV-!&S-bhR?x|}!!+d^oIef88Bz#WIGZ$;jO7SCa~W9YD#fQ=G^^(0sd$9J%HC-G9I zf{x`E1HbqJaFKJ0tOnTp=%TUZRMFORT)>ZPl#+#I9B^Gf0SntOn@)Q*xM2@<5zaw4 zaB%82X%DJM96#?0?NqQ@e5jJ}A$^-BP7Y$_D`PX% zey41i7-!LF#VEl5TJ5YTK`pk``X{miZ>)H4%Xg9{5tq@l^5amv%V zunre@4#LvOdy^yRw^1$9_3?Y23Lf2F?A_G!#7SaWZVcuN8tk+$#`hClzYidJ>g&MD zoNM!k8@Q{KOEe~C!WO2yDyj9P0c_H5+5~og|I57Mvzu|iM z7an56CU#+R%CIf~SOb(TmlZlH!Gd){IHTfP`ySw^T2^FJ5M~CO14J#klG3nA%}0pn zq_V@m2{s=D%L|(@#EJ|IaM!}kBohtXD7Q1l`A9X&TMzk9%*v4 zK^hW$05Q38mun+=BlSZHY;BW|;RA@l-b-7ER`v@V{`>erRfk6DW)mVK|4M&8N(j})etKu4yebaojlH~Au(526F)SR(T2toA)b6oz=C)yYTrDs zvs502c}gl^V-`ETM4c(}5bLghGXBVLMIYIPAB%A>8*Lji-J#xLx{u_(P-VT=+P4ob zsV_f2Up|s;Nn$@H-ryW^b*^=&p$)I|7?yc==*IXL)>?-LEYZF@iB4|0s=n@dqtS9V z*WOt1=+E@iBQpxHN6{%-<8A|s&QW!?cqG(zbUPfNYHaaHd>EagDMarc8t%wbQ#FxW zm$9a3Pq|k0jyE+S8yeT=dGE3v+HZ8U-g~&hqtU^6VU?(nWbw3&#Nx2x+~{>38RbxB zYCB)vn|#SK>akMPeIsQk={D=@JEh&fu{<{kv6nL6sqztJtwQjBZ!V%x^p!-bzhwLW80u||Ej3R{kl~%92x$YFRY*4aw5{5+n$y6DP)Fc z?_IEECLj4LG9Ud@*0Gm4RH7)x96L{QrBNnw&wK7G$f?n@xNDZv^~LwV=)vKMt)g#f z%qu;NVd>}Kc`)MSNv%rnX#(atPeIjZau2PthS4;Q$aUo-XDGH1dy+aa5fZxr`0)sYv~b5@vO#To zUBO&kM33lwjgMGFb6tfC(bnIARb^lmWeD1bvYA2xm~jA~3;Tu0|mnU6&Q^AQB*#?43km7mch-i={M zyjsM~#FHtMkCvNAL)OQRu;um7dVNN{XSt5)ng47t6L8#6a9mX2xG#cVZ;<6l=Mx7t zSsZ0o^03XZJwG>H`;Vqk6yEehlRjS;{K{X9k3>=9G2>X;BZCmMBh@v5sR>2)ORQsI zb-y2U6&1;wo*}rO!Z!8Mn2>N3jLCp1-W5Fqv?I;+G!r`hjU9l6C0`f^p2<@@6R^3S zme{E=GJ7t7)woOLVX*bX5MBzSjU8N$Eg}tVKSp|48#$`W>;^8~lH1Oc?O0Jj}D>E+it9NVVgqpk@S86@#j7m|*@7WVRgUZp# z5i>r3%}uw%PU}$FbNNU+J_2mhp?x&8hv0K3^s8HI=7gF*;j>%u=xSyq8lLw{a|Sjy zf0v*+m=k9|Dwj9Ii^Nm~xLH9MjByQSId6WSD6aMSY-cQd#>sJcr=rZs5l3B*7VU)C z>5j)vDjqG=-$Tu*1$Ey^OH6Cnl@}Jc676`vMh7(q*n3e4C}#G;mg;9W&Ntl$wgSt? z9|FtI7+i6b1qJh&XE0rjYZ}9*L;S5#8ePiF<;jo;nDO=ClHmEIp`C&HKN-Nl6IvAS zgce_*1&s}ZqR1IWOVv>*5r8R=ZX@1#z2#`fW50kwz(yAr%!jh6vX$`?@N0_SCDB5Q z_NSwhjV7b`8~g7x8*17|6_~fcdexKd^n!~G<^h@alcyTr?Rg7rT~kl%S|0=&@WM1F zi5|x}VE`wU>^)v$Xtf8k^D|lor8XH(4hl{v&UWMEPvDDzu#7K;uLEpsgpyJMg(x=9 z!V5dy0HAD`ezub>Q7F4juy8L3?n;B2mmE^jvuhS_b904zw6{2-F%UvJyVL$Lz*L*YpQI11dQ<6&?&+ zVVLrS0Xv?)0y;BbB0QgLP57Wu*ok>Wo}&Rb15lZZqSfBaN}L&iRu;Z_I#|hFMjzmb zju5z#D7HKjn->v)os;@TGBd4VbO!SXXt%qSidzMy8S@Hh!;XP#10$%t;cwP{HuCM>;=lWT#&+xY0nq%5u?r`*ujA0br^p|ZiA&HX2Nx&G7Al60cV|)c2q1A#0l^t zu$tJ)^=V1O#ic>;v9}(i6;w}PhzbPi;%J$-}@;VLLdcyVqZJ9j0$Ia}Ywg1z2 zC^m0k4qEjJVr0uPkV1p2jN#?nH5tXG4wwh!L{EUpp=mRTIi)U1WMm^l`17m8~+KZ5)P zJq%UTkk>z@umt@W0hwjr$xyhf2F}pBve>@3_mCby&@1QGQ)YqMC$m8zlo0QTOsZcv zcFy9P-+_Cd;gpbuSND+F3b>&7%rUg+H0GfbN>c(n{kf&gOr8vx5Nu3^l@usM-aeyl z0M7|(BTmSTOt~C*4r4ZG=ez4b=##W)B~Pq~C2}J)u~J1D;?NE*>F1~nGlDZiKlg0H zRgQ)E^qp{+-oN;WTS^)$4VHz5fd;7XW^^z9U_tfnDw2{pth|_vtpfLxsD18x&%tDA ze!~SVl}n#WH5$p{K?J>yRGmwKhW9tJWD+hPDIK~p-k%v~`E^e#I-xcJi7s?>E%OCL zfM;?4%(O!##NpNMQ>rli=cwI2P(G@~gdr966k0~XOi>E0wy&bJ{K!^*M6NQV1)k&v z3N`}>2qMrsJSNS;hyGPC_<%AbdRSqLdVD7sC&G{dv368d;&swg(q^LUEm{K;a$1w| zkn+n}ejWBwaUpSNdlnQ8mS00#tD$7F`IB@qVM;9&?_yG`P6OJtyN<+M4RPhJCEFsK zF+u1dvgIJyZx5hw*N{R(x$pI7V>A9n_hk|Y<99cxa;3g!yI62Yu^b5Q|J%6k^nvl{ z5IlB}(v`y0Eas@VDq-%2E~3IFlU@S87LFEqW}sE*Rxl@|tG2X9e#JYZv@cm49j`vO zz`pOLQq_=C6}n$v1g-cBWKjCc>m&IO;*fQgH(s}WE1xo3Jx7vbSUN>IzILk`cWu1C z^UaFdb$>?4>|61+qy-UL62<#1oBh6JdRd@%>%)=vkObIy>=)P@dyqBiN+R(^E#d34 zJCyNMx+Pv0O_idYyf^JB#aU&6L9J&edLeOg9lbsV2C?0rG_eRp3BBpNP?pblGvo2B zFj7ann=(^NA^2_Hs&1Bq8Lnwtfdf*!hhJBYo@4KZMoLASdNaWEtk+GCd5H$|GuE=! z7Pj|h3NCTeNsqT&B6Y;Mp;wa8V(o6?FbNKS&>6{V9Q~X9R{}LmQIa^e${uCCuFK`6 z1kceRhsBD+m5(@OZV(Je&l*zKWM$7?d*}*yR)6HUyn$eTh8K(~^P~4`00E?Pf&i>gM@u zh;Wi06CWaeW9Cbk>$F6R&}q%w^}O@~nQps`Yiro|Hs4&Iz zr*zFwp!h#t$gLN#bFRah=EIFK-)pB2Dfg?dyZAXz$u}-G&RY>>zxKmzNQT)jWvo8L(Ksk?qpP6f=;0 z4`C%!2Yy64>XX6g9kLaajNe{La@-<*<)y)O4m$G2P<~p>W>r_=2W(PhF(0|G35!m_ z&UoBtbhIlR7>5u%mj*bAF5{>EJc&@WDW!Kpsk|)Eqv{Y{n`4ujc~6fO9hBPGXBmGZ z#M-c$D_2P zw1nVhi-ejOQ==Car)whOZ-yZjS%4M=XK>HvmaucVJx! zuGl~~Tz^uLz@a5AtL|EErXq2rPoN#>S$cZeq^4{}0Zati7T2b1v;-B;SPLqGpJHGG zze@NxWutL*7l3D%B4B3tlin&Muner;eY=3GJkoU-@Su~9p%N!7FwIXFz#XP5h$g8^ zO9nk6WEGdQGKc2(OhkL~9%52d3+GLwah>@mENI-oP1pn<*)XE+nS*^G&LkwK$5Xjc zmkKm4XeSNv2qt26yj$mnnzPjV9~DP^P9Ipeus$ih{zygO#;%xsI`e}UGUaOs9ymj7q34FU8` zjD^=T!#QKe74XrS-WBRUSJu>bbt%5VE<AG*go#j*QJ&zP8(myhqEZUvcjB6HUh z%|6zha;WICh%ML1s@dI8t*FYQWDLK`t{@q*azfiEv%9Wj<>oEQ>FU3+ZGX$8xJNiIxl)$VxaqLLp@3Q0XZ5zrUpaa)i(Fs&WXsBm zg)#G=-S@NRSk%9xN~OQAx@vc+#`5t7g(O?Gr_vX1w~3f^xN0&t%Ai1={0a(oKi4^d>A0NszT_6vW*^nZsz3gd{d z$umF~#fQuT_~zte2oRympnv$1Don(4!z8%hXA;|A4aoop=QkQECNZClda=ApE5&+( z7gwQ=>GefEIUN1>HN{#b7uU>H|0MIG-^ik!a(Y#F-pz#RQ4GK16CdasXPjcFRo2Sh zD1F2%G5_`rn8Xq=Cy%$cHr;U4pQVIbJ)?b&0PVU}HzHj_$}f1JH1@aJVGp4N`31Lj zpD}BdJ<@$sPrNe41aQ5t6xM8rdHwqE#zm#d0j{$B9)7ij{*}c8a~ZDkyo*u6X$Lq< z&utu^9dPp&6?Qo8*pHpq2;_AH6zt|LK*&D4;WLSjc zhKb7LiaynkO7Egd9UJ&4VFoj@XKnfs1qrMfe-syEatG!vSs_Mrr}8cbcMXIM1wVb6 zf4gBo*LTQ?9BG5P1lg8X7U;3bZKQMPN3}Lx!q<=4x>hHqKfkJa-Pp8jM0B~O1JVAA z8d}z@Ss%QZ9mR2K7}!^*rTa?a)r!!;t-3;0;ze||0xD_wX!Q63?aVk1nLQE88^L_K z3zR%*+2utx-DzFrd}Nt(re+SY8!EQ~+Pi$EQqSDcM{MgLtwpflWagYnX|qTRghIHg zke4tLUqAF^VSRo~y_|RHksLczr6cES|11+NmT2N}+uTL#)5CYd!$&cO4ldZ38wyoJZedj%c_Iy_hs8PFwSN7%ys{-cAj^s|{$Y}{MS00C+HMHG?+00V! zQCL5Ecp9d~HQimpok^Vdn^%InlH#V_a8tDnkseM{M;p|Qn^ZVvJ2Rsf7ilaD(Mo%N zu|VYksf;o9DkU>)1zG?HaRei_E+6@wP?8A`t4z$vIFv^`H3-X91Oug)&+olaAlz|w z7@157d_=a3BD;u{Y4`$%R|oCvRP5vE_V{b(w@}ZMXJzXjXeiDNUYdO}i)YNr`NQR$ zVVm-y*B?s#31@B0*upKkgqgjHzt?121e6#ouNl}EYM!_2{K53Nm<5SfjaueW-gJ|f z%!!@(GErQ5HzHc|yytH%Yl|UQy61^Z(p8-Zr)^nv9A{g0X(BspsIAUPwLyKvaav`W zjE=oe;>8S_%dXI&ztozJ3*Gj~$ZX3kiBR>CaJ-k)?B~xZk@2;K0=)6nQO_zJsfEaa z`4V-)_$wbA3Xds$NX1*aZvJaUg-zWjW`Wru!6 zujJ+gEtc8cOe5hg75e%X@A^!R_L^M1jGCOL6*Zj9BLTkEJ2>7&w0Y0fPsH_L%I~$* zU^B~Lk-L8)UH$nb38(aT?K7&m8<%!=Sse36OCx3n601f$Wu$a$9#j5^mD*+btiGm^ zw>Wo!dE=a04i8@%v=s=^*R`jZxovN{8b@{5X1+W{BfDXO9B?r6zWIahg{De*8KnnS z$X3m(i8jAt>Qr4OZQW80VADxxDLg|3Nd?Dp=0pN=6Y!q^8ij&irO^^kI!|6g9hxXO zngfU!Q^;dhho36KQ(;qw^XIR`QKscbmoJCOL_|VO_}Q0TX?VpczEb4aw&>~03XNXu zm*!nR7~ih+0x0CtuX$zvwg3>ayn;GUX(2_rc3rd)WDk?9>eJSM{gf7(q}gpa$I5zg z?gCeq!3?9&a89-LLFt3i4l}z_z9x8O>xR5m<>2!mqZbFNO>+_(`%JT}g`!<2dH?Ca zVkyqD&4Bd=8(T^suhaXc(NqM%Oj+<*e0{_*D* zT;oLpAO3waw?_R11(PZ%-5Wfn+5VLsg87+BxmhJae77e<`4V2 z5<8yPwrLcSdW>!zh@rR>#Gw*1E(GD7Ix+Q8_O>lc#+3 zDJ8;Gp6++BTb2irL5i+}3 ze^q!ScXSl>HEaK+qI}Gyqr0ZShm{$zjCJhh71QZihj)ypc`ezx;;5dd(z>CUoRULj zmhK(Ncej=1T~c3ilaGv!z3O*UmaF{&D_n_3hyRv_DN}s@>Aw%qEwY#4?lh+_Y37cQ z8Kx~lmUK1CqKV;x`7D{}`@0IKza3qBzgz0HS47zDkT;*KJsUStH*s~D%fdN2Y=g=+ z7fRpNp;8@>4nLQo!Q1P-TJ!$)nK^6bNV=Mrq8lH{Nv85nwws4r5Zi7%@%n1vF>Rej z&;DksB7~3 zs{O~7thw?MphF!i7N&6MS9zVrc_%bh@+x@oPG4=$4oLfvw=)mr2PAmdT6a&}xP4AF zy~AP611xsrh9j+n5-vYbdO|atGDlC=Zo()2WB8ZzD;j2|d|8vrTD9=NlcxB5@k58y z=<0ttX2#uQuto@+UT&$s#>Hr_zMagh33qu|$bWUdx3aG;D4sahFy0WO*_f|5Xl~xS z^L~HAI=@3oD!n73QON!GmUi%z<}sRC&U+hJ^}&yjFSdzh5grN5%8-!(*(H=jx5rLP zTqJwXZVg(qc|jb(iVfR-OK4DS?4aGcZ`Ktov9ltDtILk?II4fft4kn_Rer{XPu1czLy+N=-9Ww{Pfd2Uz$}H?Fkz-E#fl|Hf=O8T}i;f+~OG-;hl%AH2VhWG=moz0hApUkK=t~Js0HhQ5QrOmOb zSXh1Jf*>S4P0(}@`Dk2h9<|o2Wm&Q5gWAW&u1}=sK`Qhh)sOJwj6Q?w(H11l1K}YR z@Sra>%50@DzTo2{-9Po6v0Cu>(nXHdVFdxruN*6?JKV*wKA6%;$FDDVQ2n5GsLwbk z^@-#MH*KofHG?`AdWe#so8^Du_ahW|OgC*Ue$N6(2(^{~5{N<8;?M5xy$BBi3%Ueu z@F$j4k;!L{g$2(aq^SsjP*L`(ApTsv z_q%q$a|>|bsfoFE+<0*S`rQ&Ae(})ccgSQfvQv*|?G^Nv3eQmEJWM{cr7kxXCjv@# zgO?(%j}r!N6Qb6~w@W2ob4%*D|!zF;u=D)>-4&2ZA(?QF)3tigvm5 ztrFCp&!~%t>{qmNl2FF?9D*({Uf z&UY(ICP`Dd+1ok)uJueg&N?_T+e;oVPEd=>)us=^jO@ib9A$s+~6DGUcbFa zm)qY>57D~1<;DS>`!7FtSL}+w?2)|tYpoC5H6B@$k61)GzL(G55JEK4(dkhgSRh|VEY4|Gto@Q*b?~>R=2~v?ONF1UR=5@R`SVzYMBDy?w07cYdITe^ z?F{=(k^j|?pWJ6|k9ezbQPpSN(ZrGAyLlZjrrTwb1FZtu%o)Od=ejq!+rAOHs(PTj zV#&e#Ge4au?Dx3Ej$w%wSF_iYzbKI8Y=1}bI_#yPwTp4nqw&=0n5XNkPKKDq5tg{8 z-Qy!KH;|JY`j^K(y?sXH>5GL37;YBZi8ZOj}*&6D)~BU;FEad)9t> zl=S|M=T5WDughaU53w8ez>+&3@y2(FqTy936jtWdOpRrEb;@}+Z38YWbyNJ~#ELDZ z@I)_X3%o0=6EJQOm{xbI_X^`#v!orbH8{s6&D`#L)gTMp7KPpTJE0cfuH`sd_<6l0Hch?baHu>fI?H?dgO9^7jfV88T^b?1-QE==QaNKa3$v}8ljIKc$N$V zufdud?KIcpGojC%G0uGgXYgLOgl$kiP~T8E6O4BANgA6bVie0im~+-N<#ONV+3~o< zc5AeF6@Esy6L6u6)faqkW%yo$);T!!+OnsYu>E7d2?#KlZ*n~W)MR`^pw|?Qua8fF znzul1#npVt_?|!M%VfJ+T6QKN=SKxZYOqgbd}Iyha*%bT^VcIBwPv)cHW5&2&RmH5 z%-4~$VJ$b(7;NLovp={;He~{Q58mge%drI{@1e<;!ZrTQ=-|#45P+BBNK{V94^ug8 z68=s=$!MGlTiCrpMcEBy#oGWJKy4JrzXhwq#hN@Z=Xfb_8K($$t-l7{q&+g~1{FTu zOk}RcaUDuz;&}8i6jyJc3oi`?bZstaY#iQo*td(1jPt+|a4aP1*^WjtH%+9kEdR)0 zzVu}b>$t*;)EIok3BXR%htRi-1Qg`*XcxLi20ZgfC5}Bz!s_ctofDIo#%f+}1m;yJ z`rhrhK{fe9|2VC~tC}`I!}8Y!m&f}>Mqp)zld`h`i~p@-4|n1a54;)$6eLCm zed@HF?#X&a^dNkw=kk%a?eU;cl;?k#chReo`_5j22UmL=00U1Cg(F9l(E<9Mq?z}# zFdIkg9Vs~`Uv~wg9p2TX0T>ZZv825*8)+T*8%_l01xi>0NPzVUV4T&whp^RM$!ox6 zOZcYMny*3Nc#`ITs_TV0Hlq+%>zp2C%*By_aft0?0v|c(P8#APK2uVBs6&5{%*K@> z(R2M7@d)7qYDF5_(1i+I0_Co1jzc?qab8+*7xCga!}LAw>{R!^oOs|CCgQ5?AU-I7 zW`0#Pfdqj6u`mQR4c#GdTw&PBVjlr&xfo}q5m)FhCqK07gBH)kMM#&xZ31tz6m`eX zL;%FXNfa~2!0|H4R7PV|CQrm`5+5u$&YU{l!RUklV;ku_3~xiN1#UJm2L#*z#;y42 zh~Ul|M5wO$VrwGMROcWNU|kq8IDs?5~5TzhtPHslF~A-EQzSGB?=R1 z(=yUV+o)8B(B4pLnxcJ~X_=;3UVhhWrc~$iInMcf-tX_@`+fW#??0U5W$yL5ulu^L z`@Wyob&=)+$tXfk0UxcaLRuGt*ugN!<3F&iNf2+%aD>%;-wX}F`-@jP6lu7h0n<{4 zX_cVaBm_CuPV1iu;-A(7qUD$)t$zmg(FK_6v~SDKXhEkip2!Zx=qZc42bp>9jH4~; zDC;lg?VJhdCm7E{Y&;kViY`_dmt!^47AZ$J%Of}#|5@pFd%Ok z;fp6osX-s?ax4t$xDVK$h*)S1La4*+?Z{hrs{M-N14GcGF!)yL>Tk>dvdmk4eDyJH zRfxpbFpbVoK1iD3`v}8BisndG770o+fWAo6;5?DEc{fOm@!8ep8pbk znQ;fCc^~X>Y=Inv=KxfSUnk4&!4`e;SDdpW%|!-4K5H~bejR>EcAmVmEr>ELMw(m zbibb<(oed=q*&ye_{HQOg-;c?2SlNX_op|S&$|RPsoetB3xw3^uK-~ziP|}fh4BpJ zcSj;@iBVZh`;#mdDX3aP(#mi`^Jz@@CSj5A0$hrSio=qbOW_lDed~OiFagsF1H)o@ zRN}-llAO6Pk`lP_13Rk1nxjs`_i5SFL~1if6_g{=!W&U72{FiU8<9ehPLRd4oIT~k zdoJ?!%dnDzh=M)-g7+Ii$$?^-gE+S1`}iYMsRB*K8EH<`glH;n2}xBf7)HLqFhL51 z0ghGiZw*O;8c3T)3if zU?3%5hJ)-HfjuR*t?;$`MD`SjyAD^rS{->P^b`eSE(1ogObxVG5{Y2V4Xx#mR#M>v z_XyDa$e*WDt-?8yiSJw6hKN@54kOtF_~mXGn5P)$4fK*Zfjt7@r{Rhz>Ih~t^8mBj z^^N5R%t-GBp~BjgAtD0A)N)*35JeWRXb-PIuxP=cC&ke?vDm{9>RCVl3V-8yULeix z3hbD>S1^km>sg6Zl0KFGYNLyIiSOt!K*VDI-d-Pd<&urLIjVqsCM9eE%5!T z92la7G3D+Y^EGs{i;naSKtxgKxi%3Ns9hYN8=Hyx3lXEisl#vL2{1_~-4{&-Ty5ox zgg+{}i!ANKd^d(b2m^#j;ANZ++7M3^3AY(cOO!qlB*E~GGLnJ%sZz*GI>D7sr zQyfZlbc@28j_KC^Ps>5QJGR#HIVke*hM;18yk8C%4aC?s(A%7l++;Buv2`;&4am+^Gd>)~HcS7ib^b zNgx9wE9hO$bWedrcKVH;CVZFfkH#5>>}ikXJSpj>CMqh2msIZk*!M(OW^8>vcVnRx zPaV}+hA^j86I$qBamwuZIE?1aibqPQP}U;Xs*uox zm5pfMKph%Tf8kGmO6%hgJXi4pqT?a#l1ro;p5@mu7Y|;ztoWW8Tnn?LvTl`7#^J3m z)I#t6mbBU=<5>OGn5I?brvvqoJ!g6=U++xV9$a`@IhSQ<#1fLvdlMTIoD9g;KC7?W zrUyTLu8Sxp1L~yqC82-2Goc66OQU0YK4EA9VJ5=3GDN?$Qz{F|f^kM z1nQmr}8G`)92TPTDg*_q|NC`s?WF}Zx&nU69zc6YF}OR4yIv#-I8W&ZH9b1 z!|CkRlUW*@&A<{3#x zC7O!o?phxoM8ztYj#MCXEeJA%*59iMJ)kNTzW^>Kfl$?{a>l1a;5YE*{`G1kFM|tH z-f}eQD~?3Q?pvgLn9)L+&>|s^(6s*nyq4kH(OFp_*|`$KH8Q_f8z zrgkxCCtv*j*pKsF#{aG&P-R@Cj21ryTE~KQ|H~jCcx4m!bOt4(@;xH*P%wG|d1xZ? zAR_X7ZjBHU^V|_nxHjW`+3`mQfoUUH2ZAu!5)>Ao&_Sqqu`1Au@9a<^o}IYksx(GS z_kY+r2LkV))PveI8jABd8GYD|!lIHCk3Y~e@u0a*Wj_NKHxQ_p7?G2G#I}Ij6Z#J{5~u?da+JC{w;vDArBx> z0}oR0E|4TUg0&Yuh38~RX1Y+O zhAzZ{VhesE$iS)kST(KZBk)_3n4lqGMd9>bm_5^$XGY;h2G+Q#GLCDEbRqbTPmtZ6J0K)niYFS((7)4XdZ22f=gw zQ9(MF9#UpHws2)pKJ`4YpTNC>{aWFlPdPsy{RzAw1nJ=SV6#_WeE^v{N|AvRtd<5E z9O!2t47dtyjLl~j<-#1N3k-oMu+ajjOU9A~IDR0P)zlDzTp}%k@v6aiAs~gdU^>V} z|3*_j3np|%X8eAo!v0R@&Sx~LTqgA7gI`b&*PJ1#EzoDH3%TIlr~Fv7r?B}V`zeRL ze&RZ@RB5kVW&+P�JG+CFp@5E;A5S0E*hdYxTD}MA+oYm{2NdP)9DIi(wz1#%dYn z<9&V5MIIqvaT2xIOlAWT0OQR*hEe(G189fP+_PX($S1uj0$J;2w65pH7>P)YDp^>>Dc7okla*v%tS>jjdRAbj8@ z7%l>r7kP2Q`>+!pb1BdjFkt>FhovBko@Rd;r1mOck}gx$4@ssXmu;|q%%LA5cP}wH z8o5jw`3F|OXcbI)kc4ZHP_)emS?xkeBV(qn?di z!vu^ML$DnAm`Qs@lS3L7V$R0$gibo6(Jp|%l80m`(ircmW4hoxwwW0;=5F*IxSi_k z0`VG%ZO>TbD4DnH0Sx1%0gR9(y&WVTCIC7F{sXT$dgow3hWs@^ob50K36XcFG?{Z4 z7$&TdERX~SpkR@`M*F$h=`#fu<_hN!l({c11D1;47XB(|We3|7YlV)*R50Yx{7?tc z;9T|m@sp7wps8mGK%)EF2^?bPA}7;#M4iwKObZu#t^0R8xLfX^R2 zY@}jiiNsGP9D(D592OYH7j}9dsJDu-{q*Vu!B{r)SHM_yvUkFz1Mm(k40Q60CX~m^ zBMr0Qu9~@RY^6@}V*+z0=?ys7?eVq{wG2_QV~`_c-g4#TK)UtN#!#M!2x9iMqS&_f zaQ6_Nl?dfv=OPVC2xR71j{oR_1|R`6mJF>h=Onf@rwYn37ORf_z*`|$C=4OAMtj78 zFs+3|1x$QrHr%pl7ZACVkiwkPqVmJL{}Ue%Heg1Qxo0~pKR)KSsCN^ zEvQC=NV$6zV;dMKR9})u{zy%KMVvAw- zC6=RiUy`{|$Oxj%kScF(`icuO^DD}$oRzxB6&k(@<@qY8kND1<_VU)Afp~78X934s{F!d+>wua9`P!YFMag z)f~&}d8PL=*PXvfU{JYo-5gSxn~P6^jY0f_qIVs{HO}&#v?+^v(J9`)5qlhLdGz~t z4s*R%D((%hqYv>E%U>C}?y`fk-!@9XgVo#%4B$ql8vE#rMlzU#M|?u~PP;>U{$Oz4 z@pTHFGt&}J(Cz!>d5dL=vPlP!T;(Ob){P7r#}KWjxBad_8esc}pSt$RJCACp;d**f%z-0pC6+8TV%p%W@~x@UW9_API;Va0azCfexkQznYT4F4vrIzwDYH?bj#hY z7*I{y*4Pq(TXwdoGR|fQ-imUW3?8UzJTmU|FhndJs% zoW6UiMCZj%-r+$f=&W$r1(8-p9^n(^KM3Z72T}r)!s8P=_IuK80gZ2zev#18g(ToS z@gO`upA;QWgwju)!r2T#kQH6%vkgo^`#Or;tNPTlfn6!k~7zoW_eW}85 zRNDwZU)R{r!9uA!ulo&LMat5|o;?t+b_Jj^mR0V43h*{j^!PMTD}X1*0@ns^5`}z> z*r|j?o&@h82+j-V7Ex&S%3Jmmz%W*m!~W+G`6v)~tYSE_t|;s+w6X%i@q!s(E`}4X z061aFxA^fQboqA>=08A1D}aQQW5M6S_o&8A?#E-$H^kRHA_q=Ax6G0NLk43`*@eZ| zh2a5o9fQ#OV!?R30OKP1%ky;rws{Ppg8^utQuYpW9fH8T;VU8VJcdETFnbWv(tRYB zB?h907{J+U^Jo)Nk$K*$s&o#7f69+FjeKi9Xy_ky=i$qrowMm$^E@p=#X0NzAP$zW zBTjmNa?$JzG6_{xA51AF+&`n?Y2jz5Z-=M6^tB8x_{(A`uxneMlz=&*zh zvq4?XTQ!N5a8+?ISLpuA^GR%9s_Fr^h9KJq4}Xv$zoq-rV?9hckGRwZlL_=+OLg4h z9IQ-YYGop`0%k~sH^xlkqq9uUA^n?mjKNw^g|N#SuC(boyIAQvS@%1Y@m#}14<~cy zoE?$wi5jm?oLqZr)yk6_I_e(*Zlsh8=S+Q7F!*R-@Vu%vyh?Cj1U%4V3E%rS;^#Sr zrd@X>Z!Bk4Ml^i3Bkx=)`F2@;s)lDpwXbsO2XDMcu#rWA?OZ?y3i9!_1w;n%p@Iw3 zuir$OphG%c0FNFEZ>N665qE=|bP*!^zKb0?ynu*t%D1k#xqrPdC2Q=LIGv`Y0um ziuERCRHbrtG@m#*daFIzeB?>~lUJE5cNgxyauc$R(pBGXTE|j$g;?G7@&t@My_wkT}t@#h@d{2Is zHM4$3Dz{PgCvu}>)(vjFr&t(w#4F0`{p0vJx!gPRC?Q|u8!C7Mnsaqe)i!5q)D6vl z##xi`p;wK_ap9hS=&;&Rvu4(oV{b1tz5j)EtdOyK^BcDwYsz%w2wu@crD(REV%k}a zyFF?VFM{mn@7=U??x1&(y^TQ=UB2ysCbz6%t1UOUaX$W4#_iNtZuO^p<-ijX`p-U{ zv;*m}mD*F#O%^$-a2o zlzU#nkQ~bGoHUh>04xR&Tdidox$!Y=L}qJ zaI$=}tpC=uCdhDdRwVxcmMp?-kE%;sI9XMsg&M7sSdZyRD_oev`id9`9S>l1Xh3Nj z=EAA3cXI+3*d2p_i=D8BeVial^HKmQ0`&a;HgN)!T@b|{@}PhZttj=0f$#bNH#y7^ z>$lyQo&`-gTD4|7Tw2c&Ig_0AgM>EwM^db4kNcW%XxKN`Ir7oj%c21Z-o9*;9b)OFrS+vb7IzjT?)dy*6d6`ebmrc&e-XE2Kb)>h^O^%z2J03+b9= zD_f8~ftj_Ixi#IS(OIQ<1amEm3;#jE4*_7?ME{~s`3t{)WKgYi!_BUqj-yLj~mX~RA zjAxzP*Y%+-+P-KoY@T|NdSD5AO?$0=nHu3~*3`$O7UQx;9p`yxo*`#yV|9}QdP4^R zPK%$K;)3_sK@31-65h1^$Y5)i%5{er-4ixO#9k)<#Chj2t)?e0gY?cIG&TKzSzn*v z?Gsnm1A#9S2Xh79tGE}W1YA1AEuc+4!OCxx6?z0P-xEGLdehc9T|}4bUO}hWY2JWi zFx*EZ6FA+pU*Z#cr8I`%hUABWus1gw4QU(~w9bOT(KMi`>E9ea^jB- zajR2tJ5s*Hq(j6#099wkZvN*1oc|6={bysG`mq>Lo4G%}c41d=Zr?DNe5KLk*JS1M z!u6i5`6+Rmb2|F8*i$mr8Yc^aNVlIAT~5hDiaLpdr4R+pSsg{-Mj^+K^kU!%{(VkA z$#4KJ75ln`Zz~>pn%fB$)er?}0Xz*#OI=QRixhn(4px~~+anwKWyVv95UT2(dSjw% zqq^WSkIWB#2*D#(-pxb_SetQ@MHvHrbU*dRfOgI6HzhWIrYoz@Fxazvu|{%x=KMR` zb&uGD9rsEkzhGW5Tl`Dv8jCL~?M2C$jZPi0(WR+wELp*IVgNzpxN0MBHvbwVg4!do zBMRPuig#E!R?t&%TT^QU^5nPNT;{I>S(^nN0aiUE$>_W6%-rG*Z%VbVcFCpdL!^y# zi}K#hUvXr`7N;0)cnORucSV^@s4Pgv+oMt#4vEA*PBptJ6F`*0p|jx3PdIa?abOC%2AUOIauMmw10wVU?sSlWmM zjGup@F$i2SpZPw$x2r(;fbxN#o}Mt2J9FxcUA6Di6WfYX)o(kjSH!K-g~Spcz?=sO z0*RzjoTFB+2N5F5UI89DU<0Rsz}g_nilG?*|9@P&X-dJo-JKD|;XgnR-WfU>n^fdZ zbQ#|EvG09{!<;dU0oh$DY6dXaWyfVeCI+TBKVlvP0f-Il`M&L#aSgHHA%m2Ct$tqK zxX+@4OJDX6hnpA08^CgLsLEjDBf;NhiyV7W!hBk%ilPW$;pp*J5Sm^TNuX0N#aS<9 z;ze+1wf|s`MV*IJLb$l2P2%A8XFrH@bciG0<3wZFB#MSFHu_T}(y^cZ9JEoT|Jd{mWicK8uxN7x|zXuBYN)pbgDUL0^piXBn6^B_0jo+uef7Q-Pw9asm0{uot;ZQ zyB=74HCroD)if+P@phqW0q*qdHK&@><7=Ze-h9{(sPL&;MRF2lHRE%q+6l#2}N&rW6lLh4*W3s>yDyM zFo3s^;6L8j^J$j=Px(ZEhCNFn*XLaN$X`Jj3QMK(Kf|+W4zUwP^Q~+Mha+3kjjwE{ zXhZ1fGQIJ?-rB-n;m#JdOGcN7%gV-9>7A}MoRD*+7de9Plm2)x-7@3!Z=>1F3+KU&kSq=GER%BtVwt0M651n&-Ta=9ES%)ZdaKi}?VdM}0= zkwyM!fnF54pj;@qycT_PUqBow8Nv6O(lRIuCBxuC8A3!GcfxHjML127A!Nbh@-8R- z(n0pc7h*!dfM=C-V*~!ZD0PW$T${@?^flZ{Zs?#4zJ!+x2gYIHOxXS^z5}sWr^2|jz&8kHRfkH!xN$6`zzm^kCRMj4>&m9ux@$Q>7AApO4oG?DV z6AqqRut52uHGtAY=!iD>2XrJZosX5?u4u$_?W8@kaG5jwqeB#(vmKVR=m0D>+=Rhm zV{0NCTd8;CQO;eydMC_v%SEhVScEVR@uN17#~rv%V1lpxKp;HVi{3f(D1f)8mh@Vf zMTARr#zLTKl#s&Ng|W$hZTI&_IXC!(&gj~L4DsY#KEf3vyi~iDh?oR%`AvW}@a}JE z=Bc*!sBrc|GwHyPqTy}(OnM{Cvc{GK>jsuYs%22BvK_Cri)b(hyJ=U_poyAcsBkQy zX0r7+E*_bf8w3sSr5&O16bGmPq-C$Gz;|ZW7I@M{q$Z?4B_YRsc0BAWkndkW<`BC8 zbRe4VI%;QbZ2{b4VJk9HEVi#pzJD6yBSa#*FD|C((h2LlWk<4@X5=o67YVUdIun9? zR2gaLTU!4*c({e7k#-<{q@)M9QO3>N?B!5@1jT6Z5#i{A`epE7e;wEZ9Fx`(g))jo z(0LxY>yrww_ns#n1if3XZ8n_@WN=L)1zrk#hnF6k;K&wriOGf=y*x%3+|j#_0R|S=-?J%vdN`mSfl1QTqzwWr}(i zZLU2r9?_!S%gae6^Pwby6^t_d*nwWuwZ_DfA*UN-r6+rIh^z<}_2?S3gaXmo7^0~k z4CDB8H3CXSRB(7{bX>852Q~3PJD2IhC0%OtaPU%`|3oyDr6S(X9We60W?OU9fqH;% z_;N@6PgSDnR=Bd1(l2S40zLhPxifZWuL=rMct!Gk<@mopuckf#hxZb%c-kNYr0%`yDua1vYiTbSw)0hQKs7C6NovmV0V z4T31c7!2<|C{?w5-g@2G^>nxKt&H{{UgJ!Vp25=;AXslX7C_xqucd0sIJ}+{MA2_c4eaYMbEB~n}WzV7HLqO2s`X0J?Ea0KdmJtANXTdbK+)A_?NxJfKaUs z@%K?eQK}d zy$VUXNs*r(jw_W%b#J)8u#lwAo*&J5T;Y_r%{f8s%Co}jh4JCZ&Wn=Xt3KeqX2O$E zM~)P$O55AH;m&QAGnZ>s# zA0W#|`z>(V!?vNEdiwhKmn+*8V}FIv&yW+WAB5uKjV_);x(lx)37#IqpfMF@Ky<=WWHx z+WqLY(t()e`9BSWPjm3bCvLo`Xu|yAFn%#DF9e-l=Z>CLpbUPY<>dskLkdl2wW7H~zvLX<|RtFdQD02mx9cc;|3aiw>YCyh2F-$MlS;C@Ijt-y5q#c zuDfk$Yxp!nbb8lux$p~g4fgb zc=Tz4@;zP^l?$b1kXAP^V_$l^EMF_HL5Qq}(Xe7KiP)_piWIra{Ro?s+H~C@;p;_Kt+)#d= zB3(EE$lFtF0sqYl5dj4gN>Ir%XxJ8DfYay%uB>5Y60xtF=ql?V+iZ9p$y)$`xzd## zs89pXy3|4FpPB(nWrE6g&{$CZ2Z0H+DU-_Y zXE3qENMq^=mQer*sSOr!gD!q|0a6m{^HvulD(IiF)eHqcizbJm)%-jea$1VzT}#BpF%We~Bb7{w*Z=@*k3nZXz+4{Le{3!FUZB z-ihNIS;e~e%+tXF8Eg{?=`I)a?69P>MddK?^87@ErA+3UVbJB%B7vkgB1XKnx*Og? z@)RH}uUH~uLT(l&pq0e}Iu6_Q4sZ|??RwD;ivF_{nbz7%<^BTUi6!fYWf+mW8SW5x zl5ib@p%SGBOvm<4U~U(|fNL<3*2=rBiux3HAM9FCr)&v(4-dh@r-HRhQW5}megec2 zmr$nx6w=Q#1lxR+kv;nt1nDNP#6YwVs#_8aPnry-acFG35Z43Z32TM?&stH3_foG$ zQ=SCe_cUlDe(HdX#*PG1fMUZilhXYF_83Fbzn+vW6z+J%=*L0u<@rEfKuKd*$Z#ws zy>AyP-^Lg_m2vdOq^wvRWat#5^0WX#E3pz0wGx8LQv*x|#WfK8hrqRn8dvYH)~S!c zHP2ZF$5k&7jxX(?7?EpE0!-aQFIafdKlIbMX2frdLSUK**22$YmdaSXRKOF`#RW+J zN{AEwBfy;Cz#?5#KPt{W1^}^BKZBDsOs~&}upSiKT`d9Rk-3fth~WQkTV=8QW6#plU4pEO>F*?E$*N-GDT}>9{YE zx5-bC2344pr{*|{j2oSg@hs3JA{o(5)`G%&8(}leb~6=BL|7P%&_eW`D*C1xeuqTJ z2#H$otT>%96p^C<#o$h7gkth-_;Eu(^8SKAwWvID#ZXWj8iKJMaFKNW*hRnjokf2I zzE&cQqW!=Lij8F!SZ3*xG0bEW^3U4An6RRN*sng!bXYs|0s?#!#7ubipS1(LAYEIq z5IrIUY62TV);DX&F6k%S0-p?lY6UWGAB>}T`##FhAUNuz_`AMEnESaD)K}3Tl}zVC z>d;KKrV!^QE0A(wQBB9y8p}tqhep<^1VFofXBvq-97JZH#$aOe8GJ?QpFk6dGWqtu zUZry0Z52$8+H$USpK%uekIevfpY|1p3N*2yNH(hTCJ+&^I94CWx_{o}qIN(Yf9hp$ zH(^N^HW~K-SREV9WR+3rtXc`%e5`mFH^DJvc?0Dp(P5{^c!|Y2fjOB@Yn8>mtOcr7 z|BSeAz>x}4t>&qV%x@LJg3yMJ$Mqs8zVrYxZbG1KL_5>{1#CV~y~xYocBW1QSoFUm zZ?i6IB~#mTm&5 z@iEM@WPGIvbjEx;^sGA(GX%2j##S0Pt#R}S8(WDyZdwDBan=4QHO}?r^MWY&yRNn; ze(=%UHg^JK5EBbc(fG%;sTV!EG`b3$sV-_+C*aYHz&}Ae>M$r7kLnUkeqX6I zk8XU>ts+zq`PZ~-{I=2PwMy}}p{*;x%aC}LI4t{mpmXe;BbI&HMc6qPzOa zz19wTDkXYWwXR%SPn!p3#f_)0qtJ?+W#@LK?aNYgQ@Yy!Gv_V-3z0f|P**GQm-iR7 zgzc4UrSk(?HZ)VMOA2sK@u?fLj}~cI1{vXU5_YQ|eNtGpCKYG0BPKUm8h1?;H~+iw zNdFJS9KDylEagkvCaDv92FOEF@A~8J7noHOKI1jZeYN(+-gszrcd6vZEXi@`Hj51I zxYzvHpg$(03ACG>UGmmvJXX|;SWi)omim||IG^%b`Q)Al&*P1j`|gc=Y-NS>(e*N0 z)=}fT*r*egL0G)QTX>{po38*Rsh%)sppes=zIo zuX2&3bkFu}*)Ce}85vUCE#!GcztB{2hQJb@xdDok?KLm|bm%IGp8p%bg#Zq_G`jq^ zos#z0)4ZZDAaw0(4Z`8&KI*C>Kx-io90Va-1~Hq*poXGu2dooEf5y-}F^^sXbZCy; zzDZ@+Yy3XQtquW$aS*g~-JNxgBhIelkwOZ<24_Ewpok`5u{5#B`;TjPJUSaF!qpCk zVZ*JJGi!yo(x#6wJQE-ZFmx>-i*SpVOoW^PCOAz9_pCkX#xSg55KJ5Eo)?A5kf0cHUC zSM0Om5I(N2?Lrh!{lUJMOF*wUHWYouW$XnvRY71ZGE>C?06Il3$!K-`#`&us5~-+Z z4ZXcCp?Z%i5lj%)4s$-C%e9GJfiB{mgS%E?D(O*;&8cSELfwjlb1n5L3CA{c>`%z1 z8_`pq4|$eK8UFaO$Kue9r(MnS%x|sf50}~ZIZnFj7X=8l_H5~d8bzO90?n3%OHB)2 zY>@ILTnYkW|7B*1e|OdiHJsd+Hj`*|Bb@e#3-I_@WZQ$KD_?I?e%F8>`WZZvM7bie zmS@vn5_MIZ3TLi3}o+`|pB>Dp;G$zgK_ z6Zaj8HMRa|Q`3g*0365leAp6110-KYu*pTvUQy@7uN_bJ`Ml_nAg+{rntt1$^JeMc z9}m-IPOu0T)ExE1cf6ICQla@o*T$?@n0xmVJ>g67#41hBc>CGcJ z$pR)lvt*|CkLgZ^9r3dAtW@Jbi#&_! zr&(pSsuOM;wb<~h#6H0*c2H`1_0qPU1n)APP((amBf?C!^?x!^h7wzi_NxbCtgCKSM zAX|jWx*tta#Bil0fU@5Qff0YJh>83SgE?M-*tb}M4*)xkl~|{1;0qHLvtG)rLMx@lJ%xc^P z_)S14jrsxYhvdxFK^q6C_tWU5lzDTgoeb9ETfqk%kaHWq;);stla`xhE!bh+d|IHiKHAyZ zdfs55o>bWU6YHAOpR+DzySbiOR-Rf?SF`0<^eI*OvZ2F^Pv(4{c9*JJm8BhPf8yh7 z#8xBT{dR}j@4X8q*zdcR7@cuLRUzIeSCVTwPVX zleKK*UN=Vc5cR&$=*v}fe#tEWYh}s?@SJZ4HzoYS*zqj+Y4U{iTi5aP-EnUuZ(SRZ z(klAB@r88%!<8PfE2Cr$4~o1iAQb@?`m%DT_Whzf!Ua$NLK8>6LAiQoLaM#9VsrKT zZj(UI;;*}zO*vbCf5B?`|LrE z!Wzr^+UGasG7lwQowoT0cWS&2fq6x?Hr?dc)b%{sLYXy-`G-6GoZYS*^y?!^ehK#C zeZ{R*tcvsx(KThFL>9imNiHfrT~Kn5G+VHOo}&PmEYjinptbr;L|LV>?3mvzbrbb+A4b$KRtzdu6|w?*O1k0cp%{m z_vS0>)21=+H`rer*msK^G|=a~cS>b^o#A7fVrm>X8yJ;U#Jm|qK14CP2>6s+g|03j zx*mmQt<3Qgo>(LN`VDhZrbjzr!8T~hUb7x1D~s>FCuU+rgzX|ZXdmZ!+A zY+7S%2fkM}tj*$^M#7zp6G1h1N+o$~UMps4Hd?3GJ1kUTYcQ+2;Kd7c@C5;!A4%#h zHVZZZQghQkP(#RHsG%yCfcoW`sod+08?M{dggleDj)LA`-GST3(}Xv^+EzZt!3G%q zqyR+FuV>I!5F?o^*WMUXs6eSB_eRSq)FYz8o6BDim62kyFy$-mqoX|AxdqC`Y45L! zs?s5^TiQElYd=r~Pf?