From 7da92a413cafc5b8c7f70cadb82f62b45cd1dc0b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 25 Aug 2020 17:03:27 -0700 Subject: [PATCH 01/34] Added Phase1 policy docs --- .../mdm/policy-csp-admx-ciphersuiteorder.md | 203 ++ .../mdm/policy-csp-admx-com.md | 197 ++ .../mdm/policy-csp-admx-conf.md | 2431 +++++++++++++++++ 3 files changed, 2831 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md create mode 100644 windows/client-management/mdm/policy-csp-admx-com.md create mode 100644 windows/client-management/mdm/policy-csp-admx-conf.md diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md new file mode 100644 index 0000000000..306231cdcf --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -0,0 +1,203 @@ +--- +title: Policy CSP - ADMX_CipherSuiteOrder +description: Policy CSP - ADMX_CipherSuiteOrder +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/17/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_CipherSuiteOrder + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_CipherSuiteOrder policies + +
+
+ ADMX_CipherSuiteOrder/SSLCipherSuiteOrder +
+
+ ADMX_CipherSuiteOrder/SSLCurveOrder +
+
+ + +
+ + +**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). + +If you enable this policy setting, SSL cipher suites are prioritized in the order specified. + +If you disable or do not configure this policy setting, default cipher suite order is used. + +For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](https://go.microsoft.com/fwlink/?LinkId=517265). + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SSL Cipher Suite Order* +- GP name: *Functions* +- GP path: *Network/SSL Configuration Settings* +- GP ADMX file name: *CipherSuiteOrder.admx* + + + +
+ +
+ + +**ADMX_CipherSuiteOrder/SSLCurveOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. + +If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line. + +If you disable or do not configure this policy setting, the default ECC curve order is used. + +The default curve order is as follows: + +- curve25519 +- NistP256 +- NistP384 + +To see all the curves supported on the system, enter the following command: + +``` cmd +CertUtil.exe -DisplayEccCurve +``` + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *ECC Curve Order* +- GP name: *EccCurves* +- GP path: *Network/SSL Configuration Settings* +- GP ADMX file name: *CipherSuiteOrder.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md new file mode 100644 index 0000000000..ff361f80d2 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -0,0 +1,197 @@ +--- +title: Policy CSP - ADMX_COM +description: Policy CSP - ADMX_COM +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/18/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_COM + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_COM policies + +
+
+ ADMX_COM/AppMgmt_COM_SearchForCLSID_1 +
+
+ ADMX_COM/AppMgmt_COM_SearchForCLSID_2 +
+
+ + +
+ + +**ADMX_COM/AppMgmt_COM_SearchForCLSID_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. + +Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. + +If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly. + +If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. + +This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Download missing COM components* +- GP name: *COMClassStore* +- GP path: *System* +- GP ADMX file name: *COM.admx* + + + +
+ +
+ + +**ADMX_COM/AppMgmt_COM_SearchForCLSID_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. + +Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. + +If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly. + +If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. + +This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Download missing COM components* +- GP name: *COMClassStore* +- GP path: *System* +- GP ADMX file name: *COM.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-conf.md b/windows/client-management/mdm/policy-csp-admx-conf.md new file mode 100644 index 0000000000..931927fe44 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-conf.md @@ -0,0 +1,2431 @@ +--- +title: Policy CSP - ADMX_Conf +description: Policy CSP - ADMX_Conf +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.localizationpriority: medium +ms.date: 08/18/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Conf + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## Policy CSP - ADMX_Conf + +
+
+ ADMX_Conf/AllowPersistAutoAcceptCalls + +
+
+ ADMX_Conf/DisableAdvCallingButton + +
+
+ ADMX_Conf/DisableAppSharing + +
+
+ ADMX_Conf/DisableAudioPage + +
+
+ ADMX_Conf/DisableChat + +
+
+ ADMX_Conf/DisableGeneralPage + +
+
+ ADMX_Conf/DisableNewWhiteboard + +
+
+ ADMX_Conf/DisableOldWhiteboard + +
+
+ ADMX_Conf/DisableRDS + +
+
+ ADMX_Conf/DisableSecurityPage + +
+
+ ADMX_Conf/DisableVideoPage + +
+
+ ADMX_Conf/EnableAutoConfiguration + +
+
+ ADMX_Conf/PreventAddingNewILS + +
+
+ ADMX_Conf/PreventAudio + +
+
+ ADMX_Conf/PreventAutoAccept + +
+
+ ADMX_Conf/PreventChangeDirectSound + +
+
+ ADMX_Conf/PreventChangingCallMode + +
+
+ ADMX_Conf/PreventDirectoryServices + +
+
+ ADMX_Conf/PreventFullDuplex + +
+
+ ADMX_Conf/PreventGrantingControl + +
+
+ ADMX_Conf/PreventReceivingFiles + +
+
+ ADMX_Conf/PreventReceivingVideo + +
+
+ ADMX_Conf/PreventSendingFiles + +
+
+ ADMX_Conf/PreventSendingVideo + +
+
+ ADMX_Conf/PreventSharing + +
+
+ ADMX_Conf/PreventSharingCMDPrompt + +
+
+ ADMX_Conf/PreventSharingDesktop + +
+
+ ADMX_Conf/PreventSharingExplorer + +
+
+ ADMX_Conf/PreventSharingTrueColor + +
+
+ ADMX_Conf/PreventWebDirectory + +
+
+ ADMX_Conf/RestrictFTSendSize + +
+
+ ADMX_Conf/SetAVThroughput + +
+
+ ADMX_Conf/SetIntranetSupport + +
+
+ ADMX_Conf/SetSecurityOptions + +
+
+ + +
+ + +**ADMX_Conf/AllowPersistAutoAcceptCalls** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting makes the automatic acceptance of incoming calls persistent. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow persisting automatic acceptance of Calls* +- GP name: *PersistAutoAcceptCalls* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableAdvCallingButton** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable the Advanced Calling button* +- GP name: *NoAdvancedCalling* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableAppSharing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable application Sharing* +- GP name: *NoAppSharing* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableAudioPage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Audio page* +- GP name: *NoAudioPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableChat** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Chat feature of NetMeeting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Chat* +- GP name: *NoChat* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableGeneralPage** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the General page* +- GP name: *NoGeneralPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableNewWhiteboard** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the T.126 whiteboard feature of NetMeeting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Whiteboard* +- GP name: *NoNewWhiteBoard* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableOldWhiteboard** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the 2.x whiteboard feature of NetMeeting. + +The 2.x whiteboard is available for compatibility with older versions of NetMeeting only. + +Deployers who do not need it can save bandwidth by disabling it. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable NetMeeting 2.x Whiteboard* +- GP name: *NoOldWhiteBoard* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableRDS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable remote Desktop Sharing* +- GP name: *NoRDS* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableSecurityPage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Security page* +- GP name: *NoSecurityPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableVideoPage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Video page* +- GP name: *NoVideoPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/EnableAutoConfiguration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures NetMeeting to download settings for users each time it starts. + +The settings are downloaded from the URL listed in the "Configuration URL:" text box. + +Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Automatic Configuration* +- GP name: *Use AutoConfig* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventAddingNewILS** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent adding Directory servers* +- GP name: *NoAddingDirectoryServers* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventAudio** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the audio feature of NetMeeting. Users will not be able to send or receive audio. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Audio* +- GP name: *NoAudio* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventAutoAccept** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from turning on automatic acceptance of incoming calls. + +This ensures that others cannot call and connect to NetMeeting when the user is not present. + +This policy is recommended when deploying NetMeeting to run always. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent automatic acceptance of Calls* +- GP name: *NoAutoAcceptCalls* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventChangeDirectSound** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents user from changing the DirectSound audio setting. + +DirectSound provides much better audio quality, but older audio hardware may not support it. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent changing DirectSound Audio setting* +- GP name: *NoChangeDirectSound* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventChangingCallMode** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents users from changing the way calls are placed, either directly or via a gatekeeper server. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent changing Call placement method* +- GP name: *NoChangingCallMode* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventDirectoryServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the directory feature of NetMeeting. + +Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory. + +This policy is for deployers who have their own location or calling schemes such as a Web site or an address book. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Directory services* +- GP name: *NoDirectoryServices* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventFullDuplex** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable full duplex Audio* +- GP name: *NoFullDuplex* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventGrantingControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Control* +- GP name: *NoAllowControl* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventReceivingFiles** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving files from others in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent receiving files* +- GP name: *NoReceivingFiles* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventReceivingVideo** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving video. Users will still be able to send video provided they have the hardware. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent receiving Video* +- GP name: *NoReceivingVideo* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSendingFiles** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending files to others in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent sending files* +- GP name: *NoSendingFiles* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSendingVideo** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending video if they have the hardware. Users will still be able to receive video from others. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent sending Video* +- GP name: *NoSendingVideo* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Sharing* +- GP name: *NoSharing* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingCMDPrompt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Sharing Command Prompts* +- GP name: *NoSharingDosWindows* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingDesktop** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing the whole desktop. They will still be able to share individual applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Desktop Sharing* +- GP name: *NoSharingDesktop* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingExplorer** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Sharing Explorer windows* +- GP name: *NoSharingExplorer* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingTrueColor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Application Sharing in true color* +- GP name: *NoTrueColorSharing* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventWebDirectory** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing directories as Web pages in a browser. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent viewing Web directory* +- GP name: *NoWebDirectory* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/RestrictFTSendSize** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting limits the size of files users can send to others in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Limit the size of sent files* +- GP name: *MaxFileSendSize* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/SetAVThroughput** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Limit the bandwidth of Audio and Video* +- GP name: *MaximumBandwidth* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/SetIntranetSupport** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting sets the URL NetMeeting will display when the user chooses the Help Online Support command. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set the intranet support Web page* +- GP name: *IntranetSupportURL* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/SetSecurityOptions** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting sets the level of security for both outgoing and incoming NetMeeting calls. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Call Security options* +- GP name: *CallSecurity* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + \ No newline at end of file From 9fde7a57dd32972f94c88510f6940cf8b4069dd0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 16:32:45 -0700 Subject: [PATCH 02/34] Added more Phase 1 policies --- .../policy-configuration-service-provider.md | 8 + .../mdm/policy-csp-admx-cpls.md | 117 ++++++ .../mdm/policy-csp-admx-ctrlaltdel.md | 339 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 1 + 4 files changed, 465 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-cpls.md create mode 100644 windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 7986a6fae0..e6f3e4b8d9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -245,6 +245,14 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_Cpls policies + +
+
+ ADMX_Cpls/UseDefaultTile +
+
+ ### ADMX_DnsClient policies
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md new file mode 100644 index 0000000000..05ddffee0c --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -0,0 +1,117 @@ +--- +title: Policy CSP - ADMX_Cpls +description: Policy CSP - ADMX_Cpls +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/26/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Cpls +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Cpls policies + +
+
+ ADMX_Cpls/UseDefaultTile +
+
+ + +
+ + +**ADMX_Cpls/UseDefaultTile** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. + +> [!NOTE] +> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. + +If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed. + +If you disable or do not configure this policy setting, users will be able to customize their account pictures. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Apply the default account picture to all users* +- GP name: *UseDefaultTile* +- GP path: *Control Panel/User Accounts* +- GP ADMX file name: *Cpls.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md new file mode 100644 index 0000000000..c098646c75 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -0,0 +1,339 @@ +--- +title: Policy CSP - ADMX_CtrlAltDel +description: Policy CSP - ADMX_CtrlAltDel +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/26/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_CtrlAltDel +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_CtrlAltDel policies + +
+
+ ADMX_CtrlAltDel/DisableChangePassword +
+
+ ADMX_CtrlAltDel/DisableLockComputer +
+
+ ADMX_CtrlAltDel/DisableTaskMgr +
+
+ ADMX_CtrlAltDel/NoLogoff +
+
+ + +
+ + +**ADMX_CtrlAltDel/DisableChangePassword** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from changing their Windows password on demand. + +If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del. + +However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Change Password* +- GP name: *DisableChangePassword* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + + +
+ + +**ADMX_CtrlAltDel/DisableLockComputer** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from locking the system. + +While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it. + +If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del. + +If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. + +> [!TIP] +> To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Lock Computer* +- GP name: *DisableLockWorkstation* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + +
+ + +**ADMX_CtrlAltDel/DisableTaskMgr** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from starting Task Manager. + +Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. + +If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. + +If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Task Manager* +- GP name: *DisableTaskMgr* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + +
+ + +**ADMX_CtrlAltDel/NoLogoff** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables or removes all menu items and buttons that log the user off the system. + +If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu. + +Also, see the 'Remove Logoff on the Start Menu' policy setting. + +If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Logoff* +- GP name: *NoLogoff* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 6e3d43c649..83e26f746f 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -42,6 +42,7 @@ ms.date: 08/18/2020 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord) - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory) - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline) +- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md##admx-cpls-usedefaulttile) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname) - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain) From 61ca35c9c08b4ab763b32dbb5444e0b7fe492d97 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 18:19:06 -0700 Subject: [PATCH 03/34] more updates --- .../policy-configuration-service-provider.md | 20 ++++++++++++++++++- .../mdm/policy-csps-admx-backed.md | 6 +++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index e6f3e4b8d9..1432aa2a6d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -249,10 +249,28 @@ The following diagram shows the Policy configuration service provider in tree fo
- ADMX_Cpls/UseDefaultTile + ADMX_CtrlAltDel/DisableChangePassword +
+
+ ADMX_CtrlAltDel/DisableLockComputer +
+
+ ADMX_CtrlAltDel/DisableTaskMgr +
+
+ ADMX_CtrlAltDel/NoLogoff
+ +### ADMX_CtrlAltDel policies +
+
+ ADMX_Cpls/UseDefaultTile +
+
+ + ### ADMX_DnsClient policies
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 83e26f746f..e44a49e5ed 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -42,7 +42,11 @@ ms.date: 08/18/2020 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord) - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory) - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline) -- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md##admx-cpls-usedefaulttile) +- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile) +- [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword) +- [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) +- [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) +- [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname) - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain) From 4cd686ee25e7c192f40fefedcc9dfe079174cf82 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 13:13:49 -0700 Subject: [PATCH 04/34] Deleted conf admx backed doc --- .../mdm/policy-csp-admx-conf.md | 2431 ----------------- 1 file changed, 2431 deletions(-) delete mode 100644 windows/client-management/mdm/policy-csp-admx-conf.md diff --git a/windows/client-management/mdm/policy-csp-admx-conf.md b/windows/client-management/mdm/policy-csp-admx-conf.md deleted file mode 100644 index 931927fe44..0000000000 --- a/windows/client-management/mdm/policy-csp-admx-conf.md +++ /dev/null @@ -1,2431 +0,0 @@ ---- -title: Policy CSP - ADMX_Conf -description: Policy CSP - ADMX_Conf -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.localizationpriority: medium -ms.date: 08/18/2020 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - ADMX_Conf - -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
- - -## Policy CSP - ADMX_Conf - -
-
- ADMX_Conf/AllowPersistAutoAcceptCalls - -
-
- ADMX_Conf/DisableAdvCallingButton - -
-
- ADMX_Conf/DisableAppSharing - -
-
- ADMX_Conf/DisableAudioPage - -
-
- ADMX_Conf/DisableChat - -
-
- ADMX_Conf/DisableGeneralPage - -
-
- ADMX_Conf/DisableNewWhiteboard - -
-
- ADMX_Conf/DisableOldWhiteboard - -
-
- ADMX_Conf/DisableRDS - -
-
- ADMX_Conf/DisableSecurityPage - -
-
- ADMX_Conf/DisableVideoPage - -
-
- ADMX_Conf/EnableAutoConfiguration - -
-
- ADMX_Conf/PreventAddingNewILS - -
-
- ADMX_Conf/PreventAudio - -
-
- ADMX_Conf/PreventAutoAccept - -
-
- ADMX_Conf/PreventChangeDirectSound - -
-
- ADMX_Conf/PreventChangingCallMode - -
-
- ADMX_Conf/PreventDirectoryServices - -
-
- ADMX_Conf/PreventFullDuplex - -
-
- ADMX_Conf/PreventGrantingControl - -
-
- ADMX_Conf/PreventReceivingFiles - -
-
- ADMX_Conf/PreventReceivingVideo - -
-
- ADMX_Conf/PreventSendingFiles - -
-
- ADMX_Conf/PreventSendingVideo - -
-
- ADMX_Conf/PreventSharing - -
-
- ADMX_Conf/PreventSharingCMDPrompt - -
-
- ADMX_Conf/PreventSharingDesktop - -
-
- ADMX_Conf/PreventSharingExplorer - -
-
- ADMX_Conf/PreventSharingTrueColor - -
-
- ADMX_Conf/PreventWebDirectory - -
-
- ADMX_Conf/RestrictFTSendSize - -
-
- ADMX_Conf/SetAVThroughput - -
-
- ADMX_Conf/SetIntranetSupport - -
-
- ADMX_Conf/SetSecurityOptions - -
-
- - -