$c)cz|f=Sk9C^L5tFA#l6AD~P|Km2|v4i<~DxdBOan2t7~K zwP=4q;0F>q;`F@a1r9J#o7^`(CM;@E&McN`UZ6qIE5h`L?3I_1h(Dyx9eH~FOIpt1 zA)~E~<$k1-vOihuYC>vM@)e8n>6KZ8xYmuwqBSp87(6duney5S*mT00Md6)O3ODOq zwJ2O?5xgSfUUb)@x*ihc3)n+#dp`%?(90pi<*>6FSd?!56~+I8Sdj z3rhV^XKCfVfxGw#!`h?UDK(QF8QGPV$|A-9}`SXg)v!X4Yb)dt?pJ6za+*s8dyeFr^+mu`_t102HtUtPR{dxshu&+ zkjdP)u3fbvLVsseY_!+B-Vp6(TToTj*TA+OPFS)n&3D*y4ix2*3gA=cb%%VVw~JC$ zi7oY7!1s@FEhzu3LTvxaO>0^jJ)GDD3}%rr40zU+!&Wo|JKhE6ai|gG)f!g1a8kGe zHaPeM#KQ>za%h2rn+doXV7>)owJwHD1FgFX)UFY3eSk>{X2*|s;9-t{Dzwfepy{A@7xKk&eVlY)|o$Zq{{RO9m0x3LX zzM#x0RQpPpmcrckU%rs8PV|)Re8OOF7W}>t^?TJt8FFr`&q`)83SAVu)m|{d9s4%_ z{>j)@vqvpbIZ)}izUL=Gs>($Ib1M7sYJpx_S(as^@q&XIoSW*wj>XT{_bD8G?`bjV z=M9(5I6HLcPJ5&GW*`q!=BdB)Qr^XWab93lWmNpbr(dU9e@uPUQcN5=e8#M!-N`SG z*G-GzhVAy*vN!VvkE6f$OtaQe=?PaU;qt#^Z#;4Q!Xe(mDcjb6*uA^VYO>gUL^6u& z!lEDGCNy@aPvd%)B~rVsCuSH*yI-&6?wPiY>duBh4hPn9+{&c#OD^!pf*lLpe2@Zo z(d}3nO&mHh^>m=AGM9>DQGy0~B-cNxnH{Znhv%1U`6)#vC2RX;)dzK|6YnI?+_tE9 zTjIuB^BqHC<7XFV_6cXi+r7!ID~ah@kwU9on17P^Au=a~9b$6c?cJls4Fj#WPPP(S zVkEEE=lqtH^t>XmIW^;=vD2OXMT^$Nnj6fUZkVvI%q^~GT6=ZIgS+l(fx`H6`;ILD zWi0!{j2-mU;+|Pf3ZaS7$LXGapDtQ9lM;(!*R_@f&u&uaK6M}~o3Oyh$SV7-Fe>M) z(C;W;vuj4g>x$WQ0&iK|OVwJMtrPi~;B@)pwkuv_;q0mh1YtRqYqb*xC&iuW=raI8HYE;G4A-f?5} zl(=1`KlBg86d8G+!tuVBf#v_wZN~?_x!~+Jg?kef5Z`D00w*zPg$8N?ZW8V;K=5+n z@;0%Mlx zh0pYrrzXAt@8I>P((bKGikYhe*Sud2c)jdx{K9v=uu$ta74j{fcE6G#bBjqqh~EYbA`=IH>}EMm7}z<9vz32*7ttB|xx61>AI4~ecW z^heK0nCk|(Pv3c5v+Ou_NdsOM!=fJ~tjH-W7!%q{pF-X%1I#xWe7eeF#MdW^SWXoP zHSaiKm+^Uh1&LKlYhY3`kW|q=Vv{J#m&maUT$5p1!$&32fhlFT^P`s{SBI@XJQB}h zfco)dM<=4t-{yLC3%n5gaWpF=w4dNRDC5Lde52p~GrX2;(#R)6TEsXAjG(j&UF2g@ z@&S^(zNRYD22=QOe|__*MXMe~-AK?Qyi6pdxLo-#Sm7dz?$}HW=Xv#0{~$lwDAd~# zT;Wi%|KdG?nwz52PAQ8+b*c}ak%Hejv_zg-?-L{WF!k6(Cu`;4z@wh#1vE!o>BWRd zvn#3ALB1+Bx43Or$|>`~31R79r|bJWZ{dHQiZAjp-EhE>E z;nVgy9*!}OGQx3OVAs8t=SDyP=?ZxA(qQft1HDGwZ=cvcll02XaAY`!eLA|qpi!4^ z(dI9hdETI+2VD5i^)}A=oRyX=%wP3Gl;?HgJ!G0hXm?}1hWfg&Ut;DxI1wP6Bn(09 zh(Q!-mo9X1tLO3}rytLR?08`EtnL?2-)!y^$$z1T8i=qB-zCM7*8DX~b;j|qW^H_`=*Z^$lQ@L=Y`fGvgl zc#=d}w2bg9q)>Khog+z;Z4;XQ+OxU4yZK#K?(C+r?A4p_a$MSu*^04CSKSC~>Znf& zNp&MkUu5Ryc)n-iBGj!|-4PcI_oX0OM(#_Wze+4=C=uM2m4^GG8UR@0O8z7bPUGhg zK1XxIP#WB?m&TF9Ct6wQM}|wO>3W*!!xH@PdYgAK$72&-uUVzduV^6B$hjTuUh>E5 z6{{In5pvsh!-@y<*%rPzKYN(|a=`tS2;J zv}6AI?nYg8} zq}}4d;|aqL>DMWMaCNiE;|4?IE5j?AcOn5p0O7~CS6zgZRO8Jf1^;CbTK{MehMY8Q zl=PIBs{Ta}Ak7zCm=;3W)d-^s#zXTXipOJ~V=;E%h8$f8$2tTdOtCjBLTVDDZ@|AQ z7Fh;w<_i&6z}7QYP*e@i3j9Wt)ZU`;m68Ar(ekDV6>4&K2@`^VC{&hgTsdk6>CFw$ zZwoncTSZfp2-M2bX(xD2P<;d@9qNO!2wU=8y|Qooy^Fi@stliSMb_AW>(%w!m*Xc zk4Uth|AuM!*o5>_%-{`Qb7T?A#*K)$V*KRC@<+{wo*`a-dq40L1zW>Wo*F~fA=|&@ zDGT5!cwil~h``z3#zQau6C;jc>=B;I2A+x@OMMYfjf^K}-(T|-@!vBEI#;Ty?O$Na zz<&c#Y5u@z$oZp(1I|NW|hq@eW;pc4P$7DHM( z1d{&}e;0x<|2OkS&KQxU_)kUFpLxT3j1JKl+4+C7)5h=yjX9UQcUV|rQqOK!mV?wo zz9aRa9at5FZMmr{R4M_6Hux7U#H}pR#)3J=9Ii_Dc>#6|m zUq$*owYTJZstl7E@#4Muzgv&}upVM9^uMHoV-wIptb|;~%$zWWJDk2y#w)IIYioh= zdIpm~eMDl=i;3g6(|D6$jG#h>JI1WKZ|ea@=l9nG z+Ze+-3~*DTZezg4#st;q;tyqa6cZh<1pWFBsq1A>;VMl&haJ!jS~# z>@j>n`=@+C8PhZHg&M{e*aFduk$=b+V>@;%xE;+ZVP?Hc_{dFiQ+;lGLjKA0f)BBC znj*cU$I>=zNwC*U1+Q&ohKobj;DpOn?%FQb&)ciC-7#=O=3^f<{uG=0Tbj}@9edNc zwsml3uvAn>oGZDSwxyrmM!d&(iWl5AA)+tMkT(5nQh-Br$|GH#Nf5CwE!T7RD);q&i_YgG>2)@3hBjIBvu}%U;H= zP>9sqi1UG0ChVo@zx@M=mp8&~gzv(b!?921E}amMWu#150x9qMB|_ZlX>zG9L#mWi zS>aX15H!S;2+?Ia*v97I9`=F{2=EWNu}Isgeu=(vco^GCI|Xs)ApkdlWm&!L==7SmPF@22>T^OuR@Uuo$mOCbng?__F*bbRXQguXY|ZMyt@9`MQ=6r;4I3z3YuR{?SEX`C zuJYoH^2Te;*6a0-q|kZ{JW6O*;e^Nb{a$lcK4{k7x|@miUzzhGDeAdtjbwqc0*ji5 z%>2a7+?iU@@Bi$!mSWpQrRAG&Zi^n|(H6-HW-n|qb08k&%la2oujZ6I%jrqfwC$(f z(OX9<$Il?x%b2L^xHK9kSlVh`q-(1+!lT^kmpt$%TU%fi@A;nQ6~nuGOgv&tnN z_~4`J!yah>L-|+kDwmg+tEu7ihQVmF78{-s-~+b?&u?Lo)=Bi2kWtlk%48kwhFY0P zC8pM12^vSQnH-zb-9)K=PT@M4&Hh;lxzywj`J{}lNTUBt}uA7=Q^Cix~w{=*FaVTS)dF+(QtJj6sxh0sf= zW?HG6mx)IF%0oBb&Zx!hkP991%(mtn1p6pE3ZXBf^-FG2j^xYd-KM1&UO9OA7k%Y0 zk4tf-67IMOv`y>kt5^!1;B=#cZ^HAX0Jqb&Uw*LrevR+O1kG-0c}AdS>PenU9Wl~P z(ZvzheyXoL!&v#;iv&XIsWjb*xKp!zCW6@)e?{+HYFFmYNms$}i<7Ym@?AlNH{pUd z(;!HN{GBvF|I4&Le*#S5y!*lMD_5_ROTj@NpY`{$m*T!92@ZB0u>*HXEl*vuN7ZaG z&I_L(tAm9pnsvBP(^!dgG;4h}jY$z)qd=~Q0ztu&J75ChnGM;EI>F`?ByIrjWMd@J@G5K%pJIH6M17+Ziix5Y@MUO+@>IiHq2pzW=Jc)4GJ;JMiRcjL1!u~u$5*~J9Iy$1opFfkbT^bVX>N+nw#1>gXZ z^WXmYH>Tyb(&scyj;wSFhIsVKN@^w;sok0X^NkrsxFrZnNS{ePa{=MtKt11F1 z)x-Z$U103uq){t>Ztjxb*8J+Y554s=ACCQo;A9u>O$f%bF2nT$RwePA^UB`(wTsej z8eFM@W8{;{mjE2OVEV0KfCIjdDf`*U>c%x?LSym1-`)6ke!FTovq?I8;_m{0TinQH z60umrmL$!uxa*-kEOc)y%MLY`@* zW_ycDCnTu-TwW^KCJtsNv1X4uC6`-yc~?Cm)wD_ZHGdmYME0e1PN(tJJc7Mkx)y^l z)SK`X_w*M??w#7W=Px}1zUM9Q|LSiR@o2GAX4C9jgtmLIF{n$Z2ZX^E?uCJikP0nY zzh$_rsW8w(_&DnbE>w-F z@Ul>k5?1jnc13Z*r$v}{9Z(~0-d|0r$*@*F=eu#LNSd4LQ#M<1ppt=N>ioU1SvJkK zfYbb;{^+9bN0Rx!7DWaex%>q;OD^FD2Jw9wGA67o=(d(uvOGTIqr4cU{gZT84!&Js zqq%=$aoo1h`eyCLA6MA@NZZi1-{kZIiKOS1DYCO`t@7xzvTt++t-ejz&~`wM`YxLC z+0Klqku{5LWKT#@6Kshwb$4=|8EzTTNAEfJGIrsU&vt1}!R+Rnc8@%saOkEhe`>$V*e32|F?8=vr7Ep4RJSb#qv829eNbq zJ)q@iWM$O6UgsvH%VR#J4J*2G@^&ymRLw%PYrX27K3|tB}{G;NptF z4ei7KkGuDdYI4om#-j+RDA)k$77(Q#rPp8qM5KujsW}RW5CQ1{0#T$_1u4=I=_Mir zkdjCjkzN9!hR|z52?0X zuZs?Wt+&R=Wtsw;olg54u-2tvuyx!RxlvtU8MuSqb%4B~%kDr%Bu<3xk}&{T?h9-! zRSAt?`vF6?eS?qCYf;$EkKB7iVAO`sIC&egV4;zW|K$67!US^X{(+5oADu0y5A+Ug zo;lEMvdNBez<(6mJ&LPXQRDt)An$(wMg}kw4uPlB5NZH14WJsl&9j?ea=cJZg^^k9 zQXhp%yecdG%$o#k)qoleAdbXg_bDO(eaA8fjrsJ!g@QX}_UWwn={P|@b|8N_;sK!V z*F}+g%LadZVRWD$*`Qg7?AHC^ge*rL5DgD?%&~j?dN!`QCPs?}J54_|#zXf9@V@OK zKo0q@f6w*UW`B*+GJ%rfe}t}+l>ncwS%4Hb|JN7i(_D$j9WFpZgKfq%o$0T9yFt0| zlFT|XT&*_CSX^W^^W?nOZ&C7!%+(-t@yzfdDE8LCVB~6YOD>P%y|dEobc6c z$^#P0p9Y|l+C0z`_IPE*!Lnj=(^lnm<>oN8z1VvusO#36t$XtxJJ`av{N}@oz@Xqmb2`vZow=VGkV!qRn10dX@Vs9vFxpG)zn4$DYT3s=avIf`tn zkinKbk1EAnMqDP*_zzPHC)e19TbycTd|^`#vKkS-nMD#OZ@r3N^x!ZpBO6XS2Ktg* z2_-Kx&D4Q2XB?MjW{00HJ;&N>k@xKE_DG68bBjp!kcfZN=D{H2$gq!b5BpEPgt|X* zeG-GvqGrCQUJz$$oMK8~tawXkMDl8%E)wCe;wP7NTBVsK?LdhYXrhW$Ypi6nTYsOj z7VK2LGVDqGGPRS>A9OZlpD_4blEy&=KO`S)ZL+*TzVu<2`DLxbQJuW;M$Tj@sfwYg z&}#=gRCC$2r_z#1n8D5lr{LYrI^?s?c6WzjlU9yqkb{l2RZ0pu3`b=nhij1-D??~k zr#eJ*Z0l8pUx;sAc1X7QCd4{F8X1GEX|kZ7AW1S@=0SOl zgZ`zq;!BUs8x@f(flqgN^_gFY>GmWXZe})Scwr$B>?g2@5hkHR5jU;R)4NE!H-#2n zlc;fDFZD!uF=2N5m8GV-4#9Vnr3icJ!Lk#_-1c5r$wvD4+S}At-a9#+n&`N3d(`!{ zKP(972DH&nQ{^Z@-L-<%;^TpYy>{oEuY>xdS??1h6kOO6Gu%3z)dbF&(3A$&F#HqL z&Z}$`nYhIVcTDeU&3;@xYwmJ&JfSH`GN?#dlrYjEY?*Lxu!Q(((c1@~IN0%`ArL{^ z;l=f1IQO$^@27u+hHhPTc<1|$&rj6G@O}MTIm!tK}z`buEF5wJzNA#`RJ>tyjA7rS^s|4ZBKTFaW0!qeF*Fbfac@HQbjgy!(j$~GUKv(ywzb-kUe zA8mOl zvvuz||0hMunN{)lo2Nq4=1*8dHsla_j z+aT9({Pf=B+(4bk{=j$!a+3fJP7@?Id7gTrC^MKBKVxiMc{e~fLwG!qcefW;Ah|q1 zJTE{4zE2+%o})+{atF z%x&WS>D%=!qV0JZY!>@j7%@9AyXrM_SoQJR3P0}3^^Cq^Ykls^hACEyrZp^U(P=zY z)NHb7)8R_wLo#zPRJ;6}m1l}W%+)H}7oT(xGwL93)aR~HQ@zFxxhX;Jj6_Tgp|Dt_ zugzj8NlkWj?nSHV%Br#*sh#NQkGR4ag)Y`>;1?y0`P*qwI=fb0+jHbKX9+qoS|13T z%RPv3efL~7h1|8mMbKj%MF1AN%d3Nu2ha^b0RnPjpC0`-1a8S*S9+X3YC`YgP6)*k z#2t{(@-i<~oMZq*?-=6S>Q(WUWiKzHl55xwCJeNzO~_r*w1MsE+6$aOm^|uz!u{UG zbj*&jR3(mKPB_b)cQ16uDE%e2d@zsz4HY=C)pZhYZoaVF88sWfGIu zF67%AedZka(TUF(>AJyHn)_6$VWTO!X?AM-$N$8jOp4>#QkAR={M=x|%6YPsIyJBa zZa<<{RoCyf#x_s3yOO^sS}{e+Qu2zp=DhuZNe={h)uYBAOiI_FI+sXfI}yixj7iJb z^B-&aij8NKR!^Njw`;{z$Jso=S$mO$BhZ5|5d58is+ zas;21uh51{1^S)YGz%o4oSGhLL$1i468CA?P72>Iyib}*OS{BG_=LRl=(9*{S_V<( z8;y_L^+LKvGF0_6nQ=V(J>03OyP+Z}u=c_f%=K7yx1zPh0|Dw`A+2>Ec!ShoLi)Q=K<*o!%~s@tS_TQfi6-*kS?Qnfnykn%ElV)J)Y>} zPy8m2D2U6OB7I;DVyt?A1mHlPWRb3Voab(@R*~Hi&ytA|-{h5h z!LI}KTVn&&kF^S>CmIVhPMk$tqDnZ?^Z-&iRMfzVy#xmA%7mzc9OW{xU;G*}SOb2-^C$ z+V#0K0F@3ru8_%#r+`GV}F!xIW4aFrX8iI8Ngv-x`EKt?jmISnP!8%Z|KP zX_0UXZ_P$%7#{jkS+Z!J8y9${KpIbdKau z0LTb{D*_H#9H!W=VC}ZLI#Tu^ui(48vwM@MAk{t}*^Eax_shL@DW60*PAJF>BO6Wa zA_40zfrD6zZkOcp#E1*gcH6Z~p3(^j;0huPdTBO2ywO`>3vnN66LCrB-e{y zPMp#{5OqSIIo%M4zLr*(ckuq-4T=y?)qr1u*B>YY~?k>@y`YRLYO%c^RpB2{!Y{e70eCV2IDh5@Cao9SLH>1fxN(V3!vd6 zFwzqJGf={xhl2m*LGE8w5&xHdk0o)BGlJfo#xJnk0l+}`TE)69iU<$(36hn~4!dcl z&z$M^1%Tz;EP+o1WpNX5S$&AA-CP|YIV}T}17R)V#4e>Dyjj7$*Z#j87+MwpGOItx z2>fIJm|bs54zOQAcjAWs*c&i^1hM^>^#t0%K=W*kQf^TJ*lDJ*i+jdMLmVs0XE0a(>n#zzEQC z9Iz*Kh-<&^$yT5kVFpZB*4^k}VE_95W&cXA_8%Cq`%BNPFyZ(1fIhRqZ(Xwz*l*1N zH9p3l-GIUiKbvU%2eN=JZ$YDRRtAeGFl=}g2niX?KSo3UQE>b35@V|WqqPzH%AY7; zK-@_v!agc|70steh>6hrX`Jj7BX6v!?Q4k?M9^;RxrF!O4HSZ1zQGKG> z>^bk5G<#IP^eunNAfY+dr6StlcLmNgQjf#?uDZcaTKxveWyo}r3j$-DfJMT z7MHT?cJtY`}{!f@wFUv+my3&lsBZ$-$5mSA#@%?&3-I$dQtTp5{JnI zQloC%I5&_Q-J}4+ZLtN^mq6QWH=3Ss6Y9C}zrI8E@{c43(GmLJjK@Dex-}65R5XPI z=4fTPT-klwZx#JhXeieC%&ncUtWTiTR2V=J9_?9?WcPFxzc3YZL=YtKiY@spFLw=DN+-Di%u>rn=(rU)&_22t zV-~wH(kxrg{mZgmycz#g9MX;t*(LY#Iw^1PDv)CsylbXJPE62O*C-XUwIim3D4KeK zxxHfQXk{htI7Vys(YMwmHFiLS@ZW!|PVU)A4AHsRb`#FiwV`s5UTnql1_bbwrH%sA z=nW$fAnEqM=8GNZ{d~v;mtzBi_dR}u6w3opHF^UBxEvR#`P+&bU)ORL5Mv-@7J8LE zc-P{%?-3< z^Y!1D8DD-YJU~x?@KW$$AaDNQSD@#77Z_}xKd|}FKIH!%ouv;yuGW~-WZ``(HWeP| zgKPxvoClvmPK58^LVgOY{my6jw{24(1^PW}-&LaYTNIM8^yWO|D^!x`0(Rt~2dZIh zkKcjQ!ez|bOiKRL^2jNQz#}(8EIX6B@qc8(n7iW!7Q>9vr25 zh8lBNjK-7GhLGMMv@c!0n8fkRde2u?n)S9SI-RsCFXo12UrI^{Dv?R&8l`@m;9OtOia-}bxxl{jk(qJ248Y91))Jr!hZ?syMt0DU*kNXCS}TY|DEgR`lyTa~1> zP?~y)*&>H0g{&=d<6~3dNx#n=PkAX*wLFvv@&&{Vs_;8%*lzpX%0V$@i~MMK{>Z|rh}#OS-jsEpB8$OADHtv;?UJ)?K-uuuBfGAJsWPpRmxAoN zp$kQ);KZBzNlesEIk0Z{EmhfguQ;oI>9z}d&{x(v@+U5~AUc^*>=K!7PKfJ|p%$+v zWn-GQ8T48@hIpK#=$HZ5&lPf}$RN|!8#R%x1&T7$B!5K4TVW>5>Zzvt#cfUJFw(!}6g%`|;TUv`3#$EY$2=DvJ08(z(o6DngO_P8vu<4kEzdU?T%fTzSd zxMk+qpj~&P%P%^+KSxP5`-*!Nk3&s?*~A@=MM0C#)#dsLR~_rEWr*qA&jC^8mxvn$ zGZzIff9~wD)IbI!jUzQx9U-t0pAuS^qeX3(*|`!-nTS1a?Nz98p$4!bVcyRqBFf>!~`KwVq{_(H{vSjz-5XR{?& zZ>?t5e3}r+p*gUkxWIfKjK`;D7isa8lcixZhoiq0%nGyms?0NN6gJY&(#QI?U|IP? z3jjUvW!K5^+Xkx&Eniw#&G4m&3OtY9$WoN(+FsXjs%O0)4>`EeF0;>3m=qmwUVG`o z>oS#P+(E5G@I5t=tnQ;j3Abv~i8+CUV%x@Di^}@Tj*lF;SMhiOiJ7KDpO4jPS;br@ zUU&{xyz6-Oit#b;W3IQq-kxP7X~_3d)zgZoV8f!3Dnt?G zkSsW)-urRv`w^I*5agA`FWP)E@?M>A;cm!j!iuszo|66;e!BB@dgia9civ3VfdUOLvk z^PV%hAChd3^FbF^NGbc0nYun#QoMCzGZz*FoeRebZ}A-3C<6}`QPTvN;aNI8t0mH# zy?w?yrBJho!#R9Lt=X<=!sNM^616w;+B^xG)t@$oEuG3w*1n7&l8V33bO<^(2`M-S zLXM(u;8X#gtMjIO%Oq?u{?gg7sxX&gUHvk92}yNp77a?^_1fcUbm(V-iGrYby!=B*MqOh&>&;*L=FC^ATl*w?iWSQ=u zrJ3yPNJJDMvU3UL|LsFRsVbOTf@CL;6-Ln*)?7w)?i%ym`B>g(uiaq>P+!=!e__a< zs=EldC6r;KmHCKHY*ant9#fnNE{02bKHR^oC~@ef+Zq*;dXrua-VWYC^|Ry3k>LX6 zE#Z?YjuiZeA*mn#xRfw+_F-<(mqN}RE4i?NR#_m%su z=r^x4XGJydkt{2-s7P&`r1bF0W~w1_Xf@SOtAbZ{BHJ&RcD{mC5lrgj)6^x+OoU0u z9EaZH-t>^A^hOCjJN5X@YNW^d(LT3{5S(dn!>?W-n9kmpdeJKW@^i`Ed~@rQX>q$Y1T5c^Z2?{^fobqU zpLF!WdeWx(ct`F?OKfRO=Xohk-dKM)1@#&Uic(B2go2i! zr(`O6-FToCP_a|yXSW%5PI_K#+hpH0kqp?J2pLpNZ$y>pWt%)1$- zt&QW+1QlrGV3N&X)1+$jQfWijfXlaz@rd)AP7wqTmJ%_S76@$;#LBwh^fAdN?* zC2Q8S$;RvX>$q>JHxIt6M2HrSA#PVuB`|_zW&MbY%)uo|S1$Uqy59~DxzP4`tbvy6 z|Ab*fx`hxT@_F}B^p%|*o~T;Lf=2d~j$q58*aSR zgjc5oyGj%celRV+urznfCa!bSM*cHjAiQfOe`?>e8JHaQJ34-Cq=PWm4R}aDig5UJ zY|%={>#V-~f|>yTpFv8HZsZ3iaQR#yc%>46zjoFEX;^=+{XAvi?;wYtNUg)(6`&Q5 zLjWLGi6T(jt3y2&#tI2wzzbQoaY}gKxgWb(EwWekzXGSNe(xY2kr!qXGI^lGbXCO6 zX{%k0*M1?v3z#Ob1FyvzN+bhxM%8uX#HAX-c$$(v6SmRl3Q2P6-iJo!kP|+xmI9XK zNvEBQ$TNU&A_2L1(UJ{-OCcF>DMB>uk|h(if5p;xAZx%udc?=QrDdbiIz5LG^lZ?> zb>eoRZ*D$q zerNsW=8;(=(1$KGJa~nZ0Nkq3mRFa;+F|bQPb<0OU-LLw$j*Fva+CEipKn1}g zEMkCO^_Lub!v!QOLNxCQ1wvl*o_+sL>22{&)Y*-%FGrIAk6wkx_i-|J?%%i9GO4K% zonNko4(xDiO62W4G%kyiugSLYbTFDQ^OgiuzeO8V8dgdw^M*!L>d^ZGbv66*kKV@d zEFP#Y*=|keoFs!ACyr6Ux4YkUOV;hDIU31QdVUL9#@znqwKI$RdL#B z{&aVt;-YxYzIM-oLv4HVYS*_^G#FiqNgh3J8zp>RfWpNdI88F(nDwZcW0z!!s~W#c zb>!&d3zddf0^%b=4-e_xQmU9efJDolG+6#k^2jfLGwIbG}1(kJpAKf@Qr|j>&(F}s4*_XJ3 z>sfB~;)#0XW1g(`1>$)a zA809B;=^;Es$a`(A6&N>mAe@w)mIGiie%r^cuR^BV8M^soz9NRca|;8Nt7tLAcXj2 ztoLSej@RYD%6;XBq*iS*V`Z@TQ^(1^t%{yBg2Tni^TI=&56Yr~K}6Lz2PXR=C1wbg ziYoGjd7`;zs`$IKsoN_L-d|E@y#C0!dvHIvzD`&(TB{=I$*McCSm)Oz<)?$|hnQdb z%eP7&n0y1tMb-CLCoD%6symg8nyJtfy_;IVmrprkOFwsB!H802ID_3%b>T93Yff%M zgrwQg8(-N48O~buN8bT$i2SX7<@2LMq`7dk(~%CbY73%i`AgXI1IJYAi@ZhexC?98 zyG{357zepuX(%@rQJ3CT(Vd`kYKCLyFC*9RKyBq-Ef9&?#0HaLsPMv^fsqbl-rHQi zXwF#5S)wQFWZc(+N{1WsOiV4W=kI5Tk7iy69oxQ3epG{Qe z=Z_G~S66Sd{ECOwMf!R+br43*T9=ddDe0FoKeDHh+XW5c54~d@Xr$Q#0MZNKzBYdc z2=6g^cSW90Z%#5Qj)5-7Hm)3TeYWN;AXY_Se%S0K(4rLLSnK6Y(%~g9N8Wl}F(a?9 zh(o1oxRLt8icfWDM1GLp#g6kBuplZcU$n-rTnITirluTLqnIXvrN&_ zE1?%(f9bN+lwtHhGP@<~xK8N?TlpUHlr7T<4s)t%WJaO=Jp2M&5|ZM^Go9zgEOcDu zXq!nlR(4|bY6m5^m_o*&=A((&fwwuf!<%hW82>7gMuK?V^wPteoo#L*lHDd5Gi(jf z4|LJxyFSO>FhXO*Vg}I;vV(L5+fr;$>zi}n#7|??18V$F@Nv^IdKWG3_Uc|0r7pCxL6nSx#>p8#95wQ$HptIb)aX*r*uq8Vx|`p za%PwY5=T|H_@B?6GvZnms(w3@q?rU!uzekVRrP(+7H|dAID1PF*ZInm@Ds&>%d)%Z zTIXwL#&7fRP=l^>l?3ZkZ3(HGjaThFy#0qeF4d`|7B}K!1tXYGmM)b8W+q*4j8gA3 z=tvq=mnHK%)E1w%%DF%J9VAlx*I4qWk{Ew!KXR7y-P{v4{QyjkqYoBRcpIAc9BHt*uuXv@@WlqAR`hl9HRbrLvU}P?EjDP!p)K~! z9a-5po}PmEMFW?*Hwig73lBZlS=SUk)4^h`x)kdySQYmEnr)v)g>0<}0SmGl7wrEP zGq818BH&xEMtoDA;M~hmS2I`+RaB4q_@QDpwNHkn+t{fr{c5VlGtS=Fmhodfe&;M6 zEGBt|N^d2%KUhtI9EA$BMw@%&BlJq(at##kyDV-pIlWoU=oIkBm?W7@viB?;9Q9;%QL?UTBJmvxJBQfGLc5-Z4kW~Tdc3Tt7qyH0@!ws-T~ zZhdzvPoXz_Gd;eXi8vNDFg=hvrFUW+p7kKzpw4&Wj<<)wu;z!NuTvPvNr>Ie z+qYd5Ip$)wa@&fa?ba1ezAhBl*OBrfD*^RR(L8`{PvH}8Ot4gs&{#iWJ@%-G;n9t2 zT7m*kJ&Gld(L_HEmLKP)uUVM!L|QH^uZYuv5MQboocRt29_wa4f6{A4`zBc%7bC6mWKrhDi^+ z4!EfYoAisX@DGYEC9YWSk=}nhi78Cs4%4}@2z#(%{psyWmcnh*8wPrLmi`&PsT?2u z`+&5|Lt&hwyd%BZ{=ptbBQ~J7{61d(oes^PFln-R`?~({!>fEAc6(ZZr_w$g;zy7GPyg@q)e)E4X5q!U5Vk!RJ zUrH73n{~<_Ijoyx{Bt?lalo9+X)1jmAxRH_)h~@J|Lwv&2<1TKAx3gGrm+nyqm=Jp zxCWVWVMrTiq42Tu>y5U7^Im+wpfo^>tQDOaW7ec5rb+etNm)P_1@Fe*mCmP)#bjL! zX+L#l#VSf3mAV!F!mH3y_hXx4o79K+d)fdm7gEPlRbs!M@NWCH$4KAGBN~MrL-l14nQw zS1km=XVGzh0|zYEUUvDl!WX+P>mB6-nYfjK19x{pT2-s}v}$MO$9L z_&7cceAPLKq<(lzZL#r;WF(M9ZlViD|?)gupyG}QHze24!Ui=vQNOjpkaMEf* zrq3>&(XCijMdXOn3JN_tuv)%T?07z5d2ObpxKiXg(PMco*;qt^_EjJ*PD#noldeiC5$d-hV!+8+$SHG1BS%f zLNyxh$q%*~t=-vs5xHHlxV6nrg=Q#*${@)7s&A!M)5g<_Z&WrxYetd9RYdBF7#!>t zr8MMnu~x6RxM-BYEk~d=cP| zCH;`$POFl~TpYv2q#1-W!HDEowfm$7)~e1pypnb>w-4q@-7fKauE@p?@11LgyfSaI zwau-)^?~E+N2W(E4_2)@kw@pPsJJ5WDNEVZ_igZ=vl5QnLu=JKH6CAXy0+#hLedS? z_`}`FBTb$V=dPI{^_g}D5zRA)E+jG>{>)STFv|W4Mi$m*R|*)7=|;gFOuve5J`WEF z3>C|)v`R@ETk4w6U|sAZUi##eH(}An7&uvbo5Rc}L|Zda?c|38FTS*vs1&$S2~&)< z@e70x@g7(Qbv^>P`b`91mE(a;1(fQ$=Soj7k}zjGx@Md;PWxn~j(R58F6x4d)$tUE zl|K13Lp%c7A64k%nrDh1H=7VN7#&&u>>h#0aNX>9c3=NcrKf;>b&^B4K;rV=iH8tj zd4}G1|6uH2>PK736vIgtnh0=TQn75af)zr>!>`5PTvodn_7!-PWK@LdXrY)f>A?ae z#;n~@+~J`p_mRUAjbggQ7j2hH#t?9_P(x6dxN7H2ZrH3@p^wW)9YL$3o!TehlK^Pr z)p6zkFqUWf#=CFv!~));Dh97@;$Rg>duz~X_Dn+8bzbw13Fa4AncXa7)K`{@K=Fxt zVW%Y0gj)K=Q>}!ogz3uM8*;Oijq_Zqt4eb*rcL6#UbT(F92Rt-gERfC zOkqv(m3VvuZaJaVAo5(G|J#u1l+sDuadnVMKl+Hf#f@2tFUB39Yp-3UkBUI{jY?_8^Yn=uwQy|!y9Uiy8>ibi$mZKRD>uxp9-kdc1ffoLjh|Jy z&L`S&IfJzt9L7EBJ&=>raj5UQ&3;->JO6ar>D2afT?(VF5yo%8JhkdJ@-g*dZj-ND zk6p#r2L?&I>~RXxiu5{CW^3tTpiQS!2(6$E!l)&G*;6fd-%FVurHwP{M;u>kT+@*C`s;tfmES=xu+xz=AS|K+f%-TSuHw`B_bWdm4qD&+4fF zhwM@Dk64ZNh3vs2i%BWS{(L6@F3kVa5|57~mKeS-p!KmY^LB)6bgVrqBEg%YoKgMt(pSXMK5^RA2H| zFR6!P%-=N%(@*ug2CLYv+;$ePb+yzx-uNmwCu^1bn>z?!YXN*_K%RetHjgf@K8_}XYi)}?Hoa@*~DUtaJ^u-!Q0ykhC9 z4)Vm3s!4{=T~${0iTe#%&-qx0 z$7$|316*#$E(Ew;oT%+B5I^bubDyfic-$*rI1qwPc)XLm9-{>gEjs#7Y%2blg~fmR zJq#eu@9zWj6$ar-`wQ4jLrAC0W-#q^S2`YBk6ru0K1_P92q^Wq(sf6sH1}PB1Q;W- zmkSVYS?KN9b$~~83b~Y)3s4ZrkTHOQ_#c$5iR^uTA@6;D!4*JXGgaix*y1MeXL~cq z#zNARraxe1r}~Ru|K%`~=n(gF>>66%LAq&J2Z@AYKLNyjswcUxA-x>g>}%VAWUYOu z5|lgTtNUd2A!+6tW&0QOXi-%0Oq|X67suq!%|2IFaH|>1+GqXgXmAhEZ3Hx>x>A2L zj4*>mJ8#|P(&Y({(d%O4IxjK-=%6G=`w2kdix2$XRPY^(~97YohKkX z5UupnCc-iY-@0-R>qA%zWyUqQBFP1|l<%OGGg-4F&Jf5F!30Yk0C^!P7OR@Od_Vue ze22}E`fIbj&fh^#yQq+?^wWOb;oG&xQEaHdneQOt{T4E$b<)p?5%!Wk^A<@R13ACc ztC`#9aN46F8&ahAP&<@l`hL<OW8wa(o%vHRS4*gSj;C4R1R$^ z-Q#%T8HB%m=$OCe4bkNZ9)u*R;w33<#H4Q%=3`;Nsr}k9>yW%{49=_5XU*vw?wdfl zfiN*RqO6N{S77HTXyfa@vj?-@MccjqL*1tx{G$tV&u_f(6yg#<)hR};HCxakp4mL@jr2${pS@Djc@$@3c)y`vapkBa{_3mm(hEM$oZTM)^>^o zz*VlK0z1uo3%oBGhM5Pnuo@;l&e2jUo1%B;fb0Naw5|Ieo9)ubes2$otnL%cMau+& zjGPAx?x4K}3%-^gc>C;AQF7ky;7r3-(MSm3Tdd&4Y1&vDjAHK}yYURhzc}jJ407Qd zr16U$UB#&se#D@^rW|dmLIXlXBJ2IrgEC`pg|j^>Jv4>GzEpn%Rxd4f%_bM z$mq@AHR4qB_p!)98j$&w-WdVThAajR#H8oPbV%X!W*(<$(dmN!UF81xE~+q&mI`@E zF9Qw&DrIRNOBG(DrD_JK{#eLh?W33hCj(85{&6xSf1HekA14F*f9B2qK+*7DJ@xqW zWLO#MC~w@&IGk!<8=h1#wpb$$(tmrT;IyV`uaIF9*dEkW1ssS3cc-+0?ylpuqh_mJ zyxq)KJz@1zA05S|(nO1@&|lL;ufc#Hot7x_S}=jgs=!M+0a=DJN3p5}HD2|O=x^|% z!b1L9h?BEb+tkOBBHuiQb!=06MHeL$s&{fM`o|G4MHL{-YpnLO68f5OFTaB>y+_6U zlo9-05b8gpZKw)}@c8>9OQ<)2OFR&@Zn|>;^9fjb2`pXzxkUFDowonO-mPQMp;|e> z-q+_*6HLNy1`#|PS;saMcUMZj$)2hZM{7CMI0)96_3$P}7>SAK7EV~lI_wG+D$~O@ zdDa3cm3V91_}RfM90%i=IA%h^25OO8>_tArd-A1*@Da1ay#?hy(tUb8#f(ACJ4|h*Diil3ow`vCA6+buZzf|9bRO zV~hf|0nG5BGEz>aZ}!9@3&$6+I7_J1jJ(QWz9s(hRE0jR4%0n9jc55sBlBuTklz3u zjc?um6)_Fb`Sc-Xx-KvWVggWgAe{r7;N_#vdj@drr603wpcSl5`i_!h$i!AVkUjR! z7p~R;+FQbVz))-3&<_je5=B4;9w7Am$K>qZ+nWNGf`hrQ!)~e_lVK^=(Xr_O8Mzm% zYeG!yIn2A6o_5oX?mh4=G$9tO-&{~T>&fvQbfw^w=^jK~TA4dns1glwbv2no+v?cj z!WM-p=Cbdl;ZSD|w3(Z@Xo!l;wxif_qo%e%j2p;BgZxyf!ybUfA)DSAC>t#~26GQ^ z@Aj^7#M(Vvm?{Jij#w95+a@q)=Qe(tB;FPJE`A-B=vH@uAr#G$g+4%E{0{P}3zSYt zeU+^3nq+Fac^Hs0;=C}7(D8QkwCdX9TE|o^J-~>Q#BqVdum$1Zd%d~xLG=FB$mngo zZL^_)D(R9tG2Xm0zX@rSiT%qA>i%5!^v~{wpHVHP<4>a61nGE$VnU>}5A6A|Yvz}K z_1Q=|Rz!nXp_cofTkp7fqFHNxEOrTv^`EbD1tAe2CkrNn76SJBSx1OPLhYdNy+3 zjcZQeEy{pY*$6{2nRcP-UD-n2m5eTp12R5FPHX&g>{HdL)7!g|9UVQFW=*)J$8gTd zeJzB=$!EW0hFEUCpROJ@9a$-yudzR?tS;uE=spkjxN6`lvF2OZhfNE#zx)pKbXRHt zI+RQ3s0@+8o`RR%C#8&E?Um+%KXkaJWCczZYVucJX}zzrvJ$4OzISDWYTF7uIZJjd zmJFov5Pb5wM_V0cyRKFVWkkuh@y1P0lfyQ2IElCr#1&G-NPQY_k{%n15|I=+o}D|Y z4B>ow|H8#rev2WAPfn^K9f5Ue`Fzv8MG0L8RPU}__+az; z`o(h__;dDr1eod zel85TwgP*?Jr!UVDn96IH)FJU9Ht;N7UyBq#lRr*EgCO%8$(@9Ec%FGW7?fH57610Q$wU?5;EYEZ$(2H9J z@A;9Yap^Q0YB7?W+?wDg+%Nv{W73m%FMbUuV~mnM{OPe!B0=LpN^A$n`TtLdVV|Ek zX6+!_K$jd8Pf!d*ziU11skRdIaFcybrVq~2!rY+vK3W=V-?y6ei-lP_Fp&Z4Z-?Co z5|PSVMnhKIdXbk_z23%g;Tpc485oZm>$O8~+-WtNv=F1F6LKnZG<|KId}O9w*eY}{ ze&N#vIOOn_bl_U#qI&9ASH_(W(B>GvdF743qzd2#(>g%snJ}T=g{NI8UFcJ_subJ_ z=X!J|X;oQhO7d7`@MfX9!zDcBGPu_oQ!#3?(apUZA!e4Zo9dST^_Pzh3-Vu=9F!*f zg1RNG>q51O$1BuDo_TZoV^VMu;)IXE zW&=DoKb4Q?nQGtQ>puDF( zc~BJ1^+>)=_?Uv_K&vUe#gFxuWFKq@jw7j-pF6l2Vhmtd$uUYA`W8l&v`(qdEsBuD z#q{#Q`~t*nGBQFyvrIevJ(E*RU#kZ)aN2LZH2|UHC%A?&faBqEFv`}Nc;jXc6$o!GUm#?4ec<}S@e?U73==5%e zqgaRR71^=DnWUA0@OCkzeUzN7mRuo|CS&y2g<5P2_>@_bs$vD1KOx&}{$R&Dn3`N!fv&p9;)|@eA?B&xA)dmo{%~YphT5 zO3cg`!R7>p!42GgpU9%kijFn8*AW$dTm#uBMlZW-Wd*D}Tz&rxRsiVFthD+PB0ZZF zJAz+sZuTSY6jk@B%rvSyf4WnqkxV|#JLj^l1c^uRP&-vmAa3?6YjFfR6`76?TMTLE zjOkp+4|5j*nw7(#tqzbAy36BaYMAQ!?IJ!BTB|WN_X#eJFm^q$ATAI9i9$* z0&vfU_TtJ2nv-kxesB|(6s0CsPF6?_W71M^E=P=pwUVM&9J1k@TD3iH&>*}+NuaYQ zQ-)Y)mRqyqqrDQS-z?Nfm_3-xMkyG;ocBeoD2m7B;*~Wp7ge>vrw$#NiAb+$9el1h zjJ4XoSnt_`r+x>u+?&5=Z@Rh55ls;lDEEEev{)$Gx5b$d=fQu|?h9Yj^ ztn|rm=x4?#&uVV@LD#CcHxzv!Wi)YW^#rek15KUy0KvlgI)@sjW85PXdE-HeTf?~7 zoqN9^5y4N+n<mONF*A<5A(rE_dTxm2d8xngzatfR4!A^M|~ z8n-3me&9oZa9peR?zksJJ5|cCy3b*Cs<+bgY5=cvOajR9;#u>lj|iTAZi!miwkv1lbTJ1JWBxmYN=&qG8@Wz-IZdt;C_TD`;f5LiTxD5lHsQZ zuYb;9Wo|%{^nljR3HWsxrDB)auj>@0x68@PVGhRf;SL+`C630Aw45Qztn)P;hdGN$ zMv_Z4S}&fP0>(5A_KT8@Nisk1hr!Z;OpsSQbo3%vohoW4?o$RgaL-lx(?lm+q#Tia-#<=g+7s zC{0pyGYrW}1?%_P_KL5T2wIfh)qjYc*lISRx)!T!6>rrla>U9FKl1ssS~4Yedy}#Y z$u&OXDp1%sGL9(Om0k1r4l?|ft@z1vPYR?7cA_PR+bIch zr%+AWl3ZpB#)BTe)KeZLAigFlm421nyHLAYE9Ss0E&4U}$VRif$~SiV zfq9K=xQo^%-{Ire7`i{8DzGr{;YDuU%!h0$oOkT;xc=M;hOZ}zCpY@Jc|`kKJMwr3_8VX9~=PG$@j^~aAiX$ zhddbRiQ*CeBc?>H2Wx3lcWLh~y#i$%TOIpS;@XTv7e|MSZR*Gp36zv1jnsT|`^cv< zELnnmcQdYDOBk=Zc#$~_o9{P* BhdRPQEZZsejkD=?TdMy{-;orcE(|c-2ndDNT zPiGD^z_Ap!0cE+p>%t8qKJzF^;p!k3pKlLMtPi~W<@bL)o7irk)G# zS6=#1wf{~g^7Qq?gWOi)fpxXASMebs^6Q`Vuu-a3Z5`g&*8i`)_l|3FTepRyDA*8D znn+VXL+F5^+IyYzt-H_J``+LE`3I7>1mfg*=X~aP#xurJe;W1hcbSxml<%9XM7K}Kdjk>g z;h|!gXw4&ON=mj|&zNq(rihl~BJ%|9$i_mAU&^Xt%5U@vbSETzeq?gwSn{;9@{-l{ z*Hmk-DMF)?2nH{HkGwzRdEp{oWjCtmF3hV2KUBy$J$cUcrH?-Sa=va50OrPbS?x)bbTFvc**U^RPSq{cUtXZM&9^ZT!JOOW(Qs#N;OWpS=1ICFR ztkLy%%{Kq0ieM~C$tl=M5{WuWbrsrkVB!g^LqUZq>zK+*IWwXpkI(VLwMkm4I_9`M z;f^d5#Vvllu5tNHbo~!VIepS7^d$88{hB?uS-&3UoSo;%aL*oez<#a2)*9Wyl-%7x zHMc_43yrlY;p(gWV^L$zCqfK+Y*X(<6!i;O#x6G;ef$K}iw^x)bv)47^B5GnXB32f zt%#TVt=Xv1KH0kvuZ#jH$?Df;A2%v6!fg5G_sid61ISVFek0oT>R+3E5WCGj=zm+Y z&u*1pGVNOWzB5UBnP&nyS`&j}b29DH4;7T3&@eqIWl*BO|KOcXALDz$dAwlF+&P7yym5 zz$U(I^^HL}bBLFrb8sL%RbsJuK9JYt@XaBOL;jl_d|T0>OLb=y+onF`P@p=&TJW+m zORvH)YrEt?E0TQFb?Bk*g+-kBG2!T?=22`9S6?l~Uhf8_Hk(qZjZ7aIP~7fwM)dBF zJf6!>`E-(Q1f9cU=b|cHXZlbt2+FvvG71-JEWPO%>!V&%Tz`MbqgUmAuFbT5$MOU(UzKv9&w!EYL=ynbUqH0qmBo^ci|>(B!X#13+-eumb3UoHfNm z(Oq9L2cf&iSL?3-Rd9hxm11uT%b4}a33D0M8h^j{idp7KM!6Zpq49D8vlEX%k6;bv zLzMSjxy{JK3koDmtX=rA7P7C$5e`(>d zJ0cS96CXOzQZ0V2DDBdt)-BmuM7oU{*qaE}kdvPjZgCO=&R7mmB2{pHHuif5wcMLW z)&)2WF7kT$!`kP~0Wef|3eNQK6kAe9Ga<~ow2N4kcr7TrPX2WK-b9MwKVxULq{a!wN2~!;wV*w zXO4}Nde>4c#r%|9)97V3nmJ+91NCWfOX^x$*S-3s**;>j^_T$Prf+fk5MVog))*xkTFzd;U9W;wHd_NupTV5E zFy@;@T)*}70z1?`yh6Ip2+lZjUB0iA=R75Rw9V(#pdz&K*sOdezT)kg!!0{4PRYS> zj)|ihljg_0R#d6>Aunez9K{OOAK@a1UJq9W>+YJiNW40-DpfqPMSm zs*v>`W4JZP)3XO=y*xZs@J2S>4C4Ru8E^+ zy}fUtCa|CNsQ2V^fur&HRdJ2FObsJURXAyXw~n3@Y7y;M;`xOW)SA~JscGUqkmb|g z72RmegN65JS44vfen9LK5;X1n>|aO3gs~RjnwPlr&YY!_%;U4qh7rn99J9Q~3f6S@ z4mRp!pBhA(Z}-PM(RqIL^U*7d`>1^fN$5t-OV75=^S;fq^E?W1J=KWY_gO4N;ytec zC;}dkR#eNB2s;(ccPr=@-B;N3S$viaqf?vLdRjjk;i!D_-LmDwr$aB@Q2`iA*J#`I zWxRtkqSRT&Arsb*zpxYWAdCO@d@~cb$ocWH;OHzbXFyR1vw*9b>hcYW6+Bnfbck~!t?ED)(lGjw3A0wHro`;vj^(dO4 zAz7Dn!IO=hS?bHi{*t|^q4B&a5HFi;{(W>Fb%nCj!^oS~i2c*_#gU zh#Qi_hnrt}DiV|SHYtyt~5wfPteO$~h1zR2ErIaYoJdd_hA?<4P$7#QDxG4gK!>9#_JR zRCJxXH3i;Va!9X1<+V5jc#B{yepkjGuZO{p^B$N*_jS@H%3iE|us*1?ZOZC61|BSL znRvk2xNcrUKF!;dj1ya{t}eU-zXpBnDG+Q(+OFJf1>34I@jmiPh9UE$W7)cAm?zb= z^g7KVO(dvADCA{cPn@KqOjTJFy1yJ}veLPp7RI9#aIv>8be$%!hJTTt=Hh;|C z8cVC5alDLH(O6k%lfdjg{zDjTq=&cSYMV?WN};fK;*M4>^7GeH?GHib+7@b{rP5grG8QV zURj}^hhv^2k08FNskVN`g}XV)YHrv9cO!vp~lsZ(}}j*%A``KIGmHx={UpgwJVhZPrh7Eu+%edY4^1a8n1Ams~>Ez zC>h>)GaGkj+CE{@TeRAxNTM6^Ql2h0;vFDw+v9DF9*spTp>p>aIcmU5_s#@jOP2%D2~vv&m`k zwvz%+==HAYGelZYjEpLM)uYO#R@V0jA6290 zapaoq=5?uLS4v;^2IpEzcyMju(A+YhP3g!c-^NWnj$Zg=bx@y)0m2j0)=Cy{h~o^Z z%c8Gd7da*DQrDIF+;ZpA*VkXrZ$I13<5>25k9M$#seN7>TR(M0_2u=hi`RYJUb-0< z!td3loJPNxPH1Pl+*8V%&bnymr_#M`kdJ*=kvB23Va*ewXEtFotl@t0qUIXc%1w<1 zqUtqLWO%umm<(&EP(^C{pz#d>)zi)Wu6@P4;gEat7)B2(o<6m^=*kZtdf>V^O995Z zV;n^Xwnda|_RhbeJW_R1BD$E9GfV!oKL0%P z;)mn04>U}!0A-}OvA*Dm-qc4ut+VS}^HyO-r}oF5)vbQxzG(@ZDmplW6TGvoovA5L z#9x&>e)qiQ+7#0Co!@P;Ohv70)+e|>JWnvcHS9TEl@JHs_lr?y zbZQL3q$m2Lk5blX^{Fu5`LH&OV;x#(lCHoOUpa*rPYalDX?ehk@$#lC&X4I@%V)Vm zL(*q177efZn460wVXCmuUYJSLRu3+;w8W$r=J{xAp^h5FVqmQ`7v#YPW%3YJ{kV}T z^s@N^F^f6=#m+eD>UV_u@jXS>wHvjLoDQE(PVQ9HL>?vF17_V-tKHjF1i z$R;?kz6Y|UdvgWkRO?g2SBp@Z6kGpX2k3z3^?^GwLyvOBZr|dNjIMP3yk(lFHjbhn zY!fRM%Z{_YmjJihNt%!)cD)~t#&Mj?GaWno`1TnE+IjgJ!+8UO22<2W%d0Fe-DZ<- z`RFq|X&a?d-c_cE3MIC)--TtqsHrgMYwR*m3qy~?6*@rdqx7j zAeKD{$AHQ~a0Xyuc9{TVknhr_#5AL*dQ4kMz$*PhY@H?wrNnR9>V~4>id9eP@Oxnl4n3FD+qz$ioV1~+ zdmy&wp+>v+A{N(G*>eW=_RNsuO0?% zs2D~X3!+{M30T--E41xP6l3-4Vl%pD3)~rF6Twx(!x3t+QcMJdAdS}`SPr=AkabJTxW`|B3y3~LO65r;xK>y{yD0iUvys(o# zFx>?E+yf(pKOoAj7%GV{dY$J~FCc`zfD?8$T}TD3!oR0@%hz%DB4$p3B{slvTO^mF zVXqk3tanJm^~fu^D)qx>VlHofm-?dAdOdAIbMcN2f(ob-g zp}5P!Qm;eq)I>~Et|8`bpuwK+#$We*d;cqJfO@(9om0G7;*5QNODbx3sZo0Rr z{!NbNJ^?ben>F}y#;Yu$b6ZnW0@OU|f;o(`uF-$e-ty0IIR3Nuh!7CBpGFQCH89Ys z5i=F2y(r(E;C5hR+8{Il9?G6Qgn$;HpzUFE3^7jt58bXhfG=^z(R2wqZUftAgkvnxM4?I^N5T5un*<} z>dd2W^7aAgzR(uf56A%AXIp}-3~0~ufIi%}$k^i#V_Oz0+e676zz{D0nltK!Mqj; zS|@U&hM_1D73>V9gznf>m(MrdCRi+cr8Bi=lOu_cT0f>jCRFhB56GBs__$u=O=ptz zE|obASPG-Msnt-Y&sC*hSGw5-a;Y3Fbd2<<0J>-cN*6DRJhgfijFADIJd8Uzup->%~&2N;Cw-fNVLi9WApbyg<~8XYSIR%qo7!n>klYjpEsoUtg!#y zopAm=<+SI^-F60+J7OvXN`e4^pJ26Oz+0K zPn!uU?+3&=Bbt;!1I2_1k;(sA+pVm36Q~h|VT&?D#tIZdo$=kN?~HhW}t*+vgOX zubwRfkqA;b)BDswzH`5@N#6BZHAl@4`O#+`=s3re81GuC;;T-M7qmY2AuDsW4P&fD zIG6iStavNS>2kZ90{{WNJQ!vZPc~YyJi%2fF0wPtDmH8S+K@w7oQZz7! z9Vl4@G#n?$m~(*-+2$AxC*cjP5NZIs0{vE7FevQC8#}!r)*|0K1}b=k*1u97)k4RN z?<1D)%mpgx{9PzM;{AP-Q2Krg3$~4r?=p3#y91Syc0MF|Zl6a{cg4nEpscyG3UC$=VJZXRh^(IvAXUuc$M8bc^#!udieVDOG%2dYmNY>~~;CILNrnyt*% z#xRPQ`{!!X22Dr5{DAcE^nm(C+i<{}VKXu=aeHj1e0&)JCj^hv(kno#&{@0|&()#T3ar7d5d@^f|6?{D1nS8O!T?>v^sfPE z`W!gtG*9#Ly3^6V61FaMGGqpP#w@$@TmbaCU9s>OD|HstxMq5dL{dK=)CQVpP3HP0 zXKfOpXh6guwvfIddXDZ!VDDtWyJ5?hJW@9CHt2lfPE`OW)7E1P#He!c&zPtp?S9yV<4a{de6G7nmPoGm|Q zj&_dB+R*@K(&#FaW%FcbLwb0+hhD0_#An}Kdx3{D#i6~>TjqepdT;f@>!~ra%(*Wt zxlMBI>vb?vu>e7{IUer5WNV#u&(!YOk1PBh zC!2jkm$MBEZmcn|+#&VMsWmpSem#r<=RZQFt7zL~U zik{{U=sm{cS2{|D=1feO>%M}^1_N4{u|hGon})i%f# zN5C#=74aJe+=}l|>ButeQR1THXpy#kh)W^mB37L0192-BRrT1*AMZ%u1LX!pig*wB zIlD{aHJ+_SE@Z#RvFs?;n&kM{0{_+wIoamcJ%c7WUUZ5wZ%=ezE|aj5zN@~N&Za+n z5b`q82a@%t*A>>%QQjjrDb-eJTw$Hnw0jiK>-34@Z4rwb(-y8dx>mK!DcY|x7z{H? zEK0@j?Y{lLJR;R}^Mr9m!AwBI9iEhMw_B`R!QS=xShb?f7;DaxgtAD6Pb@l2EwVXh zf}`%uXm+TWUG%dg+tp$dWfF#_1@C^c`BMAh_VN}}KOQNp{gk0vT}4YSS{gUZ5MWIdF{tKnuzkF-v$*j)W#%fr>`s*liTRcf_XCDzyS zc^G$+0#19iVmYBf8Km}%oH_Y?>DZ~Q{_(4!nQ<-Lmz(`H)0rgRRm%k&p^VBD+Gt1C zSCws4=`eejUP|Tg4{B&#*nMm z{SnW6uBYS=!d}f+dGro#`F?&?Cd%C?bhO$s3Oc}LKuY>9nif%WDvwg#Xf0YoLIf`q zMPZ4a1`63)@psP|pPU^DRCp3Pj~TUa+QOF?SyBw!SDF%?6GWcoI^v6Fx}Lb6=GauB zQ|MJ>80`yHFuLvS4^(jtdlnX!#e~W$JT;43hLnLk#(;=3f{qf5U*5vQ*|x4EaqMsF z5q19b_IaRcCHC;=iLE~KbU)U@oELmaI_cKq+qwVzA2x;jCvrglJNE*g(Y1t;e%;Y)0fYyRlMLQE9mc%R3FFZ8jW)F|P=JjNxu+2a2ELDaa~=jzNtcDOTT;poxMWCaT;O|*R$6N@&GNJO0eOx1gjhdHD;sv=_`2V$ zIW(lS)C9h*D^$HKXi)eR+x-S9N7c!3kE>6z6qjmqco(|qHpi5|Ek#v!fF8!!>jig# z8npNezuUL{^L6*db(d;oNoi&YEIGb5LnxI>H4Fub@`!M zZI5)v2_ZZuDVK`+TgTwymfe{+_YJgVibv6s*sv9+F;)1=?em@w=yd~}yOen!cr}b2 z&3PNp8EdW3P2-!b6D08z<~G0?Lhi2_@e98B%hLc(w zR=g8=pTaF5rjG?1+wZ;pyw;$OA#svBLJ-H+Y=UTK!>qb8O8u|0+p9Zm9Azj86Ouk)1WtH^{KYXiQ(3K{*0Y5$D%`4F>ci*l-7 zf8!m#dk(aF0=9e+IjnP&@jjG-8xEtBt(W|5GB5!laS3DRZa*kNK97`UEsD!WJLkOV zva)ZK?HcWAN=-jws=K#h?~If=b4W4QryJr%{O7`(Ei3 zRV`ZQhtHu5m1wW7MuiVzufwwsp!qh^xR_}!vY%!F3y#2 z@%O(n)IL|O;(6z*GO;C{sakr+@>=)y;W0S-7;iKDQlkix(xKCHCi;4>QV+@ULJ50< z+XjP34BaH%W!9m&G!6yc(G;E0R6m={tLxSmY9w3i#}3LcM0D%Gb3qrxX>*cx&z*-V=hOm1A3xiBSMv><;AeUq-w{E*HK@s9(G0zG4pJ@%~}Jo4u1lffaT$&_sqfD=&vDG?EL0k3<_&1@L^Q_p^P~+z2j(x6xuhZzlp+VLe#e^)@oER@; z|3scO<$RNf58=rLfRB=+7^j}3%;vQ(pN&n6AXrv%49lL4j`gx)Jfdrnp}fbB+ng+He#{#f6!DsK1d$OI zUXgQGnaexDWVVB$yN>T&AXKHG#@?2!IyN0Ft<%BUgz^%?j&Pzoixx64jyc7Z5qu-I zP07uwD4|-vEULa&#b6UJyN8Is+=e6P1=pE%6}{HUkFs}<_VcARf4~F-yI(a@O1Ye$ zoM>U;@HYK0N}xjPY>*~jeDce;e6L^Myc;FmEmh6_NH8HON^41(@m(g&+hl)o;}{$K z-PIgN{tAC5dC0jeHOG_2H%cWw8lM!vWe4kcbIKWHyuN;t>zK;wnZT2OIlP}11tG#h7{Ceun1nUYe?#2G50cU9&;?x}h0+G`K`i(Jj7Mr5v9(+W!2Zv$rEmcD zGg7(Ts5)NXen4>H8?;ze8^2kwy66AJdC*k+FV^VkM>Br&9=wVF%@{pU{;<-Ma$>cK z+OJlGxpeA4&CocwP(zu`G)qbT4ls#QX8MDI?;jO`|Nh(_;RCxHZo9L>gARkrN19I0 z8o~j0Q>5qNp_I6R_*tSd%dpd%t_YY`^gwK^M=|0M{=^8Il-R74-z{b z@J}84Hf+sens)FLP|8ceFuDGKxE5*vC1H{C^R$D5q`eA656-96L3AAxr;Z|;G1_9#?`fDl<_f|(zKMT-X5;yZ z1Dq@00H@NK+J8X!zoQ&?+i-vTA?(-_ln@%lhK#BcL)^wZWuA6Y1Jbf2`-wrJx@W&M}&R&{G`s3XS;^2C zxwUEa80AH%E$Ug9KjGjwZR`?a`%&G^ol+%cish)Km$H|=Htj1r;XYMk>z9(H{t5UG zh*{f97w35328X$SqKY>dvo5X%WSFLb&}LtF6=4*;6GjGT*OkAbT?}p{RHOX$AP*$A z;ARWV#rqz9OmkdJMW`FVZqE>-OFNA6Av8!|T9 z-(fu0cg*>46hjP7DWAp1j|%+dvIYh1^^{ z8YV|{uhoWKaZK`ieR|Wp_~rPl-Usr=a~J8zg%9Phxc8rxv;r>6(akFJJR=-kg;KOp z?!Nv!o1D3ysm|=%zkiHBEi2dcrCk8>pZ-s>r!Dpr}}M&tJP)2ZoV4{;?!b zx#ij`rreWD)*`%3OswkoNsrc=!R*iNw6K@91adCWKzfllHuVVaoCte`6k%_9fboQC zL)I|Neo|ehnp)tw*xb2GK2tfa_v7%3`4x{3>`Ayf8gX57{IU5!PCbIrvcENZFbs<~ zQiWR*QynDOOwa3|l|Lqx+?UuuKGldPji~XIy61UKX?;Z0HQq|gW3|9FC-$aHTr!wD zaq>=}MbXsfWtH}h4Yz?nnK~|t81HdP)KrJji3Y}$0`$YdX4$s0P3=t`S7Fs8XoDhM zv+1!fTWTW-wz)S?>DVfcvul{ON*v<9@&OB|(DPq_BzGQJU|`Ow^#&qRjFACRu<0mSOwKQF7SZ>(^yYB9L6syr{Z-pz4a2MCSHeVM- zViRt7Q{sT_!^@`*avk;RD0juM)iA-n?>ySy-F*)?T^c+u`r(<~%JSlQCTGb#z-OLw zKGrkVQ-98rdB{9N;5fsSjBOM{@!2fAf`5_MlV+He`j$>vLf3HSWW>j-FSi)6p^!Ck zrfmsQP;*@N;TiFXn##^8yg;l-ATs_NZ9z=_;!>)Jo(@GPXO1%<>$aV@>+KvTy{zkJ z9+t3}?<;7H+9LqJJlmH@=Ge9>xLW+IN63J?)Z*-^Owo<#8OQ17#L~xtN z?_BBR4+uf-G9Y+nSW=8WZ6tzrYNK~^v0+(SEX)luBl`-LCFw=cff7-QND~5>Mnc5P zkwiwm9?>G{e$nl=tBx9R?j;wGu-Hamg!fIePFi3anT`R9rGpHk$=KA%Coh->g9jc; zQ4(vjw)Oi87Ny^MUY{z5wN#+s8`w>M9MYjNQ#^&$+P z(Uh#&-pk+b)quv%W=?!=-@SRmR75#^1ug4Il)JgZcry|_s<$KNWbk57tZds(tyCXk z--Mi_OHGwv={{4jX2N%I=_x+pZ`^%NQWM5>RW)!+7l=X^8{G9<%N}Yc=P{sV64V?I zMQ3lOgO19tFK|I>tuh`ojjV=oB3;vZ@uzWaB~?#OqLtxiCh5nx2TS_cjBQzTbeq4Y z@rTIV$MCDs#Ke_+5j?FYd11c$*+f;@(n_i6=Fl>U$A)QHmU4=@kA!Nw|3Bf zaE^7@kI6u&NfaU(%;R}gYWr-Z1v+!CFOlc%{83|R9P+?erkC|wR@r`(~RGa@Ziq!8{#cVItigVNI@;bXxy_k ztD}Qv)jHvleTIofS}ov^ zbSl{GDW%T>b4o##J!tS+=%Uxs-D+4~Ig`|MH2*10VBE@+@f{K3BOXZOn~5FKokIG0 ztmmDs3%;hdH{I?~>(k1uWeKwZM7=+gUS~$n+F@bFwdes|g}n>!69iu!xztkb#rOTV zKkSP%=J|+VS0U#>t9cdraY}MNhJ0xR8ZOw;sCV4jQ8-(-z)I`RTjij%$@*l}gah4x z2QSm4a!3hY+<21h$ZH7HHxAUD6o3e8Rv2oro zF4s>2s?Hyu9)9VW&SZt7u~Fog@xGhC;42vObh3q#e1pSUdFM6zSB`6LDl%9^YEvZA zVO_J#j@_-UN1_Wn6VnD{-@pr+rI-y~244J_xLha>8n#2@9PRRNS{4qnCm2^gQq=29 z^h-Ndqb69GQrx@f7k25m@?#Qn2!zJ6XW|^1&A^sTC2S*0=B|fec`R= zg(UgZ+RL-ny5DUWB3Zl!8q{l63f`rJT^^*irL%ox_&~QeK0v@Lrre`v(4-R9`?6u` zMDM{C!z)j3l@;C>`B{niC>{rQg4JpF5CDq;TgO;s> zIptNAo0I1PZ^>EjS;BJRIk(wK&9#z@Y&4UL94_MHE1m^x1ss=6_?*vwQF2+YMSgWw z680*Zn>(D~(OQv6Zy%1{=~ic&zL808t`#Lt4m!p0I@E-GPF4OUsj-72D)V6NNSOL6 zhi)KbbH}4+v z^L;P5vHSvDuGZpAkunr%ud=dUF}8ZiL#ow5pFU&94F|W?$)W|9T-6GO1w5~HTx8lv zs3Wg~2UL50cX{ED#i?teg5SDk$Y$;2+wokLf8vVf%4?QNJ&2qqY1B*1v&moED9P&9 zJ^rO@$OZPsp;h8A`hW`8LpN*NF}*NOd^OlpUo(|5pT*-P`djvDy%uXP2&jum5NdQe z-oluvTX3_);@IuY&1*-F@V?z`S32(hl&CA9eLL_ClTQ1J|er@_4%oQPL6Z zST~6lp%0mVg(m;o{Igo$^&4;ur!?5#T$=){KSpmxpT32%!2n4|4O#*q2c>gD*7Uv+ z(guv0Lukq3h}9BK>XIIflftwv1GpAZmQKWyQ~|FX}u0~xj3IgbJ8Qdt+T`X zJvd!}2Il{?0M{P@aeseK+d>;+Ys8t_GXN=CvorBfrOYG^~o#4k{0%{*i6 zxkW0gO24cYz*@xt14V417CD+mIk&2$jde#)6TxC;`t^&VDPkG3cbub+JRY* zqYZR2yr$vXz&-`L6Lbv zwCVvRaz^~Mt^6*kRJh`Ij~Emp+_;kaW`w|D0yVq!wU7WjWs2|E{_)X{KMeFnW8ch(-qT4WrqYB$dQ z1t!yf*AnxGtmHRkZy*D9O0RSGp0#+4FJw*(R!cwhP}C?^sXXh<6jF=FfsSWP+^N0t zsa#?I+k7__P`M3Dvevz4W%0nP=-t>iX9W}gCKNy!UR9Qka}kC%-Q4sk*bS{!g|>ekd8-qsf&T<4NRe>h}kjlI*uwuOXUOD$IRXsR!^!p zE%g>SnElJ;z%#dL&q8)exAPBGdvJcT=L)!^Np0CY>Xm=vA3*oNFfIOfzMCQgzCxEx z%R06uFVO;FUtqnMd%T+>1NJ))lK@FsdJiB<7l&*ohrGlra0Bow>y;^CowvaTLTduN z*N1-_!ry?6N8I%pkzAawsrYWt&eraSxNrUD-7!^0>+Sxw%Ce`^e3caiA1L|F%0rp+ zVsGwTfee8AN@|74ICg+~LHz%Y%k*D43jJr-4yZepZNWU!={aGd3OI+o3>LwfD<=JJ z`Xzv=$Dd!KY60hQVhatF5Jb;68CIg#3;R#EDCQTCT)PA1`U|~g&Ewd>jF@V6xnMpi zKwh6g#1lxJZ4Uy8zsiOQbUg||wAm>|;aZV?Pn!Z95T9;kEE7gAVb;;Ketm{k-m-D$ zQVIgZ=M7rSsK+92S*dd|iD~C?-(jP+8UQYncD%raU8N`RMaN|-yxApGw_*=xJSNVB0 z1q9F-RBYqw1t|kzz$Yp+edui!SEb0+LCX(;alA zNV8l=Kup|DBuSk1l#{TtmCnTYuC|rR``u=TUIs&5(^!Xo#B3dbAvWd$6=Xv<#1{~c z5vv^dACRS9UQol>`vWo~Q3!CUdLd_+K+_A?g5(z!1PQuT|t| zk&1HlcaGo>HLElE@;VeU553(x4BAG&B6=kMBiWkg*fO1V**>vFg7KC?L&aGi9S&!k zyOmQhU+or&$7o(C+|sAddgd>Zi5s6aTfdkp@~${63j#M2(w@11%d$1YcB2APgYKFC7K#%U8wz<58$WL-BU7cn z-`>FZo=V%zDCD)v=|^TeZ}owSZn^k^=Xb(DCFMQ^ZP@3&w7^uhlSE}3<3MlHOm=8@ z4efcf$2sQQQYBXJx0<7wI~hKn09(w{G^Qq8W9sE?7a$$7dAzg;`aPQW;F)#;vsWLv zt`u;}EvQp-O68H>3>FZI*f{N=DJlB`k<9cGb81kJrdH4zNfBJCr<8^xnx^NyVW2mx zcf)G(!*nQ6h?{SM_$flSPh1*J_Lm{Br4l4Q}QA`N@Bd`Oj$i`Go#%R{J@({G88! zu0;QPYpCh=mGM!~WBA*W3)mOicj9Q=OC&1osnYI>zMF8^SojBS8TILbX8UDBkX9)M z@B#qAz7ee6th+hDc{Ko{dTlF0S5A_lyBQ3~NV@JHAQ~3FSWRb&<_A|jwiTSK`a+?k z^B~1|J@*wsx(*GI^uTWeR`+8Q!gi#MIo1{z`eA<@e<+01@fcIW`>bvsrD(d5^Jqrl zi1p2W#V~B1-r;6`NB)P(ny(hW!U!Bfp<74W`?BOmItI$&a35FY6J~?%h17HM##gS` zVp%`fJ9~`N5zs+VzFDB{puE+Q_7p8zy20 z0_9F#@Xtp&(t7b)Ia{HR%YZ`}R|YsdiK|5-;ZVhVSsWhE?jUn%ZGg`6^Zd_o_!$pBpNrqm0}sGdlKtEKkj3c<`nGj)s5g+e ziB<=2wfV+4@<8B4e%wxej|oq2St6p`ETUl`Q1W~6Y?I?)|LRy#1DM+}jA_@;?LB3A z(>4@efu7ZIf#E{C(dgMGh!URbPPyoK^Z8R=Fm;aNP)H)ntm#|rV2-&VSSTcBznR4g zwrmy%QqRH(7aPd^FQ}i<37^VRc!_h^6LX?a_ZpBvE)jDod)u zA)!buM#yblmt^vdsd83~08g)pjuT}1ZfS=TQV>}GWx#Bl9xs5YHYuvn=f>Gaw%b$h!IF8_NaK#8 zh~53#e7n;1^ds>L*euK7zJW6SvUMc$09Aj#CcHL(Rd!9`5v|whvV<~o0~4C{(YaaM z-~tV9h`coNP+6}5hPI@ED9ypw6QFzqXh?80QB%=%Q8ddPV zH_wn!KnGFzB-D02dnaz7d^^p_r60@>A`5jr{@@r~)cAS)b3FcEhzE?_dZAt^)nFar z1ZkxTm5YDdL7KL#XHlW$5WB+`ui>>wO;xP6!GZKchv7scQB1kju~45TqB3hNuXe(j z^}N{gF}8aH`8DT^ExasVn*?&^8Rlluv6MlK^7e~D&auq>>pa;1;)0+io2CZ2SSXD( zglBi|6Xll1nn-Ax1d4F%4!#)FSTqSErk`TAjnCBNknolN-R<=@cgFD zw6wR)v<$2@qc#0do#|#95BRcJo>`vRi;AJSX@D=2nyO#lhDh%E`Np4v^Dm8@Xq^da zZ`y8X@+}AP7@IB6^eZ1bu#-o#Dc9!Dxu1UEnfqi!=Ae!;uPGpGO+Kj#5$e?f>8{4CB8o&kqwly#N$B!R|O=I`A%svTuRArYa`4jB&V z2WIkQLw_Fr3r8b1t;~>^eqcROHZdB0%3)8EqvLLeG2^?GPz#8Ig~$JYyEVg){{IhW C1DUV@ From 4bc55da477571c361bbe3a8b98424a9e5b023a2c Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 28 May 2020 17:18:57 -0700 Subject: [PATCH 56/84] DarkMode no space --- devices/hololens/images/DarkMode.jpg | Bin 0 -> 106016 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 devices/hololens/images/DarkMode.jpg diff --git a/devices/hololens/images/DarkMode.jpg b/devices/hololens/images/DarkMode.jpg new file mode 100644 index 0000000000000000000000000000000000000000..f2cd7c45106cb19c88c6f5aed5fc9f56d537056f GIT binary patch literal 106016 zcmeFZ2UJsAw=cdC6lunSfS}}fPyrFKP*h6rcmRQe2q-85QBi3kDk4bRSWysT=LkZO zjtW>PibAB@kSb^pLQ$$fLJcI@d2jzCnGI4S9-oQPDDr;+K5aSn?7AkT1rAn`oH{- z{{opaQ5#Leqg;oZ+c|Leqf98KN`A#3kT{?AgdPAz|TZ zBEmS=aCZ>=j)=^eK6mlzjWgz1?GgR`i1eD1SMJPI`r~2YeCulFlC^t}o)Qz6k(FB@ zzjT?hit2JrEp453>o;ur)5zFlv#FWQw(YidJ9gST@7sUC#nsK-`fqPSc_(|qA0JV#{u z;?*hlOHFYpt2{_a3blmsz6Ox|D^BCXnp^n_#E@Ey=zM z_Cqc@A}K5c#uJ`{kPx0te3%OI%jcTUvL3|RO~=~$P@L$Y1RourWv)V;RK{NwOA*uO zR?oK`I}oy@S*3ZoUUd|5%`d?(b;#ItnnhbgTSCQxI5C|toiK{#|J?Hb7rhwH1sj@} zMzwJYo zG+8jLB9mp}#Gb#F%yxK^JYHNMvf{+`6E}8Ln8X;$=rR1^FTJC>gHtt~x`wjqJ$b{m zcX1NIdlKGi*}O~mpTqyB^-wW(H`Yf3{NOqG0X@BgQ!}0==jNQMH zH_8rM_knc>cZX|ElI04Lvqr$-0c}zljAzgaB{r2)YPgD zBUVPz|E(WuEp?@>!fx_6Zy8QEuGn%Q)iG7*{(J63pcQ*{n`Hzsn^6`)Dz5sI;lc`j zxU{sioW&d5wB99i(OLu1T%taOw*?ia>5=vkzM~@8j$F%T~Q^D*Z?6lKDK2mrcZQsI2LW6$3;6P|RMC2S#^m`B z<44O#&L30!L|~feJr67xBQiJjGMe-W*rLw%fe9(L7szD=a%pgN%gg!5umVn}9RwT7 z#Oc)Wk+BhAA-Czr@z3ml3W}dSNBPJ`niSgdj>Jkqi}SGG&?@g@GJ7qB>rqj_@BuB@ z@DWBmP&N4FjPy-Ii$OuL*GVlgq}c>+x!zhna(W#fDU0DFvpU$P(2n)3RPKUuOsj+H zmB&Y@X?$d$7mXm&WywP$Bp%O;mB8CY9vWkUiiu8GclT*b>=jECI~}_KRDF9=)rYx% zkcJj9E2qRG_DN)pPf#%|mtD=f^D~dXazzCm80<4>hi)r{D{q2n(wKdW^XRZ5lZHtt zfk=Y`KP%_wTN_DpK-%XTAnj&a+4Ic4F?48bQkIVkMul)`!#Jbf;yCA0y}^RMLUnzU)~M7iqF{|*}aE}4BCEpg@};N}u&OT7lR z{5d$#5Ek4C4xNr^Qt7hPp|K+Zx^Cz_bojfzduhzCjPu|7bwVqf$_4fk5bh@l%=n!vTAn{2;p!^4nE+dAQ*4o1KN9DXx_%;r zy8T4Q3>f@IhYq5C)088OuKnE2d?aq{EXwo%be|FdzA^ZVL-nG}uY3fTP?4ECDWMzqnk(0sIP~pG+r3w`tV4XHv%h`PsS+S&kbH@P z@$<7Q+$XY^rIhReMKdJ$h(OWN;A9Q#2pC4+FFjA;7!Q0Gjc)hdHGW~N2fUGbo;JJ? z_r~A(NLw1IwGo{|>ROL`s}ZjE8+^nKlu`LCz6KGBPe}Mz(1cQru z7Zbrl`AAqI=+KM133S+b4rRK@vKwxK5piPQ;=+$XRLe(f8@N31E=n&DGX!Gmf)`W9 zFZsDZhykyOQ0D4hYm?>8;7$#1_T3@EkM{oW}{s?t(lW?0sScy^o{*%R3K&Wkz>OUtweg+r$`-IlkGHtX_0<*2!4S!Nr;d9 z5@CKh`Nq=hiGeXo6B5&scwQKDc2WRQA;wsMvQ9t-fdD^s#mQ&1_gjpq3CjBsiuuTo zz*pHH3#y(q!r~*m8G$3{gk2GeWf;_`$H~HysB8S#F&<5S7yRzNIJ;JR`=e;j}Jg3tz1o-djCqFEQ*hZag> zIuqG7Xt4-;06T>dL1h=wb_botmERaK9eqO`ABQwbWTjx~nd6WI3kezMv3|l=+4egy zSiA@@SjtE&+!sXIo!F`7Z&WP5Q9;YD_4$&9hIDw7f%98RaKO6h)DI@*O4wdOqcZ|) zotw{k0SeAI35uEtI)74`?EtP_!ocHN1knS6CiMb}D@6XMlu+3pbAfkG?+~d&Ee;qe z0)}$G>a>G{ueJ~c4bOqLM~MdojcJ0$1|Pj45X?g%h5wX^*!$fiixfi_BgH zPMtEknDqcSiapCmPJ%x~97S7ho13AbdJ#3cZc zbdEH;8tqU9m9_Yz5l0yZsaU`pJ`zM_CG=eb`A(n%kN?34%HCVKfR9v}!%%-Q4D#;b zg>w&(I+n(xEl1G^Z`6H?MwG#Ol7NX{1ySNGV82A)nn1jH@fn)C@glf;NgYb@zysc% zkNisD8pipBfDWzo5_dPLV{w9@zg1Xyvj%Z!b~TNuMJjuU_c@9;p}I$70j3~I)Gzjk zw%{!G%SXTP5fkViA``HGh3h~Y|hFym`z?P3thVhSr&if?|D$K`ilyR&EWvY|P zDD3@IX|(ct+e&Er3M7`-8>e;Nr;dI6snBs4gvz0K1v>#lp=$|CRsy!brIa`%VA~#z z*ot#o58T!S#goT-m4Ss{MyD(KpEP#ieQU${lO~|@tIT}l+)kDW7jg@UEkkWL;jXC+ zBXx4XIxn)o0+ruejb1=;#;bp39P0+}{7=NDes9z_7d&<+X&~WOpWpPWq(tT$1BjZ` zK4m^Kt(NOS`q7NO^k0?ENe=x7yQJ2efmSd`>6X~^6m~sI)!>fcUUC9_=-=qRGV;6C z{te+fVYKS+<0AzTih=)*>W5$?O!}F@f8Ffk-zEO0gCFw-YLn)#imLwAijTSDQ{sMC zz%K(e>K}Fjcl^bPc4FV;{h7*p!CS-Hr{fVPk%wVKTr+Gf_o`I}e-o<4SZ%{e6inIyaS~>AtgQ*#vXF_ORn}pMkF=HH^#9I} zl68$1vN|pKc3oMwp``Qnrn`3T>1ta==9z|Zx2=_CKjqj<@&;zRlPAbW$XU5kpB(GYxRoFGfD$8oOf|0IkVxv)r znd`2>s|I51CPz*ZH+A0jK zV~kcu01I2j3_ zby5ftVHm-}H(?N~ehUc3qlEpF&BJ~GiyeV3f_qI^;H$G45>AunN~rL=1~ zA5khKKVH=w(9k}A$di}*Tqa1*Jb}ukNCm%WY(CaOlQTHe>)AiyZGU`hXSvoZdegCv z?7l-Awu)ML>HJlH<9U->O!kv*`-Tky?`^%_DtyeQkK8YiF=kBZCO>J6Uq=jtG z>hW9$+b;jji_xm`H?QPv74fY9dw3#jli}=#cOT{2KjQUVuP~gyQXxHfaqpV>>_*O( zlhw~n(mMHwa7t!lKyoknd{hJXW+mMNE7LdUBjza?w>4PZ6Pa({rM##lE}E{cB0TLz zu&s!Xs1|4OkZ2Vuf{ArUk!bVj3E zVQNW&f*r|+Ns?z->>4d$N5=K|ZaAKh*mc}D=bdwuSk`r0V^NVgWL;yw3k|nZL^^UT z=x^R^$$!_q++9pLVbI_N_BJ2#vKo~$$Y`~)@X~rZZAaqy*i(P1aeEnjq&4Sx5Fasc zQiSP%z1{7=ZS2yFz}?RuJ*{tjaL)WsRpJNFGryhkez&0^eT&}(v-iJU9ier3oBq+< z%bhhV%rPt4;`oB;(z~k-6|XUKTUO??Tuk0)J8E-GYmf2NudFcmpyF8LF-xQ<0m2ejBe1kdlI+rIu6Vq&z96_@ zW&ZkYIj=stJ|j<5^`BKSHL2uQQbzKpb^ckOt*%v9vGmM<$fG|KGqzpc60|Oz5LzHy z7re~x&0oxSm-jfDZ1rAfahRhdqPllSOUrI~PHoX)wuc2%zaS-L2kJ3SPfqmtu%f={ zZTS)LN4MnWZ+-GxrvG@rsK=Aq@;=A7H!kAEDcX0uKNlWul~xTioD;oHF~-B)Z+v@- zRqDr5((_wZU#|On8e&`^iw_hmaG$-isV8sCgTckegA_aa#AL)o*1w=1RlB^)ZO62S zy24dwm9<8xp@GYeQNyoM=dkDf!E`y5aepN#yF@4L@X|A+i7MZ@OFBdJd($0dSQ-T? z%4d$H&+SprpJ!pPV6T!Z_v*q6VtOaebgm!R31#BCB~b;@O}he)!2({0-GhQ$12rb0 zc#%n)D0j*4^*j1@8Pz7%x$Fwrs1mbH(r2P!iTamSPNVIT~$|yGS2h**8qs(-A22*)$iu$sy%uwGSl)oJhE=RQ$Wa+U(1xDGqkc_6GT_ zXIQyK#F_3gd285*#*8lYf4O+1|7w>;f3bnz=UIgIUFyE^8YPvY<>_50Yi%}Gh32@Y z9lTO0cOk6IR{OUQ|9M@@V_j<>r&Q!OrBjAxew&m9?)(SLeLe59uWgzwUo zbnU1ac=SK)niMCNbIo%@n5GbfcDFjKI6;nsv=JniD6Ep=DeajIsmc?w22Mn~3i2Fe zm-v>Y(pgrA=RxlJDZxbp1=j>ah0{hG@buWDiqKUXjh4|7L3V>w;h5zaClY^AUI0yy zgJd?n2sWu#N?RET9R{$%qF>I0ROqU%aUzYTklBP4AkFot2t9+e1+-l>ZMs#2vTRc6 z`2TaNb3#B;Pw1$gNevqz3$xF?*;Re0x!n5kWmD>8JRlw0$5!Mbl1DrHJvG1 zxi0J1bv)@+dt8{_tB_ExDb(<>q9!MOU$;YcOu1RpV`>s|%y#fty2>uC3!d6X>~9Vo zi<4SsvGd}4xqTh!#=}DHvH5qG9#VY`O|_((>HvshWorK4S5;~i^lgY@91l@SjZI2T zj1wO`c6Y7(Gi9>`U7t9~UdWCYb3a_r;kIY@8Dz~^}@66%P4Le)OVH+aP z>M68Q35N1Jvb*kF=ycnmH*HPH!C}t(GAk<;WA_@PW%a37&7WP^f7Rsate#y@TdVE%sheb%+<#fI;^M0@v7=@@{pD^W=8b9d zJMy32s@r34dh5Jm$hGaMr7{~+uUoe_Uks?7exj!y=%6-(vt z?xz(W4};Li@Ykl;uT+zQE61yitBs0^wX3sgb13%O1pAdT3R(C`K=tG1@U!RoG_Ajm zfpD@CFn7ppj>vLYA&9NjM?QE;_d$r9Jgt(!gBrwZh;TK|%@95v0;(zgE2mkRQ~XyC z7?mxRelnJzIP4%2AL%-h;2PiJLzE13bZ#LjxaE!BNhr=J+*h{!(UWz?K`DC-;$DyRGoM(hvjn|u*8ke*v zp$5wzvSyq;Rv#4+-EX@{&ewKP-KF@fU^TzC@-~f&{n;G#xl$s{%kxXqA1>35ChDGS zRK9IT%<`{(;9vc-l$DN18I-itAfRF)m-n(n%8K)VXfXq`@H~c1E?1 zEvH^x?e~cE7^5r7IYs;MmcYDqhsSW+yY{4D*FYo6D_%BNZ-cXA4LZC}Yhu02`u2{@ zGRs6=wFML2jxy9$?NM!C59l4p(>HLsT_x(`{M&EdyGA{0qdp(puV=T(d39UJh5*}c z`})2eGLK#6r+Y45sm88;nr)UTkrf8#tkw<*PDSAUg=kK_$4m~q=)P5tD1uSUM|iN34w z%Ax#VWp~D)JcirO;>yKLFSG4@HC`-zv?Gn+V@CI6ETR8^XFr-$aUd9m18CKg%gHw1(5c8?` z1`ND=M$j9vUPk^VT$TI)EO-Sv0BeELPEc`^WQb#2tI0c4QM-HG`$PU}H9yl)=BlKB zYr`=Yg(h2roH7R=zf<+7rv22P2GI6H-&BP1_=q&>wj1`hdN{?<^Yx)iF|Nz<6)@=o z&!Dw7X^d-)7F}$B^?U)-Wcm)$_(TDV2UKId&9fR{F}R4*V8VUA1NMShumB^z$q@tz zCvq^=DZ<1D_qZvso+Ali!y0UB`A#nP1AeawS9Ou^qwr+fn3iHjsNDbn=@_!SpPoRsx|I>ZWU9r35VKG6>)7|vxBaEVLQ3S3%v z3%Fz^aLmPkz-(Nju>q$|okF3t4Qwvp(sE&?@~mnGT3JfrVW3jH^GU(2{`EfPU+*LA zu^G42ix;p6I|De2lfq2V##FGHBDAtZu_$FQ_JonYELT;1k|*3VZca79Jwu>HgG?Z& zACK$i$8W%@`9H`J?b5(5)lTOPX7+|+P6xr!QV1vW+QBav$XNU`M8t zUPOMo~SP)F0-2^>Q5eH#oc4Sz2n z?aN(Dx&WjHptEnJf5Sa!aHVTUeqiw1U=`Bfcrx0uIfd{MEmg+Inl!H1lnn`c?8Yq> zJ1%*E&$dSDZ3pv2kui}lGOSt7M=LubVLRY=O5X})E_dVC<$Of7J+QhWU={BMcL(}q z2+ElkSGEuzQNsz`0yi>S`nx5;g)~5}Y{JJ)r70NsSSIv1z~0A@C5{Kx(3mRUj42or zmQj|k^PdF2GSDCm@{-V&t-vU;v{SG-A^tO?1a4}h6D$-`}U;sf$5WY&O8?rJ`Akv6%)e+RggJkh=u^hP(qria16K!;d@o6q1kzu;X8bVa{# zHiJ+P!A$40S+L+A*{1{+DFxe-#@VMoY{zU0k5^|k6c9dCmVsbdC|5$7#w;_?f^otl z!maf`YpX@qLeAjEuqbym8bRxv-0R7PMZ|L}Sm4%?f(AHk@EZZ`&VDzwE=%@assb$G zV-!&S-bhR?x|}!!+d^oIef88Bz#WIGZ$;jO7SCa~W9YD#fQ=G^^(0sd$9J%HC-G9I zf{x`E1HbqJaFKJ0tOnTp=%TUZRMFORT)>ZPl#+#I9B^Gf0SntOn@)Q*xM2@<5zaw4 zaB%82X%DJM96#?0?NqQ@e5jJ}A$^-BP7Y$_D`PX% zey41i7-!LF#VEl5TJ5YTK`pk``X{miZ>)H4%Xg9{5tq@l^5amv%V zunre@4#LvOdy^yRw^1$9_3?Y23Lf2F?A_G!#7SaWZVcuN8tk+$#`hClzYidJ>g&MD zoNM!k8@Q{KOEe~C!WO2yDyj9P0c_H5+5~og|I57Mvzu|iM z7an56CU#+R%CIf~SOb(TmlZlH!Gd){IHTfP`ySw^T2^FJ5M~CO14J#klG3nA%}0pn zq_V@m2{s=D%L|(@#EJ|IaM!}kBohtXD7Q1l`A9X&TMzk9%*v4 zK^hW$05Q38mun+=BlSZHY;BW|;RA@l-b-7ER`v@V{`>erRfk6DW)mVK|4M&8N(j})etKu4yebaojlH~Au(526F)SR(T2toA)b6oz=C)yYTrDs zvs502c}gl^V-`ETM4c(}5bLghGXBVLMIYIPAB%A>8*Lji-J#xLx{u_(P-VT=+P4ob zsV_f2Up|s;Nn$@H-ryW^b*^=&p$)I|7?yc==*IXL)>?-LEYZF@iB4|0s=n@dqtS9V z*WOt1=+E@iBQpxHN6{%-<8A|s&QW!?cqG(zbUPfNYHaaHd>EagDMarc8t%wbQ#FxW zm$9a3Pq|k0jyE+S8yeT=dGE3v+HZ8U-g~&hqtU^6VU?(nWbw3&#Nx2x+~{>38RbxB zYCB)vn|#SK>akMPeIsQk={D=@JEh&fu{<{kv6nL6sqztJtwQjBZ!V%x^p!-bzhwLW80u||Ej3R{kl~%92x$YFRY*4aw5{5+n$y6DP)Fc z?_IEECLj4LG9Ud@*0Gm4RH7)x96L{QrBNnw&wK7G$f?n@xNDZv^~LwV=)vKMt)g#f z%qu;NVd>}Kc`)MSNv%rnX#(atPeIjZau2PthS4;Q$aUo-XDGH1dy+aa5fZxr`0)sYv~b5@vO#To zUBO&kM33lwjgMGFb6tfC(bnIARb^lmWeD1bvYA2xm~jA~3;Tu0|mnU6&Q^AQB*#?43km7mch-i={M zyjsM~#FHtMkCvNAL)OQRu;um7dVNN{XSt5)ng47t6L8#6a9mX2xG#cVZ;<6l=Mx7t zSsZ0o^03XZJwG>H`;Vqk6yEehlRjS;{K{X9k3>=9G2>X;BZCmMBh@v5sR>2)ORQsI zb-y2U6&1;wo*}rO!Z!8Mn2>N3jLCp1-W5Fqv?I;+G!r`hjU9l6C0`f^p2<@@6R^3S zme{E=GJ7t7)woOLVX*bX5MBzSjU8N$Eg}tVKSp|48#$`W>;^8~lH1Oc?O0Jj}D>E+it9NVVgqpk@S86@#j7m|*@7WVRgUZp# z5i>r3%}uw%PU}$FbNNU+J_2mhp?x&8hv0K3^s8HI=7gF*;j>%u=xSyq8lLw{a|Sjy zf0v*+m=k9|Dwj9Ii^Nm~xLH9MjByQSId6WSD6aMSY-cQd#>sJcr=rZs5l3B*7VU)C z>5j)vDjqG=-$Tu*1$Ey^OH6Cnl@}Jc676`vMh7(q*n3e4C}#G;mg;9W&Ntl$wgSt? z9|FtI7+i6b1qJh&XE0rjYZ}9*L;S5#8ePiF<;jo;nDO=ClHmEIp`C&HKN-Nl6IvAS zgce_*1&s}ZqR1IWOVv>*5r8R=ZX@1#z2#`fW50kwz(yAr%!jh6vX$`?