- - -**ADMX_Conf/AllowPersistAutoAcceptCalls** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting makes the automatic acceptance of incoming calls persistent. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Allow persisting automatic acceptance of Calls* -- GP name: *PersistAutoAcceptCalls* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableAdvCallingButton** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable the Advanced Calling button* -- GP name: *NoAdvancedCalling* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableAppSharing** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable application Sharing* -- GP name: *NoAppSharing* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableAudioPage** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the Audio page* -- GP name: *NoAudioPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableChat** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Chat feature of NetMeeting. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Chat* -- GP name: *NoChat* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableGeneralPage** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the General page* -- GP name: *NoGeneralPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableNewWhiteboard** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the T.126 whiteboard feature of NetMeeting. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Whiteboard* -- GP name: *NoNewWhiteBoard* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableOldWhiteboard** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the 2.x whiteboard feature of NetMeeting. - -The 2.x whiteboard is available for compatibility with older versions of NetMeeting only. - -Deployers who do not need it can save bandwidth by disabling it. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable NetMeeting 2.x Whiteboard* -- GP name: *NoOldWhiteBoard* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableRDS** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable remote Desktop Sharing* -- GP name: *NoRDS* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableSecurityPage** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the Security page* -- GP name: *NoSecurityPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableVideoPage** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the Video page* -- GP name: *NoVideoPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/EnableAutoConfiguration** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting configures NetMeeting to download settings for users each time it starts. - -The settings are downloaded from the URL listed in the "Configuration URL:" text box. - -Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Enable Automatic Configuration* -- GP name: *Use AutoConfig* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventAddingNewILS** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent adding Directory servers* -- GP name: *NoAddingDirectoryServers* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventAudio** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the audio feature of NetMeeting. Users will not be able to send or receive audio. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Audio* -- GP name: *NoAudio* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventAutoAccept** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from turning on automatic acceptance of incoming calls. - -This ensures that others cannot call and connect to NetMeeting when the user is not present. - -This policy is recommended when deploying NetMeeting to run always. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent automatic acceptance of Calls* -- GP name: *NoAutoAcceptCalls* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventChangeDirectSound** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents user from changing the DirectSound audio setting. - -DirectSound provides much better audio quality, but older audio hardware may not support it. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent changing DirectSound Audio setting* -- GP name: *NoChangeDirectSound* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventChangingCallMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents users from changing the way calls are placed, either directly or via a gatekeeper server. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent changing Call placement method* -- GP name: *NoChangingCallMode* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventDirectoryServices** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the directory feature of NetMeeting. - -Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory. - -This policy is for deployers who have their own location or calling schemes such as a Web site or an address book. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Directory services* -- GP name: *NoDirectoryServices* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventFullDuplex** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable full duplex Audio* -- GP name: *NoFullDuplex* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventGrantingControl** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Control* -- GP name: *NoAllowControl* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventReceivingFiles** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving files from others in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent receiving files* -- GP name: *NoReceivingFiles* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventReceivingVideo** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving video. Users will still be able to send video provided they have the hardware. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent receiving Video* -- GP name: *NoReceivingVideo* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSendingFiles** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending files to others in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent sending files* -- GP name: *NoSendingFiles* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSendingVideo** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending video if they have the hardware. Users will still be able to receive video from others. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent sending Video* -- GP name: *NoSendingVideo* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharing** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Sharing* -- GP name: *NoSharing* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingCMDPrompt** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Sharing Command Prompts* -- GP name: *NoSharingDosWindows* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingDesktop** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing the whole desktop. They will still be able to share individual applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Desktop Sharing* -- GP name: *NoSharingDesktop* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingExplorer** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Sharing Explorer windows* -- GP name: *NoSharingExplorer* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingTrueColor** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Application Sharing in true color* -- GP name: *NoTrueColorSharing* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventWebDirectory** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing directories as Web pages in a browser. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent viewing Web directory* -- GP name: *NoWebDirectory* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/RestrictFTSendSize** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting limits the size of files users can send to others in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Limit the size of sent files* -- GP name: *MaxFileSendSize* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/SetAVThroughput** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Limit the bandwidth of Audio and Video* -- GP name: *MaximumBandwidth* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/SetIntranetSupport** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting sets the URL NetMeeting will display when the user chooses the Help Online Support command. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Set the intranet support Web page* -- GP name: *IntranetSupportURL* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/SetSecurityOptions** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting sets the level of security for both outgoing and incoming NetMeeting calls. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Set Call Security options* -- GP name: *CallSecurity* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -Footnotes: - -- 1 - Available in Windows 10, version 1607. -- 2 - Available in Windows 10, version 1703. -- 3 - Available in Windows 10, version 1709. -- 4 - Available in Windows 10, version 1803. -- 5 - Available in Windows 10, version 1809. -- 6 - Available in Windows 10, version 1903. -- 7 - Available in Windows 10, version 1909. -- 8 - Available in Windows 10, version 2004. - - \ No newline at end of file From b0fc7d70f95da2b0345951235951b976214483e7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 13:30:48 -0700 Subject: [PATCH 05/34] Updated TOC --- windows/client-management/mdm/TOC.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 2d6a0b7bda..75636d24bc 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -174,8 +174,12 @@ #### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md) #### [ADMX_AppCompat](policy-csp-admx-appcompat.md) #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) +#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) +#### [ADMX_COM](policy-csp-admx-com.md) +#### [ADMX_Cpls](policy-csp-admx-cpls.md) +#### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) From ad369cdc16e981d08fa7cf6039410972e47b4f25 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 15:42:39 -0700 Subject: [PATCH 06/34] Added digitallocker policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 9 + .../mdm/policy-csp-admx-digitallocker.md | 190 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 2 + 4 files changed, 202 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-digitallocker.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 75636d24bc..ed85670b3f 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -175,6 +175,7 @@ #### [ADMX_AppCompat](policy-csp-admx-appcompat.md) #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) +#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_COM](policy-csp-admx-com.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1432aa2a6d..d8e11f5753 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -270,6 +270,15 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DigitalLocker policies +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1 +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2 +
+
### ADMX_DnsClient policies diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md new file mode 100644 index 0000000000..0f8d44967e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -0,0 +1,190 @@ +--- +title: Policy CSP - ADMX_DigitalLocker +description: Policy CSP - ADMX_DigitalLocker +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/31/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DigitalLocker +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DigitalLocker policies + +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1 +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2 +
+
+ + +