@N0_SCDB5Q z_NSwhjV7b`8~g7x8*17|6_~fcdexKd^n!~G<^h@alcyTr?Rg7rT~kl%S|0=&@WM1F zi5|x}VE`wU>^)v$Xtf8k^D|lor8XH(4hl{v&UWMEPvDDzu#7K;uLEpsgpyJMg(x=9 z!V5dy0HAD`ezub>Q7F4juy8L3?n;B2mmE^jvuhS_b904zw6{2-F%UvJyVL$Lz*L*YpQI11dQ<6&?&+ zVVLrS0Xv?)0y;BbB0QgLP57Wu*ok>Wo}&Rb15lZZqSfBaN}L&iRu;Z_I#|hFMjzmb zju5z#D7HKjn->v)os;@TGBd4VbO!SXXt%qSidzMy8S@Hh!;XP#10$%t;cwP{HuCM>;=lWT#&+xY0nq%5u?r`*ujA0br^p|ZiA&HX2Nx&G7Al60cV|)c2q1A#0l^t zu$tJ)^=V1O#ic>;v9}(i6;w}PhzbPi;%J$-}@;VLLdcyVqZJ9j0$Ia}Ywg1z2 zC^m0k4qEjJVr0uPkV1p2jN#?nH5tXG4wwh!L{EUpp=mRTIi)U1WMm^l`17m8~+KZ5)P zJq%UTkk>z@umt@W0hwjr$xyhf2F}pBve>@3_mCby&@1QGQ)YqMC$m8zlo0QTOsZcv zcFy9P-+_Cd;gpbuSND+F3b>&7%rUg+H0GfbN>c(n{kf&gOr8vx5Nu3^l@usM-aeyl z0M7|(BTmSTOt~C*4r4ZG=ez4b=##W)B~Pq~C2}J)u~J1D;?NE*>F1~nGlDZiKlg0H zRgQ)E^qp{+-oN;WTS^)$4VHz5fd;7XW^^z9U_tfnDw2{pth|_vtpfLxsD18x&%tDA ze!~SVl}n#WH5$p{K?J>yRGmwKhW9tJWD+hPDIK~p-k%v~`E^e#I-xcJi7s?>E%OCL zfM;?4%(O!##NpNMQ>rli=cwI2P(G@~gdr966k0~XOi>E0wy&bJ{K!^*M6NQV1)k&v z3N`}>2qMrsJSNS;hyGPC_<%AbdRSqLdVD7sC&G{dv368d;&swg(q^LUEm{K;a$1w| zkn+n}ejWBwaUpSNdlnQ8mS00#tD$7F`IB@qVM;9&?_yG`P6OJtyN<+M4RPhJCEFsK zF+u1dvgIJyZx5hw*N{R(x$pI7V>A9n_hk|Y<99cxa;3g!yI62Yu^b5Q|J%6k^nvl{ z5IlB}(v`y0Eas@VDq-%2E~3IFlU@S87LFEqW}sE*Rxl@|tG2X9e#JYZv@cm49j`vO zz`pOLQq_=C6}n$v1g-cBWKjCc>m&IO;*fQgH(s}WE1xo3Jx7vbSUN>IzILk`cWu1C z^UaFdb$>?4>|61+qy-UL62<#1oBh6JdRd@%>%)=vkObIy>=)P@dyqBiN+R(^E#d34 zJCyNMx+Pv0O_idYyf^JB#aU&6L9J&edLeOg9lbsV2C?0rG_eRp3BBpNP?pblGvo2B zFj7ann=(^NA^2_Hs&1Bq8Lnwtfdf*!hhJBYo@4KZMoLASdNaWEtk+GCd5H$|GuE=! z7Pj|h3NCTeNsqT&B6Y;Mp;wa8V(o6?FbNKS&>6{V9Q~X9R{}LmQIa^e${uCCuFK`6 z1kceRhsBD+m5(@OZV(Je&l*zKWM$7?d*}*yR)6HUyn$eTh8K(~^P~4`00E?Pf&i>gM@u zh;Wi06CWaeW9Cbk>$F6R&}q%w^}O@~nQps`Yiro|Hs4&Iz zr*zFwp!h#t$gLN#bFRah=EIFK-)pB2Dfg?dyZAXz$u}-G&RY>>zxKmzNQT)jWvo8L(Ksk?qpP6f=;0 z4`C%!2Yy64>XX6g9kLaajNe{La@-<*<)y)O4m$G2P<~p>W>r_=2W(PhF(0|G35!m_ z&UoBtbhIlR7>5u%mj*bAF5{>EJc&@WDW!Kpsk|)Eqv{Y{n`4ujc~6fO9hBPGXBmGZ z#M-c$D_2P zw1nVhi-ejOQ==Car)whOZ-yZjS%4M=XK>HvmaucVJx! zuGl~~Tz^uLz@a5AtL|EErXq2rPoN#>S$cZeq^4{}0Zati7T2b1v;-B;SPLqGpJHGG zze@NxWutL*7l3D%B4B3tlin&Muner;eY=3GJkoU-@Su~9p%N!7FwIXFz#XP5h$g8^ zO9nk6WEGdQGKc2(OhkL~9%52d3+GLwah>@mENI-oP1pn<*)XE+nS*^G&LkwK$5Xjc zmkKm4XeSNv2qt26yj$mnnzPjV9~DP^P9Ipeus$ih{zygO#;%xsI`e}UGUaOs9ymj7q34FU8` zjD^=T!#QKe74XrS-WBRUSJu>bbt%5VE<AG*go#j*QJ&zP8(myhqEZUvcjB6HUh z%|6zha;WICh%ML1s@dI8t*FYQWDLK`t{@q*azfiEv%9Wj<>oEQ>FU3+ZGX$8xJNiIxl)$VxaqLLp@3Q0XZ5zrUpaa)i(Fs&WXsBm zg)#G=-S@NRSk%9xN~OQAx@vc+#`5t7g(O?Gr_vX1w~3f^xN0&t%Ai1={0a(oKi4^d>A0NszT_6vW*^nZsz3gd{d z$umF~#fQuT_~zte2oRympnv$1Don(4!z8%hXA;|A4aoop=QkQECNZClda=ApE5&+( z7gwQ=>GefEIUN1>HN{#b7uU>H|0MIG-^ik!a(Y#F-pz#RQ4GK16CdasXPjcFRo2Sh zD1F2%G5_`rn8Xq=Cy%$cHr;U4pQVIbJ)?b&0PVU}HzHj_$}f1JH1@aJVGp4N`31Lj zpD}BdJ<@$sPrNe41aQ5t6xM8rdHwqE#zm#d0j{$B9)7ij{*}c8a~ZDkyo*u6X$Lq< z&utu^9dPp&6?Qo8*pHpq2;_AH6zt|LK*&D4;WLSjc zhKb7LiaynkO7Egd9UJ&4VFoj@XKnfs1qrMfe-syEatG!vSs_Mrr}8cbcMXIM1wVb6 zf4gBo*LTQ?9BG5P1lg8X7U;3bZKQMPN3}Lx!q<=4x>hHqKfkJa-Pp8jM0B~O1JVAA z8d}z@Ss%QZ9mR2K7}!^*rTa?a)r!!;t-3;0;ze||0xD_wX!Q63?aVk1nLQE88^L_K z3zR%*+2utx-DzFrd}Nt(re+SY8!EQ~+Pi$EQqSDcM{MgLtwpflWagYnX|qTRghIHg zke4tLUqAF^VSRo~y_|RHksLczr6cES|11+NmT2N}+uTL#)5CYd!$&cO4ldZ38wyoJZedj%c_Iy_hs8PFwSN7%ys{-cAj^s|{$Y}{MS00C+HMHG?+00V! zQCL5Ecp9d~HQimpok^Vdn^%InlH#V_a8tDnkseM{M;p|Qn^ZVvJ2Rsf7ilaD(Mo%N zu|VYksf;o9DkU>)1zG?HaRei_E+6@wP?8A`t4z$vIFv^`H3-X91Oug)&+olaAlz|w z7@157d_=a3BD;u{Y4`$%R|oCvRP5vE_V{b(w@}ZMXJzXjXeiDNUYdO}i)YNr`NQR$ zVVm-y*B?s#31@B0*upKkgqgjHzt?121e6#ouNl}EYM!_2{K53Nm<5SfjaueW-gJ|f z%!!@(GErQ5HzHc|yytH%Yl|UQy61^Z(p8-Zr)^nv9A{g0X(BspsIAUPwLyKvaav`W zjE=oe;>8S_%dXI&ztozJ3*Gj~$ZX3kiBR>CaJ-k)?B~xZk@2;K0=)6nQO_zJsfEaa z`4V-)_$wbA3Xds$NX1*aZvJaUg-zWjW`Wru!6 zujJ+gEtc8cOe5hg75e%X@A^!R_L^M1jGCOL6*Zj9BLTkEJ2>7&w0Y0fPsH_L%I~$* zU^B~Lk-L8)UH$nb38(aT?K7&m8<%!=Sse36OCx3n601f$Wu$a$9#j5^mD*+btiGm^ zw>Wo!dE=a04i8@%v=s=^*R`jZxovN{8b@{5X1+W{BfDXO9B?r6zWIahg{De*8KnnS z$X3m(i8jAt>Qr4OZQW80VADxxDLg|3Nd?Dp=0pN=6Y!q^8ij&irO^^kI!|6g9hxXO zngfU!Q^;dhho36KQ(;qw^XIR`QKscbmoJCOL_|VO_}Q0TX?VpczEb4aw&>~03XNXu zm*!nR7~ih+0x0CtuX$zvwg3>ayn;GUX(2_rc3rd)WDk?9>eJSM{gf7(q}gpa$I5zg z?gCeq!3?9&a89-LLFt3i4l}z_z9x8O>xR5m<>2!mqZbFNO>+_(`%JT}g`!<2dH?Ca zVkyqD&4Bd=8(T^suhaXc(NqM%Oj+<*e0{_*D* zT;oLpAO3waw?_R11(PZ%-5Wfn+5VLsg87+BxmhJae77e<`4V2 z5<8yPwrLcSdW>!zh@rR>#Gw*1E(GD7Ix+Q8_O>lc#+3 zDJ8;Gp6++BTb2irL5i+}3 ze^q!ScXSl>HEaK+qI}Gyqr0ZShm{$zjCJhh71QZihj)ypc`ezx;;5dd(z>CUoRULj zmhK(Ncej=1T~c3ilaGv!z3O*UmaF{&D_n_3hyRv_DN}s@>Aw%qEwY#4?lh+_Y37cQ z8Kx~lmUK1CqKV;x`7D{}`@0IKza3qBzgz0HS47zDkT;*KJsUStH*s~D%fdN2Y=g=+ z7fRpNp;8@>4nLQo!Q1P-TJ!$)nK^6bNV=Mrq8lH{Nv85nwws4r5Zi7%@%n1vF>Rej z&;DksB7~3 zs{O~7thw?MphF!i7N&6MS9zVrc_%bh@+x@oPG4=$4oLfvw=)mr2PAmdT6a&}xP4AF zy~AP611xsrh9j+n5-vYbdO|atGDlC=Zo()2WB8ZzD;j2|d|8vrTD9=NlcxB5@k58y z=<0ttX2#uQuto@+UT&$s#>Hr_zMagh33qu|$bWUdx3aG;D4sahFy0WO*_f|5Xl~xS z^L~HAI=@3oD!n73QON!GmUi%z<}sRC&U+hJ^}&yjFSdzh5grN5%8-!(*(H=jx5rLP zTqJwXZVg(qc|jb(iVfR-OK4DS?4aGcZ`Ktov9ltDtILk?II4fft4kn_Rer{XPu1czLy+N=-9Ww{Pfd2Uz$}H?Fkz-E#fl|Hf=O8T}i;f+~OG-;hl%AH2VhWG=moz0hApUkK=t~Js0HhQ5QrOmOb zSXh1Jf*>S4P0(}@`Dk2h9<|o2Wm&Q5gWAW&u1}=sK`Qhh)sOJwj6Q?w(H11l1K}YR z@Sra>%50@DzTo2{-9Po6v0Cu>(nXHdVFdxruN*6?JKV*wKA6%;$FDDVQ2n5GsLwbk z^@-#MH*KofHG?`AdWe#so8^Du_ahW|OgC*Ue$N6(2(^{~5{N<8;?M5xy$BBi3%Ueu z@F$j4k;!L{g$2(aq^SsjP*L`(ApTsv z_q%q$a|>|bsfoFE+<0*S`rQ&Ae(})ccgSQfvQv*|?G^Nv3eQmEJWM{cr7kxXCjv@# zgO?(%j}r!N6Qb6~w@W2ob4%*D|!zF;u=D)>-4&2ZA(?QF)3tigvm5 ztrFCp&!~%t>{qmNl2FF?9D*({Uf z&UY(ICP`Dd+1ok)uJueg&N?_T+e;oVPEd=>)us=^jO@ib9A$s+~6DGUcbFa zm)qY>57D~1<;DS>`!7FtSL}+w?2)|tYpoC5H6B@$k61)GzL(G55JEK4(dkhgSRh|VEY4|Gto@Q*b?~>R=2~v?ONF1UR=5@R`SVzYMBDy?w07cYdITe^ z?F{=(k^j|?pWJ6|k9ezbQPpSN(ZrGAyLlZjrrTwb1FZtu%o)Od=ejq!+rAOHs(PTj zV#&e#Ge4au?Dx3Ej$w%wSF_iYzbKI8Y=1}bI_#yPwTp4nqw&=0n5XNkPKKDq5tg{8 z-Qy!KH;|JY`j^K(y?sXH>5GL37;YBZi8ZOj}*&6D)~BU;FEad)9t> zl=S|M=T5WDughaU53w8ez>+&3@y2(FqTy936jtWdOpRrEb;@}+Z38YWbyNJ~#ELDZ z@I)_X3%o0=6EJQOm{xbI_X^`#v!orbH8{s6&D`#L)gTMp7KPpTJE0cfuH`sd_<6l0Hch?baHu>fI?H?dgO9^7jfV88T^b?1-QE==QaNKa3$v}8ljIKc$N$V zufdud?KIcpGojC%G0uGgXYgLOgl$kiP~T8E6O4BANgA6bVie0im~+-N<#ONV+3~o< zc5AeF6@Esy6L6u6)faqkW%yo$);T!!+OnsYu>E7d2?#KlZ*n~W)MR`^pw|?Qua8fF znzul1#npVt_?|!M%VfJ+T6QKN=SKxZYOqgbd}Iyha*%bT^VcIBwPv)cHW5&2&RmH5 z%-4~$VJ$b(7;NLovp={;He~{Q58mge%drI{@1e<;!ZrTQ=-|#45P+BBNK{V94^ug8 z68=s=$!MGlTiCrpMcEBy#oGWJKy4JrzXhwq#hN@Z=Xfb_8K($$t-l7{q&+g~1{FTu zOk}RcaUDuz;&}8i6jyJc3oi`?bZstaY#iQo*td(1jPt+|a4aP1*^WjtH%+9kEdR)0 zzVu}b>$t*;)EIok3BXR%htRi-1Qg`*XcxLi20ZgfC5}Bz!s_ctofDIo#%f+}1m;yJ z`rhrhK{fe9|2VC~tC}`I!}8Y!m&f}>Mqp)zld`h`i~p@-4|n1a54;)$6eLCm zed@HF?#X&a^dNkw=kk%a?eU;cl;?k#chReo`_5j22UmL=00U1Cg(F9l(E<9Mq?z}# zFdIkg9Vs~`Uv~wg9p2TX0T>ZZv825*8)+T*8%_l01xi>0NPzVUV4T&whp^RM$!ox6 zOZcYMny*3Nc#`ITs_TV0Hlq+%>zp2C%*By_aft0?0v|c(P8#APK2uVBs6&5{%*K@> z(R2M7@d)7qYDF5_(1i+I0_Co1jzc?qab8+*7xCga!}LAw>{R!^oOs|CCgQ5?AU-I7 zW`0#Pfdqj6u`mQR4c#GdTw&PBVjlr&xfo}q5m)FhCqK07gBH)kMM#&xZ31tz6m`eX zL;%FXNfa~2!0|H4R7PV|CQrm`5+5u$&YU{l!RUklV;ku_3~xiN1#UJm2L#*z#;y42 zh~Ul|M5wO$VrwGMROcWNU|kq8IDs?5~5TzhtPHslF~A-EQzSGB?=R1 z(=yUV+o)8B(B4pLnxcJ~X_=;3UVhhWrc~$iInMcf-tX_@`+fW#??0U5W$yL5ulu^L z`@Wyob&=)+$tXfk0UxcaLRuGt*ugN!<3F&iNf2+%aD>%;-wX}F`-@jP6lu7h0n<{4 zX_cVaBm_CuPV1iu;-A(7qUD$)t$zmg(FK_6v~SDKXhEkip2!Zx=qZc42bp>9jH4~; zDC;lg?VJhdCm7E{Y&;kViY`_dmt!^47AZ$J%Of}#|5@pFd%Ok z;fp6osX-s?ax4t$xDVK$h*)S1La4*+?Z{hrs{M-N14GcGF!)yL>Tk>dvdmk4eDyJH zRfxpbFpbVoK1iD3`v}8BisndG770o+fWAo6;5?DEc{fOm@!8ep8pbk znQ;fCc^~X>Y=Inv=KxfSUnk4&!4`e;SDdpW%|!-4K5H~bejR>EcAmVmEr>ELMw(m zbibb<(oed=q*&ye_{HQOg-;c?2SlNX_op|S&$|RPsoetB3xw3^uK-~ziP|}fh4BpJ zcSj;@iBVZh`;#mdDX3aP(#mi`^Jz@@CSj5A0$hrSio=qbOW_lDed~OiFagsF1H)o@ zRN}-llAO6Pk`lP_13Rk1nxjs`_i5SFL~1if6_g{=!W&U72{FiU8<9ehPLRd4oIT~k zdoJ?!%dnDzh=M)-g7+Ii$$?^-gE+S1`}iYMsRB*K8EH<`glH;n2}xBf7)HLqFhL51 z0ghGiZw*O;8c3T)3if zU?3%5hJ)-HfjuR*t?;$`MD`SjyAD^rS{->P^b`eSE(1ogObxVG5{Y2V4Xx#mR#M>v z_XyDa$e*WDt-?8yiSJw6hKN@54kOtF_~mXGn5P)$4fK*Zfjt7@r{Rhz>Ih~t^8mBj z^^N5R%t-GBp~BjgAtD0A)N)*35JeWRXb-PIuxP=cC&ke?vDm{9>RCVl3V-8yULeix z3hbD>S1^km>sg6Zl0KFGYNLyIiSOt!K*VDI-d-Pd<&urLIjVqsCM9eE%5!T z92la7G3D+Y^EGs{i;naSKtxgKxi%3Ns9hYN8=Hyx3lXEisl#vL2{1_~-4{&-Ty5ox zgg+{}i!ANKd^d(b2m^#j;ANZ++7M3^3AY(cOO!qlB*E~GGLnJ%sZz*GI>D7sr zQyfZlbc@28j_KC^Ps>5QJGR#HIVke*hM;18yk8C%4aC?s(A%7l++;Buv2`;&4am+^Gd>)~HcS7ib^b zNgx9wE9hO$bWedrcKVH;CVZFfkH#5>>}ikXJSpj>CMqh2msIZk*!M(OW^8>vcVnRx zPaV}+hA^j86I$qBamwuZIE?1aibqPQP}U;Xs*uox zm5pfMKph%Tf8kGmO6%hgJXi4pqT?a#l1ro;p5@mu7Y|;ztoWW8Tnn?LvTl`7#^J3m z)I#t6mbBU=<5>OGn5I?brvvqoJ!g6=U++xV9$a`@IhSQ<#1fLvdlMTIoD9g;KC7?W zrUyTLu8Sxp1L~yqC82-2Goc66OQU0YK4EA9VJ5=3GDN?$Qz{F|f^kM z1nQmr}8G`)92TPTDg*_q|NC`s?WF}Zx&nU69zc6YF}OR4yIv#-I8W&ZH9b1 z!|CkRlUW*@&A<{3#x zC7O!o?phxoM8ztYj#MCXEeJA%*59iMJ)kNTzW^>Kfl$?{a>l1a;5YE*{`G1kFM|tH z-f}eQD~?3Q?pvgLn9)L+&>|s^(6s*nyq4kH(OFp_*|`$KH8Q_f8z zrgkxCCtv*j*pKsF#{aG&P-R@Cj21ryTE~KQ|H~jCcx4m!bOt4(@;xH*P%wG|d1xZ? zAR_X7ZjBHU^V|_nxHjW`+3`mQfoUUH2ZAu!5)>Ao&_Sqqu`1Au@9a<^o}IYksx(GS z_kY+r2LkV))PveI8jABd8GYD|!lIHCk3Y~e@u0a*Wj_NKHxQ_p7?G2G#I}Ij6Z#J{5~u?da+JC{w;vDArBx> z0}oR0E|4TUg0&Yuh38~RX1Y+O zhAzZ{VhesE$iS)kST(KZBk)_3n4lqGMd9>bm_5^$XGY;h2G+Q#GLCDEbRqbTPmtZ6J0K)niYFS((7)4XdZ22f=gw zQ9(MF9#UpHws2)pKJ`4YpTNC>{aWFlPdPsy{RzAw1nJ=SV6#_WeE^v{N|AvRtd<5E z9O!2t47dtyjLl~j<-#1N3k-oMu+ajjOU9A~IDR0P)zlDzTp}%k@v6aiAs~gdU^>V} z|3*_j3np|%X8eAo!v0R@&Sx~LTqgA7gI`b&*PJ1#EzoDH3%TIlr~Fv7r?B}V`zeRL ze&RZ@RB5kVW&+P�JG+CFp@5E;A5S0E*hdYxTD}MA+oYm{2NdP)9DIi(wz1#%dYn z<9&V5MIIqvaT2xIOlAWT0OQR*hEe(G189fP+_PX($S1uj0$J;2w65pH7>P)YDp^>>Dc7okla*v%tS>jjdRAbj8@ z7%l>r7kP2Q`>+!pb1BdjFkt>FhovBko@Rd;r1mOck}gx$4@ssXmu;|q%%LA5cP}wH z8o5jw`3F|OXcbI)kc4ZHP_)emS?xkeBV(qn?di z!vu^ML$DnAm`Qs@lS3L7V$R0$gibo6(Jp|%l80m`(ircmW4hoxwwW0;=5F*IxSi_k z0`VG%ZO>TbD4DnH0Sx1%0gR9(y&WVTCIC7F{sXT$dgow3hWs@^ob50K36XcFG?{Z4 z7$&TdERX~SpkR@`M*F$h=`#fu<_hN!l({c11D1;47XB(|We3|7YlV)*R50Yx{7?tc z;9T|m@sp7wps8mGK%)EF2^?bPA}7;#M4iwKObZu#t^0R8xLfX^R2 zY@}jiiNsGP9D(D592OYH7j}9dsJDu-{q*Vu!B{r)SHM_yvUkFz1Mm(k40Q60CX~m^ zBMr0Qu9~@RY^6@}V*+z0=?ys7?eVq{wG2_QV~`_c-g4#TK)UtN#!#M!2x9iMqS&_f zaQ6_Nl?dfv=OPVC2xR71j{oR_1|R`6mJF>h=Onf@rwYn37ORf_z*`|$C=4OAMtj78 zFs+3|1x$QrHr%pl7ZACVkiwkPqVmJL{}Ue%Heg1Qxo0~pKR)KSsCN^ zEvQC=NV$6zV;dMKR9})u{zy%KMVvAw- zC6=RiUy`{|$Oxj%kScF(`icuO^DD}$oRzxB6&k(@<@qY8kND1<_VU)Afp~78X934s{F!d+>wua9`P!YFMag z)f~&}d8PL=*PXvfU{JYo-5gSxn~P6^jY0f_qIVs{HO}&#v?+^v(J9`)5qlhLdGz~t z4s*R%D((%hqYv>E%U>C}?y`fk-!@9XgVo#%4B$ql8vE#rMlzU#M|?u~PP;>U{$Oz4 z@pTHFGt&}J(Cz!>d5dL=vPlP!T;(Ob){P7r#}KWjxBad_8esc}pSt$RJCACp;d**f%z-0pC6+8TV%p%W@~x@UW9_API;Va0azCfexkQznYT4F4vrIzwDYH?bj#hY z7*I{y*4Pq(TXwdoGR|fQ-imUW3?8UzJTmU|FhndJs% zoW6UiMCZj%-r+$f=&W$r1(8-p9^n(^KM3Z72T}r)!s8P=_IuK80gZ2zev#18g(ToS z@gO`upA;QWgwju)!r2T#kQH6%vkgo^`#Or;tNPTlfn6!k~7zoW_eW}85 zRNDwZU)R{r!9uA!ulo&LMat5|o;?t+b_Jj^mR0V43h*{j^!PMTD}X1*0@ns^5`}z> z*r|j?o&@h82+j-V7Ex&S%3Jmmz%W*m!~W+G`6v)~tYSE_t|;s+w6X%i@q!s(E`}4X z061aFxA^fQboqA>=08A1D}aQQW5M6S_o&8A?#E-$H^kRHA_q=Ax6G0NLk43`*@eZ| zh2a5o9fQ#OV!?R30OKP1%ky;rws{Ppg8^utQuYpW9fH8T;VU8VJcdETFnbWv(tRYB zB?h907{J+U^Jo)Nk$K*$s&o#7f69+FjeKi9Xy_ky=i$qrowMm$^E@p=#X0NzAP$zW zBTjmNa?$JzG6_{xA51AF+&`n?Y2jz5Z-=M6^tB8x_{(A`uxneMlz=&*zh zvq4?XTQ!N5a8+?ISLpuA^GR%9s_Fr^h9KJq4}Xv$zoq-rV?9hckGRwZlL_=+OLg4h z9IQ-YYGop`0%k~sH^xlkqq9uUA^n?mjKNw^g|N#SuC(boyIAQvS@%1Y@m#}14<~cy zoE?$wi5jm?oLqZr)yk6_I_e(*Zlsh8=S+Q7F!*R-@Vu%vyh?Cj1U%4V3E%rS;^#Sr zrd@X>Z!Bk4Ml^i3Bkx=)`F2@;s)lDpwXbsO2XDMcu#rWA?OZ?y3i9!_1w;n%p@Iw3 zuir$OphG%c0FNFEZ>N665qE=|bP*!^zKb0?ynu*t%D1k#xqrPdC2Q=LIGv`Y0um ziuERCRHbrtG@m#*daFIzeB?>~lUJE5cNgxyauc$R(pBGXTE|j$g;?G7@&t@My_wkT}t@#h@d{2Is zHM4$3Dz{PgCvu}>)(vjFr&t(w#4F0`{p0vJx!gPRC?Q|u8!C7Mnsaqe)i!5q)D6vl z##xi`p;wK_ap9hS=&;&Rvu4(oV{b1tz5j)EtdOyK^BcDwYsz%w2wu@crD(REV%k}a zyFF?VFM{mn@7=U??x1&(y^TQ=UB2ysCbz6%t1UOUaX$W4#_iNtZuO^p<-ijX`p-U{ zv;*m}mD*F#O%^$-a2o zlzU#nkQ~bGoHUh>04xR&Tdidox$!Y=L}qJ zaI$=}tpC=uCdhDdRwVxcmMp?-kE%;sI9XMsg&M7sSdZyRD_oev`id9`9S>l1Xh3Nj z=EAA3cXI+3*d2p_i=D8BeVial^HKmQ0`&a;HgN)!T@b|{@}PhZttj=0f$#bNH#y7^ z>$lyQo&`-gTD4|7Tw2c&Ig_0AgM>EwM^db4kNcW%XxKN`Ir7oj%c21Z-o9*;9b)OFrS+vb7IzjT?)dy*6d6`ebmrc&e-XE2Kb)>h^O^%z2J03+b9= zD_f8~ftj_Ixi#IS(OIQ<1amEm3;#jE4*_7?ME{~s`3t{)WKgYi!_BUqj-yLj~mX~RA zjAxzP*Y%+-+P-KoY@T|NdSD5AO?$0=nHu3~*3`$O7UQx;9p`yxo*`#yV|9}QdP4^R zPK%$K;)3_sK@31-65h1^$Y5)i%5{er-4ixO#9k)<#Chj2t)?e0gY?cIG&TKzSzn*v z?Gsnm1A#9S2Xh79tGE}W1YA1AEuc+4!OCxx6?z0P-xEGLdehc9T|}4bUO}hWY2JWi zFx*EZ6FA+pU*Z#cr8I`%hUABWus1gw4QU(~w9bOT(KMi`>E9ea^jB- zajR2tJ5s*Hq(j6#099wkZvN*1oc|6={bysG`mq>Lo4G%}c41d=Zr?DNe5KLk*JS1M z!u6i5`6+Rmb2|F8*i$mr8Yc^aNVlIAT~5hDiaLpdr4R+pSsg{-Mj^+K^kU!%{(VkA z$#4KJ75ln`Zz~>pn%fB$)er?}0Xz*#OI=QRixhn(4px~~+anwKWyVv95UT2(dSjw% zqq^WSkIWB#2*D#(-pxb_SetQ@MHvHrbU*dRfOgI6HzhWIrYoz@Fxazvu|{%x=KMR` zb&uGD9rsEkzhGW5Tl`Dv8jCL~?M2C$jZPi0(WR+wELp*IVgNzpxN0MBHvbwVg4!do zBMRPuig#E!R?t&%TT^QU^5nPNT;{I>S(^nN0aiUE$>_W6%-rG*Z%VbVcFCpdL!^y# zi}K#hUvXr`7N;0)cnORucSV^@s4Pgv+oMt#4vEA*PBptJ6F`*0p|jx3PdIa?abOC%2AUOIauMmw10wVU?sSlWmM zjGup@F$i2SpZPw$x2r(;fbxN#o}Mt2J9FxcUA6Di6WfYX)o(kjSH!K-g~Spcz?=sO z0*RzjoTFB+2N5F5UI89DU<0Rsz}g_nilG?*|9@P&X-dJo-JKD|;XgnR-WfU>n^fdZ zbQ#|EvG09{!<;dU0oh$DY6dXaWyfVeCI+TBKVlvP0f-Il`M&L#aSgHHA%m2Ct$tqK zxX+@4OJDX6hnpA08^CgLsLEjDBf;NhiyV7W!hBk%ilPW$;pp*J5Sm^TNuX0N#aS<9 z;ze+1wf|s`MV*IJLb$l2P2%A8XFrH@bciG0<3wZFB#MSFHu_T}(y^cZ9JEoT|Jd{mWicK8uxN7x|zXuBYN)pbgDUL0^piXBn6^B_0jo+uef7Q-Pw9asm0{uot;ZQ zyB=74HCroD)if+P@phqW0q*qdHK&@><7=Ze-h9{(sPL&;MRF2lHRE%q+6l#2}N&rW6lLh4*W3s>yDyM zFo3s^;6L8j^J$j=Px(ZEhCNFn*XLaN$X`Jj3QMK(Kf|+W4zUwP^Q~+Mha+3kjjwE{ zXhZ1fGQIJ?-rB-n;m#JdOGcN7%gV-9>7A}MoRD*+7de9Plm2)x-7@3!Z=>1F3+KU&kSq=GER%BtVwt0M651n&-Ta=9ES%)ZdaKi}?VdM}0= zkwyM!fnF54pj;@qycT_PUqBow8Nv6O(lRIuCBxuC8A3!GcfxHjML127A!Nbh@-8R- z(n0pc7h*!dfM=C-V*~!ZD0PW$T${@?^flZ{Zs?#4zJ!+x2gYIHOxXS^z5}sWr^2|jz&8kHRfkH!xN$6`zzm^kCRMj4>&m9ux@$Q>7AApO4oG?DV z6AqqRut52uHGtAY=!iD>2XrJZosX5?u4u$_?W8@kaG5jwqeB#(vmKVR=m0D>+=Rhm zV{0NCTd8;CQO;eydMC_v%SEhVScEVR@uN17#~rv%V1lpxKp;HVi{3f(D1f)8mh@Vf zMTARr#zLTKl#s&Ng|W$hZTI&_IXC!(&gj~L4DsY#KEf3vyi~iDh?oR%`AvW}@a}JE z=Bc*!sBrc|GwHyPqTy}(OnM{Cvc{GK>jsuYs%22BvK_Cri)b(hyJ=U_poyAcsBkQy zX0r7+E*_bf8w3sSr5&O16bGmPq-C$Gz;|ZW7I@M{q$Z?4B_YRsc0BAWkndkW<`BC8 zbRe4VI%;QbZ2{b4VJk9HEVi#pzJD6yBSa#*FD|C((h2LlWk<4@X5=o67YVUdIun9? zR2gaLTU!4*c({e7k#-<{q@)M9QO3>N?B!5@1jT6Z5#i{A`epE7e;wEZ9Fx`(g))jo z(0LxY>yrww_ns#n1if3XZ8n_@WN=L)1zrk#hnF6k;K&wriOGf=y*x%3+|j#_0R|S=-?J%vdN`mSfl1QTqzwWr}(i zZLU2r9?_!S%gae6^Pwby6^t_d*nwWuwZ_DfA*UN-r6+rIh^z<}_2?S3gaXmo7^0~k z4CDB8H3CXSRB(7{bX>852Q~3PJD2IhC0%OtaPU%`|3oyDr6S(X9We60W?OU9fqH;% z_;N@6PgSDnR=Bd1(l2S40zLhPxifZWuL=rMct!Gk<@mopuckf#hxZb%c-kNYr0%`yDua1vYiTbSw)0hQKs7C6NovmV0V z4T31c7!2<|C{?w5-g@2G^>nxKt&H{{UgJ!Vp25=;AXslX7C_xqucd0sIJ}+{MA2_c4eaYMbEB~n}WzV7HLqO2s`X0J?Ea0KdmJtANXTdbK+)A_?NxJfKaUs z@%K?eQK}d zy$VUXNs*r(jw_W%b#J)8u#lwAo*&J5T;Y_r%{f8s%Co}jh4JCZ&Wn=Xt3KeqX2O$E zM~)P$O55AH;m&QAGnZ>s# zA0W#|`z>(V!?vNEdiwhKmn+*8V}FIv&yW+WAB5uKjV_);x(lx)37#IqpfMF@Ky<=WWHx z+WqLY(t()e`9BSWPjm3bCvLo`Xu|yAFn%#DF9e-l=Z>CLpbUPY<>dskLkdl2wW7H~zvLX<|RtFdQD02mx9cc;|3aiw>YCyh2F-$MlS;C@Ijt-y5q#c zuDfk$Yxp!nbb8lux$p~g4fgb zc=Tz4@;zP^l?$b1kXAP^V_$l^EMF_HL5Qq}(Xe7KiP)_piWIra{Ro?s+H~C@;p;_Kt+)#d= zB3(EE$lFtF0sqYl5dj4gN>Ir%XxJ8DfYay%uB>5Y60xtF=ql?V+iZ9p$y)$`xzd## zs89pXy3|4FpPB(nWrE6g&{$CZ2Z0H+DU-_Y zXE3qENMq^=mQer*sSOr!gD!q|0a6m{^HvulD(IiF)eHqcizbJm)%-jea$1VzT}#BpF%We~Bb7{w*Z=@*k3nZXz+4{Le{3!FUZB z-ihNIS;e~e%+tXF8Eg{?=`I)a?69P>MddK?^87@ErA+3UVbJB%B7vkgB1XKnx*Og? z@)RH}uUH~uLT(l&pq0e}Iu6_Q4sZ|??RwD;ivF_{nbz7%<^BTUi6!fYWf+mW8SW5x zl5ib@p%SGBOvm<4U~U(|fNL<3*2=rBiux3HAM9FCr)&v(4-dh@r-HRhQW5}megec2 zmr$nx6w=Q#1lxR+kv;nt1nDNP#6YwVs#_8aPnry-acFG35Z43Z32TM?&stH3_foG$ zQ=SCe_cUlDe(HdX#*PG1fMUZilhXYF_83Fbzn+vW6z+J%=*L0u<@rEfKuKd*$Z#ws zy>AyP-^Lg_m2vdOq^wvRWat#5^0WX#E3pz0wGx8LQv*x|#WfK8hrqRn8dvYH)~S!c zHP2ZF$5k&7jxX(?7?EpE0!-aQFIafdKlIbMX2frdLSUK**22$YmdaSXRKOF`#RW+J zN{AEwBfy;Cz#?5#KPt{W1^}^BKZBDsOs~&}upSiKT`d9Rk-3fth~WQkTV=8QW6#plU4pEO>F*?E$*N-GDT}>9{YE zx5-bC2344pr{*|{j2oSg@hs3JA{o(5)`G%&8(}leb~6=BL|7P%&_eW`D*C1xeuqTJ z2#H$otT>%96p^C<#o$h7gkth-_;Eu(^8SKAwWvID#ZXWj8iKJMaFKNW*hRnjokf2I zzE&cQqW!=Lij8F!SZ3*xG0bEW^3U4An6RRN*sng!bXYs|0s?#!#7ubipS1(LAYEIq z5IrIUY62TV);DX&F6k%S0-p?lY6UWGAB>}T`##FhAUNuz_`AMEnESaD)K}3Tl}zVC z>d;KKrV!^QE0A(wQBB9y8p}tqhep<^1VFofXBvq-97JZH#$aOe8GJ?QpFk6dGWqtu zUZry0Z52$8+H$USpK%uekIevfpY|1p3N*2yNH(hTCJ+&^I94CWx_{o}qIN(Yf9hp$ zH(^N^HW~K-SREV9WR+3rtXc`%e5`mFH^DJvc?0Dp(P5{^c!|Y2fjOB@Yn8>mtOcr7 z|BSeAz>x}4t>&qV%x@LJg3yMJ$Mqs8zVrYxZbG1KL_5>{1#CV~y~xYocBW1QSoFUm zZ?i6IB~#mTm&5 z@iEM@WPGIvbjEx;^sGA(GX%2j##S0Pt#R}S8(WDyZdwDBan=4QHO}?r^MWY&yRNn; ze(=%UHg^JK5EBbc(fG%;sTV!EG`b3$sV-_+C*aYHz&}Ae>M$r7kLnUkeqX6I zk8XU>ts+zq`PZ~-{I=2PwMy}}p{*;x%aC}LI4t{mpmXe;BbI&HMc6qPzOa zz19wTDkXYWwXR%SPn!p3#f_)0qtJ?+W#@LK?aNYgQ@Yy!Gv_V-3z0f|P**GQm-iR7 zgzc4UrSk(?HZ)VMOA2sK@u?fLj}~cI1{vXU5_YQ|eNtGpCKYG0BPKUm8h1?;H~+iw zNdFJS9KDylEagkvCaDv92FOEF@A~8J7noHOKI1jZeYN(+-gszrcd6vZEXi@`Hj51I zxYzvHpg$(03ACG>UGmmvJXX|;SWi)omim||IG^%b`Q)Al&*P1j`|gc=Y-NS>(e*N0 z)=}fT*r*egL0G)QTX>{po38*Rsh%)sppes=zIo zuX2&3bkFu}*)Ce}85vUCE#!GcztB{2hQJb@xdDok?KLm|bm%IGp8p%bg#Zq_G`jq^ zos#z0)4ZZDAaw0(4Z`8&KI*C>Kx-io90Va-1~Hq*poXGu2dooEf5y-}F^^sXbZCy; zzDZ@+Yy3XQtquW$aS*g~-JNxgBhIelkwOZ<24_Ewpok`5u{5#B`;TjPJUSaF!qpCk zVZ*JJGi!yo(x#6wJQE-ZFmx>-i*SpVOoW^PCOAz9_pCkX#xSg55KJ5Eo)?A5kf0cHUC zSM0Om5I(N2?Lrh!{lUJMOF*wUHWYouW$XnvRY71ZGE>C?06Il3$!K-`#`&us5~-+Z z4ZXcCp?Z%i5lj%)4s$-C%e9GJfiB{mgS%E?D(O*;&8cSELfwjlb1n5L3CA{c>`%z1 z8_`pq4|$eK8UFaO$Kue9r(MnS%x|sf50}~ZIZnFj7X=8l_H5~d8bzO90?n3%OHB)2 zY>@ILTnYkW|7B*1e|OdiHJsd+Hj`*|Bb@e#3-I_@WZQ$KD_?I?e%F8>`WZZvM7bie zmS@vn5_MIZ3TLi3}o+`|pB>Dp;G$zgK_ z6Zaj8HMRa|Q`3g*0365leAp6110-KYu*pTvUQy@7uN_bJ`Ml_nAg+{rntt1$^JeMc z9}m-IPOu0T)ExE1cf6ICQla@o*T$?@n0xmVJ>g67#41hBc>CGcJ z$pR)lvt*|CkLgZ^9r3dAtW@Jbi#&_! zr&(pSsuOM;wb<~h#6H0*c2H`1_0qPU1n)APP((amBf?C!^?x!^h7wzi_NxbCtgCKSM zAX|jWx*tta#Bil0fU@5Qff0YJh>83SgE?M-*tb}M4*)xkl~|{1;0qHLvtG)rLMx@lJ%xc^P z_)S14jrsxYhvdxFK^q6C_tWU5lzDTgoeb9ETfqk%kaHWq;);stla`xhE!bh+d|IHiKHAyZ zdfs55o>bWU6YHAOpR+DzySbiOR-Rf?SF`0<^eI*OvZ2F^Pv(4{c9*JJm8BhPf8yh7 z#8xBT{dR}j@4X8q*zdcR7@cuLRUzIeSCVTwPVX zleKK*UN=Vc5cR&$=*v}fe#tEWYh}s?@SJZ4HzoYS*zqj+Y4U{iTi5aP-EnUuZ(SRZ z(klAB@r88%!<8PfE2Cr$4~o1iAQb@?`m%DT_Whzf!Ua$NLK8>6LAiQoLaM#9VsrKT zZj(UI;;*}zO*vbCf5B?`|LrE z!Wzr^+UGasG7lwQowoT0cWS&2fq6x?Hr?dc)b%{sLYXy-`G-6GoZYS*^y?!^ehK#C zeZ{R*tcvsx(KThFL>9imNiHfrT~Kn5G+VHOo}&PmEYjinptbr;L|LV>?3mvzbrbb+A4b$KRtzdu6|w?*O1k0cp%{m z_vS0>)21=+H`rer*msK^G|=a~cS>b^o#A7fVrm>X8yJ;U#Jm|qK14CP2>6s+g|03j zx*mmQt<3Qgo>(LN`VDhZrbjzr!8T~hUb7x1D~s>FCuU+rgzX|ZXdmZ!+A zY+7S%2fkM}tj*$^M#7zp6G1h1N+o$~UMps4Hd?3GJ1kUTYcQ+2;Kd7c@C5;!A4%#h zHVZZZQghQkP(#RHsG%yCfcoW`sod+08?M{dggleDj)LA`-GST3(}Xv^+EzZt!3G%q zqyR+FuV>I!5F?o^*WMUXs6eSB_eRSq)FYz8o6BDim62kyFy$-mqoX|AxdqC`Y45L! zs?s5^TiQElYd=r~Pf?$c)cz|f=Sk9C^L5tFA#l6AD~P|Km2|v4i<~DxdBOan2t7~K zwP=4q;0F>q;`F@a1r9J#o7^`(CM;@E&McN`UZ6qIE5h`L?3I_1h(Dyx9eH~FOIpt1 zA)~E~<$k1-vOihuYC>vM@)e8n>6KZ8xYmuwqBSp87(6duney5S*mT00Md6)O3ODOq zwJ2O?5xgSfUUb)@x*ihc3)n+#dp`%?(90pi<*>6FSd?!56~+I8Sdj z3rhV^XKCfVfxGw#!`h?UDK(QF8QGPV$|A-9}`SXg)v!X4Yb)dt?pJ6za+*s8dyeFr^+mu`_t102HtUtPR{dxshu&+ zkjdP)u3fbvLVsseY_!+B-Vp6(TToTj*TA+OPFS)n&3D*y4ix2*3gA=cb%%VVw~JC$ zi7oY7!1s@FEhzu3LTvxaO>0^jJ)GDD3}%rr40zU+!&Wo|JKhE6ai|gG)f!g1a8kGe zHaPeM#KQ>za%h2rn+doXV7>)owJwHD1FgFX)UFY3eSk>{X2*|s;9-t{Dzwfepy{A@7xKk&eVlY)|o$Zq{{RO9m0x3LX zzM#x0RQpPpmcrckU%rs8PV|)Re8OOF7W}>t^?TJt8FFr`&q`)83SAVu)m|{d9s4%_ z{>j)@vqvpbIZ)}izUL=Gs>($Ib1M7sYJpx_S(as^@q&XIoSW*wj>XT{_bD8G?`bjV z=M9(5I6HLcPJ5&GW*`q!=BdB)Qr^XWab93lWmNpbr(dU9e@uPUQcN5=e8#M!-N`SG z*G-GzhVAy*vN!VvkE6f$OtaQe=?PaU;qt#^Z#;4Q!Xe(mDcjb6*uA^VYO>gUL^6u& z!lEDGCNy@aPvd%)B~rVsCuSH*yI-&6?wPiY>duBh4hPn9+{&c#OD^!pf*lLpe2@Zo z(d}3nO&mHh^>m=AGM9>DQGy0~B-cNxnH{Znhv%1U`6)#vC2RX;)dzK|6YnI?+_tE9 zTjIuB^BqHC<7XFV_6cXi+r7!ID~ah@kwU9on17P^Au=a~9b$6c?cJls4Fj#WPPP(S zVkEEE=lqtH^t>XmIW^;=vD2OXMT^$Nnj6fUZkVvI%q^~GT6=ZIgS+l(fx`H6`;ILD zWi0!{j2-mU;+|Pf3ZaS7$LXGapDtQ9lM;(!*R_@f&u&uaK6M}~o3Oyh$SV7-Fe>M) z(C;W;vuj4g>x$WQ0&iK|OVwJMtrPi~;B@)pwkuv_;q0mh1YtRqYqb*xC&iuW=raI8HYE;G4A-f?5} zl(=1`KlBg86d8G+!tuVBf#v_wZN~?_x!~+Jg?kef5Z`D00w*zPg$8N?ZW8V;K=5+n z@;0%Mlx zh0pYrrzXAt@8I>P((bKGikYhe*Sud2c)jdx{K9v=uu$ta74j{fcE6G#bBjqqh~EYbA`=IH>}EMm7}z<9vz32*7ttB|xx61>AI4~ecW z^heK0nCk|(Pv3c5v+Ou_NdsOM!=fJ~tjH-W7!%q{pF-X%1I#xWe7eeF#MdW^SWXoP zHSaiKm+^Uh1&LKlYhY3`kW|q=Vv{J#m&maUT$5p1!$&32fhlFT^P`s{SBI@XJQB}h zfco)dM<=4t-{yLC3%n5gaWpF=w4dNRDC5Lde52p~GrX2;(#R)6TEsXAjG(j&UF2g@ z@&S^(zNRYD22=QOe|__*MXMe~-AK?Qyi6pdxLo-#Sm7dz?$}HW=Xv#0{~$lwDAd~# zT;Wi%|KdG?nwz52PAQ8+b*c}ak%Hejv_zg-?-L{WF!k6(Cu`;4z@wh#1vE!o>BWRd zvn#3ALB1+Bx43Or$|>`~31R79r|bJWZ{dHQiZAjp-EhE>E z;nVgy9*!}OGQx3OVAs8t=SDyP=?ZxA(qQft1HDGwZ=cvcll02XaAY`!eLA|qpi!4^ z(dI9hdETI+2VD5i^)}A=oRyX=%wP3Gl;?HgJ!G0hXm?}1hWfg&Ut;DxI1wP6Bn(09 zh(Q!-mo9X1tLO3}rytLR?08`EtnL?2-)!y^$$z1T8i=qB-zCM7*8DX~b;j|qW^H_`=*Z^$lQ@L=Y`fGvgl zc#=d}w2bg9q)>Khog+z;Z4;XQ+OxU4yZK#K?(C+r?A4p_a$MSu*^04CSKSC~>Znf& zNp&MkUu5Ryc)n-iBGj!|-4PcI_oX0OM(#_Wze+4=C=uM2m4^GG8UR@0O8z7bPUGhg zK1XxIP#WB?m&TF9Ct6wQM}|wO>3W*!!xH@PdYgAK$72&-uUVzduV^6B$hjTuUh>E5 z6{{In5pvsh!-@y<*%rPzKYN(|a=`tS2;J zv}6AI?nYg8} zq}}4d;|aqL>DMWMaCNiE;|4?IE5j?AcOn5p0O7~CS6zgZRO8Jf1^;CbTK{MehMY8Q zl=PIBs{Ta}Ak7zCm=;3W)d-^s#zXTXipOJ~V=;E%h8$f8$2tTdOtCjBLTVDDZ@|AQ z7Fh;w<_i&6z}7QYP*e@i3j9Wt)ZU`;m68Ar(ekDV6>4&K2@`^VC{&hgTsdk6>CFw$ zZwoncTSZfp2-M2bX(xD2P<;d@9qNO!2wU=8y|Qooy^Fi@stliSMb_AW>(%w!m*Xc zk4Uth|AuM!*o5>_%-{`Qb7T?A#*K)$V*KRC@<+{wo*`a-dq40L1zW>Wo*F~fA=|&@ zDGT5!cwil~h``z3#zQau6C;jc>=B;I2A+x@OMMYfjf^K}-(T|-@!vBEI#;Ty?O$Na zz<&c#Y5u@z$oZp(1I|NW|hq@eW;pc4P$7DHM( z1d{&}e;0x<|2OkS&KQxU_)kUFpLxT3j1JKl+4+C7)5h=yjX9UQcUV|rQqOK!mV?wo zz9aRa9at5FZMmr{R4M_6Hux7U#H}pR#)3J=9Ii_Dc>#6|m zUq$*owYTJZstl7E@#4Muzgv&}upVM9^uMHoV-wIptb|;~%$zWWJDk2y#w)IIYioh= zdIpm~eMDl=i;3g6(|D6$jG#h>JI1WKZ|ea@=l9nG z+Ze+-3~*DTZezg4#st;q;tyqa6cZh<1pWFBsq1A>;VMl&haJ!jS~# z>@j>n`=@+C8PhZHg&M{e*aFduk$=b+V>@;%xE;+ZVP?Hc_{dFiQ+;lGLjKA0f)BBC znj*cU$I>=zNwC*U1+Q&ohKobj;DpOn?%FQb&)ciC-7#=O=3^f<{uG=0Tbj}@9edNc zwsml3uvAn>oGZDSwxyrmM!d&(iWl5AA)+tMkT(5nQh-Br$|GH#Nf5CwE!T7RD);q&i_YgG>2)@3hBjIBvu}%U;H= zP>9sqi1UG0ChVo@zx@M=mp8&~gzv(b!?921E}amMWu#150x9qMB|_ZlX>zG9L#mWi zS>aX15H!S;2+?Ia*v97I9`=F{2=EWNu}Isgeu=(vco^GCI|Xs)ApkdlWm&!L==7SmPF@22>T^OuR@Uuo$mOCbng?__F*bbRXQguXY|ZMyt@9`MQ=6r;4I3z3YuR{?SEX`C zuJYoH^2Te;*6a0-q|kZ{JW6O*;e^Nb{a$lcK4{k7x|@miUzzhGDeAdtjbwqc0*ji5 z%>2a7+?iU@@Bi$!mSWpQrRAG&Zi^n|(H6-HW-n|qb08k&%la2oujZ6I%jrqfwC$(f z(OX9<$Il?x%b2L^xHK9kSlVh`q-(1+!lT^kmpt$%TU%fi@A;nQ6~nuGOgv&tnN z_~4`J!yah>L-|+kDwmg+tEu7ihQVmF78{-s-~+b?&u?Lo)=Bi2kWtlk%48kwhFY0P zC8pM12^vSQnH-zb-9)K=PT@M4&Hh;lxzywj`J{}lNTUBt}uA7=Q^Cix~w{=*FaVTS)dF+(QtJj6sxh0sf= zW?HG6mx)IF%0oBb&Zx!hkP991%(mtn1p6pE3ZXBf^-FG2j^xYd-KM1&UO9OA7k%Y0 zk4tf-67IMOv`y>kt5^!1;B=#cZ^HAX0Jqb&Uw*LrevR+O1kG-0c}AdS>PenU9Wl~P z(ZvzheyXoL!&v#;iv&XIsWjb*xKp!zCW6@)e?{+HYFFmYNms$}i<7Ym@?AlNH{pUd z(;!HN{GBvF|I4&Le*#S5y!*lMD_5_ROTj@NpY`{$m*T!92@ZB0u>*HXEl*vuN7ZaG z&I_L(tAm9pnsvBP(^!dgG;4h}jY$z)qd=~Q0ztu&J75ChnGM;EI>F`?ByIrjWMd@J@G5K%pJIH6M17+Ziix5Y@MUO+@>IiHq2pzW=Jc)4GJ;JMiRcjL1!u~u$5*~J9Iy$1opFfkbT^bVX>N+nw#1>gXZ z^WXmYH>Tyb(&scyj;wSFhIsVKN@^w;sok0X^NkrsxFrZnNS{ePa{=MtKt11F1 z)x-Z$U103uq){t>Ztjxb*8J+Y554s=ACCQo;A9u>O$f%bF2nT$RwePA^UB`(wTsej z8eFM@W8{;{mjE2OVEV0KfCIjdDf`*U>c%x?LSym1-`)6ke!FTovq?I8;_m{0TinQH z60umrmL$!uxa*-kEOc)y%MLY`@* zW_ycDCnTu-TwW^KCJtsNv1X4uC6`-yc~?Cm)wD_ZHGdmYME0e1PN(tJJc7Mkx)y^l z)SK`X_w*M??w#7W=Px}1zUM9Q|LSiR@o2GAX4C9jgtmLIF{n$Z2ZX^E?uCJikP0nY zzh$_rsW8w(_&DnbE>w-F z@Ul>k5?1jnc13Z*r$v}{9Z(~0-d|0r$*@*F=eu#LNSd4LQ#M<1ppt=N>ioU1SvJkK zfYbb;{^+9bN0Rx!7DWaex%>q;OD^FD2Jw9wGA67o=(d(uvOGTIqr4cU{gZT84!&Js zqq%=$aoo1h`eyCLA6MA@NZZi1-{kZIiKOS1DYCO`t@7xzvTt++t-ejz&~`wM`YxLC z+0Klqku{5LWKT#@6Kshwb$4=|8EzTTNAEfJGIrsU&vt1}!R+Rnc8@%saOkEhe`>$V*e32|F?8=vr7Ep4RJSb#qv829eNbq zJ)q@iWM$O6UgsvH%VR#J4J*2G@^&ymRLw%PYrX27K3|tB}{G;NptF z4ei7KkGuDdYI4om#-j+RDA)k$77(Q#rPp8qM5KujsW}RW5CQ1{0#T$_1u4=I=_Mir zkdjCjkzN9!hR|z52?0X zuZs?Wt+&R=Wtsw;olg54u-2tvuyx!RxlvtU8MuSqb%4B~%kDr%Bu<3xk}&{T?h9-! zRSAt?`vF6?eS?qCYf;$EkKB7iVAO`sIC&egV4;zW|K$67!US^X{(+5oADu0y5A+Ug zo;lEMvdNBez<(6mJ&LPXQRDt)An$(wMg}kw4uPlB5NZH14WJsl&9j?ea=cJZg^^k9 zQXhp%yecdG%$o#k)qoleAdbXg_bDO(eaA8fjrsJ!g@QX}_UWwn={P|@b|8N_;sK!V z*F}+g%LadZVRWD$*`Qg7?AHC^ge*rL5DgD?%&~j?dN!`QCPs?}J54_|#zXf9@V@OK zKo0q@f6w*UW`B*+GJ%rfe}t}+l>ncwS%4Hb|JN7i(_D$j9WFpZgKfq%o$0T9yFt0| zlFT|XT&*_CSX^W^^W?nOZ&C7!%+(-t@yzfdDE8LCVB~6YOD>P%y|dEobc6c z$^#P0p9Y|l+C0z`_IPE*!Lnj=(^lnm<>oN8z1VvusO#36t$XtxJJ`av{N}@oz@Xqmb2`vZow=VGkV!qRn10dX@Vs9vFxpG)zn4$DYT3s=avIf`tn zkinKbk1EAnMqDP*_zzPHC)e19TbycTd|^`#vKkS-nMD#OZ@r3N^x!ZpBO6XS2Ktg* z2_-Kx&D4Q2XB?MjW{00HJ;&N>k@xKE_DG68bBjp!kcfZN=D{H2$gq!b5BpEPgt|X* zeG-GvqGrCQUJz$$oMK8~tawXkMDl8%E)wCe;wP7NTBVsK?LdhYXrhW$Ypi6nTYsOj z7VK2LGVDqGGPRS>A9OZlpD_4blEy&=KO`S)ZL+*TzVu<2`DLxbQJuW;M$Tj@sfwYg z&}#=gRCC$2r_z#1n8D5lr{LYrI^?s?c6WzjlU9yqkb{l2RZ0pu3`b=nhij1-D??~k zr#eJ*Z0l8pUx;sAc1X7QCd4{F8X1GEX|kZ7AW1S@=0SOl zgZ`zq;!BUs8x@f(flqgN^_gFY>GmWXZe})Scwr$B>?g2@5hkHR5jU;R)4NE!H-#2n zlc;fDFZD!uF=2N5m8GV-4#9Vnr3icJ!Lk#_-1c5r$wvD4+S}At-a9#+n&`N3d(`!{ zKP(972DH&nQ{^Z@-L-<%;^TpYy>{oEuY>xdS??1h6kOO6Gu%3z)dbF&(3A$&F#HqL z&Z}$`nYhIVcTDeU&3;@xYwmJ&JfSH`GN?#dlrYjEY?*Lxu!Q(((c1@~IN0%`ArL{^ z;l=f1IQO$^@27u+hHhPTc<1|$&rj6G@O}MTIm!tK}z`buEF5wJzNA#`RJ>tyjA7rS^s|4ZBKTFaW0!qeF*Fbfac@HQbjgy!(j$~GUKv(ywzb-kUe zA8mOl zvvuz||0hMunN{)lo2Nq4=1*8dHsla_j z+aT9({Pf=B+(4bk{=j$!a+3fJP7@?Id7gTrC^MKBKVxiMc{e~fLwG!qcefW;Ah|q1 zJTE{4zE2+%o})+{atF z%x&WS>D%=!qV0JZY!>@j7%@9AyXrM_SoQJR3P0}3^^Cq^Ykls^hACEyrZp^U(P=zY z)NHb7)8R_wLo#zPRJ;6}m1l}W%+)H}7oT(xGwL93)aR~HQ@zFxxhX;Jj6_Tgp|Dt_ zugzj8NlkWj?nSHV%Br#*sh#NQkGR4ag)Y`>;1?y0`P*qwI=fb0+jHbKX9+qoS|13T z%RPv3efL~7h1|8mMbKj%MF1AN%d3Nu2ha^b0RnPjpC0`-1a8S*S9+X3YC`YgP6)*k z#2t{(@-i<~oMZq*?-=6S>Q(WUWiKzHl55xwCJeNzO~_r*w1MsE+6$aOm^|uz!u{UG zbj*&jR3(mKPB_b)cQ16uDE%e2d@zsz4HY=C)pZhYZoaVF88sWfGIu zF67%AedZka(TUF(>AJyHn)_6$VWTO!X?AM-$N$8jOp4>#QkAR={M=x|%6YPsIyJBa zZa<<{RoCyf#x_s3yOO^sS}{e+Qu2zp=DhuZNe={h)uYBAOiI_FI+sXfI}yixj7iJb z^B-&aij8NKR!^Njw`;{z$Jso=S$mO$BhZ5|5d58is+ zas;21uh51{1^S)YGz%o4oSGhLL$1i468CA?P72>Iyib}*OS{BG_=LRl=(9*{S_V<( z8;y_L^+LKvGF0_6nQ=V(J>03OyP+Z}u=c_f%=K7yx1zPh0|Dw`A+2>Ec!ShoLi)Q=K<*o!%~s@tS_TQfi6-*kS?Qnfnykn%ElV)J)Y>} zPy8m2D2U6OB7I;DVyt?A1mHlPWRb3Voab(@R*~Hi&ytA|-{h5h z!LI}KTVn&&kF^S>CmIVhPMk$tqDnZ?^Z-&iRMfzVy#xmA%7mzc9OW{xU;G*}SOb2-^C$ z+V#0K0F@3ru8_%#r+`GV}F!xIW4aFrX8iI8Ngv-x`EKt?jmISnP!8%Z|KP zX_0UXZ_P$%7#{jkS+Z!J8y9${KpIbdKau z0LTb{D*_H#9H!W=VC}ZLI#Tu^ui(48vwM@MAk{t}*^Eax_shL@DW60*PAJF>BO6Wa zA_40zfrD6zZkOcp#E1*gcH6Z~p3(^j;0huPdTBO2ywO`>3vnN66LCrB-e{y zPMp#{5OqSIIo%M4zLr*(ckuq-4T=y?)qr1u*B>YY~?k>@y`YRLYO%c^RpB2{!Y{e70eCV2IDh5@Cao9SLH>1fxN(V3!vd6 zFwzqJGf={xhl2m*LGE8w5&xHdk0o)BGlJfo#xJnk0l+}`TE)69iU<$(36hn~4!dcl z&z$M^1%Tz;EP+o1WpNX5S$&AA-CP|YIV}T}17R)V#4e>Dyjj7$*Z#j87+MwpGOItx z2>fIJm|bs54zOQAcjAWs*c&i^1hM^>^#t0%K=W*kQf^TJ*lDJ*i+jdMLmVs0XE0a(>n#zzEQC z9Iz*Kh-<&^$yT5kVFpZB*4^k}VE_95W&cXA_8%Cq`%BNPFyZ(1fIhRqZ(Xwz*l*1N zH9p3l-GIUiKbvU%2eN=JZ$YDRRtAeGFl=}g2niX?KSo3UQE>b35@V|WqqPzH%AY7; zK-@_v!agc|70steh>6hrX`Jj7BX6v!?Q4k?M9^;RxrF!O4HSZ1zQGKG> z>^bk5G<#IP^eunNAfY+dr6StlcLmNgQjf#?uDZcaTKxveWyo}r3j$-DfJMT z7MHT?cJtY`}{!f@wFUv+my3&lsBZ$-$5mSA#@%?&3-I$dQtTp5{JnI zQloC%I5&_Q-J}4+ZLtN^mq6QWH=3Ss6Y9C}zrI8E@{c43(GmLJjK@Dex-}65R5XPI z=4fTPT-klwZx#JhXeieC%&ncUtWTiTR2V=J9_?9?WcPFxzc3YZL=YtKiY@spFLw=DN+-Di%u>rn=(rU)&_22t zV-~wH(kxrg{mZgmycz#g9MX;t*(LY#Iw^1PDv)CsylbXJPE62O*C-XUwIim3D4KeK zxxHfQXk{htI7Vys(YMwmHFiLS@ZW!|PVU)A4AHsRb`#FiwV`s5UTnql1_bbwrH%sA z=nW$fAnEqM=8GNZ{d~v;mtzBi_dR}u6w3opHF^UBxEvR#`P+&bU)ORL5Mv-@7J8LE zc-P{%?-3< z^Y!1D8DD-YJU~x?@KW$$AaDNQSD@#77Z_}xKd|}FKIH!%ouv;yuGW~-WZ``(HWeP| zgKPxvoClvmPK58^LVgOY{my6jw{24(1^PW}-&LaYTNIM8^yWO|D^!x`0(Rt~2dZIh zkKcjQ!ez|bOiKRL^2jNQz#}(8EIX6B@qc8(n7iW!7Q>9vr25 zh8lBNjK-7GhLGMMv@c!0n8fkRde2u?n)S9SI-RsCFXo12UrI^{Dv?R&8l`@m;9OtOia-}bxxl{jk(qJ248Y91))Jr!hZ?syMt0DU*kNXCS}TY|DEgR`lyTa~1> zP?~y)*&>H0g{&=d<6~3dNx#n=PkAX*wLFvv@&&{Vs_;8%*lzpX%0V$@i~MMK{>Z|rh}#OS-jsEpB8$OADHtv;?UJ)?K-uuuBfGAJsWPpRmxAoN zp$kQ);KZBzNlesEIk0Z{EmhfguQ;oI>9z}d&{x(v@+U5~AUc^*>=K!7PKfJ|p%$+v zWn-GQ8T48@hIpK#=$HZ5&lPf}$RN|!8#R%x1&T7$B!5K4TVW>5>Zzvt#cfUJFw(!}6g%`|;TUv`3#$EY$2=DvJ08(z(o6DngO_P8vu<4kEzdU?T%fTzSd zxMk+qpj~&P%P%^+KSxP5`-*!Nk3&s?*~A@=MM0C#)#dsLR~_rEWr*qA&jC^8mxvn$ zGZzIff9~wD)IbI!jUzQx9U-t0pAuS^qeX3(*|`!-nTS1a?Nz98p$4!bVcyRqBFf>!~`KwVq{_(H{vSjz-5XR{?& zZ>?t5e3}r+p*gUkxWIfKjK`;D7isa8lcixZhoiq0%nGyms?0NN6gJY&(#QI?U|IP? z3jjUvW!K5^+Xkx&Eniw#&G4m&3OtY9$WoN(+FsXjs%O0)4>`EeF0;>3m=qmwUVG`o z>oS#P+(E5G@I5t=tnQ;j3Abv~i8+CUV%x@Di^}@Tj*lF;SMhiOiJ7KDpO4jPS;br@ zUU&{xyz6-Oit#b;W3IQq-kxP7X~_3d)zgZoV8f!3Dnt?G zkSsW)-urRv`w^I*5agA`FWP)E@?M>A;cm!j!iuszo|66;e!BB@dgia9civ3VfdUOLvk z^PV%hAChd3^FbF^NGbc0nYun#QoMCzGZz*FoeRebZ}A-3C<6}`QPTvN;aNI8t0mH# zy?w?yrBJho!#R9Lt=X<=!sNM^616w;+B^xG)t@$oEuG3w*1n7&l8V33bO<^(2`M-S zLXM(u;8X#gtMjIO%Oq?u{?gg7sxX&gUHvk92}yNp77a?^_1fcUbm(V-iGrYby!=B*MqOh&>&;*L=FC^ATl*w?iWSQ=u zrJ3yPNJJDMvU3UL|LsFRsVbOTf@CL;6-Ln*)?7w)?i%ym`B>g(uiaq>P+!=!e__a< zs=EldC6r;KmHCKHY*ant9#fnNE{02bKHR^oC~@ef+Zq*;dXrua-VWYC^|Ry3k>LX6 zE#Z?YjuiZeA*mn#xRfw+_F-<(mqN}RE4i?NR#_m%su z=r^x4XGJydkt{2-s7P&`r1bF0W~w1_Xf@SOtAbZ{BHJ&RcD{mC5lrgj)6^x+OoU0u z9EaZH-t>^A^hOCjJN5X@YNW^d(LT3{5S(dn!>?W-n9kmpdeJKW@^i`Ed~@rQX>q$Y1T5c^Z2?{^fobqU zpLF!WdeWx(ct`F?OKfRO=Xohk-dKM)1@#&Uic(B2go2i! zr(`O6-FToCP_a|yXSW%5PI_K#+hpH0kqp?J2pLpNZ$y>pWt%)1$- zt&QW+1QlrGV3N&X)1+$jQfWijfXlaz@rd)AP7wqTmJ%_S76@$;#LBwh^fAdN?* zC2Q8S$;RvX>$q>JHxIt6M2HrSA#PVuB`|_zW&MbY%)uo|S1$Uqy59~DxzP4`tbvy6 z|Ab*fx`hxT@_F}B^p%|*o~T;Lf=2d~j$q58*aSR zgjc5oyGj%celRV+urznfCa!bSM*cHjAiQfOe`?>e8JHaQJ34-Cq=PWm4R}aDig5UJ zY|%={>#V-~f|>yTpFv8HZsZ3iaQR#yc%>46zjoFEX;^=+{XAvi?;wYtNUg)(6`&Q5 zLjWLGi6T(jt3y2&#tI2wzzbQoaY}gKxgWb(EwWekzXGSNe(xY2kr!qXGI^lGbXCO6 zX{%k0*M1?v3z#Ob1FyvzN+bhxM%8uX#HAX-c$$(v6SmRl3Q2P6-iJo!kP|+xmI9XK zNvEBQ$TNU&A_2L1(UJ{-OCcF>DMB>uk|h(if5p;xAZx%udc?=QrDdbiIz5LG^lZ?> zb>eoRZ*D$q zerNsW=8;(=(1$KGJa~nZ0Nkq3mRFa;+F|bQPb<0OU-LLw$j*Fva+CEipKn1}g zEMkCO^_Lub!v!QOLNxCQ1wvl*o_+sL>22{&)Y*-%FGrIAk6wkx_i-|J?%%i9GO4K% zonNko4(xDiO62W4G%kyiugSLYbTFDQ^OgiuzeO8V8dgdw^M*!L>d^ZGbv66*kKV@d zEFP#Y*=|keoFs!ACyr6Ux4YkUOV;hDIU31QdVUL9#@znqwKI$RdL#B z{&aVt;-YxYzIM-oLv4HVYS*_^G#FiqNgh3J8zp>RfWpNdI88F(nDwZcW0z!!s~W#c zb>!&d3zddf0^%b=4-e_xQmU9efJDolG+6#k^2jfLGwIbG}1(kJpAKf@Qr|j>&(F}s4*_XJ3 z>sfB~;)#0XW1g(`1>$)a zA809B;=^;Es$a`(A6&N>mAe@w)mIGiie%r^cuR^BV8M^soz9NRca|;8Nt7tLAcXj2 ztoLSej@RYD%6;XBq*iS*V`Z@TQ^(1^t%{yBg2Tni^TI=&56Yr~K}6Lz2PXR=C1wbg ziYoGjd7`;zs`$IKsoN_L-d|E@y#C0!dvHIvzD`&(TB{=I$*McCSm)Oz<)?$|hnQdb z%eP7&n0y1tMb-CLCoD%6symg8nyJtfy_;IVmrprkOFwsB!H802ID_3%b>T93Yff%M zgrwQg8(-N48O~buN8bT$i2SX7<@2LMq`7dk(~%CbY73%i`AgXI1IJYAi@ZhexC?98 zyG{357zepuX(%@rQJ3CT(Vd`kYKCLyFC*9RKyBq-Ef9&?#0HaLsPMv^fsqbl-rHQi zXwF#5S)wQFWZc(+N{1WsOiV4W=kI5Tk7iy69oxQ3epG{Qe z=Z_G~S66Sd{ECOwMf!R+br43*T9=ddDe0FoKeDHh+XW5c54~d@Xr$Q#0MZNKzBYdc z2=6g^cSW90Z%#5Qj)5-7Hm)3TeYWN;AXY_Se%S0K(4rLLSnK6Y(%~g9N8Wl}F(a?9 zh(o1oxRLt8icfWDM1GLp#g6kBuplZcU$n-rTnITirluTLqnIXvrN&_ zE1?%(f9bN+lwtHhGP@<~xK8N?TlpUHlr7T<4s)t%WJaO=Jp2M&5|ZM^Go9zgEOcDu zXq!nlR(4|bY6m5^m_o*&=A((&fwwuf!<%hW82>7gMuK?V^wPteoo#L*lHDd5Gi(jf z4|LJxyFSO>FhXO*Vg}I;vV(L5+fr;$>zi}n#7|??18V$F@Nv^IdKWG3_Uc|0r7pCxL6nSx#>p8#95wQ$HptIb)aX*r*uq8Vx|`p za%PwY5=T|H_@B?6GvZnms(w3@q?rU!uzekVRrP(+7H|dAID1PF*ZInm@Ds&>%d)%Z zTIXwL#&7fRP=l^>l?3ZkZ3(HGjaThFy#0qeF4d`|7B}K!1tXYGmM)b8W+q*4j8gA3 z=tvq=mnHK%)E1w%%DF%J9VAlx*I4qWk{Ew!KXR7y-P{v4{QyjkqYoBRcpIAc9BHt*uuXv@@WlqAR`hl9HRbrLvU}P?EjDP!p)K~! z9a-5po}PmEMFW?*Hwig73lBZlS=SUk)4^h`x)kdySQYmEnr)v)g>0<}0SmGl7wrEP zGq818BH&xEMtoDA;M~hmS2I`+RaB4q_@QDpwNHkn+t{fr{c5VlGtS=Fmhodfe&;M6 zEGBt|N^d2%KUhtI9EA$BMw@%&BlJq(at##kyDV-pIlWoU=oIkBm?W7@viB?;9Q9;%QL?UTBJmvxJBQfGLc5-Z4kW~Tdc3Tt7qyH0@!ws-T~ zZhdzvPoXz_Gd;eXi8vNDFg=hvrFUW+p7kKzpw4&Wj<<)wu;z!NuTvPvNr>Ie z+qYd5Ip$)wa@&fa?ba1ezAhBl*OBrfD*^RR(L8`{PvH}8Ot4gs&{#iWJ@%-G;n9t2 zT7m*kJ&Gld(L_HEmLKP)uUVM!L|QH^uZYuv5MQboocRt29_wa4f6{A4`zBc%7bC6mWKrhDi^+ z4!EfYoAisX@DGYEC9YWSk=}nhi78Cs4%4}@2z#(%{psyWmcnh*8wPrLmi`&PsT?2u z`+&5|Lt&hwyd%BZ{=ptbBQ~J7{61d(oes^PFln-R`?~({!>fEAc6(ZZr_w$g;zy7GPyg@q)e)E4X5q!U5Vk!RJ zUrH73n{~<_Ijoyx{Bt?lalo9+X)1jmAxRH_)h~@J|Lwv&2<1TKAx3gGrm+nyqm=Jp zxCWVWVMrTiq42Tu>y5U7^Im+wpfo^>tQDOaW7ec5rb+etNm)P_1@Fe*mCmP)#bjL! zX+L#l#VSf3mAV!F!mH3y_hXx4o79K+d)fdm7gEPlRbs!M@NWCH$4KAGBN~MrL-l14nQw zS1km=XVGzh0|zYEUUvDl!WX+P>mB6-nYfjK19x{pT2-s}v}$MO$9L z_&7cceAPLKq<(lzZL#r;WF(M9ZlViD|?)gupyG}QHze24!Ui=vQNOjpkaMEf* zrq3>&(XCijMdXOn3JN_tuv)%T?07z5d2ObpxKiXg(PMco*;qt^_EjJ*PD#noldeiC5$d-hV!+8+$SHG1BS%f zLNyxh$q%*~t=-vs5xHHlxV6nrg=Q#*${@)7s&A!M)5g<_Z&WrxYetd9RYdBF7#!>t zr8MMnu~x6RxM-BYEk~d=cP| zCH;`$POFl~TpYv2q#1-W!HDEowfm$7)~e1pypnb>w-4q@-7fKauE@p?@11LgyfSaI zwau-)^?~E+N2W(E4_2)@kw@pPsJJ5WDNEVZ_igZ=vl5QnLu=JKH6CAXy0+#hLedS? z_`}`FBTb$V=dPI{^_g}D5zRA)E+jG>{>)STFv|W4Mi$m*R|*)7=|;gFOuve5J`WEF z3>C|)v`R@ETk4w6U|sAZUi##eH(}An7&uvbo5Rc}L|Zda?c|38FTS*vs1&$S2~&)< z@e70x@g7(Qbv^>P`b`91mE(a;1(fQ$=Soj7k}zjGx@Md;PWxn~j(R58F6x4d)$tUE zl|K13Lp%c7A64k%nrDh1H=7VN7#&&u>>h#0aNX>9c3=NcrKf;>b&^B4K;rV=iH8tj zd4}G1|6uH2>PK736vIgtnh0=TQn75af)zr>!>`5PTvodn_7!-PWK@LdXrY)f>A?ae z#;n~@+~J`p_mRUAjbggQ7j2hH#t?9_P(x6dxN7H2ZrH3@p^wW)9YL$3o!TehlK^Pr z)p6zkFqUWf#=CFv!~));Dh97@;$Rg>duz~X_Dn+8bzbw13Fa4AncXa7)K`{@K=Fxt zVW%Y0gj)K=Q>}!ogz3uM8*;Oijq_Zqt4eb*rcL6#UbT(F92Rt-gERfC zOkqv(m3VvuZaJaVAo5(G|J#u1l+sDuadnVMKl+Hf#f@2tFUB39Yp-3UkBUI{jY?_8^Yn=uwQy|!y9Uiy8>ibi$mZKRD>uxp9-kdc1ffoLjh|Jy z&L`S&IfJzt9L7EBJ&=>raj5UQ&3;->JO6ar>D2afT?(VF5yo%8JhkdJ@-g*dZj-ND zk6p#r2L?&I>~RXxiu5{CW^3tTpiQS!2(6$E!l)&G*;6fd-%FVurHwP{M;u>kT+@*C`s;tfmES=xu+xz=AS|K+f%-TSuHw`B_bWdm4qD&+4fF zhwM@Dk64ZNh3vs2i%BWS{(L6@F3kVa5|57~mKeS-p!KmY^LB)6bgVrqBEg%YoKgMt(pSXMK5^RA2H| zFR6!P%-=N%(@*ug2CLYv+;$ePb+yzx-uNmwCu^1bn>z?!YXN*_K%RetHjgf@K8_}XYi)}?Hoa@*~DUtaJ^u-!Q0ykhC9 z4)Vm3s!4{=T~${0iTe#%&-qx0 z$7$|316*#$E(Ew;oT%+B5I^bubDyfic-$*rI1qwPc)XLm9-{>gEjs#7Y%2blg~fmR zJq#eu@9zWj6$ar-`wQ4jLrAC0W-#q^S2`YBk6ru0K1_P92q^Wq(sf6sH1}PB1Q;W- zmkSVYS?KN9b$~~83b~Y)3s4ZrkTHOQ_#c$5iR^uTA@6;D!4*JXGgaix*y1MeXL~cq z#zNARraxe1r}~Ru|K%`~=n(gF>>66%LAq&J2Z@AYKLNyjswcUxA-x>g>}%VAWUYOu z5|lgTtNUd2A!+6tW&0QOXi-%0Oq|X67suq!%|2IFaH|>1+GqXgXmAhEZ3Hx>x>A2L zj4*>mJ8#|P(&Y({(d%O4IxjK-=%6G=`w2kdix2$XRPY^(~97YohKkX z5UupnCc-iY-@0-R>qA%zWyUqQBFP1|l<%OGGg-4F&Jf5F!30Yk0C^!P7OR@Od_Vue ze22}E`fIbj&fh^#yQq+?^wWOb;oG&xQEaHdneQOt{T4E$b<)p?5%!Wk^A<@R13ACc ztC`#9aN46F8&ahAP&<@l`hL<OW8wa(o%vHRS4*gSj;C4R1R$^ z-Q#%T8HB%m=$OCe4bkNZ9)u*R;w33<#H4Q%=3`;Nsr}k9>yW%{49=_5XU*vw?wdfl zfiN*RqO6N{S77HTXyfa@vj?-@MccjqL*1tx{G$tV&u_f(6yg#<)hR};HCxakp4mL@jr2${pS@Djc@$@3c)y`vapkBa{_3mm(hEM$oZTM)^>^o zz*VlK0z1uo3%oBGhM5Pnuo@;l&e2jUo1%B;fb0Naw5|Ieo9)ubes2$otnL%cMau+& zjGPAx?x4K}3%-^gc>C;AQF7ky;7r3-(MSm3Tdd&4Y1&vDjAHK}yYURhzc}jJ407Qd zr16U$UB#&se#D@^rW|dmLIXlXBJ2IrgEC`pg|j^>Jv4>GzEpn%Rxd4f%_bM z$mq@AHR4qB_p!)98j$&w-WdVThAajR#H8oPbV%X!W*(<$(dmN!UF81xE~+q&mI`@E zF9Qw&DrIRNOBG(DrD_JK{#eLh?W33hCj(85{&6xSf1HekA14F*f9B2qK+*7DJ@xqW zWLO#MC~w@&IGk!<8=h1#wpb$$(tmrT;IyV`uaIF9*dEkW1ssS3cc-+0?ylpuqh_mJ zyxq)KJz@1zA05S|(nO1@&|lL;ufc#Hot7x_S}=jgs=!M+0a=DJN3p5}HD2|O=x^|% z!b1L9h?BEb+tkOBBHuiQb!=06MHeL$s&{fM`o|G4MHL{-YpnLO68f5OFTaB>y+_6U zlo9-05b8gpZKw)}@c8>9OQ<)2OFR&@Zn|>;^9fjb2`pXzxkUFDowonO-mPQMp;|e> z-q+_*6HLNy1`#|PS;saMcUMZj$)2hZM{7CMI0)96_3$P}7>SAK7EV~lI_wG+D$~O@ zdDa3cm3V91_}RfM90%i=IA%h^25OO8>_tArd-A1*@Da1ay#?hy(tUb8#f(ACJ4|h*Diil3ow`vCA6+buZzf|9bRO zV~hf|0nG5BGEz>aZ}!9@3&$6+I7_J1jJ(QWz9s(hRE0jR4%0n9jc55sBlBuTklz3u zjc?um6)_Fb`Sc-Xx-KvWVggWgAe{r7;N_#vdj@drr603wpcSl5`i_!h$i!AVkUjR! z7p~R;+FQbVz))-3&<_je5=B4;9w7Am$K>qZ+nWNGf`hrQ!)~e_lVK^=(Xr_O8Mzm% zYeG!yIn2A6o_5oX?mh4=G$9tO-&{~T>&fvQbfw^w=^jK~TA4dns1glwbv2no+v?cj z!WM-p=Cbdl;ZSD|w3(Z@Xo!l;wxif_qo%e%j2p;BgZxyf!ybUfA)DSAC>t#~26GQ^ z@Aj^7#M(Vvm?{Jij#w95+a@q)=Qe(tB;FPJE`A-B=vH@uAr#G$g+4%E{0{P}3zSYt zeU+^3nq+Fac^Hs0;=C}7(D8QkwCdX9TE|o^J-~>Q#BqVdum$1Zd%d~xLG=FB$mngo zZL^_)D(R9tG2Xm0zX@rSiT%qA>i%5!^v~{wpHVHP<4>a61nGE$VnU>}5A6A|Yvz}K z_1Q=|Rz!nXp_cofTkp7fqFHNxEOrTv^`EbD1tAe2CkrNn76SJBSx1OPLhYdNy+3 zjcZQeEy{pY*$6{2nRcP-UD-n2m5eTp12R5FPHX&g>{HdL)7!g|9UVQFW=*)J$8gTd zeJzB=$!EW0hFEUCpROJ@9a$-yudzR?tS;uE=spkjxN6`lvF2OZhfNE#zx)pKbXRHt zI+RQ3s0@+8o`RR%C#8&E?Um+%KXkaJWCczZYVucJX}zzrvJ$4OzISDWYTF7uIZJjd zmJFov5Pb5wM_V0cyRKFVWkkuh@y1P0lfyQ2IElCr#1&G-NPQY_k{%n15|I=+o}D|Y z4B>ow|H8#rev2WAPfn^K9f5Ue`Fzv8MG0L8RPU}__+az; z`o(h__;dDr1eod zel85TwgP*?Jr!UVDn96IH)FJU9Ht;N7UyBq#lRr*EgCO%8$(@9Ec%FGW7?fH57610Q$wU?5;EYEZ$(2H9J z@A;9Yap^Q0YB7?W+?wDg+%Nv{W73m%FMbUuV~mnM{OPe!B0=LpN^A$n`TtLdVV|Ek zX6+!_K$jd8Pf!d*ziU11skRdIaFcybrVq~2!rY+vK3W=V-?y6ei-lP_Fp&Z4Z-?Co z5|PSVMnhKIdXbk_z23%g;Tpc485oZm>$O8~+-WtNv=F1F6LKnZG<|KId}O9w*eY}{ ze&N#vIOOn_bl_U#qI&9ASH_(W(B>GvdF743qzd2#(>g%snJ}T=g{NI8UFcJ_subJ_ z=X!J|X;oQhO7d7`@MfX9!zDcBGPu_oQ!#3?(apUZA!e4Zo9dST^_Pzh3-Vu=9F!*f zg1RNG>q51O$1BuDo_TZoV^VMu;)IXE zW&=DoKb4Q?nQGtQ>puDF( zc~BJ1^+>)=_?Uv_K&vUe#gFxuWFKq@jw7j-pF6l2Vhmtd$uUYA`W8l&v`(qdEsBuD z#q{#Q`~t*nGBQFyvrIevJ(E*RU#kZ)aN2LZH2|UHC%A?&faBqEFv`}Nc;jXc6$o!GUm#?4ec<}S@e?U73==5%e zqgaRR71^=DnWUA0@OCkzeUzN7mRuo|CS&y2g<5P2_>@_bs$vD1KOx&}{$R&Dn3`N!fv&p9;)|@eA?B&xA)dmo{%~YphT5 zO3cg`!R7>p!42GgpU9%kijFn8*AW$dTm#uBMlZW-Wd*D}Tz&rxRsiVFthD+PB0ZZF zJAz+sZuTSY6jk@B%rvSyf4WnqkxV|#JLj^l1c^uRP&-vmAa3?6YjFfR6`76?TMTLE zjOkp+4|5j*nw7(#tqzbAy36BaYMAQ!?IJ!BTB|WN_X#eJFm^q$ATAI9i9$* z0&vfU_TtJ2nv-kxesB|(6s0CsPF6?_W71M^E=P=pwUVM&9J1k@TD3iH&>*}+NuaYQ zQ-)Y)mRqyqqrDQS-z?Nfm_3-xMkyG;ocBeoD2m7B;*~Wp7ge>vrw$#NiAb+$9el1h zjJ4XoSnt_`r+x>u+?&5=Z@Rh55ls;lDEEEev{)$Gx5b$d=fQu|?h9Yj^ ztn|rm=x4?#&uVV@LD#CcHxzv!Wi)YW^#rek15KUy0KvlgI)@sjW85PXdE-HeTf?~7 zoqN9^5y4N+n<mONF*A<5A(rE_dTxm2d8xngzatfR4!A^M|~ z8n-3me&9oZa9peR?zksJJ5|cCy3b*Cs<+bgY5=cvOajR9;#u>lj|iTAZi!miwkv1lbTJ1JWBxmYN=&qG8@Wz-IZdt;C_TD`;f5LiTxD5lHsQZ zuYb;9Wo|%{^nljR3HWsxrDB)auj>@0x68@PVGhRf;SL+`C630Aw45Qztn)P;hdGN$ zMv_Z4S}&fP0>(5A_KT8@Nisk1hr!Z;OpsSQbo3%vohoW4?o$RgaL-lx(?lm+q#Tia-#<=g+7s zC{0pyGYrW}1?%_P_KL5T2wIfh)qjYc*lISRx)!T!6>rrla>U9FKl1ssS~4Yedy}#Y z$u&OXDp1%sGL9(Om0k1r4l?|ft@z1vPYR?7cA_PR+bIch zr%+AWl3ZpB#)BTe)KeZLAigFlm421nyHLAYE9Ss0E&4U}$VRif$~SiV zfq9K=xQo^%-{Ire7`i{8DzGr{;YDuU%!h0$oOkT;xc=M;hOZ}zCpY@Jc|`kKJMwr3_8VX9~=PG$@j^~aAiX$ zhddbRiQ*CeBc?>H2Wx3lcWLh~y#i$%TOIpS;@XTv7e|MSZR*Gp36zv1jnsT|`^cv< zELnnmcQdYDOBk=Zc#$~_o9{P* BhdRPQEZZsejkD=?TdMy{-;orcE(|c-2ndDNT zPiGD^z_Ap!0cE+p>%t8qKJzF^;p!k3pKlLMtPi~W<@bL)o7irk)G# zS6=#1wf{~g^7Qq?gWOi)fpxXASMebs^6Q`Vuu-a3Z5`g&*8i`)_l|3FTepRyDA*8D znn+VXL+F5^+IyYzt-H_J``+LE`3I7>1mfg*=X~aP#xurJe;W1hcbSxml<%9XM7K}Kdjk>g z;h|!gXw4&ON=mj|&zNq(rihl~BJ%|9$i_mAU&^Xt%5U@vbSETzeq?gwSn{;9@{-l{ z*Hmk-DMF)?2nH{HkGwzRdEp{oWjCtmF3hV2KUBy$J$cUcrH?-Sa=va50OrPbS?x)bbTFvc**U^RPSq{cUtXZM&9^ZT!JOOW(Qs#N;OWpS=1ICFR ztkLy%%{Kq0ieM~C$tl=M5{WuWbrsrkVB!g^LqUZq>zK+*IWwXpkI(VLwMkm4I_9`M z;f^d5#Vvllu5tNHbo~!VIepS7^d$88{hB?uS-&3UoSo;%aL*oez<#a2)*9Wyl-%7x zHMc_43yrlY;p(gWV^L$zCqfK+Y*X(<6!i;O#x6G;ef$K}iw^x)bv)47^B5GnXB32f zt%#TVt=Xv1KH0kvuZ#jH$?Df;A2%v6!fg5G_sid61ISVFek0oT>R+3E5WCGj=zm+Y z&u*1pGVNOWzB5UBnP&nyS`&j}b29DH4;7T3&@eqIWl*BO|KOcXALDz$dAwlF+&P7yym5 zz$U(I^^HL}bBLFrb8sL%RbsJuK9JYt@XaBOL;jl_d|T0>OLb=y+onF`P@p=&TJW+m zORvH)YrEt?E0TQFb?Bk*g+-kBG2!T?=22`9S6?l~Uhf8_Hk(qZjZ7aIP~7fwM)dBF zJf6!>`E-(Q1f9cU=b|cHXZlbt2+FvvG71-JEWPO%>!V&%Tz`MbqgUmAuFbT5$MOU(UzKv9&w!EYL=ynbUqH0qmBo^ci|>(B!X#13+-eumb3UoHfNm z(Oq9L2cf&iSL?3-Rd9hxm11uT%b4}a33D0M8h^j{idp7KM!6Zpq49D8vlEX%k6;bv zLzMSjxy{JK3koDmtX=rA7P7C$5e`(>d zJ0cS96CXOzQZ0V2DDBdt)-BmuM7oU{*qaE}kdvPjZgCO=&R7mmB2{pHHuif5wcMLW z)&)2WF7kT$!`kP~0Wef|3eNQK6kAe9Ga<~ow2N4kcr7TrPX2WK-b9MwKVxULq{a!wN2~!;wV*w zXO4}Nde>4c#r%|9)97V3nmJ+91NCWfOX^x$*S-3s**;>j^_T$Prf+fk5MVog))*xkTFzd;U9W;wHd_NupTV5E zFy@;@T)*}70z1?`yh6Ip2+lZjUB0iA=R75Rw9V(#pdz&K*sOdezT)kg!!0{4PRYS> zj)|ihljg_0R#d6>Aunez9K{OOAK@a1UJq9W>+YJiNW40-DpfqPMSm zs*v>`W4JZP)3XO=y*xZs@J2S>4C4Ru8E^+ zy}fUtCa|CNsQ2V^fur&HRdJ2FObsJURXAyXw~n3@Y7y;M;`xOW)SA~JscGUqkmb|g z72RmegN65JS44vfen9LK5;X1n>|aO3gs~RjnwPlr&YY!_%;U4qh7rn99J9Q~3f6S@ z4mRp!pBhA(Z}-PM(RqIL^U*7d`>1^fN$5t-OV75=^S;fq^E?W1J=KWY_gO4N;ytec zC;}dkR#eNB2s;(ccPr=@-B;N3S$viaqf?vLdRjjk;i!D_-LmDwr$aB@Q2`iA*J#`I zWxRtkqSRT&Arsb*zpxYWAdCO@d@~cb$ocWH;OHzbXFyR1vw*9b>hcYW6+Bnfbck~!t?ED)(lGjw3A0wHro`;vj^(dO4 zAz7Dn!IO=hS?bHi{*t|^q4B&a5HFi;{(W>Fb%nCj!^oS~i2c*_#gU zh#Qi_hnrt}DiV|SHYtyt~5wfPteO$~h1zR2ErIaYoJdd_hA?<4P$7#QDxG4gK!>9#_JR zRCJxXH3i;Va!9X1<+V5jc#B{yepkjGuZO{p^B$N*_jS@H%3iE|us*1?ZOZC61|BSL znRvk2xNcrUKF!;dj1ya{t}eU-zXpBnDG+Q(+OFJf1>34I@jmiPh9UE$W7)cAm?zb= z^g7KVO(dvADCA{cPn@KqOjTJFy1yJ}veLPp7RI9#aIv>8be$%!hJTTt=Hh;|C z8cVC5alDLH(O6k%lfdjg{zDjTq=&cSYMV?WN};fK;*M4>^7GeH?GHib+7@b{rP5grG8QV zURj}^hhv^2k08FNskVN`g}XV)YHrv9cO!vp~lsZ(}}j*%A``KIGmHx={UpgwJVhZPrh7Eu+%edY4^1a8n1Ams~>Ez zC>h>)GaGkj+CE{@TeRAxNTM6^Ql2h0;vFDw+v9DF9*spTp>p>aIcmU5_s#@jOP2%D2~vv&m`k zwvz%+==HAYGelZYjEpLM)uYO#R@V0jA6290 zapaoq=5?uLS4v;^2IpEzcyMju(A+YhP3g!c-^NWnj$Zg=bx@y)0m2j0)=Cy{h~o^Z z%c8Gd7da*DQrDIF+;ZpA*VkXrZ$I13<5>25k9M$#seN7>TR(M0_2u=hi`RYJUb-0< z!td3loJPNxPH1Pl+*8V%&bnymr_#M`kdJ*=kvB23Va*ewXEtFotl@t0qUIXc%1w<1 zqUtqLWO%umm<(&EP(^C{pz#d>)zi)Wu6@P4;gEat7)B2(o<6m^=*kZtdf>V^O995Z zV;n^Xwnda|_RhbeJW_R1BD$E9GfV!oKL0%P z;)mn04>U}!0A-}OvA*Dm-qc4ut+VS}^HyO-r}oF5)vbQxzG(@ZDmplW6TGvoovA5L z#9x&>e)qiQ+7#0Co!