+ + +**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run. + +Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. + +If you enable this setting, Digital Locker will not run. + +If you disable or do not configure this setting, Digital Locker can be run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Digital Locker to run* +- GP name: *DoNotRunDigitalLocker* +- GP path: *Windows Components/Digital Locker* +- GP ADMX file name: *DigitalLocker.admx* + + + +
+ + +**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run. + +Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. + +If you enable this setting, Digital Locker will not run. + +If you disable or do not configure this setting, Digital Locker can be run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Digital Locker to run* +- GP name: *DoNotRunDigitalLocker* +- GP path: *Windows Components/Digital Locker* +- GP ADMX file name: *DigitalLocker.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index e44a49e5ed..3e4f4b9b71 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -47,6 +47,8 @@ ms.date: 08/18/2020 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) +- [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1) +- [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname) - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain) From 743287dde4b207943485e21a80f2002c6a7aa427 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 17:19:16 -0700 Subject: [PATCH 07/34] Added admx_dwm policies --- windows/client-management/mdm/TOC.md | 7 +- .../policy-configuration-service-provider.md | 32 + .../mdm/policy-csp-admx-dwm.md | 642 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 9 + 4 files changed, 687 insertions(+), 3 deletions(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-dwm.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index ed85670b3f..1e7d3b4db7 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -175,12 +175,13 @@ #### [ADMX_AppCompat](policy-csp-admx-appcompat.md) #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) -#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) -#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) -#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_COM](policy-csp-admx-com.md) #### [ADMX_Cpls](policy-csp-admx-cpls.md) #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) +#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) +#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) +#### [ADMX_DWM](policy-csp-admx-dwm.md) +#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d8e11f5753..54cdc3966a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -351,6 +351,38 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DWM policies + +
+
+ ADMX_DWM/DwmDefaultColorizationColor_1 +
+
+ ADMX_DWM/DwmDefaultColorizationColor_2 +
+
+ ADMX_DWM/DwmDisableAccentAndGradient +
+
+ ADMX_DWM/DwmDisallowAnimations_1 +
+
+ ADMX_DWM/DwmDisallowAnimations_2 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_1 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_2 +
+
+ ADMX_DWM/DwmDisallowFlip3D_1 +
+
+ ADMX_DWM/DwmDisallowFlip3D_2 +
+
+ ### ADMX_EventForwarding policies
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md new file mode 100644 index 0000000000..18ce7f2672 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -0,0 +1,642 @@ +--- +title: Policy CSP - ADMX_DWM +description: Policy CSP - ADMX_DWM +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/31/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DWM +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DWM policies + +
+
+ ADMX_DWM/DwmDefaultColorizationColor_1 +
+
+ ADMX_DWM/DwmDefaultColorizationColor_2 +
+
+ ADMX_DWM/DwmDisableAccentAndGradient +
+
+ ADMX_DWM/DwmDisallowAnimations_1 +
+
+ ADMX_DWM/DwmDisallowAnimations_2 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_1 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_2 +
+
+ ADMX_DWM/DwmDisallowFlip3D_1 +
+
+ ADMX_DWM/DwmDisallowFlip3D_2 +
+
+ + +
+ + +**ADMX_DWM/DwmDefaultColorizationColor_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color. + +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. + +If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify a default color* +- GP name: *DefaultColorizationColorState* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + + +
+ + +**ADMX_DWM/DwmDefaultColorizationColor_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color. + +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. + +If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify a default color* +- GP name: *DefaultColorizationColorState* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisableAccentAndGradient** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the Start background visuals. + +If you enable this policy setting, the Start background will use a solid color. + +If you disable or do not configure this policy setting, the Start background will use the default visuals. + +> [!NOTE] +> If this policy setting is enabled, users can continue to select a color in Start Personalization. However, setting the accent will have no effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use solid color for Start background* +- GP name: *DisableAccentGradient* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowAnimations_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. + +If you enable this policy setting, window animations are turned off. + +If you disable or do not configure this policy setting, window animations are turned on. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow window animations* +- GP name: *DisallowAnimations* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowAnimations_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. + +If you enable this policy setting, window animations are turned off. + +If you disable or do not configure this policy setting, window animations are turned on. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow window animations* +- GP name: *DisallowAnimations* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowColorizationColorChanges_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames. + +If you enable this policy setting, you prevent users from changing the default window frame color. + +If you disable or do not configure this policy setting, you allow users to change the default window frame color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow color changes* +- GP name: *DisallowColorizationColorChanges* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowFlip3D_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. + +If you enable this policy setting, Flip 3D is inaccessible. + +If you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Flip3D invocation* +- GP name: *DisallowFlip3d* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowFlip3D_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. + +If you enable this policy setting, Flip 3D is inaccessible. + +If you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Flip3D invocation* +- GP name: *DisallowFlip3d* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 3e4f4b9b71..fb016d503a 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -71,6 +71,15 @@ ms.date: 08/18/2020 - [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones) - [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution) - [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast) +- [ADMX_DWM/DwmDefaultColorizationColor_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1) +- [ADMX_DWM/DwmDefaultColorizationColor_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-2) +- [ADMX_DWM/DwmDisableAccentAndGradient](./policy-csp-admx-dwm.md#admx-dwm-dwmdisableaccentandgradient) +- [ADMX_DWM/DwmDisallowAnimations_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-1) +- [ADMX_DWM/DwmDisallowAnimations_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-2) +- [ADMX_DWM/DwmDisallowColorizationColorChanges_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-1) +- [ADMX_DWM/DwmDisallowColorizationColorChanges_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-2) +- [ADMX_DWM/DwmDisallowFlip3D_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-1) +- [ADMX_DWM/DwmDisallowFlip3D_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-2) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) From c42a38a0558bc67b3c97567ae30a86c2c878d0b7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 1 Sep 2020 15:52:44 -0700 Subject: [PATCH 08/34] Fixed build warnings --- .../policy-configuration-service-provider.md | 18 ++--- .../mdm/policy-csp-admx-dwm.md | 72 +++++++++++++++++++ 2 files changed, 81 insertions(+), 9 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 54cdc3966a..f4098e02d2 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -355,31 +355,31 @@ The following diagram shows the Policy configuration service provider in tree fo
- ADMX_DWM/DwmDefaultColorizationColor_1 + ADMX_DWM/DwmDefaultColorizationColor_1
- ADMX_DWM/DwmDefaultColorizationColor_2 + ADMX_DWM/DwmDefaultColorizationColor_2
- ADMX_DWM/DwmDisableAccentAndGradient + ADMX_DWM/DwmDisableAccentAndGradient
- ADMX_DWM/DwmDisallowAnimations_1 + ADMX_DWM/DwmDisallowAnimations_1
- ADMX_DWM/DwmDisallowAnimations_2 + ADMX_DWM/DwmDisallowAnimations_2
- ADMX_DWM/DwmDisallowColorizationColorChanges_1 + ADMX_DWM/DwmDisallowColorizationColorChanges_1
- ADMX_DWM/DwmDisallowColorizationColorChanges_2 + ADMX_DWM/DwmDisallowColorizationColorChanges_2
- ADMX_DWM/DwmDisallowFlip3D_1 + ADMX_DWM/DwmDisallowFlip3D_1
- ADMX_DWM/DwmDisallowFlip3D_2 + ADMX_DWM/DwmDisallowFlip3D_2
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 18ce7f2672..42d05c5279 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -485,6 +485,78 @@ ADMX Info:
+ +**ADMX_DWM/DwmDisallowColorizationColorChanges_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames. + +If you enable this policy setting, you prevent users from changing the default window frame color. + +If you disable or do not configure this policy setting, you allow users to change the default window frame color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow color changes* +- GP name: *DisallowColorizationColorChanges* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + +
+ **ADMX_DWM/DwmDisallowFlip3D_1** From c47197e966794a89975682ab60ab7bcac71841b6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Sep 2020 12:59:49 -0700 Subject: [PATCH 09/34] Updated SKU info --- .../mdm/policy-csp-admx-addremoveprograms.md | 110 +++++++-------- .../mdm/policy-csp-admx-appcompat.md | 72 +++++----- .../mdm/policy-csp-admx-auditsettings.md | 6 +- .../mdm/policy-csp-admx-ciphersuiteorder.md | 12 +- .../mdm/policy-csp-admx-com.md | 12 +- .../mdm/policy-csp-admx-cpls.md | 6 +- .../mdm/policy-csp-admx-ctrlaltdel.md | 24 ++-- .../mdm/policy-csp-admx-digitallocker.md | 12 +- .../mdm/policy-csp-admx-dnsclient.md | 132 +++++++++--------- .../mdm/policy-csp-admx-dwm.md | 54 +++---- .../mdm/policy-csp-admx-eventforwarding.md | 12 +- 11 files changed, 226 insertions(+), 226 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 37cf49d46f..36128621e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -72,23 +72,23 @@ manager: dansimp Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -155,23 +155,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -236,23 +236,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -317,23 +317,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -399,23 +399,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -477,23 +477,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -555,23 +555,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -634,23 +634,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -712,23 +712,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -793,23 +793,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -874,23 +874,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index 527d07b981..ef0f985661 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -79,19 +79,19 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -156,19 +156,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -227,19 +227,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -302,19 +302,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -378,19 +378,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -456,19 +456,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -523,19 +523,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -597,19 +597,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -670,19 +670,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 2f91449316..9a7fa24739 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -45,11 +45,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -57,7 +57,7 @@ manager: dansimp Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 306231cdcf..627b8ea61c 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -49,11 +49,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -61,7 +61,7 @@ manager: dansimp Education - check mark + cross mark @@ -122,11 +122,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -134,7 +134,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index ff361f80d2..d7be4635d6 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -49,11 +49,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -61,7 +61,7 @@ manager: dansimp Education - check mark + cross mark @@ -124,11 +124,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -136,7 +136,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 05ddffee0c..21bf8792f1 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -45,11 +45,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -57,7 +57,7 @@ manager: dansimp Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index c098646c75..9ecc74d2e9 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -54,11 +54,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -66,7 +66,7 @@ manager: dansimp Education - check mark + cross mark @@ -124,11 +124,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -136,7 +136,7 @@ ADMX Info: Education - check mark + cross mark @@ -197,11 +197,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -209,7 +209,7 @@ ADMX Info: Education - check mark + cross mark @@ -268,11 +268,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -280,7 +280,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 0f8d44967e..2d12ffdcdd 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -48,11 +48,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -60,7 +60,7 @@ manager: dansimp Education - check mark + cross mark @@ -119,11 +119,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -131,7 +131,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index e3fef30269..79b48babf1 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -108,11 +108,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -120,7 +120,7 @@ manager: dansimp Education - check mark + cross mark @@ -176,11 +176,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -188,7 +188,7 @@ ADMX Info: Education - check mark + cross mark @@ -253,11 +253,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -265,7 +265,7 @@ ADMX Info: Education - check mark + cross mark @@ -322,11 +322,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -334,7 +334,7 @@ ADMX Info: Education - check mark + cross mark @@ -409,11 +409,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -421,7 +421,7 @@ ADMX Info: Education - check mark + cross mark @@ -478,11 +478,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -490,7 +490,7 @@ ADMX Info: Education - check mark + cross mark @@ -547,11 +547,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -559,7 +559,7 @@ ADMX Info: Education - check mark + cross mark @@ -618,11 +618,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -630,7 +630,7 @@ ADMX Info: Education - check mark + cross mark @@ -691,11 +691,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -703,7 +703,7 @@ ADMX Info: Education - check mark + cross mark @@ -766,11 +766,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -778,7 +778,7 @@ ADMX Info: Education - check mark + cross mark @@ -840,11 +840,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -852,7 +852,7 @@ ADMX Info: Education - check mark + cross mark @@ -916,11 +916,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -928,7 +928,7 @@ ADMX Info: Education - check mark + cross mark @@ -985,11 +985,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -997,7 +997,7 @@ ADMX Info: Education - check mark + cross mark @@ -1058,11 +1058,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1070,7 +1070,7 @@ ADMX Info: Education - check mark + cross mark @@ -1134,11 +1134,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1146,7 +1146,7 @@ ADMX Info: Education - check mark + cross mark @@ -1205,11 +1205,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1217,7 +1217,7 @@ ADMX Info: Education - check mark + cross mark @@ -1281,11 +1281,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1293,7 +1293,7 @@ ADMX Info: Education - check mark + cross mark @@ -1350,11 +1350,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1362,7 +1362,7 @@ ADMX Info: Education - check mark + cross mark @@ -1422,11 +1422,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1434,7 +1434,7 @@ ADMX Info: Education - check mark + cross mark @@ -1497,11 +1497,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1509,7 +1509,7 @@ ADMX Info: Education - check mark + cross mark @@ -1568,11 +1568,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1580,7 +1580,7 @@ ADMX Info: Education - check mark + cross mark @@ -1655,11 +1655,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1667,7 +1667,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 42d05c5279..07679cba68 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -69,11 +69,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -81,7 +81,7 @@ manager: dansimp Education - check mark + cross mark @@ -142,11 +142,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -154,7 +154,7 @@ ADMX Info: Education - check mark + cross mark @@ -214,11 +214,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -226,7 +226,7 @@ ADMX Info: Education - check mark + cross mark @@ -286,11 +286,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -298,7 +298,7 @@ ADMX Info: Education - check mark + cross mark @@ -357,11 +357,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -369,7 +369,7 @@ ADMX Info: Education - check mark + cross mark @@ -428,11 +428,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -440,7 +440,7 @@ ADMX Info: Education - check mark + cross mark @@ -500,11 +500,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -512,7 +512,7 @@ ADMX Info: Education - check mark + cross mark @@ -572,11 +572,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -584,7 +584,7 @@ ADMX Info: Education - check mark + cross mark @@ -643,11 +643,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -655,7 +655,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index b964fbde10..ba0dcbb61d 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -49,11 +49,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -61,7 +61,7 @@ manager: dansimp Education - check mark + cross mark @@ -122,11 +122,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -134,7 +134,7 @@ ADMX Info: Education - check mark + cross mark From c3de6f980e866c8ce97b1413d70e9113fa7d6cf9 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Sep 2020 16:35:06 -0700 Subject: [PATCH 10/34] Added more Phase 1 policies --- .../policy-configuration-service-provider.md | 67 ++ .../mdm/policy-csp-admx-encryptfilesonmove.md | 116 ++++ .../policy-csp-admx-fileservervssprovider.md | 117 ++++ .../mdm/policy-csp-admx-filesys.md | 588 ++++++++++++++++++ .../mdm/policy-csp-admx-folderredirection.md | 569 +++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 17 + 6 files changed, 1474 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md create mode 100644 windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md create mode 100644 windows/client-management/mdm/policy-csp-admx-filesys.md create mode 100644 windows/client-management/mdm/policy-csp-admx-folderredirection.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index f4098e02d2..7af59f5534 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -383,6 +383,13 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_EncryptFilesonMove policies +
+
+ ADMX_EncryptFilesonMove/NoEncryptOnMove +
+
+ ### ADMX_EventForwarding policies
@@ -394,6 +401,66 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_FileServerVSSProvider policies +
+
+ ADMX_FileServerVSSProvider/Pol_EncryptProtocol +
+
+ +### ADMX_FileSys policies +
+
+ ADMX_FileSys/DisableCompression +
+
+ ADMX_FileSys/DisableDeleteNotification +
+
+ ADMX_FileSys/DisableEncryption +
+
+ ADMX_FileSys/EnablePagefileEncryption +
+
+ ADMX_FileSys/LongPathsEnabled +
+
+ ADMX_FileSys/ShortNameCreationSettings +
+
+ ADMX_FileSys/SymlinkEvaluation +
+
+ ADMX_FileSys/TxfDeprecatedFunctionality +
+
+ +### ADMX_FolderRedirection policies +
+
+ ADMX_FolderRedirection/DisableFRAdminPin +
+
+ ADMX_FolderRedirection/DisableFRAdminPinByFolder +
+
+ ADMX_FolderRedirection/FolderRedirectionEnableCacheRename +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_1 +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_2 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_1 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_2 +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md new file mode 100644 index 0000000000..ec7948b584 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -0,0 +1,116 @@ +--- +title: Policy CSP - ADMX_EncryptFilesonMove +description: Policy CSP - ADMX_EncryptFilesonMove +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_EncryptFilesonMove +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_EncryptFilesonMove policies + +
+
+ ADMX_EncryptFilesonMove/NoEncryptOnMove +
+
+ + +
+ + +**ADMX_EncryptFilesonMove/NoEncryptOnMove** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. + +If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder. + +If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. + +This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not automatically encrypt files moved to encrypted folders* +- GP name: *NoEncryptOnMove* +- GP path: *System* +- GP ADMX file name: *EncryptFilesonMove.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md new file mode 100644 index 0000000000..78ba8174f4 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -0,0 +1,117 @@ +--- +title: Policy CSP - ADMX_FileServerVSSProvider +description: Policy CSP - ADMX_FileServerVSSProvider +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FileServerVSSProvider +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FileServerVSSProvider policies + +
+
+ ADMX_FileServerVSSProvider/Pol_EncryptProtocol +
+
+ + +
+ + +**ADMX_FileServerVSSProvider/Pol_EncryptProtocol** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. + +VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. + +By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +> [!NOTE] +> To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.* +- GP name: *EncryptProtocol* +- GP path: *System/File Share Shadow Copy Provider* +- GP ADMX file name: *FileServerVSSProvider.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md new file mode 100644 index 0000000000..c669f3279e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -0,0 +1,588 @@ +--- +title: Policy CSP - ADMX_FileSys +description: Policy CSP - ADMX_FileSys +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FileSys +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FileSys policies + +