@P;Ohv70)+e|>JWnvcHS9TEl@JHs_lr?y zbZQL3q$m2Lk5blX^{Fu5`LH&OV;x#(lCHoOUpa*rPYalDX?ehk@$#lC&X4I@%V)Vm zL(*q177efZn460wVXCmuUYJSLRu3+;w8W$r=J{xAp^h5FVqmQ`7v#YPW%3YJ{kV}T z^s@N^F^f6=#m+eD>UV_u@jXS>wHvjLoDQE(PVQ9HL>?vF17_V-tKHjF1i z$R;?kz6Y|UdvgWkRO?g2SBp@Z6kGpX2k3z3^?^GwLyvOBZr|dNjIMP3yk(lFHjbhn zY!fRM%Z{_YmjJihNt%!)cD)~t#&Mj?GaWno`1TnE+IjgJ!+8UO22<2W%d0Fe-DZ<- z`RFq|X&a?d-c_cE3MIC)--TtqsHrgMYwR*m3qy~?6*@rdqx7j zAeKD{$AHQ~a0Xyuc9{TVknhr_#5AL*dQ4kMz$*PhY@H?wrNnR9>V~4>id9eP@Oxnl4n3FD+qz$ioV1~+ zdmy&wp+>v+A{N(G*>eW=_RNsuO0?% zs2D~X3!+{M30T--E41xP6l3-4Vl%pD3)~rF6Twx(!x3t+QcMJdAdS}`SPr=AkabJTxW`|B3y3~LO65r;xK>y{yD0iUvys(o# zFx>?E+yf(pKOoAj7%GV{dY$J~FCc`zfD?8$T}TD3!oR0@%hz%DB4$p3B{slvTO^mF zVXqk3tanJm^~fu^D)qx>VlHofm-?dAdOdAIbMcN2f(ob-g zp}5P!Qm;eq)I>~Et|8`bpuwK+#$We*d;cqJfO@(9om0G7;*5QNODbx3sZo0Rr z{!NbNJ^?ben>F}y#;Yu$b6ZnW0@OU|f;o(`uF-$e-ty0IIR3Nuh!7CBpGFQCH89Ys z5i=F2y(r(E;C5hR+8{Il9?G6Qgn$;HpzUFE3^7jt58bXhfG=^z(R2wqZUftAgkvnxM4?I^N5T5un*<} z>dd2W^7aAgzR(uf56A%AXIp}-3~0~ufIi%}$k^i#V_Oz0+e676zz{D0nltK!Mqj; zS|@U&hM_1D73>V9gznf>m(MrdCRi+cr8Bi=lOu_cT0f>jCRFhB56GBs__$u=O=ptz zE|obASPG-Msnt-Y&sC*hSGw5-a;Y3Fbd2<<0J>-cN*6DRJhgfijFADIJd8Uzup->%~&2N;Cw-fNVLi9WApbyg<~8XYSIR%qo7!n>klYjpEsoUtg!#y zopAm=<+SI^-F60+J7OvXN`e4^pJ26Oz+0K zPn!uU?+3&=Bbt;!1I2_1k;(sA+pVm36Q~h|VT&?D#tIZdo$=kN?~HhW}t*+vgOX zubwRfkqA;b)BDswzH`5@N#6BZHAl@4`O#+`=s3re81GuC;;T-M7qmY2AuDsW4P&fD zIG6iStavNS>2kZ90{{WNJQ!vZPc~YyJi%2fF0wPtDmH8S+K@w7oQZz7! z9Vl4@G#n?$m~(*-+2$AxC*cjP5NZIs0{vE7FevQC8#}!r)*|0K1}b=k*1u97)k4RN z?<1D)%mpgx{9PzM;{AP-Q2Krg3$~4r?=p3#y91Syc0MF|Zl6a{cg4nEpscyG3UC$=VJZXRh^(IvAXUuc$M8bc^#!udieVDOG%2dYmNY>~~;CILNrnyt*% z#xRPQ`{!!X22Dr5{DAcE^nm(C+i<{}VKXu=aeHj1e0&)JCj^hv(kno#&{@0|&()#T3ar7d5d@^f|6?{D1nS8O!T?>v^sfPE z`W!gtG*9#Ly3^6V61FaMGGqpP#w@$@TmbaCU9s>OD|HstxMq5dL{dK=)CQVpP3HP0 zXKfOpXh6guwvfIddXDZ!VDDtWyJ5?hJW@9CHt2lfPE`OW)7E1P#He!c&zPtp?S9yV<4a{de6G7nmPoGm|Q zj&_dB+R*@K(&#FaW%FcbLwb0+hhD0_#An}Kdx3{D#i6~>TjqepdT;f@>!~ra%(*Wt zxlMBI>vb?vu>e7{IUer5WNV#u&(!YOk1PBh zC!2jkm$MBEZmcn|+#&VMsWmpSem#r<=RZQFt7zL~U zik{{U=sm{cS2{|D=1feO>%M}^1_N4{u|hGon})i%f# zN5C#=74aJe+=}l|>ButeQR1THXpy#kh)W^mB37L0192-BRrT1*AMZ%u1LX!pig*wB zIlD{aHJ+_SE@Z#RvFs?;n&kM{0{_+wIoamcJ%c7WUUZ5wZ%=ezE|aj5zN@~N&Za+n z5b`q82a@%t*A>>%QQjjrDb-eJTw$Hnw0jiK>-34@Z4rwb(-y8dx>mK!DcY|x7z{H? zEK0@j?Y{lLJR;R}^Mr9m!AwBI9iEhMw_B`R!QS=xShb?f7;DaxgtAD6Pb@l2EwVXh zf}`%uXm+TWUG%dg+tp$dWfF#_1@C^c`BMAh_VN}}KOQNp{gk0vT}4YSS{gUZ5MWIdF{tKnuzkF-v$*j)W#%fr>`s*liTRcf_XCDzyS zc^G$+0#19iVmYBf8Km}%oH_Y?>DZ~Q{_(4!nQ<-Lmz(`H)0rgRRm%k&p^VBD+Gt1C zSCws4=`eejUP|Tg4{B&#*nMm z{SnW6uBYS=!d}f+dGro#`F?&?Cd%C?bhO$s3Oc}LKuY>9nif%WDvwg#Xf0YoLIf`q zMPZ4a1`63)@psP|pPU^DRCp3Pj~TUa+QOF?SyBw!SDF%?6GWcoI^v6Fx}Lb6=GauB zQ|MJ>80`yHFuLvS4^(jtdlnX!#e~W$JT;43hLnLk#(;=3f{qf5U*5vQ*|x4EaqMsF z5q19b_IaRcCHC;=iLE~KbU)U@oELmaI_cKq+qwVzA2x;jCvrglJNE*g(Y1t;e%;Y)0fYyRlMLQE9mc%R3FFZ8jW)F|P=JjNxu+2a2ELDaa~=jzNtcDOTT;poxMWCaT;O|*R$6N@&GNJO0eOx1gjhdHD;sv=_`2V$ zIW(lS)C9h*D^$HKXi)eR+x-S9N7c!3kE>6z6qjmqco(|qHpi5|Ek#v!fF8!!>jig# z8npNezuUL{^L6*db(d;oNoi&YEIGb5LnxI>H4Fub@`!M zZI5)v2_ZZuDVK`+TgTwymfe{+_YJgVibv6s*sv9+F;)1=?em@w=yd~}yOen!cr}b2 z&3PNp8EdW3P2-!b6D08z<~G0?Lhi2_@e98B%hLc(w zR=g8=pTaF5rjG?1+wZ;pyw;$OA#svBLJ-H+Y=UTK!>qb8O8u|0+p9Zm9Azj86Ouk)1WtH^{KYXiQ(3K{*0Y5$D%`4F>ci*l-7 zf8!m#dk(aF0=9e+IjnP&@jjG-8xEtBt(W|5GB5!laS3DRZa*kNK97`UEsD!WJLkOV zva)ZK?HcWAN=-jws=K#h?~If=b4W4QryJr%{O7`(Ei3 zRV`ZQhtHu5m1wW7MuiVzufwwsp!qh^xR_}!vY%!F3y#2 z@%O(n)IL|O;(6z*GO;C{sakr+@>=)y;W0S-7;iKDQlkix(xKCHCi;4>QV+@ULJ50< z+XjP34BaH%W!9m&G!6yc(G;E0R6m={tLxSmY9w3i#}3LcM0D%Gb3qrxX>*cx&z*-V=hOm1A3xiBSMv><;AeUq-w{E*HK@s9(G0zG4pJ@%~}Jo4u1lffaT$&_sqfD=&vDG?EL0k3<_&1@L^Q_p^P~+z2j(x6xuhZzlp+VLe#e^)@oER@; z|3scO<$RNf58=rLfRB=+7^j}3%;vQ(pN&n6AXrv%49lL4j`gx)Jfdrnp}fbB+ng+He#{#f6!DsK1d$OI zUXgQGnaexDWVVB$yN>T&AXKHG#@?2!IyN0Ft<%BUgz^%?j&Pzoixx64jyc7Z5qu-I zP07uwD4|-vEULa&#b6UJyN8Is+=e6P1=pE%6}{HUkFs}<_VcARf4~F-yI(a@O1Ye$ zoM>U;@HYK0N}xjPY>*~jeDce;e6L^Myc;FmEmh6_NH8HON^41(@m(g&+hl)o;}{$K z-PIgN{tAC5dC0jeHOG_2H%cWw8lM!vWe4kcbIKWHyuN;t>zK;wnZT2OIlP}11tG#h7{Ceun1nUYe?#2G50cU9&;?x}h0+G`K`i(Jj7Mr5v9(+W!2Zv$rEmcD zGg7(Ts5)NXen4>H8?;ze8^2kwy66AJdC*k+FV^VkM>Br&9=wVF%@{pU{;<-Ma$>cK z+OJlGxpeA4&CocwP(zu`G)qbT4ls#QX8MDI?;jO`|Nh(_;RCxHZo9L>gARkrN19I0 z8o~j0Q>5qNp_I6R_*tSd%dpd%t_YY`^gwK^M=|0M{=^8Il-R74-z{b z@J}84Hf+sens)FLP|8ceFuDGKxE5*vC1H{C^R$D5q`eA656-96L3AAxr;Z|;G1_9#?`fDl<_f|(zKMT-X5;yZ z1Dq@00H@NK+J8X!zoQ&?+i-vTA?(-_ln@%lhK#BcL)^wZWuA6Y1Jbf2`-wrJx@W&M}&R&{G`s3XS;^2C zxwUEa80AH%E$Ug9KjGjwZR`?a`%&G^ol+%cish)Km$H|=Htj1r;XYMk>z9(H{t5UG zh*{f97w35328X$SqKY>dvo5X%WSFLb&}LtF6=4*;6GjGT*OkAbT?}p{RHOX$AP*$A z;ARWV#rqz9OmkdJMW`FVZqE>-OFNA6Av8!|T9 z-(fu0cg*>46hjP7DWAp1j|%+dvIYh1^^{ z8YV|{uhoWKaZK`ieR|Wp_~rPl-Usr=a~J8zg%9Phxc8rxv;r>6(akFJJR=-kg;KOp z?!Nv!o1D3ysm|=%zkiHBEi2dcrCk8>pZ-s>r!Dpr}}M&tJP)2ZoV4{;?!b zx#ij`rreWD)*`%3OswkoNsrc=!R*iNw6K@91adCWKzfllHuVVaoCte`6k%_9fboQC zL)I|Neo|ehnp)tw*xb2GK2tfa_v7%3`4x{3>`Ayf8gX57{IU5!PCbIrvcENZFbs<~ zQiWR*QynDOOwa3|l|Lqx+?UuuKGldPji~XIy61UKX?;Z0HQq|gW3|9FC-$aHTr!wD zaq>=}MbXsfWtH}h4Yz?nnK~|t81HdP)KrJji3Y}$0`$YdX4$s0P3=t`S7Fs8XoDhM zv+1!fTWTW-wz)S?>DVfcvul{ON*v<9@&OB|(DPq_BzGQJU|`Ow^#&qRjFACRu<0mSOwKQF7SZ>(^yYB9L6syr{Z-pz4a2MCSHeVM- zViRt7Q{sT_!^@`*avk;RD0juM)iA-n?>ySy-F*)?T^c+u`r(<~%JSlQCTGb#z-OLw zKGrkVQ-98rdB{9N;5fsSjBOM{@!2fAf`5_MlV+He`j$>vLf3HSWW>j-FSi)6p^!Ck zrfmsQP;*@N;TiFXn##^8yg;l-ATs_NZ9z=_;!>)Jo(@GPXO1%<>$aV@>+KvTy{zkJ z9+t3}?<;7H+9LqJJlmH@=Ge9>xLW+IN63J?)Z*-^Owo<#8OQ17#L~xtN z?_BBR4+uf-G9Y+nSW=8WZ6tzrYNK~^v0+(SEX)luBl`-LCFw=cff7-QND~5>Mnc5P zkwiwm9?>G{e$nl=tBx9R?j;wGu-Hamg!fIePFi3anT`R9rGpHk$=KA%Coh->g9jc; zQ4(vjw)Oi87Ny^MUY{z5wN#+s8`w>M9MYjNQ#^&$+P z(Uh#&-pk+b)quv%W=?!=-@SRmR75#^1ug4Il)JgZcry|_s<$KNWbk57tZds(tyCXk z--Mi_OHGwv={{4jX2N%I=_x+pZ`^%NQWM5>RW)!+7l=X^8{G9<%N}Yc=P{sV64V?I zMQ3lOgO19tFK|I>tuh`ojjV=oB3;vZ@uzWaB~?#OqLtxiCh5nx2TS_cjBQzTbeq4Y z@rTIV$MCDs#Ke_+5j?FYd11c$*+f;@(n_i6=Fl>U$A)QHmU4=@kA!Nw|3Bf zaE^7@kI6u&NfaU(%;R}gYWr-Z1v+!CFOlc%{83|R9P+?erkC|wR@r`(~RGa@Ziq!8{#cVItigVNI@;bXxy_k ztD}Qv)jHvleTIofS}ov^ zbSl{GDW%T>b4o##J!tS+=%Uxs-D+4~Ig`|MH2*10VBE@+@f{K3BOXZOn~5FKokIG0 ztmmDs3%;hdH{I?~>(k1uWeKwZM7=+gUS~$n+F@bFwdes|g}n>!69iu!xztkb#rOTV zKkSP%=J|+VS0U#>t9cdraY}MNhJ0xR8ZOw;sCV4jQ8-(-z)I`RTjij%$@*l}gah4x z2QSm4a!3hY+<21h$ZH7HHxAUD6o3e8Rv2oro zF4s>2s?Hyu9)9VW&SZt7u~Fog@xGhC;42vObh3q#e1pSUdFM6zSB`6LDl%9^YEvZA zVO_J#j@_-UN1_Wn6VnD{-@pr+rI-y~244J_xLha>8n#2@9PRRNS{4qnCm2^gQq=29 z^h-Ndqb69GQrx@f7k25m@?#Qn2!zJ6XW|^1&A^sTC2S*0=B|fec`R= zg(UgZ+RL-ny5DUWB3Zl!8q{l63f`rJT^^*irL%ox_&~QeK0v@Lrre`v(4-R9`?6u` zMDM{C!z)j3l@;C>`B{niC>{rQg4JpF5CDq;TgO;s> zIptNAo0I1PZ^>EjS;BJRIk(wK&9#z@Y&4UL94_MHE1m^x1ss=6_?*vwQF2+YMSgWw z680*Zn>(D~(OQv6Zy%1{=~ic&zL808t`#Lt4m!p0I@E-GPF4OUsj-72D)V6NNSOL6 zhi)KbbH}4+v z^L;P5vHSvDuGZpAkunr%ud=dUF}8ZiL#ow5pFU&94F|W?$)W|9T-6GO1w5~HTx8lv zs3Wg~2UL50cX{ED#i?teg5SDk$Y$;2+wokLf8vVf%4?QNJ&2qqY1B*1v&moED9P&9 zJ^rO@$OZPsp;h8A`hW`8LpN*NF}*NOd^OlpUo(|5pT*-P`djvDy%uXP2&jum5NdQe z-oluvTX3_);@IuY&1*-F@V?z`S32(hl&CA9eLL_ClTQ1J|er@_4%oQPL6Z zST~6lp%0mVg(m;o{Igo$^&4;ur!?5#T$=){KSpmxpT32%!2n4|4O#*q2c>gD*7Uv+ z(guv0Lukq3h}9BK>XIIflftwv1GpAZmQKWyQ~|FX}u0~xj3IgbJ8Qdt+T`X zJvd!}2Il{?0M{P@aeseK+d>;+Ys8t_GXN=CvorBfrOYG^~o#4k{0%{*i6 zxkW0gO24cYz*@xt14V417CD+mIk&2$jde#)6TxC;`t^&VDPkG3cbub+JRY* zqYZR2yr$vXz&-`L6Lbv zwCVvRaz^~Mt^6*kRJh`Ij~Emp+_;kaW`w|D0yVq!wU7WjWs2|E{_)X{KMeFnW8ch(-qT4WrqYB$dQ z1t!yf*AnxGtmHRkZy*D9O0RSGp0#+4FJw*(R!cwhP}C?^sXXh<6jF=FfsSWP+^N0t zsa#?I+k7__P`M3Dvevz4W%0nP=-t>iX9W}gCKNy!UR9Qka}kC%-Q4sk*bS{!g|>ekd8-qsf&T<4NRe>h}kjlI*uwuOXUOD$IRXsR!^!p zE%g>SnElJ;z%#dL&q8)exAPBGdvJcT=L)!^Np0CY>Xm=vA3*oNFfIOfzMCQgzCxEx z%R06uFVO;FUtqnMd%T+>1NJ))lK@FsdJiB<7l&*ohrGlra0Bow>y;^CowvaTLTduN z*N1-_!ry?6N8I%pkzAawsrYWt&eraSxNrUD-7!^0>+Sxw%Ce`^e3caiA1L|F%0rp+ zVsGwTfee8AN@|74ICg+~LHz%Y%k*D43jJr-4yZepZNWU!={aGd3OI+o3>LwfD<=JJ z`Xzv=$Dd!KY60hQVhatF5Jb;68CIg#3;R#EDCQTCT)PA1`U|~g&Ewd>jF@V6xnMpi zKwh6g#1lxJZ4Uy8zsiOQbUg||wAm>|;aZV?Pn!Z95T9;kEE7gAVb;;Ketm{k-m-D$ zQVIgZ=M7rSsK+92S*dd|iD~C?-(jP+8UQYncD%raU8N`RMaN|-yxApGw_*=xJSNVB0 z1q9F-RBYqw1t|kzz$Yp+edui!SEb0+LCX(;alA zNV8l=Kup|DBuSk1l#{TtmCnTYuC|rR``u=TUIs&5(^!Xo#B3dbAvWd$6=Xv<#1{~c z5vv^dACRS9UQol>`vWo~Q3!CUdLd_+K+_A?g5(z!1PQuT|t| zk&1HlcaGo>HLElE@;VeU553(x4BAG&B6=kMBiWkg*fO1V**>vFg7KC?L&aGi9S&!k zyOmQhU+or&$7o(C+|sAddgd>Zi5s6aTfdkp@~${63j#M2(w@11%d$1YcB2APgYKFC7K#%U8wz<58$WL-BU7cn z-`>FZo=V%zDCD)v=|^TeZ}owSZn^k^=Xb(DCFMQ^ZP@3&w7^uhlSE}3<3MlHOm=8@ z4efcf$2sQQQYBXJx0<7wI~hKn09(w{G^Qq8W9sE?7a$$7dAzg;`aPQW;F)#;vsWLv zt`u;}EvQp-O68H>3>FZI*f{N=DJlB`k<9cGb81kJrdH4zNfBJCr<8^xnx^NyVW2mx zcf)G(!*nQ6h?{SM_$flSPh1*J_Lm{Br4l4Q}QA`N@Bd`Oj$i`Go#%R{J@({G88! zu0;QPYpCh=mGM!~WBA*W3)mOicj9Q=OC&1osnYI>zMF8^SojBS8TILbX8UDBkX9)M z@B#qAz7ee6th+hDc{Ko{dTlF0S5A_lyBQ3~NV@JHAQ~3FSWRb&<_A|jwiTSK`a+?k z^B~1|J@*wsx(*GI^uTWeR`+8Q!gi#MIo1{z`eA<@e<+01@fcIW`>bvsrD(d5^Jqrl zi1p2W#V~B1-r;6`NB)P(ny(hW!U!Bfp<74W`?BOmItI$&a35FY6J~?%h17HM##gS` zVp%`fJ9~`N5zs+VzFDB{puE+Q_7p8zy20 z0_9F#@Xtp&(t7b)Ia{HR%YZ`}R|YsdiK|5-;ZVhVSsWhE?jUn%ZGg`6^Zd_o_!$pBpNrqm0}sGdlKtEKkj3c<`nGj)s5g+e ziB<=2wfV+4@<8B4e%wxej|oq2St6p`ETUl`Q1W~6Y?I?)|LRy#1DM+}jA_@;?LB3A z(>4@efu7ZIf#E{C(dgMGh!URbPPyoK^Z8R=Fm;aNP)H)ntm#|rV2-&VSSTcBznR4g zwrmy%QqRH(7aPd^FQ}i<37^VRc!_h^6LX?a_ZpBvE)jDod)u zA)!buM#yblmt^vdsd83~08g)pjuT}1ZfS=TQV>}GWx#Bl9xs5YHYuvn=f>Gaw%b$h!IF8_NaK#8 zh~53#e7n;1^ds>L*euK7zJW6SvUMc$09Aj#CcHL(Rd!9`5v|whvV<~o0~4C{(YaaM z-~tV9h`coNP+6}5hPI@ED9ypw6QFzqXh?80QB%=%Q8ddPV zH_wn!KnGFzB-D02dnaz7d^^p_r60@>A`5jr{@@r~)cAS)b3FcEhzE?_dZAt^)nFar z1ZkxTm5YDdL7KL#XHlW$5WB+`ui>>wO;xP6!GZKchv7scQB1kju~45TqB3hNuXe(j z^}N{gF}8aH`8DT^ExasVn*?&^8Rlluv6MlK^7e~D&auq>>pa;1;)0+io2CZ2SSXD( zglBi|6Xll1nn-Ax1d4F%4!#)FSTqSErk`TAjnCBNknolN-R<=@cgFD zw6wR)v<$2@qc#0do#|#95BRcJo>`vRi;AJSX@D=2nyO#lhDh%E`Np4v^Dm8@Xq^da zZ`y8X@+}AP7@IB6^eZ1bu#-o#Dc9!Dxu1UEnfqi!=Ae!;uPGpGO+Kj#5$e?f>8{4CB8o&kqwly#N$B!R|O=I`A%svTuRArYa`4jB&V z2WIkQLw_Fr3r8b1t;~>^eqcROHZdB0%3)8EqvLLeG2^?GPz#8Ig~$JYyEVg){{IhW C1DUV@ literal 0 HcmV?d00001 From 321647defa529dc80a4154488eca8510eeb560ba Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 28 May 2020 17:19:52 -0700 Subject: [PATCH 57/84] New New Dark Mode picture --- devices/hololens/hololens-release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md index b98be63493..6653076c8c 100644 --- a/devices/hololens/hololens-release-notes.md +++ b/devices/hololens/hololens-release-notes.md @@ -132,7 +132,7 @@ Many Windows apps now support both dark and light modes, and HoloLens 2 customer - 3D Viewer - Movies & TV -![Dark mode windows tiled](images/hololens-darkmode-tiled-picture.jpg) +![Dark mode windows tiled](images/DarkMode.jpg) ### System voice commands From d133597fc383d0dfd351f3c7ed137809225a6ad4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 29 May 2020 08:49:35 -0700 Subject: [PATCH 58/84] Update manage-packaged-apps-with-windows-defender-application-control.md --- ...aged-apps-with-windows-defender-application-control.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index a2e114d956..ebb66d445a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 05/14/2019 +ms.date: 05/29/2020 --- # Manage Packaged Apps with Windows Defender Application Control @@ -121,9 +121,9 @@ If the app you intend to block is not installed on the system you are using the 3. Copy the GUID in the URL for the app - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558 - - https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab + - `https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab` 4. Use the GUID in the following REST query URL to retrieve the identifiers for the app - - Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata + - Example: for the Microsoft To-Do app, the URL would be `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata` - The URL will return: ``` @@ -143,4 +143,4 @@ The method for allowing specific packaged apps is similar to the method outlined $Rule = New-CIPolicyRule -Package $package -allow ``` -Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. +Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. From 4c277c1b4e5677bae7402f2418787a1e4063a0e3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 29 May 2020 08:57:07 -0700 Subject: [PATCH 59/84] Update domain-member-maximum-machine-account-password-age.md --- .../domain-member-maximum-machine-account-password-age.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 0bcf3d3ccc..1c74391497 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 06/27/2019 +ms.date: 05/29/2020 --- # Domain member: Maximum machine account password age From 68e7e12b240fb133d9cadb3cf2fd49f2833934ba Mon Sep 17 00:00:00 2001 From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com> Date: Fri, 29 May 2020 09:20:06 -0700 Subject: [PATCH 60/84] Update hello-hybrid-cert-whfb-settings-adfs.md Space missing between "Windows" and "10" --- .../hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index be3bc06968..82a0da01bf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -19,7 +19,7 @@ ms.reviewer: # Configure Windows Hello for Business: Active Directory Federation Services **Applies to** -- Windows10, version 1703 or later +- Windows 10, version 1703 or later - Hybrid deployment - Certificate trust From 5815c80d734f219ab8f8f3c082ca3dfda111b0d8 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 29 May 2020 09:33:59 -0700 Subject: [PATCH 61/84] Updates for Surface Dock, removal & redirect of outdated page --- .openpublishing.redirection.json | 5 + devices/surface/TOC.md | 1 - devices/surface/surface-dock-whats-new.md | 20 +- .../surface/using-the-sda-deployment-share.md | 172 ------------------ 4 files changed, 14 insertions(+), 184 deletions(-) delete mode 100644 devices/surface/using-the-sda-deployment-share.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f9bec539d6..0219414079 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15952,6 +15952,11 @@ "redirect_document_id": true }, { +"source_path": "devices/surface/using-the-sda-deployment-share.md", +"redirect_url": "https://docs.microsoft.com/surface/microsoft-surface-deployment-accelerator", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction", "redirect_document_id": true diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 4d8062c985..ec761a9b9a 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -38,7 +38,6 @@ ### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md) ### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md) ### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) -### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md) ### [Surface System SKU reference](surface-system-sku-reference.md) ## Manage diff --git a/devices/surface/surface-dock-whats-new.md b/devices/surface/surface-dock-whats-new.md index 253a73b069..f3443b6c31 100644 --- a/devices/surface/surface-dock-whats-new.md +++ b/devices/surface/surface-dock-whats-new.md @@ -8,14 +8,14 @@ ms.sitesec: library author: coveminer ms.author: greglin ms.topic: article -ms.date: 5/06/2020 +ms.date: 5/29/2020 ms.reviewer: brrecord manager: laurawi audience: itpro --- # What’s new in Surface Dock 2 -Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. An extended set of management tools will be released via Windows update upon commercial distribution. +Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. Surface Enterprise Management Mode (SEMM) now enables IT admins to secure ports on Surface Dock 2. For more information, see [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999). ## General system requirements @@ -28,8 +28,7 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo - Surface Book 2 - Surface Laptop 2 - Surface Go - - Surface Go with LTE Advanced - - Surface Studio 2 + - Surface Go with LTE Advanced - Surface Pro 7 - Surface Laptop 3 - Surface Book 3 @@ -86,7 +85,7 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo |Surflink|Yes|Yes| |USB-A|2 front facing USB 3.1 Gen 1
2 rear facing USB 3.1 Gen 1|2 rear facing USB 3.2 Gen 2 (7.5W power)| |Mini Display port|2 rear facing (DP1.2)|None| -|USB-C|None|2 front facing USB 3.2 Gen 2
[15W power]
2 rear facing USB 3.2 Gen 2 (DP1.4a)
[7.5W power]| +|USB-C|None|2 front facing USB 3.2 Gen 2
(15W power)
2 rear facing USB 3.2 Gen 2 (DP1.4a)
(7.5W power)| |3.5 mm Audio in/out|Yes|Yes| |Ethernet|Yes, 1 gigabit|Yes 1 gigabit| |DC power in|Yes|Yes| @@ -99,20 +98,18 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo |Wake-on-LAN from Connected Standby1|Yes|Yes| |Wake-on-LAN from S4/S5 sleep modes|No|Yes| |Network PXE boot|Yes|Yes| -|SEMM host access control|No|Coming in Windows Update2| -|SEMM port access control3|No|Coming in Windows Update| +|SEMM host access control|No|Yes +|SEMM port access control2|No|Yes| |Servicing support|MSI|Windows Update or MSI| |||| 1. *Devices must be configured for Wake on LAN via Surface Enterprise Management Mode (SEMM) or Device Firmware Control Interface (DFCI) to wake from Hibernation or Power-Off states. Wake from Hibernation or Power-Off is supported on Surface Pro 7, Surface Laptop 3, Surface Pro X, Surface Book 3, and Surface Go 2. Software license required for some features. Sold separately.* -2. *Pending release via Windows Update.* - -3. *Software license required for some features. Sold separately.* +2. *Software license required for some features. Sold separately.* ## Streamlined device management -Following the public announcement of Surface Dock 2, Surface will release streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features: +Surface has released streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features: - **Frictionless updates**. Update your docks silently and automatically, with Windows Update or Microsoft Endpoint Configuration Manager, (formerly System Center Configuration Manager - SCCM) or other MSI deployment tools. - **Wake from the network**. Manage and access corporate devices without depending on users to keep their devices powered on. Even when a docked device is in sleep, hibernation, or power off mode, your team can wake from the network for service and management, using Endpoint Configuration Manager or other enterprise management tools. @@ -120,5 +117,6 @@ Following the public announcement of Surface Dock 2, Surface will release stream ## Next steps +- [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999) - [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) - [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md deleted file mode 100644 index 288e79b8c6..0000000000 --- a/devices/surface/using-the-sda-deployment-share.md +++ /dev/null @@ -1,172 +0,0 @@ ---- -title: Using the Microsoft Surface Deployment Accelerator deployment share (Surface) -description: Explore the scenarios where you can use SDA to meet the deployment needs of your organization including Proof of Concept, pilot deployment, as well as import additional drivers and applications. -keywords: deploy, install, automate, deployment solution -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: -manager: laurawi ---- - -# Using the Microsoft Surface Deployment Accelerator deployment share - -With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily set up a deployment solution that is ready to deploy Windows to Surface devices. The prepared environment is built on powerful deployment technologies available from Microsoft, such as the [Microsoft Deployment Toolkit (MDT)](https://technet.microsoft.com/windows/dn475741), and is capable of immediately performing a deployment after configuration. See [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator) for a comprehensive walkthrough of using the SDA wizard to set up a deployment share and perform a deployment. - -For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator). - -> [!NOTE] -> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md). - -Using SDA provides these primary benefits: - -* With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you. - -* With SDA, you prepare a deployment environment built on the industry leading deployment solution of MDT. With MDT you can scale from a relatively basic deployment of a few Surface devices to a solution capable of deploying to thousands of devices including all of the different makes and models in your organization and all of the applications required by each device and user. - -This article explores four scenarios where you can use SDA to meet the needs of your organization. See [Deploy Windows 10](https://technet.microsoft.com/itpro/windows/deploy/index) to explore the capabilities of MDT and the Windows deployment technologies available from Microsoft in greater detail. - -## Perform a Proof of Concept deployment - -One of the primary scenarios for use of SDA is as a Proof of Concept. A *Proof of Concept* (PoC) enables you to test or evaluate the capabilities of a solution or technology. A PoC is often used to illustrate the benefits of the solution or technology to decision makers. For example, if you want to recommend Surface devices as a replacement of older point of sale (POS) systems, you could perform a PoC to demonstrate how Surface devices provide superior computing power, flexibility, and connectivity when compared to alternate options. - -Using SDA to prepare a PoC of Surface devices enables you to very quickly prepare a demonstration of Surface device or devices, which gives you more time for customization or preparation. The flexibility of SDA even lets you import resources, like applications and drivers, from existing MDT deployment infrastructure. See the [Work with existing deployment shares](#work-with-existing-deployment-shares) section later in this article for more information. - -SDA is also an excellent PoC of the capabilities of MDT. SDA demonstrates just how quickly an MDT deployment environment can be prepared and made ready for deployment to devices. It also shows just how flexible and customizable the MDT solution can be, with support for Windows 10 and Windows 8.1, for Microsoft Store and desktop applications, and several models of Surface devices. - -Some recommendations for a successful PoC with SDA are: - -* Keep your SDA deployment environment separate from your production network. This ensures optimal performance and reduces potential for conflicts during your PoC deployment. - -* Use a fresh and updated instance of Windows Server to house your SDA deployment share to maintain the simplicity and performance of the demonstration environment. - -* Test the deployment process before you demonstrate your PoC. This reduces the potential for unexpected situations and keeps the demonstration focused on the deployment process and Surface devices. - -* Use offline files with SDA to further reduce installation times. - -* For help with your PoC, contact [Surface Support](https://www.microsoft.com/surface/support/contact-us-business). - -## Perform a pilot deployment - -A pilot deployment differs from a PoC. Where a PoC is usually a closed demonstration that is performed prior to the deployment process in order to get approval for the use of certain technologies or solutions, a *pilot deployment* is performed during the deployment process as a limited scope deployment for testing and validation. The focus of a pilot deployment can be as narrow as only a handful of devices, or wide enough to include a significant portion of your organization. - ->[!NOTE] ->A pilot deployment should not replace the testing process that should be performed regularly in the lab as the deployment environment is built and developed. A deployment solution should be tested in virtual and physical environments as new applications and drivers are added and when task sequences are modified and before a pilot deployment is performed. - -For example, you are tasked with deploying Surface devices to mobile workers and you want to test the organization’s MDT deployment process by providing a small number of devices to executives. You can use SDA to create an isolated Surface deployment environment and then copy the task sequence, applications, and drivers needed from the production deployment share. This not only enables you to quickly create a Surface deployment, but it also minimizes the risk to the production deployment process used for other types of devices. - -For small organizations, the pilot deployment environment of SDA may suffice as a complete deployment solution. Even if you do not have an existing deployment environment, you can import drivers and applications (covered later in this article) to provide a complete deployment solution based on MDT. Even without previous knowledge of MDT or Windows deployment, you can follow the [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator) article to get started with a deployment to Surface devices. - -## Import additional drivers - -The SDA deployment share includes all of the drivers needed for Surface devices. This includes the drivers for the components inside the Surface device, such as the wireless network adapter and the main chipset, as well as drivers for Surface accessories, such as the Surface Dock or Surface USB Ethernet adapters. The SDA deployment share does not, however, include drivers for third-party devices or peripherals. - -For example, you may intend to use your Surface device with a thermal printer, credit card reader, and barcode scanner as a POS terminal. In this scenario, the thermal printer, credit card reader, and barcode scanner will very likely require installation of drivers to operate properly. You could potentially download and install these drivers from Windows Update when each peripheral is connected, or you could install the driver package from the manufacturer manually on each Surface device, but the ideal solution is to have these drivers already present in Windows so that when the peripheral is connected, it will just work. - -Because SDA is built on MDT, adding the drivers to the SDA deployment share is easy and simple. - ->[!NOTE] ->The drivers must be in the Setup Information File (.inf) format. If the drivers for your device come as an executable file (.exe), they may need to be extracted or installed to procure the .inf file. Some device drivers come packaged with applications, for example an all-in-one printer bundled with scan software. These applications will need to be installed separately from the drivers. - -To import drivers for a peripheral device: - -1. Download the drivers for your device from the manufacturer web site. - -2. Open the MDT Deployment Workbench. - -3. Expand the **Deployment Shares** node and expand the SDA deployment share. - -4. Expand the **Out-of-Box Drivers** folder. - -5. Select the folder of the Surface model for which you would like to include this driver. - -6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1. - - ![Provide the location of your driver files](images/using-sda-driverfiles-fig1.png "Provide the location of your driver files") - - *Figure 1. Provide the location of your driver files* - -7. The Import Drivers Wizard presents a series of steps: - - - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1. - - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process. - - **Progress** – While the drivers are imported, a progress bar is displayed on this page. - - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard. - -8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver. - -9. Close the Deployment Workbench. - -After the drivers are imported for the Surface model, the deployment task sequence will automatically select the drivers during the deployment process and include them in the Windows environment. When you connect your device, such as the barcode scanner in the example, Windows should automatically detect the device and you should be able to use it immediately. - ->[!NOTE] ->You can even import drivers for other computer makes and models to support other devices. See **Step 5: Prepare the drivers repository** in [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt) for more information about how to import drivers for other makes and models. - -## Import additional applications - -As with drivers, the SDA deployment share can be pre-configured with apps like the Surface App and Microsoft Office 365. You can also add applications to the SDA deployment share and configure them to be installed on your Surface devices during deployment of Windows. In the ideal scenario, your Surface devices deployed with the SDA deployment share will include all of the applications needed to be ready for your end users. - -In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment: - -1. Download the application installation files or locate the installation media for your application. - -2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center. - -3. Open the MDT Deployment Workbench. - -4. Expand the **Deployment Shares** node and expand the SDA deployment share. - -5. Expand the **Applications** folder. - -6. Click **New Application** to start the New Application Wizard, as shown in Figure 2. - - ![Provide the command to install your application](images/using-sda-installcommand-fig2.png "Provide the command to install your application") - - *Figure 2: Provide the command to install your application* - -7. Follow the steps of the New Application Wizard: - - - **Application Type** – Click **Application with Source Files**, and then click **Next**. - - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**. - - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**. - - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name. - - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart` - - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process. - - **Progress** – While the installation files are imported, a progress bar is displayed on this page. - - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard. - -8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**. - -9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence. - -10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**. - -11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3. - - ![A new Install Application step for Sample POS App](images/using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App") - - *Figure 3. A new Install Application step for Sample POS App* - -12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app. - -13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share. - -14. Select your app from the list of applications, and then click **OK**. - -15. Click **OK** to close the task sequence properties. - -16. Close the Deployment Workbench. - -## Work with existing deployment shares - -One of the many benefits of an MDT deployment share is the simplicity of how deployment resources are stored. The MDT deployment share is, at its core, just a standard network file share. All deployment resources, such as Windows images, application installation files, and drivers, are stored in a share that can be browsed with File Explorer, copied and pasted, and moved just like any other file share, provided that you have the necessary permissions. This makes working with deployment resources extremely easy. MDT even allows you to make it easier by allowing you to open multiple deployment shares from the Deployment Workbench and to transfer or copy resources between them. - -This ability gives SDA some extra capabilities when used in an environment with an existing MDT infrastructure. For example, if you install SDA on an isolated server to prepare a PoC and then log on to your production MDT deployment share from the Deployment Workbench on your SDA server, you can copy applications, drivers, task sequences, and other components into the SDA deployment share that is prepared with Surface apps and drivers. With this process, in a very short amount time, you can have a deployment environment ready to deploy your organization’s precise requirements to Surface devices. - -You can also use this capability in reverse. For example, you can copy the Surface drivers, deployment task sequences, and apps directly into a lab or testing environment following a successful PoC. Using these resources, you can immediately begin to integrate Surface deployment into your existing deployment infrastructure. From e9dec08227ccb486f731c637461bfc5a63db3016 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 29 May 2020 10:02:39 -0700 Subject: [PATCH 62/84] whats new in deployment --- windows/deployment/deploy-whats-new.md | 88 +++++++++++++------ .../whats-new-windows-10-version-2004.md | 1 + 2 files changed, 60 insertions(+), 29 deletions(-) diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index 50841d9bc7..aee0e22eaa 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -25,12 +25,16 @@ ms.topic: article This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization. - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/index). -- For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). -## Recent changes +## Latest news [SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later.
The [Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/adk-install) is available.
+New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
+VPN support is added to [Windows Autopilot](#windows-autopilot)
+An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).
+The [Windows ADK](#windows-assessment-and-deployment-kit-adk) for Windows 10, version 2004 is available.
+The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with additional content added and more content coming soon.
## The Modern Desktop Deployment Center @@ -47,7 +51,34 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic ## Windows 10 servicing and support -- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! +### Delivery Optimization + +Windows PowerShell cmdlets for Delivery Optimization have been improved: + +- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent). +- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections. +- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting. + +Additional improvements in [Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization) include: +- Enterprise network [throttling is enhanced](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling. +- Automatic cloud-based congestion detection is available for PCs with cloud service support. +- Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! + +The following Delivery Optimization policies are removed in the Windows 10, version 2004 release: + +- Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth) + - Reason: Replaced with separate policies for foreground and background +- Max Upload Bandwidth (DOMaxUploadBandwidth) + - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. +- Absolute max throttle (DOMaxDownloadBandwidth) + - Reason: separated to foreground and background + +### Windows Update for Business + +[Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) enhancements in this release include: +- Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy. +- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds. + - [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. @@ -68,13 +99,16 @@ Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel o For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) - ## Deployment solutions and tools ### Windows Autopilot [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose and recover devices. +With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903. + +If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, this was only supported with self-deploying profiles. + The following Windows Autopilot features are available in Windows 10, version 1903 and later: - [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users. @@ -83,6 +117,10 @@ The following Windows Autopilot features are available in Windows 10, version 19 - Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE. - Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE. +### Microsoft Endpoint Configuration Manager + +An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuraton Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364). + ### Windows 10 Subscription Activation Windows 10 Education support has been added to Windows 10 Subscription Activation. @@ -91,9 +129,11 @@ With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to ### SetupDiag -[SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. +[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. -SetupDiag version 1.6.0.42 was released on 08/08/2019. +In Windows 10, version 2004, SetupDiag is now automatically installed. + +During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there is an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup. ### Upgrade Readiness @@ -129,21 +169,21 @@ There are many benefits to converting the partition style of a disk to GPT, incl For more information, see [MBR2GPT.EXE](mbr-to-gpt.md). - ### Microsoft Deployment Toolkit (MDT) -MDT build 8456 (12/19/2018) is available, including support for Windows 10, version 1809, and Windows Server 2019. - -For more information about MDT, see the [MDT resource page](https://docs.microsoft.com/sccm/mdt/). +MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There is currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation. +For the latest information about MDT, see the [MDT release notes](https://docs.microsoft.com/mem/configmgr/mdt/release-notes). ### Windows Assessment and Deployment Kit (ADK) -The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics: +The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. -- [What's new in ADK kits and tools](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools) -- [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) +Download the Windows ADK and Windows PE add-on for Windows 10, version 2004 [here](https://docs.microsoft.com/windows-hardware/get-started/adk-install). +For information about what's new in the ADK, see [What's new in the Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-2004). + +Also see [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md). ## Testing and validation guidance @@ -157,25 +197,15 @@ For more information, see the following guides: - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) - [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) - ## Troubleshooting guidance [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process. - -## Online content change history - -The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10. - -[Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)
-[Change history for Device Security](/windows/device-security/change-history-for-device-security)
-[Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection) - ## Related topics -[Overview of Windows as a service](update/waas-overview.md) -
[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md) -
[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) -
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications) -
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) -
[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md) +[Overview of Windows as a service](update/waas-overview.md)
+[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
+[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information)
+[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
+[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
+[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index e231fecb9a..5f082b73ca 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -235,6 +235,7 @@ For information about Desktop Analytics and this release of Windows 10, see [Wha ## See Also +[What’s new in the Windows 10 May 2020 Update](https://blogs.windows.com/windowsexperience/2020/05/27/whats-new-in-the-windows-10-may-2020-update/)
[What's New in Windows Server](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server): New and updated features in Windows Server.
[Windows 10 Features](https://www.microsoft.com/windows/features): General information about Windows 10 features.