+
+ ADMX_FileSys/DisableCompression +
+
+ ADMX_FileSys/DisableDeleteNotification +
+
+ ADMX_FileSys/DisableEncryption +
+
+ ADMX_FileSys/EnablePagefileEncryption +
+
+ ADMX_FileSys/LongPathsEnabled +
+
+ ADMX_FileSys/ShortNameCreationSettings +
+
+ ADMX_FileSys/SymlinkEvaluation +
+
+ ADMX_FileSys/TxfDeprecatedFunctionality +
+
+ + +
+ + +**ADMX_FileSys/DisableCompression** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow compression on all NTFS volumes* +- GP name: *NtfsDisableCompression* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/DisableDeleteNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation. + +A value of 0, the default, will enable delete notifications for all volumes. + +A value of 1 will disable delete notifications for all volumes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable delete notifications on all volumes* +- GP name: *DisableDeleteNotification* +- GP path: *System/Filesystem* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/DisableEncryption** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow encryption on all NTFS volumes* +- GP name: *NtfsDisableEncryption* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/EnablePagefileEncryption** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable NTFS pagefile encryption* +- GP name: *NtfsEncryptPagingFile* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/LongPathsEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Win32 long paths* +- GP name: *LongPathsEnabled* +- GP path: *System/Filesystem* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/ShortNameCreationSettings** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. + +If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Short name creation options* +- GP name: *NtfsDisable8dot3NameCreation* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/SymlinkEvaluation** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: + +- Local Link to a Local Target +- Local Link to a Remote Target +- Remote Link to Remote Target +- Remote Link to Local Target + +For more information, refer to the Windows Help section. + +> [!NOTE] +> If this policy is disabled or not configured, local administrators may select the types of symbolic links to be evaluated. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Selectively allow the evaluation of a symbolic link* +- GP name: *SymlinkLocalToLocalEvaluation* +- GP path: *System/Filesystem* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/TxfDeprecatedFunctionality** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable / disable TXF deprecated features* +- GP name: *NtfsEnableTxfDeprecatedFunctionality* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md new file mode 100644 index 0000000000..36a90041bd --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -0,0 +1,569 @@ +--- +title: Policy CSP - ADMX_FolderRedirection +description: Policy CSP - ADMX_FolderRedirection +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FolderRedirection +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FolderRedirection policies + +
+
+ ADMX_FolderRedirection/DisableFRAdminPin +
+
+ ADMX_FolderRedirection/DisableFRAdminPinByFolder +
+
+ ADMX_FolderRedirection/FolderRedirectionEnableCacheRename +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_1 +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_2 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_1 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_2 +
+
+ + +
+ + +**ADMX_FolderRedirection/DisableFRAdminPin** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default. + +If you enable this policy setting, users must manually select the files they wish to make available offline. + +If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. + +> [!NOTE] +> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. + +> Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. + +> If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline". + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not automatically make all redirected folders available offline* +- GP name: *DisableFRAdminPin* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/DisableFRAdminPinByFolder** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether individual redirected shell folders are available offline by default. + +For the folders affected by this setting, users must manually select the files they wish to make available offline. + +If you disable or do not configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. + +> [!NOTE] +> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. + +> The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline". + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not automatically make specific redirected folders available offline* +- GP name: *DisableFRAdminPinByFolder* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location. + +If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location. + +If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change* +- GP name: *FolderRedirectionEnableCacheRename* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/LocalizeXPRelativePaths_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. + +If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +If you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +> [!NOTE] +> This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents* +- GP name: *LocalizeXPRelativePaths* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/LocalizeXPRelativePaths_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. + +If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +If you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +> [!NOTE] +> This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents* +- GP name: *LocalizeXPRelativePaths* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/PrimaryComputer_FR_1** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. + +To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. + +If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. + +If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. + +> [!NOTE] +> If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Redirect folders on primary computers only* +- GP name: *PrimaryComputerEnabledFR* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/PrimaryComputer_FR_2** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. + +To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. + +If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. + +If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. + +> [!NOTE] +> If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Redirect folders on primary computers only* +- GP name: *PrimaryComputerEnabledFR* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index fb016d503a..583cd61135 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -80,8 +80,25 @@ ms.date: 08/18/2020 - [ADMX_DWM/DwmDisallowColorizationColorChanges_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-2) - [ADMX_DWM/DwmDisallowFlip3D_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-1) - [ADMX_DWM/DwmDisallowFlip3D_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-2) +- [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) +- [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) +- [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression) +- [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification) +- ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption) +- [ADMX_FileSys/EnablePagefileEncryption](./policy-csp-admx-filesys.md#admx-filesys-enablepagefileencryption) +- [ADMX_FileSys/LongPathsEnabled](./policy-csp-admx-filesys.md#admx-filesys-longpathsenabled) +- [ADMX_FileSys/ShortNameCreationSettings](./policy-csp-admx-filesys.md#admx-filesys-shortnamecreationsettings) +- [ADMX_FileSys/SymlinkEvaluation](./policy-csp-admx-filesys.md#admx-filesys-symlinkevaluation) +- [ADMX_FileSys/TxfDeprecatedFunctionality](./policy-csp-admx-filesys.md#admx-filesys-txfdeprecatedfunctionality) +- [ADMX_FolderRedirection/DisableFRAdminPin](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpin) +- [ADMX_FolderRedirection/DisableFRAdminPinByFolder](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpinbyfolder) +- [ADMX_FolderRedirection/FolderRedirectionEnableCacheRename](./policy-csp-admx-folderredirection.md#admx-folderredirection-folderredirectionenablecacherename) +- [ADMX_FolderRedirection/LocalizeXPRelativePaths_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-1) +- [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2) +- [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1) +- [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 257764fa808d142d8b98fa7a0657bda7c8ce5561 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Sep 2020 12:17:33 -0700 Subject: [PATCH 11/34] Updated TOC --- windows/client-management/mdm/TOC.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 1e7d3b4db7..0ae110f8a1 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -181,7 +181,11 @@ #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_DWM](policy-csp-admx-dwm.md) +#### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) +#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) +#### [ADMX_FileSys](policy-csp-admx-filesys.md) +#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) From b02c719a62c6715f6489b01b5043756b7196a18a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Sep 2020 15:31:50 -0700 Subject: [PATCH 12/34] Added two new policies --- windows/client-management/mdm/TOC.md | 2 + .../policy-configuration-service-provider.md | 32 ++ .../mdm/policy-csp-admx-help.md | 355 ++++++++++++++++++ .../mdm/policy-csp-admx-helpandsupport.md | 331 ++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 8 + 5 files changed, 728 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-help.md create mode 100644 windows/client-management/mdm/policy-csp-admx-helpandsupport.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 0ae110f8a1..823fb83d7d 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -186,6 +186,8 @@ #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) #### [ADMX_FileSys](policy-csp-admx-filesys.md) #### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) +#### [ADMX_Help](policy-csp-admx-help.md) +#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 7af59f5534..d4d22830a6 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -461,6 +461,38 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_Help policies +
+
+ ADMX_Help/DisableHHDEP +
+
+ ADMX_Help/HelpQualifiedRootDir_Comp +
+
+ ADMX_Help/RestrictRunFromHelp +
+
+ ADMX_Help/RestrictRunFromHelp_Comp +
+
+ +### ADMX_HelpAndSupport policies +
+
+ ADMX_HelpAndSupport/ActiveHelp +
+
+ ADMX_HelpAndSupport/HPExplicitFeedback +
+
+ ADMX_HelpAndSupport/HPImplicitFeedback +
+
+ ADMX_HelpAndSupport/HPOnlineAssistance +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md new file mode 100644 index 0000000000..6a2eab55fc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -0,0 +1,355 @@ +--- +title: Policy CSP - ADMX_Help +description: Policy CSP - ADMX_Help +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/03/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Help +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Help policies + +