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
From b353ad804f97863fc16d158bc91fd56e4019c03c Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 29 May 2020 10:36:37 -0700 Subject: [PATCH 63/84] remove non disclosure --- windows/deployment/deploy-whats-new.md | 2 +- windows/whats-new/whats-new-windows-10-version-2004.md | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index aee0e22eaa..cff09982d3 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -119,7 +119,7 @@ The following Windows Autopilot features are available in Windows 10, version 19 ### Microsoft Endpoint Configuration Manager -An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuraton Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364). +An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364). ### Windows 10 Subscription Activation diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 5f082b73ca..083b7d6b29 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -74,7 +74,7 @@ If you configure the language settings in the Autopilot profile and the device i ### Microsoft Endpoint Manager -An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuraton Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364). +An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364). Also see [What's new in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/whats-new). @@ -121,10 +121,6 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym ## Virtualization -### Containers on Windows - -This update includes 5 fixes to allow the host to run down-level containers on up-level for process (Argon) isolation. Previously [Containers on Windows](https://docs.microsoft.com/virtualization/windowscontainers/) required matched host and container version. This limited Windows containers from supporting mixed-version container pod scenarios. - ### Windows Sandbox [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature was released with Windows 10, version 1903. Windows 10, version 2004 includes bugfixes and enables even more control over configuration. From f771c57cb8e3e2f2f64a31e7e83b0c93b81cc77e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 29 May 2020 10:44:42 -0700 Subject: [PATCH 64/84] remove non disclosure from 1909 article also --- windows/whats-new/whats-new-windows-10-version-1909.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index 60ca36e9dd..27fc2277eb 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -60,10 +60,6 @@ An experimental implementation of TLS 1.3 is included in Windows 10, version 190 ## Virtualization -### Containers on Windows - -This update includes 5 fixes to allow the host to run down-level containers on up-level for process (Argon) isolation. Previously [Containers on Windows](https://docs.microsoft.com/virtualization/windowscontainers/) required matched host and container version. This limited Windows containers from supporting mixed-version container pod scenarios. - ### Windows Sandbox [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature is available in Windows 10, version 1903. In Windows 10, version 1909 you have even more control over the level of isolation. From 67600a2e397f34af73f63ee155796816c6d78871 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 29 May 2020 11:23:38 -0700 Subject: [PATCH 65/84] setupdiag update --- windows/deployment/upgrade/setupdiag.md | 12 +++++++++++- .../whats-new/whats-new-windows-10-version-2004.md | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 81c17409db..6bbeb71b89 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -28,13 +28,23 @@ ms.topic: article ## About SetupDiag -Current version of SetupDiag: 1.6.0.42 +Current downloadable version of SetupDiag: 1.6.0.42 >Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues. SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode. +## SetupDiag in Windows 10, version 2004 and later + +With the release of Windows 10, version 2004, SetupDiag is included with Windows Setup. + +During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, SetupDiag.exe is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure. + +If the upgrade process proceeds normally, this directory is moved under **%SystemDrive%\Windows.Old** for cleanup. If this directory is deleted, SetupDiag.exe will also be removed. + +## Using SetupDiag + To quickly use SetupDiag on your current computer: 1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137). 2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 083b7d6b29..03491ad7ba 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -123,7 +123,7 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym ### Windows Sandbox -[Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature was released with Windows 10, version 1903. Windows 10, version 2004 includes bugfixes and enables even more control over configuration. +[Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature was released with Windows 10, version 1903. Windows 10, version 2004 includes bug fixes and enables even more control over configuration. [Windows Sandbox configuration](https://docs.microsoft.com/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file) includes: - MappedFolders now supports a destination folder. Previously no destination could be specified, it was always mapped to the Sandbox desktop. From 89c52bbf5f413460ab87081cb5182ef1a81c50b1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 29 May 2020 12:54:05 -0700 Subject: [PATCH 66/84] Update enable-attack-surface-reduction.md --- .../enable-attack-surface-reduction.md | 60 ++++++++++--------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index e31b0b4fc7..bb6e6c5647 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -12,14 +12,14 @@ ms.localizationpriority: medium audience: ITPro author: levinec ms.author: ellevin -ms.date: 05/20/2020 +ms.date: 05/29/2020 ms.reviewer: manager: dansimp --- # Enable attack surface reduction rules -[Attack surface reduction rules](attack-surface-reduction.md) help prevent actions that malware often abuses to compromise devices and networks. You can set attack surface reduction rules for devices running any of the following editions and versions of Windows: +[Attack surface reduction rules](attack-surface-reduction.md) (ASR rules) help prevent actions that malware often abuses to compromise devices and networks. You can set ASR rules for devices running any of the following editions and versions of Windows: - Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later @@ -27,22 +27,22 @@ manager: dansimp Each ASR rule contains one of three settings: -* Not configured: Disable the ASR rule -* Block: Enable the ASR rule -* Audit: Evaluate how the ASR rule would impact your organization if enabled +- Not configured: Disable the ASR rule +- Block: Enable the ASR rule +- Audit: Evaluate how the ASR rule would impact your organization if enabled -To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. +To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. > [!TIP] > To learn more about Windows licensing, see [Windows 10 Licensing](https://www.microsoft.com/licensing/product-licensing/windows10?activetab=windows10-pivot:primaryr5) and get the [Volume Licensing guide for Windows 10](https://download.microsoft.com/download/2/D/1/2D14FE17-66C2-4D4C-AF73-E122930B60F6/Windows-10-Volume-Licensing-Guide.pdf). You can enable attack surface reduction rules by using any of these methods: -* [Microsoft Intune](#intune) -* [Mobile Device Management (MDM)](#mdm) -* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager) -* [Group Policy](#group-policy) -* [PowerShell](#powershell) +- [Microsoft Intune](#intune) +- [Mobile Device Management (MDM)](#mdm) +- [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager) +- [Group Policy](#group-policy) +- [PowerShell](#powershell) Enterprise-level management such as Intune or Microsoft Endpoint Configuration Manager is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup. @@ -50,6 +50,8 @@ Enterprise-level management such as Intune or Microsoft Endpoint Configuration M You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if an ASR rule determines the file or folder contains malicious behavior, it will not block the file from running. This could potentially allow unsafe files to run and infect your devices. +You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Microsoft Defender ATP file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).) + > [!IMPORTANT] > Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded. > If ASR rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). @@ -67,9 +69,9 @@ The following procedures for enabling ASR rules include instructions for how to 2. In the **Endpoint protection** pane, select **Windows Defender Exploit Guard**, then select **Attack Surface Reduction**. Select the desired setting for each ASR rule. -3. Under **Attack Surface Reduction exceptions**, you can enter individual files and folders, or you can select **Import** to import a CSV file that contains files and folders to exclude from ASR rules. Each line in the CSV file should be in the following format: +3. Under **Attack Surface Reduction exceptions**, you can enter individual files and folders, or you can select **Import** to import a CSV file that contains files and folders to exclude from ASR rules. Each line in the CSV file should be formatted as follows: - *C:\folder*, *%ProgramFiles%\folder\file*, *C:\path* + `C:\folder`, `%ProgramFiles%\folder\file`, `C:\path` 4. Select **OK** on the three configuration panes and then select **Create** if you're creating a new endpoint protection file or **Save** if you're editing an existing one. @@ -79,23 +81,23 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https The following is a sample for reference, using [GUID values for ASR rules](attack-surface-reduction.md#attack-surface-reduction-rules). -OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules +`OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules` -Value: {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1 +`Value: {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1` The values to enable, disable, or enable in audit mode are: -* Disable = 0 -* Block (enable ASR rule) = 1 -* Audit = 2 +- Disable = 0 +- Block (enable ASR rule) = 1 +- Audit = 2 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. Example: -OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions +`OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions` -Value: c:\path|e:\path|c:\Whitelisted.exe +`Value: c:\path|e:\path|c:\Whitelisted.exe` > [!NOTE] > Be sure to enter OMA-URI values without spaces. @@ -122,11 +124,11 @@ Value: c:\path|e:\path|c:\Whitelisted.exe 4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section: - * Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: + Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: - * Disable = 0 - * Block (enable ASR rule) = 1 - * Audit = 2 + - Disable = 0 + - Block (enable ASR rule) = 1 + - Audit = 2 ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png) @@ -186,9 +188,9 @@ Value: c:\path|e:\path|c:\Whitelisted.exe > [!IMPORTANT] > Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. -## Related topics +## Related articles -* [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md) -* [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) -* [Attack surface reduction FAQ](attack-surface-reduction.md) -* [Enable cloud-delivered protection](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) +- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md) +- [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) +- [Attack surface reduction FAQ](attack-surface-reduction.md) +- [Enable cloud-delivered protection](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) From 041e635365c0f75ed6e8881ad6b0995b8697d01e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 29 May 2020 12:55:11 -0700 Subject: [PATCH 67/84] Update enable-attack-surface-reduction.md --- .../enable-attack-surface-reduction.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index bb6e6c5647..7537a3854b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -105,11 +105,16 @@ Example: ## Microsoft Endpoint Configuration Manager 1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. -1. Click **Home** > **Create Exploit Guard Policy**. -1. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**. -1. Choose which rules will block or audit actions and click **Next**. -1. Review the settings and click **Next** to create the policy. -1. After the policy is created, click **Close**. + +2. Click **Home** > **Create Exploit Guard Policy**. + +3. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**. + +4. Choose which rules will block or audit actions and click **Next**. + +5. Review the settings and click **Next** to create the policy. + +6. After the policy is created, click **Close**. ## Group Policy From 6ded40365611ddaaa335bab9f2f3d033f3a4ef49 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 29 May 2020 12:56:17 -0700 Subject: [PATCH 68/84] Update enable-attack-surface-reduction.md --- .../enable-attack-surface-reduction.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index 7537a3854b..cf188244f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -131,11 +131,11 @@ Example: Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: - - Disable = 0 - - Block (enable ASR rule) = 1 - - Audit = 2 + - Disable = 0 + - Block (enable ASR rule) = 1 + - Audit = 2 - ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png) + ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png) 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. From 94df75f6b2427db34e0f1ad5e59223939f2fa358 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 29 May 2020 13:09:18 -0700 Subject: [PATCH 69/84] Update enable-attack-surface-reduction.md --- .../microsoft-defender-atp/enable-attack-surface-reduction.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index cf188244f7..f010f23e9d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -196,6 +196,9 @@ Example: ## Related articles - [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md) + - [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) + - [Attack surface reduction FAQ](attack-surface-reduction.md) + - [Enable cloud-delivered protection](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) From 787042ed2abf271e143f738d3e4e6468177d15fc Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 29 May 2020 14:04:14 -0700 Subject: [PATCH 70/84] Fixes for grammar and punctuation --- .../enable-attack-surface-reduction.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index f010f23e9d..a0a0720c4e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -127,7 +127,7 @@ Example: 3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. -4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section: +4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section. Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: @@ -176,11 +176,11 @@ Example: > Set-MpPreference -AttackSurfaceReductionRules_Ids ,,, -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode > ``` - You can also the `Add-MpPreference` PowerShell verb to add new rules to the existing list. + You can also use the `Add-MpPreference` PowerShell verb to add new rules to the existing list. > [!WARNING] > `Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, you should use `Add-MpPreference` instead. - > You can obtain a list of rules and their current state by using `Get-MpPreference` + > You can obtain a list of rules and their current state by using `Get-MpPreference`. 3. To exclude files and folders from ASR rules, use the following cmdlet: From 226ef52148b36b99d58136535690c72553f80ff8 Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Fri, 29 May 2020 14:06:55 -0700 Subject: [PATCH 71/84] Updated FAQ --- ...ce-driver-updates-configuration-manager.md | 26 +++++-------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md index 285d16a325..a44f2eadd3 100644 --- a/devices/surface/manage-surface-driver-updates-configuration-manager.md +++ b/devices/surface/manage-surface-driver-updates-configuration-manager.md @@ -160,33 +160,21 @@ If you synchronize from an upstream Windows Server Update Services (WSUS) server **After I follow the steps in this article, some Surface drivers are synchronized, but not the expected drivers. Why?** -The processing time for testing drivers and confirming them for deployment through WSUS and Configuration Manager varies. Therefore, Surface driver updates are not necessarily available on the same day for both manual installation and Configuration Manager console deployment. +If you synchronize from an upstream Windows Server Update Services (WSUS) server instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. -Additionally, there are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. Surface drivers must go through additional testing before they can be added to this list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. +There are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. Microsoft aims to get the Surface drivers added to the allow list each month in line with Patch Tuesday to make them available for synchronization to Configuration Manager. -**Is the driver allow list published? Is it downloadable?** +If your Configuration Manager environment is offline, a new allow list is imported every time you import [servicing updates](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to Configuration Manager. You will also have to import a [new WSUS catalog](https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates-disconnected) that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment. -The Surface driver allow list isn't published online. This list is delivered to Configuration Manager through the update and servicing channels. If your Configuration Manager environment is online and able to detect new updates, you will receive updates to the list automatically. +If your Configuration Manager environment is online and able to detect new updates, you will receive updates to the list automatically. If you don’t see the expected drivers, please review the WCM.log and WsyncMgr.log for any synchronization failures. -If your Configuration Manager environment is offline, a new allow list is imported every time that you import servicing updates to Configuration Manager. You will also have to import a new WSUS catalog that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment. +**My Configuration Manager environment is offline, can I manually import Surface drivers into WSUS?** -Another solution is to use [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates. - -**I require the latest firmware update, and I can't wait for it to be approved for import into Configuration Manager. Can I manually import the driver into WSUS?** - -No. Even if the update is imported into WSUS, the update won't be imported into the Configuration Manager console for deployment if it isn't listed in the allow list. - -Another solution is to use [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates. - -**Can I manually add a driver to the allow list?** - -No. The list is stored in the Configuration Manager database. Any changes to the list will be overwritten the next time that the CAB file is processed. +No. Even if the update is imported into WSUS, the update won't be imported into the Configuration Manager console for deployment if it isn't listed in the allow list. You must use the [Service Connection Tool](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to import servicing updates to Configuration Manager to update the allow list. **What alternative methods do I have to deploy Surface driver and firmware updates?** -For information about how to deploy Surface driver and firmware updates through alternative channels, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). - -If you want to download the .msi or .exe file, and then deploy through traditional software deployment channels, see [Keeping Surface Firmware Updated with Configuration Manager](https://blogs.technet.microsoft.com/thejoncallahan/2016/06/20/keeping-surface-firmware-updated-with-configuration-manager/). +For information about how to deploy Surface driver and firmware updates through alternative channels, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates). If you want to download the .msi or .exe file, and then deploy through traditional software deployment channels, see [Keeping Surface Firmware Updated with Configuration Manager](https://docs.microsoft.com/archive/blogs/thejoncallahan/keeping-surface-firmware-updated-with-configuration-manager). ## Additional Information From 67a000280eaeb04853dac601c5e4368ade0ad97a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 29 May 2020 14:43:05 -0700 Subject: [PATCH 72/84] Various minor fixes --- .../hello-hybrid-cert-whfb-settings-adfs.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 82a0da01bf..7de95a29e9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -36,15 +36,15 @@ The Windows Hello for Business Authentication certificate template is configured Sign-in the AD FS server with *Domain Admin* equivalent credentials. 1. Open a **Windows PowerShell** prompt. -2. Type the following command +2. Enter the following command : ```PowerShell Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication -WindowsHelloCertificateProxyEnabled $true ``` ->[!NOTE] -> If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority. + >[!NOTE] + > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the preceding command with the name of your certificate templates. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template by using the **Certificate Template** management console (certtmpl.msc). Or, you can view the template name by using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority. ### Group Memberships for the AD FS Service Account @@ -66,8 +66,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva ### Section Review > [!div class="checklist"] -> * Configure the registration authority -> * Update group memberships for the AD FS service account +> * Configure the registration authority. +> * Update group memberships for the AD FS service account. > > > [!div class="step-by-step"] From 34ab50d5dccab374e6c6c27fdca21febb7f5ee92 Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Fri, 29 May 2020 14:50:31 -0700 Subject: [PATCH 73/84] Updated FAQ --- .../manage-surface-driver-updates-configuration-manager.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md index a44f2eadd3..74e17e6919 100644 --- a/devices/surface/manage-surface-driver-updates-configuration-manager.md +++ b/devices/surface/manage-surface-driver-updates-configuration-manager.md @@ -158,10 +158,6 @@ For more information about deployment, see [System Center 2012 Configuration Man If you synchronize from an upstream Windows Server Update Services (WSUS) server instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. -**After I follow the steps in this article, some Surface drivers are synchronized, but not the expected drivers. Why?** - -If you synchronize from an upstream Windows Server Update Services (WSUS) server instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. - There are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. Microsoft aims to get the Surface drivers added to the allow list each month in line with Patch Tuesday to make them available for synchronization to Configuration Manager. If your Configuration Manager environment is offline, a new allow list is imported every time you import [servicing updates](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to Configuration Manager. You will also have to import a [new WSUS catalog](https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates-disconnected) that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment. From b1372d17bb51a7070aab9e33da6a99a1fb0a84d2 Mon Sep 17 00:00:00 2001 From: Mike Eggers <49650192+v-miegge@users.noreply.github.com> Date: Fri, 29 May 2020 14:55:12 -0700 Subject: [PATCH 74/84] Edit --- .../manage-surface-driver-updates-configuration-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md index 74e17e6919..a3196c65f7 100644 --- a/devices/surface/manage-surface-driver-updates-configuration-manager.md +++ b/devices/surface/manage-surface-driver-updates-configuration-manager.md @@ -156,7 +156,7 @@ For more information about deployment, see [System Center 2012 Configuration Man **After I follow the steps in this article, my Surface drivers are still not synchronized. Why?** -If you synchronize from an upstream Windows Server Update Services (WSUS) server instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. +If you synchronize from an upstream Windows Server Update Services (WSUS) server, instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. There are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. Microsoft aims to get the Surface drivers added to the allow list each month in line with Patch Tuesday to make them available for synchronization to Configuration Manager. From eae1ee0b237bc6f98dd950ba6d732d25080422bb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 29 May 2020 14:56:27 -0700 Subject: [PATCH 75/84] Corrections to layout and punctuation --- ...device-automatically-using-group-policy.md | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index e68f5f4025..b03d28832e 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -37,7 +37,7 @@ The auto-enrollment relies on the presence of an MDM service and the Azure Activ When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. -In Windows 10, version 1709 or later, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/). +In Windows 10, version 1709 or later, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/) For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices. @@ -52,9 +52,10 @@ The following steps demonstrate required settings using the Intune service: ![Auto-enrollment activation verification](images/auto-enrollment-activation-verification.png) -> [!IMPORTANT] -> For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled. -> For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled. + > [!IMPORTANT] + > For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled. + > + > For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled. 3. Verify that the device OS version is Windows 10, version 1709 or later. 4. Auto-enrollment into Intune via Group Policy is valid only for devices which are hybrid Azure AD joined. This means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line. @@ -115,21 +116,21 @@ Requirements: 5. Click **Enable**, then click **OK**. -> [!NOTE] -> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. -The default behavior for older releases is to revert to **User Credential**. + > [!NOTE] + > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. + > The default behavior for older releases is to revert to **User Credential**. -When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." + When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." -To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app). + To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app). -If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot. + If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot. -![Two-factor authentication notification](images/autoenrollment-2-factor-auth.png) + ![Two-factor authentication notification](images/autoenrollment-2-factor-auth.png) -> [!Tip] -> You can avoid this behavior by using Conditional Access Policies in Azure AD. -Learn more by reading [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview). + > [!Tip] + > You can avoid this behavior by using Conditional Access Policies in Azure AD. + Learn more by reading [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview). 6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account. From 70a0bb25fb08e532a163b8a1818801130a0bbc83 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 29 May 2020 15:00:50 -0700 Subject: [PATCH 76/84] Removed extraneous space --- .../hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 7de95a29e9..328c9513bf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -36,13 +36,12 @@ The Windows Hello for Business Authentication certificate template is configured Sign-in the AD FS server with *Domain Admin* equivalent credentials. 1. Open a **Windows PowerShell** prompt. -2. Enter the following command : +2. Enter the following command: ```PowerShell Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication -WindowsHelloCertificateProxyEnabled $true ``` - >[!NOTE] > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the preceding command with the name of your certificate templates. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template by using the **Certificate Template** management console (certtmpl.msc). Or, you can view the template name by using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority. From 08efc9a4d62767895698e2678e1048a9ab847936 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Fri, 29 May 2020 15:53:43 -0700 Subject: [PATCH 77/84] RecoveryPicture --- .../images/MicrosoftHoloLensRecovery.png | Bin 0 -> 12069 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 devices/hololens/images/MicrosoftHoloLensRecovery.png diff --git a/devices/hololens/images/MicrosoftHoloLensRecovery.png b/devices/hololens/images/MicrosoftHoloLensRecovery.png new file mode 100644 index 0000000000000000000000000000000000000000..b162b881d8b2e2243f9c08c5e54db1e314c8db46 GIT binary patch literal 12069 zcmch-WmH^I6Q+whBtUQoK^k{=3+~pq28ZAd!67&VX}r{G_oJwqfuh2 zi->fTAwhUi>Ehv_W!Ss71*Wz%r_|7bnozvmk_8vfNCnQ*4@*unGu=x{(jQ-l5dJSm zA9Dvk8X8(uF)TVc>~~fc7M21SjxaR*zK)KL6qNB#Y)1I7u&^d{B0&TG#{UeV{-1`K z8aleVN--*GYTa8G>!|qn`0c=KQPU2Vw;$_M_eY3>?tc3WUk#d2905%U8!52m+r#A` z;@eOiSbvRW{u-ZibZ%WJW(k3_viy$ct0pHWySl{AQSTqlH$H2@z`|~EBmbRLCe=?m z83l!vR&Vb8Om$67`?a>0{fWF3Sr!)Gt-mweuo5eYPoP$sotwM6y%qAhMw;Kgzu5YJ z859&0bh7#@`)jj+jEtW90{+f%3a$VPEy_>j-)vmQ7Z#AevwPp23VNIy$;im4sHhkl zZ)|jjZf$O25c5CuYrKh;2-qQaLa z$t^deN8AX`#OvQeOm+4~;(Znq3k(W+TT~w(AI)-|TBn^M9C{5NUS3`v9tOj<3~}<# z+=KunyMeWhkMR$IJ@M`P@EL7g`0WZ$^oR{Cm&hI&yVF`{(StY%w9mggb5_tYOHZ*3 zxZq&1-(S+4#Et^KUbwi_R8>`1UtA6{_zhtzoFt6ywGJ;I{xVk5CPkF=h4WHdMY#Fn zTDFh>u%1W1-v(?lFAm8^j{wiayAq*P2<4Eq7dhXL9o?qVFz`KCOT$s9NeTN0bya(~(vNw`VB$ zB7n|$m@(|Gkd=5Y5Yz^Rq5s`87^7Lj@0Otjum}kWF)^!*yT6~GpI270yn7ehOCwH> zi3>&(4wdz#_$CG@t8b?UfFSXE#D2VOnUfq;WNj!ZT^42B3|Ae?BWg*vz=O}wv zB7KsClmE^kpF6qGRn;ey6W`|CoQS+QnEbfDc1D4V+`xe)qY6ls--~tyitC|xCU)bY zXsw?QqG1?5D?-I2b|SP(i^Azqg#@0W#&vBX_iZLsBjs+ zF1{aMvq_X7vPtM7;b%Ofz+yS5`~V)Y_A~_SlO^u)_OxySx8Xn$xaFo2ZQAiCE#@C6i3PX#8`?EZBP(7lJz5rQ63F z8++<*+pQCTn}y{)|WJzy=w zfZX+5Tl8mWNE3o65IERFp4TQtX%+KSU2F+%4@qhxR8&|Q=38F}70L%}!(JkTlru9} z`bv51nS43B9vr-a$4=Uv=&Ty+V!o#>!uUi39G~pm<2yq}4@+(;U85LF_^Z0*tT0wB zbb-t-28o&ZYqRY8w79>d48hW<^*X^6@6{bqqXO&pmVM+tmu9rc-rJ{-g)mNOC+G+d z#XXOl3e^wUT_i=|)>OhVZHY$Zzm=ZffcjScMs zKBDIK&>8`%%udg0;nv+LFH*tsf{^ZE(Lqlu*Vh~~)1Ygl$S+v-HQ1q98t_c2hP7uf z`j2h7XxttYoxzfwd{E*c348&*z?D$9YgArQM-t_|(AMCMm!sK24+Sw^IAYZS~6 zfk3#pxEviF1qB5^N$0CxU0xECkdP1)M?^;QW{gEO3jZu9Fy9#hb%-C$RfLj@0yj@j z?aa)~%*}7*ine8C&jZ)Se%(4EDe779FX z_8Z_-9iP{q8jdrF{_^wAE|tX2SMR_!Ntx&VIjSC<8#A?doKbyvxY>ZjtgmpDQL3+Z zJAPpM+v1S#ektu<;$+@^{ral@bk!E}U>sQ=xMsJY zLq)lT^2FRv zH#J>uUNgD{hd`Q3Bmtj`#)`!4ccUa;<1YB!Pv$>X4Y^j0-7b&%e!n(z(;UIFeW~q@ z&G&<8h-x-Qy^srxM4*hoXIR-S%WXB4yFFOEj5xmj8KjvOa^}~5wYtotog=g~O+k~l zEv}$27-O50q;qBAg9;1`qrr26<*YsT#ViJaKoSzP2D2V=XWN=V6|vtJu^Gre#`ib< zXo-tY0l=YF*x26-%)X$Pz#;y5u8+qPr?ADF<)htDNU~QLV-WVfbrAa^X6=Xw@}gyy zmP6h9MOK@eTiw88R*OFGWlx_f{Mh0`t2jvKpt*6d7-16XZn`J5pOXDYR{|Pq@*MYsTinm|2S!LbE;^n7ld>|AP`8eQ3hp_@wP$G#Lv$c6&0EN zPJ)h2NlAGYqf>eA<|ccXquE!7?V{EIc+rejGTD5DPQGZ6T@BZURr-R*tZo3Fjn+Zf zm|{M52HPJxKj7fx+~J5bXCC3Z)w-&y{^qapzh)bp5?SERv#3NY+CE#O5jQiC5RN#* z_fg`Sf6g*9-FWZC4`kS#nt<2tz_%%?Pww1tOp)gUJzsvQ11C*FoCU?U6Q&?%Jp!X0 z<<6eaTpl<$881W8p!z1Q{lbjP><%#{XW*hI-#)R-`&+&FQ0kP^BAbLF(^WLrC4V{Q zb#&ZQIM65gA*67zJ*Nc*!f1hMUyfmUcZqH6!Gk}`HAnS-ZlaT7a;mCwHeld;AJQ=B z)hdMISG)hz$Z7>Kb1}b`I$A1{E}p;^hFo;=al#y?f6giR#qeCw7H@$31$s+CC9yk7 zSPV3tnY2h~*>GB#K}Jx4LW16z+;f_T#=m zw&yr5A{d8#q;+id1cYJK;SnyH_v2$$4g0iKrn*D`XXL8E@9`OysFH81s<<)Tw1oyl zlKpvKGQ+z6$iP1Px&G5{lu$kiO-+1O$Q%6`0i2)OdJ!KX+{s@26McBd~J;dIa}6&8?gAA6ri z0Oq#{57_$dGS}s;(l9aBotqI($u;KHA6}={TlhCmuqV3*<$mK+j@C<;ylK#LYaMZz zSCW`+7`I>(`!nAtg`Fba9_>Bk{Lq zO94yC2OA&u(ogvuv#78*^1ZP*8154FgT1HcJ*wzN%!O8|%Z=fR#6#9W>T)DD-*RPp z1Rlq`buHL$`@d?nE%$00>Tk5q5YGuFw%jg2W7v&_?EO?3mjT??aQB4j&=WS!1hOM2 z?otEEv#&p{nhNUv<|@vw^jhmi$CZ60z?14Pv0a8kRqxcfUqYfSmA$bOqPz2u#uKxa9DHMgtE*0yTTj?=?F?-L4sV#>G;LO)D$}x7Xk?` zTPj+lA_7^ld41tzKQOnBvZc~+QtC&Esi*B)gKSg9Pn~t4l6d#&WMHObgplW*Xn*sK zX+ue!&#M0Uf#i3CStiZrSo__vx$#W@#pj_R6XCH)YPrzF6s>5xa^g9RF#!e8V5ygNE6ft@yT_@@`8a)R~Nr+_*OF( zS}gkvUo8R(sFsOn3ovvQmkAK)I&Bd5R>huVu(pBZrs#78k7Jr#uBfZu)2@{)xK37D$r`{wB56`9C3*j$G;5>_9JES=Y%qXmk)wA7iLtt0= z9*sR)<7JpUL7%oyZG;YkQ#Sdrv%deFJ2QBFG4%Z-I#QP&!>JNdljJPX`TMvHoR@uu zqw(!v;$HlD4(^}I=9rAbxZnP>?HC=UTW@E(REO?jE5hBgxVShmf%(kA!ZJQR4cCgp z5|yh=Q@Q_heVI98R->Bd)kFF<;%7ZryC4TMWz|1sy|5tOy=!ALOhPA;Yt?%RbYfw9 zn!3o?Nc-sk1b67yOy0IX@!QRl?@5X$LzJZ>buWJWb0&)?f`3|DPOYuw}lr?kmb zfNah6T$Tq)eQGuqYh!7r682tm`za%zD%OQ1U;{4jiqac^tuE%HQ9JEW*WaltKvsgq zxU&9?Sgkff(u&Ce!9qp~oxQylorweE5|%_##Jn4@d?op}A*R-mtMP6mOZFYi!UOWC-(@;pDHp-}`@Q?s+1;-N< zb<6RH{Xr8j7t2j1>cPz{0&Ab)b3&Z`3;7j(NRnE;U=&#YX$_!Au zQ$AT8HQM^#OKQC9%8NsgN)?MST?85c$T34l#VUjcad=2O@sYU~ z#lMRUQ))`7(zt2<^He5#za1ci;{1GD8#bp?t)MW)wzumrR{J99aZ*lg$F|+4ocQXC zqQsC&|DXawdddR3+^4IGcPe~0<)5&$FiBZJTaKqKg~Mb!&0H;zQkLaggO3SZai5XX zU!Y@o;v`xj#caF?^A4(XdVr4c zUrcBnH7y9Yf0+`!t|Oc$z>HS3vLCJ<9}gR{&yHSF_*9%qZ&YRZHSYQ})pFl+XR?vh z&AJWcKfnPhvB!u7V$e!RO8QPx-rU^$jZtKqsH&G14rS^14Tr(`O(E|e9`7e!ND3rQc3 z)SQ0P9gTkEjc=Hk6K>oT0zYKRzE@ot0}PvA4IkYi_r&U6gBj0G?Hpx-UEJa+OmD za?JMp+|!)RU}Bz6Z(tp!-d*%xPoTq`dOC%0KWQusbJAB_y7<~PBotPie$ANriNNFa ztIc`QX}!qwqGX#y_XXWy$SuHga>-bXsfxVsmKlZT3~cqL9YYYYd{&Y+UoGnL!~sZV z=f1n6VbjN3>op&6srYP)8BiHdlAGP>MSJXuWhcSxV@y0;PvTa#GJT^+eir)RMiX}j zxaHMJh2JxYjsYsg{dCrfnjcQ(BGB|nT&tA$w%6N>mI{UaX1gA)g6_BnPOAq>;Svx0 zly?gX{C}a#kMgOg=z8;zu?m$JrOvyvEdp(GbVSrqiW*yTX*}&si{=Wh?8EBm)V8p( zWfe2Z%NZ9w?m*hdncAx~xtyN=3xI}F*)2r+#UqlF=cWs!sk(?Q%LVKD`_T#^*(~mm zA((O;$A!Hm>1xzO-z|rl#`rT&UeNW6L(j|*WIab6;Lc^0{$N|0R1CMlnqKYGmR`j| z`GlhIO0PEH;hE3T*DWcf0z_9*o~YDmeK-&L$k#s1vqx73 zbr`HWPO%>2q&9unZB;TI$x=JW_yTaKCCEwo`=zzz^Be^H}H@}l*Ht#2j%Bq<_u zhExUl&rH6&F3A25t9@o}?q-YUuQtsZjCse$nf3X^P%UwvmrsC6U_y2_q}=w9RL5b* zr6woeLY&|nFLct=vXn8P@_lT-mDPd$BIx#uw4JOe8d>Cl&Y$xZp;VYgb_f>7pz&I8<8;sUau{Wm8 zjkVrd$ix=N+F*rbRi6yB4?rL?TuZdc^8%tNSr?!VSSZ0fhrqcdGO}3bOPgOWEugY= zld%&s6rT%+lP-~&uPMT@q#?q%3z5eP7Ym7v7rB>Lp6UtxqVk?BR3>Ds5{ow5zh;hpn{99!nLX?qhV8M8 zEL%DSH{S+(e!3d|S4{km%7bV%78nM`@iKYp2OUP_VPU`Fo>0>PDpm}cUkk)w$k*9u zOr(^|y6`Zeqvdm}cl2q##0}!lT7(ZZ&VMwz%*dfzL z7%31JJT$fFZ3=_<<$Fe*@A8FL5-_v-9(m6fi1IQFF)kmsC_Wj{AAIiJrzniSixe>S z`xzP~lqgHChOhUa|DJ+j&{2g-=$;OyS@dH_H$5^ExyWysY-KH&`%@p~Uq5lH!juYg zSY@=E)=OKk(f-3uhsMgV-axhC$A9Fp+=#BT<31VoA62IR3wU35{$q!dw2uwDWr*?D zEGi%%fEDL&i2dJiv>`491qF*q5%FaIsuA+rkbeJcpUp0wADpd5$2T`OCnr_U|qZ%wHIO{~M+VZl6L(s4X`)_sz#?X=wofcr|2%zA>b~*Yvge$E_?K zJ^k5g>(bJauA!md<+hAG03TnN;(va9yC)obWo3nBXKj7`WT~F@FN2Qyr+ArB|5~(WZ);6q$=~HLURPS42 z9?zTyP321^0!w_o+cr@+;k8;}*uXqtc%xCM^Tb?$&^&pHRu2o6iGn$OdZyn1>&=E=(=O%+abU|M(VHc#H1@ zt;T|bkR1rz#X#qBvmfL%_#cSHUdIPda&*PiGPEKx3d-f(9io_alS^@azL}jJ69XTwM^v3h z`q}H+nXi-s|G3bj@g%S5y@x53fJ25Jkp2yXG0>>bM0O> z&f1$$raKjU1{d0()6&pDuCvAvNZJc@%Wer=5HDdW_Y-vy+=jc}a-P7Fz>)Qng|NMv zYPkQ4S4BdM+Q2oEP>}_=n7&^P$wS zNJ!AH$rK)`6+SlkzC8N-LydE@a&wOj4hBe2BbLNBuDzJd3b)P4+3kA>N8%)Ffm?L+ zeOBv#IizRH`pSKJuDe1;wb0$>aFNFGKiA&F#v7|Ux7)wpzu!7i35S?uyWnsRdN1oV zezq8W#^E1}u80l3;Qc2wl3|nw`=W{7stRuABMVd0zg|;Q=y9*j4YstOTF1DWyXok)?1OI3~ zI>F6v2wvDKJW8Kb1|JybLMl7%o{8AVztjpBDb4Q}l;(+jvMerTK$*|{(@lRkk0ayl z#KkxpLAumVQ|8WjBEp-l0*El?st*^dYb32x#2UbH7wsKPR0OdS){a&9) z%}2E@8wMEbi+FlwD%EK%0Uae$o{6gCfz9i^6NI*R5ztiO?-l503z ze4>L6AvKhaxbzPJoqVe&w)@6P$N0QOw{hpLr+{%co>eF|t`2n5OVe{TQLla^+)}*Y z`qh{zH3rNV_tYYIKRp8)@!1>|J|@s5N}u?4I**_WYlW+rKK?Vw_dYNxw#fA71fG&Z z1dkw>SvTpvHBY4@sOBal5*$xQG{|tkf$3M-ykS{g2!T$+ammp))!>x5SM1ntRQKvw z(N6<>Ae+h;f!RDGG-Rg=3%;e$Doy zZl{v6swJT3L)(@bWVdY2DZ1T-i+e!Bxeu-1zZQ4Vt+X^tx|&T!6h8=_HFDY~VM(f> zlj^@gvv^W+hug zvShUDX?nsPSGBf;p*vjq&(+SdHl?NSdizt3N{SbbJvoM9NDntcrSOVr7Alt9TUzR# zrB82{pOZvc#5UZxad=9<*`MOZgY=HUDHUwiXv*Q^HQt{->D8qR|$ z_8=TJZZ0cUMRM1wf7nOO@8U{OH3uNU=53ds=dXQ@AJBIHEtB{xYs1Xz9NH46qBfOUasX zMB30+zk8WuD(}*#&2gV5Espz|VLNC$wN6GCQ9u8b`<7V+O;*Yy@(^lrH$4p9CgpCj zPXPVNSx9-OWZI()knt}+{}$PfAN>;(Z>4i~PEH(LFfkj*B`U^X`G|L_r}-3+CV_^z z%!gH0YN2!gL$dWEkB)4O-?}7H*JqtL9KN|zV3!8WrPXHAyVkA}Hrzn2fG|XQB9A(r zZd-pUiI?&4S-fR0xtbBV;RbLgy7oH3DvZ-2xoV4|gWQGlR$oN5ub~$lH>$IhR-=CA zg4b$BYA|k?-{4vY5l~+cz%{pj-4^Kl#q4{W&D^0H_xgXdp=*a`DVwT zy$Vp6o-K&hj6oX=>00Ek*PIYEWpd$ftPC2;jq7?HVybvqy$tnqv0r;+tf{l|ZyVk-eASKy1&;L_vd@vUyk=>E-dX zL-Cw<$KX+O+*^42N|30v;!*)d!lrD0Q$QhW!^&)RRaG2we|(eD3?CPusg7;gR)xar zz&1FETF#y=H)YXG&W>%h^$>{#-@TgFua;jl#`!&=z4#zA`c5mPRh7-O3TmB{H(m6v z{I@~ay0x#y4)=DaFXzfM*=_zI)LR}OyaBV0|s0Xmbi#5gc;4L>cu=Ju=DT+pqcqCMO)0ypJG>;FXn4yR-v(u z(^I+fWn5yx>vOju&WBZ-l>rl*m2zu)S2353lkmM5N2botO8n14a=s~Kgw}$M(w&rz zuke;x6DyUoI*tcz^k0Q8cbAzI7=H;SHwV~Du5mnW{dr<0t=nn42|b+?0XSdJEuY4@ zNdQ>92|wF@0LL>0xVKl(j%duWT};~CFIHguSG4_Fc*}A`NIM8MG&DLs8R@}3QZzL+ zt&_mKER>YcX}LJPF`jGIr}UVG4M&@INv9W+>^k5{NswNlFa*nMM8hI5MyY$er;4E@ z-c!!qJ>ln}NSH0&GH4Hehhuyv6Y8_2(pEd}d`y+GZyWC<_NpP@q zJOs;9ej;C7PhX0zMTW+3u1UgMJx;RG>*{I53ZC(^i2PNM^SKKf#e=^ms$Pj(XVhgr z(Z~MF5lL&%i~bxe#|Oc?nP|nLI8WY%NPk^}ISO}K(Tbm}3Q{Yt=h58pV63=OH^?;0 zmCgPkUAUh0amx{JntC|vJh7SJl<()=mAy(FT9Ve!3>e604!c_R)=61Mn9;MR+T|uy z2doDQ+QV!nh4;AEC>gl_$w30O7^twqEk-lml5Y++wzqDt$?}vkpJ%%*Vw{g|bAcRM#>yv*X>L zCvHs*R~BZ;<_x+lOnb?FkMiZ!1dLz8`^CfuOaoDVaw0u_B(6^{Zft&}wXHE}&szOj zx?alMSMTNe@M)f|W;^G7u&+3PU0#5>)|W%+$O1Syn(I;kPdLo>u4S5BMhxM7B%H0L z^Dy##ZSNiYKyV`#bUwY{yhD;_N3VIxfOZtpB4kI$a$PLq6j_`!iyl*X&9t0-(kZ54 zMk3x0z7BTJHVm%MFWzd7R5LuRHy%tgA>!OPMI7CLeYx-(&?0<7Cz%QCwI0#D9V;um z5IJgXJW}8w>9%)ykLf{8P$R@Ao?AsL$eTm8M({K(NbqAdQQ}u%Ok0!hxH53W*$*9g zb;q+m?`BtmS)&Tg+5`P%^3Ug_`~r=EIzjrVb5`ms*{e$=%NHr~VI+*4=#zC4Vw*@_ zKJlL@9&dBH1Hv3%wG11K@t7NCwwD{bENq1nr2GEsxp zC2xTqyMlPz&Jkasv`1%vVy7u@+T$S(r~s{SCBqMV{Ytv_&H$>JXU0f^(lv_eoMK;g?s{HJ_t+QFtPM^j)x``mImU zzH14riWDxYY=LkI``OD&pO2boN)NyJ&%lYC^OQzPPni*{rfzXlLG(&rQ2*?`)gO(`^m7trRre&>1HX{5!*WTR`EZ%YXZ17 zRUOSAf#KU^xjDCw+b194WG)qO7#Ry2hWUeDToD7WTM~BEVIY`&rKNkfZ!HOQB_)_h zaP&{}!wHO^U9NvC-9K+aOYs9Z8h@6&U}Z%Rz0+3ZMk27C8wGgt?MK_`Cg>kxS`hT4FRiPXUO z9}BAv#_h>@LTLmEMpk$r-(1i4qmE7l@3x{CHEjiW-IM|sd|$c(X5@Z`TqM=0SOLZm ziY6c7kGZvl9@l(?ontofQD<<^iZ&hgPoj5pHJ5_6RC}@2&v8G-Ex7Y_Y78S5x@nJ+ z$X$oC-LFqu+x$8v5&?8+&S5Y)Ya#t|;47nRc6%~$2DFAglL&P6WBI`Jdn zoYYD~nURrb4ZSz{G+`$V7u7R1a&8RV>Hri2crAIMVK!fdmUy)HRx)NZ>WcS`xJCR> zvgK=1u~?YBQ-^uA6)e_#V^#4Lx%- zQj)u)D=bF<>OpXr?ui^jX(=b_194QNl-0s1&r-nxbg9FS=LP;@a%6GZ%T->KsjOC8 zsjSo-bTWCgzjtXj)Iu Date: Fri, 29 May 2020 16:46:26 -0700 Subject: [PATCH 78/84] Various fixes to cross references, layout, metadata --- ...rface-driver-updates-configuration-manager.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md index a3196c65f7..a6fc726ee7 100644 --- a/devices/surface/manage-surface-driver-updates-configuration-manager.md +++ b/devices/surface/manage-surface-driver-updates-configuration-manager.md @@ -14,7 +14,7 @@ ms.sitesec: library author: coveminer ms.author: daclark ms.topic: article -ms.audience: itpro +audience: itpro --- # Manage Surface driver updates in Configuration Manager @@ -31,7 +31,7 @@ To manage Surface driver updates, the following prerequisites must be met: - All Software Update Points (SUPs) must run Windows Server 2016 or a later version. Otherwise, Configuration Manager ignores this setting and Surface drivers won't be synchronized. > [!NOTE] -> If your environment doesn’t meet the prerequisites, refer to the [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates in the "FAQ" section. +> If your environment doesn’t meet the prerequisites, refer to the [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates in the [FAQ](#frequently-asked-questions-faq) section. ## Useful log files @@ -76,8 +76,8 @@ To enable Surface driver updates management in Configuration Manager, follow the - Windows 10 S Version 1709 and Later Servicing Drivers for testing - Windows 10 S Version 1709 and Later Upgrade & Servicing Drivers for testing -> [!NOTE] -> Most Surface drivers belong to multiple Windows 10 product groups. You may not have to select all the products that are listed here. To help reduce the number of products that populate your Update Catalog, we recommend that you select only the products that are required by your environment for synchronization. + > [!NOTE] + > Most Surface drivers belong to multiple Windows 10 product groups. You may not have to select all the products that are listed here. To help reduce the number of products that populate your Update Catalog, we recommend that you select only the products that are required by your environment for synchronization. ## Verifying the configuration @@ -85,7 +85,7 @@ To verify that the SUP is configured correctly, follow these steps: 1. Open WsyncMgr.log, and then look for the following entry: - ``` + ```console Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set. Sync Catalog Drivers SCF value is set to : 1 @@ -93,7 +93,7 @@ To verify that the SUP is configured correctly, follow these steps: If either of the following entries is logged in WsyncMgr.log, recheck step 4 in the previous section: - ``` + ```console Sync Surface Drivers option is not set Sync Catalog Drivers SCF value is set to : 0 @@ -105,7 +105,7 @@ To verify that the SUP is configured correctly, follow these steps: This entry is an XML element that lists every product group and classification that's currently synchronized by your SUP server. For example, you might see an entry that resembles the following: - ``` + ```xml @@ -127,7 +127,7 @@ If you don't want to wait until the next synchronization, follow these steps to 1. On the ribbon, select **Synchronize Software Updates**. Or, right-click **All Software Update**, and then select **Synchronize Software Update**. 1. Monitor the synchronization progress by looking for the following entries in WsyncMgr.log: - ``` + ```console Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set. sync: SMS synchronizing categories From b6c0864e1b2f56a18a0c544bb2b1735a6df7fbc3 Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Mon, 1 Jun 2020 12:48:29 +0300 Subject: [PATCH 79/84] Update offboard-machine-api.md Adjusting support statement to avoid customer confusion --- .../microsoft-defender-atp/offboard-machine-api.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index 5b7477d473..30538a9a58 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -34,7 +34,8 @@ Offboard machine from Microsoft Defender ATP. [!include[Machine actions note](../../includes/machineactionsnote.md)] >[!Note] -> This does not support offboarding macOS Devices. +> This API is supported on Windows 10, version 1703 and later, or Windows Server 2019 and later. +> This API is not supported on MacOS or Linux devices. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) From 052c324b15ceb1d81058f43b69b29cfbcc2ab697 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 1 Jun 2020 08:49:36 -0700 Subject: [PATCH 80/84] fix search improv link --- windows/whats-new/whats-new-windows-10-version-2004.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 03491ad7ba..a722dcf90c 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -179,7 +179,7 @@ For updated information, see the [Microsoft 365 blog](https://aka.ms/CortanaUpda ### Windows Search -Windows Search is [improved](https://insider.windows.com/community-news/desktop-search/) in several ways. +Windows Search is improved in several ways. For more information, see [Supercharging Windows Search](https://aka.ms/AA8kllm). ### Virtual Desktops @@ -231,7 +231,8 @@ For information about Desktop Analytics and this release of Windows 10, see [Wha ## See Also -[What’s new in the Windows 10 May 2020 Update](https://blogs.windows.com/windowsexperience/2020/05/27/whats-new-in-the-windows-10-may-2020-update/)
+[What’s new for IT pros in Windows 10, version 2004](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-10-version-2004/ba-p/1419764): Windows IT Pro blog.
+[What’s new in the Windows 10 May 2020 Update](https://blogs.windows.com/windowsexperience/2020/05/27/whats-new-in-the-windows-10-may-2020-update/): Windows Insider blog.
[What's New in Windows Server](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server): New and updated features in Windows Server.
[Windows 10 Features](https://www.microsoft.com/windows/features): General information about Windows 10 features.
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
@@ -240,4 +241,3 @@ For information about Desktop Analytics and this release of Windows 10, see [Wha [What's new in Windows 10, version 2004 - Windows Insiders](https://docs.microsoft.com/windows-insider/at-home/whats-new-wip-at-home-20h1): This list also includes consumer focused new features.
[Features and functionality removed in Windows 10](https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features): Removed features.
[Windows 10 features we’re no longer developing](https://docs.microsoft.com/windows/deployment/planning/windows-10-deprecated-features): Features that are not being developed.
-[What’s new for IT pros in Windows 10, version 2004](https://aka.ms/whats-new-in-2004): Windows IT Pro blog.
From 0ee608d1f2e8a752fcd18647fb28fda82aeb9ca7 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 1 Jun 2020 09:32:49 -0700 Subject: [PATCH 81/84] removing a topic that's on hold for now--never connected to TOC --- .../update/define-update-strategy.md | 59 ------------------- 1 file changed, 59 deletions(-) delete mode 100644 windows/deployment/update/define-update-strategy.md diff --git a/windows/deployment/update/define-update-strategy.md b/windows/deployment/update/define-update-strategy.md deleted file mode 100644 index d8fd47ee87..0000000000 --- a/windows/deployment/update/define-update-strategy.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Define update strategy -ms.reviewer: -manager: laurawi -description: -keywords: updates, calendar, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools -ms.prod: w10 -ms.mktglfcycl: manage -audience: itpro -author: jaimeo -ms.localizationpriority: medium -ms.audience: itpro -author: jaimeo -ms.topic: article -ms.collection: M365-modern-desktop ---- - -# Define update strategy - -Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices. - -Today, more organizations are treating deployment as a continual process of updates which roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--withouth interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. - -Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, an so you might choose to update annually. The 18/30 month lifecycle cadence lets you to allow some portion of you environment to move faster while a majority can move less quickly. - - - -## Calendar approaches - -You can use a calendar approach for either a faster 18-month or twice-per-year cadence or a 30-month or annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates. - - -### Annual - -Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles: - -![annual calendar](images/annual-calendar.png) - -This approach provides approximately twelve months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version 20H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates. - -This cadence might be most suitable for you if any of these conditions apply: - -- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice a year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost. -- You want to wait and see how successful other companies are at adopting a Windows 10 feature update. -- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the *second* half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months). - - -### Rapid - -This calendar shows an example schedule that installs each feature update as it is released, twice per year: - -![rapid calendar](images/rapid-calendar.png) - -This cadence might be best for you if these conditions apply: - -- You have a strong appetite for change. -- You want to continuously update supporting infrastructure and unlock new scenarios. -- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office. -- You have experience with feature updates for Windows 10. \ No newline at end of file From 35215d8255fd0d4708a6b6ee462b5a17df30d555 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 1 Jun 2020 10:31:51 -0700 Subject: [PATCH 82/84] update why no data available --- .../microsoft-defender-atp/machines-view-overview.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md index e570e0634a..f243b53767 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md @@ -53,7 +53,13 @@ The risk level reflects the overall risk assessment of the machine based on a co ### Exposure level -The exposure level reflects the current exposure of the machine based on the cumulative impact of its pending security recommendations. +The exposure level reflects the current exposure of the machine based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your machines are less vulnerable from exploitation. + +If the exposure level says "No data available," there are a few reasons why this may be the case: + +- Device stopped reporting for more than 30 days – in that case it is considered inactive, and the exposure isn't computed +- Device OS not supported - see [minimum requirements for Microsoft Defender ATP](minimum-requirements.md) +- Device with stale agent (very unlikely) ### OS Platform From 69d7fd4d3898ba31f2c5f600ab99f2518943874a Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 1 Jun 2020 10:32:42 -0700 Subject: [PATCH 83/84] added detail about results location --- windows/deployment/upgrade/setupdiag.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 6bbeb71b89..74ac33ca80 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -41,6 +41,8 @@ With the release of Windows 10, version 2004, SetupDiag is included with Windows During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, SetupDiag.exe is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure. +When run by Windows Setup, results of the SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\Setup\SetupDiag\Results**. + If the upgrade process proceeds normally, this directory is moved under **%SystemDrive%\Windows.Old** for cleanup. If this directory is deleted, SetupDiag.exe will also be removed. ## Using SetupDiag From a3da6e9ef13995045194e01c574cefd1f51c3c15 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 1 Jun 2020 10:52:03 -0700 Subject: [PATCH 84/84] tweaks --- windows/deployment/upgrade/setupdiag.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 74ac33ca80..55b5978287 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -39,11 +39,11 @@ SetupDiag works by examining Windows Setup log files. It attempts to parse these With the release of Windows 10, version 2004, SetupDiag is included with Windows Setup. -During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, SetupDiag.exe is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure. +During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure. When run by Windows Setup, results of the SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\Setup\SetupDiag\Results**. -If the upgrade process proceeds normally, this directory is moved under **%SystemDrive%\Windows.Old** for cleanup. If this directory is deleted, SetupDiag.exe will also be removed. +If the upgrade process proceeds normally, the **Sources** directory including **setupdiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **setupdiag.exe** will also be removed. ## Using SetupDiag