+
+ ADMX_Help/DisableHHDEP +
+
+ ADMX_Help/HelpQualifiedRootDir_Comp +
+
+ ADMX_Help/RestrictRunFromHelp +
+
+ ADMX_Help/RestrictRunFromHelp_Comp +
+
+ + +
+ + +**ADMX_Help/DisableHHDEP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. + +Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. + +If you enable this policy setting, DEP for HTML Help Executable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable. + +If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTML Help stops if DEP detects system memory abnormalities. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Data Execution Prevention for HTML Help Executible* +- GP name: *DisableHHDEP* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ + +**ADMX_Help/HelpQualifiedRootDir_Comp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting. + +If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders. + +To restrict the commands to one or more folders, enable the policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". + +> [!NOTE] +> An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows. + +The "Shortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file. + +To disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy setting and leave the text box on the Settings tab of the Policy Properties dialog box blank. + +If you disable or do not configure this policy setting, these commands are fully functional for all Help files. + +> [!NOTE] +> Only folders on the local computer can be specified in this policy setting. You cannot use this policy setting to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. + +For additional options, see the "Restrict these programs from being launched from Help" policy. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict potentially unsafe HTML Help functions to specified folders* +- GP name: *HelpQualifiedRootDir* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ + +**ADMX_Help/RestrictRunFromHelp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help. + +If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. + +If you disable or do not configure this policy setting, users can run all applications from online Help. + +> [!NOTE] +> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. + +> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict these programs from being launched from Help* +- GP name: *DisableInHelp* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ + +**ADMX_Help/RestrictRunFromHelp_Comp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help. + +If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. + +If you disable or do not configure this policy setting, users can run all applications from online Help. + +> [!NOTE] +> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. + +> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict these programs from being launched from Help* +- GP name: *DisableInHelp* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md new file mode 100644 index 0000000000..c076fcbc0b --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -0,0 +1,331 @@ +--- +title: Policy CSP - ADMX_HelpAndSupport +description: Policy CSP - ADMX_HelpAndSupport +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/03/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_HelpAndSupport +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_HelpAndSupport policies + +
+
+ ADMX_HelpAndSupport/ActiveHelp +
+
+ ADMX_HelpAndSupport/HPExplicitFeedback +
+
+ ADMX_HelpAndSupport/HPImplicitFeedback +
+
+ ADMX_HelpAndSupport/HPOnlineAssistance +
+
+ + +
+ + +**ADMX_HelpAndSupport/ActiveHelp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. + +If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements. + +If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements). + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Active Help* +- GP name: *NoActiveHelp* +- GP path: *Windows Components/Online Assistance* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ + +**ADMX_HelpAndSupport/HPExplicitFeedback** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can provide ratings for Help content. + +If you enable this policy setting, ratings controls are not added to Help content. + +If you disable or do not configure this policy setting, ratings controls are added to Help topics. + +Users can use the control to provide feedback on the quality and usefulness of the Help and Support content. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Help Ratings* +- GP name: *NoExplicitFeedback* +- GP path: *System/Internet Communication Management/Internet Communication settings* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ + +**ADMX_HelpAndSupport/HPImplicitFeedback** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. + +If you enable this policy setting, users cannot participate in the Help Experience Improvement program. + +If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Help Experience Improvement Program* +- GP name: *NoImplicitFeedback* +- GP path: *System/Internet Communication Management/Internet Communication settings* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ + +**ADMX_HelpAndSupport/HPOnlineAssistance** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows. + +If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online. + +If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Windows Online* +- GP name: *NoOnlineAssist* +- GP path: *System/Internet Communication Management/Internet Communication settings* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 583cd61135..9df452c950 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -99,6 +99,14 @@ ms.date: 08/18/2020 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2) - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1) - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) +- [ADMX_Help/DisableHHDEP](./policy-csp-admx-help.md#admx-help-disablehhdep) +- [ADMX_Help/HelpQualifiedRootDir_Comp](./policy-csp-admx-help.md#admx-help-helpqualifiedrootdir-comp) +- [ADMX_Help/RestrictRunFromHelp](./policy-csp-admx-help.md#admx-help-restrictrunfromhelp) +- [ADMX_Help/RestrictRunFromHelp_Comp](./policy-csp-admx-help.md#admx-help-restrictrunfromhelp-comp) +- [ADMX_HelpAndSupport/ActiveHelp](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-activehelp) +- [ADMX_HelpAndSupport/HPExplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpexplicitfeedback) +- [ADMX_HelpAndSupport/HPImplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpimplicitfeedback) +- [ADMX_HelpAndSupport/HPOnlineAssistance](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hponlineassistance) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From af5e6a8f0c31eeab73187d681938b0b7e41ab125 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Sep 2020 16:54:09 -0700 Subject: [PATCH 13/34] Added kdc policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 22 + .../mdm/policy-csp-admx-kdc.md | 517 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 6 + 4 files changed, 546 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-kdc.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 823fb83d7d..d8792f5dc5 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -188,6 +188,7 @@ #### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) #### [ADMX_Help](policy-csp-admx-help.md) #### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) +#### [ADMX_kdc](policy-csp-admx-kdc.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d4d22830a6..40c53231d6 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -493,6 +493,28 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_kdc policies +
+
+ ADMX_kdc/CbacAndArmor +
+
+ ADMX_kdc/ForestSearch +
+
+ ADMX_kdc/PKINITFreshness +
+
+ ADMX_kdc/RequestCompoundId +
+
+ ADMX_kdc/TicketSizeThreshold +
+
+ ADMX_kdc/emitlili +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md new file mode 100644 index 0000000000..eeaae0037a --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -0,0 +1,517 @@ +--- +title: Policy CSP - ADMX_kdc +description: Policy CSP - ADMX_kdc +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_kdc +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_kdc policies + +
+
+ ADMX_kdc/CbacAndArmor +
+
+ ADMX_kdc/ForestSearch +
+
+ ADMX_kdc/PKINITFreshness +
+
+ ADMX_kdc/RequestCompoundId +
+
+ ADMX_kdc/TicketSizeThreshold +
+
+ ADMX_kdc/emitlili +
+
+ + +
+ + +**ADMX_kdc/CbacAndArmor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication. + +If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. + +If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or armoring. + +If you configure the "Not supported" option, the domain controller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems. + +> [!NOTE] +> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerberos authentication messages will not use these features. + +If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. + +**Domain functional level requirements** + +For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selected. + +When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and: + +- If you set the "Always provide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tunneling (FAST). +- If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages. + +> [!WARNING] +> When "Fail unarmored authentication requests" is set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller. + +To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled). + +Impact on domain controller performance when this policy setting is enabled: + +- Secure Kerberos domain capability discovery is required resulting in additional message exchanges. +- Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size. +- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *KDC support for claims, compound authentication and Kerberos armoring* +- GP name: *EnableCbacAndArmor* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/ForestSearch** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs). + +If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain. + +If you disable or do not configure this policy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found, NTLM authentication might be used. + +To ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use forest search order* +- GP name: *UseForestSearch* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/PKINITFreshness** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied. + +This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension. + +If you enable this policy setting, the following options are supported: + +Supported: PKInit Freshness Extension is supported on request. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID. + +Required: PKInit Freshness Extension is required for successful authentication. Kerberos clients which do not support the PKInit Freshness Extension will always fail when using public key credentials. + +If you disable or not configure this policy setting, then the DC will never offer the PKInit Freshness Extension and accept valid authentication requests without checking for freshness. Users will never receive the fresh public key identity SID. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *KDC support for PKInit Freshness Extension* +- GP name: *PKINITFreshness* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/RequestCompoundId** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to request compound authentication. + +> [!NOTE] +> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled. + +If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. + +If you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Request compound authentication* +- GP name: *RequestCompoundId* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/TicketSizeThreshold** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log. + +If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. + +If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Warning for large Kerberos tickets* +- GP name: *EnableTicketSizeThreshold* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/emitlili** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the domain controller provides information about previous logons to client computers. + +If you enable this policy setting, the domain controller provides the information message about previous logons. + +For Windows Logon to leverage this feature, the "Display information about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled. + +If you disable or do not configure this policy setting, the domain controller does not provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled. + +> [!NOTE] +> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anything. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Provide information about previous logons to client computers* +- GP name: *EmitLILI* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 9df452c950..59e8966494 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -107,6 +107,12 @@ ms.date: 08/18/2020 - [ADMX_HelpAndSupport/HPExplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpexplicitfeedback) - [ADMX_HelpAndSupport/HPImplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpimplicitfeedback) - [ADMX_HelpAndSupport/HPOnlineAssistance](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hponlineassistance) +- [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor) +- [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch) +- [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness) +- [ADMX_kdc/RequestCompoundId](./policy-csp-admx-kdc.md#admx-kdc-requestcompoundid) +- [ADMX_kdc/TicketSizeThreshold](./policy-csp-admx-kdc.md#admx-kdc-ticketsizethreshold) +- [ADMX_kdc/emitlili](./policy-csp-admx-kdc.md#admx-kdc-emitlili) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 02906ff61bf797b97476a1085c83b80ba9ba2e2a Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Fri, 4 Sep 2020 08:57:04 -0700 Subject: [PATCH 14/34] Added fix for TCP fragmentation issue --- .../faq-md-app-guard.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 4dcd95abef..b787eae223 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -172,3 +172,11 @@ To understand why it is not enabled in Enterprise mode, check the status of the For CSP (Intune) you can query the status node by using **Get**. This is described in the [Application Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/windowsdefenderapplicationguard-csp). On this page, you will see the **status** node as well as the meaning of each bit. If the status is not 63, you are missing a prerequisite. For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP** Status. The meaning of each bit is the same as the CSP. + +### I'm encountering TCP fragmentation issue, and cannot enable my VPN connection. How do I fix this? + +WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: + +a. Ensure that the FragmentAware DWORD is set to 1 in this registry settings: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat" + +b. Reboot. From deb31fdc1f9a2eabc8fa6f5030d0d6150d5fc9f0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 4 Sep 2020 14:16:04 -0700 Subject: [PATCH 15/34] Added new admx-backed policies --- windows/client-management/mdm/TOC.md | 3 + .../policy-configuration-service-provider.md | 45 ++ .../mdm/policy-csp-admx-auditsettings.md | 2 +- .../mdm/policy-csp-admx-lanmanserver.md | 381 +++++++++++++++ ...icy-csp-admx-linklayertopologydiscovery.md | 190 ++++++++ .../mdm/policy-csp-admx-mmc.md | 445 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 11 + 7 files changed, 1076 insertions(+), 1 deletion(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-lanmanserver.md create mode 100644 windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md create mode 100644 windows/client-management/mdm/policy-csp-admx-mmc.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index d8792f5dc5..4fda5ba460 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -189,6 +189,9 @@ #### [ADMX_Help](policy-csp-admx-help.md) #### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) #### [ADMX_kdc](policy-csp-admx-kdc.md) +#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) +#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) +#### [ADMX_MMC](policy-csp-admx-mmc.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 40c53231d6..eb0216e211 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -515,6 +515,51 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_LanmanServer policies +
+
+ ADMX_LanmanServer/Pol_CipherSuiteOrder +
+
+ ADMX_LanmanServer/Pol_HashPublication +
+
+ ADMX_LanmanServer/Pol_HashSupportVersion +
+
+ ADMX_LanmanServer/Pol_HonorCipherSuiteOrder +
+
+ +### ADMX_LinkLayerTopologyDiscovery policies +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr +
+
+ +### ADMX_MMC policies +
+
+ ADMX_MMC/MMC_ActiveXControl +
+
+ ADMX_MMC/MMC_ExtendView +
+
+ ADMX_MMC/MMC_LinkToWeb +
+
+ ADMX_MMC/MMC_Restrict_Author +
+
+ ADMX_MMC/MMC_Restrict_To_Permitted_Snapins +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 9a7fa24739..1417d0598a 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -91,7 +91,7 @@ Default is Not configured. > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md new file mode 100644 index 0000000000..0e85c41572 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -0,0 +1,381 @@ +--- +title: Policy CSP - ADMX_LanmanServer +description: Policy CSP - ADMX_LanmanServer +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LanmanServer +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LanmanServer policies + +
+
+ ADMX_LanmanServer/Pol_CipherSuiteOrder +
+
+ ADMX_LanmanServer/Pol_HashPublication +
+
+ ADMX_LanmanServer/Pol_HashSupportVersion +
+
+ ADMX_LanmanServer/Pol_HonorCipherSuiteOrder +
+
+ + +
+ + +**ADMX_LanmanServer/Pol_CipherSuiteOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the SMB server. + +If you enable this policy setting, cipher suites are prioritized in the order specified. + +If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. + +SMB 3.11 cipher suites: + +- AES_128_GCM +- AES_128_CCM + +SMB 3.0 and 3.02 cipher suites: + +- AES_128_CCM + +**How to modify this setting:** + +Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use. + +> [!NOTE] +> When configuring this security setting, changes will not take effect until you restart Windows. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Cipher suite order* +- GP name: *CipherSuiteOrder* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ + + +
+ + +**ADMX_LanmanServer/Pol_HashPublication** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. + +Policy configuration + +Select one of the following: + +- Not Configured. With this selection, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache. +- Enabled. With this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that is stored in BranchCache-enabled file shares. +- Disabled. With this selection, hash publication is turned off for all file servers where Group Policy is applied. + +In circumstances where this policy setting is enabled, you can also select the following configuration options: + +- Allow hash publication for all shared folders. With this option, BranchCache generates content information for all content in all shares on the file server. +- Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server. +- Disallow hash publication on all shared folders. With this option, BranchCache does not generate content information for any shares on the computer and does not send content information to client computers that request content. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hash Publication for BranchCache* +- GP name: *HashPublicationForPeerCaching* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ + + +
+ + +**ADMX_LanmanServer/Pol_HashSupportVersion** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. + +If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. + +Policy configuration + +Select one of the following: + +- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported. +- Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved. +- Disabled. With this selection, both V1 and V2 hash generation and retrieval are supported. + +In circumstances where this setting is enabled, you can also select and configure the following option: + +Hash version supported: + +- To support V1 content information only, configure "Hash version supported" with the value of 1. +- To support V2 content information only, configure "Hash version supported" with the value of 2. +- To support both V1 and V2 content information, configure "Hash version supported" with the value of 3. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hash Version support for BranchCache* +- GP name: *HashSupportVersion* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ + +**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client. + +If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences. + +If you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites. + +> [!NOTE] +> When configuring this security setting, changes will not take effect until you restart Windows. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Honor cipher suite order* +- GP name: *HonorCipherSuiteOrder* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md new file mode 100644 index 0000000000..8b7e93c9b9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -0,0 +1,190 @@ +--- +title: Policy CSP - ADMX_LinkLayerTopologyDiscovery +description: Policy CSP - ADMX_LinkLayerTopologyDiscovery +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/04/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LinkLayerTopologyDiscovery +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LinkLayerTopologyDiscovery policies + +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr +
+
+ + +
+ + +**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Mapper I/O network protocol driver. + +LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis. + +If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. + +If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on Mapper I/O (LLTDIO) driver* +- GP name: *EnableLLTDIO* +- GP path: *Network/Link-Layer Topology Discovery* +- GP ADMX file name: *LinkLayerTopologyDiscovery.admx* + + + +
+ + +**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Responder network protocol driver. + +The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis. + +If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. + +If you disable or do not configure this policy setting, the default behavior for the Responder will apply. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on Responder (RSPNDR) driver* +- GP name: *EnableRspndr* +- GP path: *Network/Link-Layer Topology Discovery* +- GP ADMX file name: *LinkLayerTopologyDiscovery.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md new file mode 100644 index 0000000000..0766bd3fa0 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -0,0 +1,445 @@ +--- +title: Policy CSP - ADMX_MMC +description: Policy CSP - ADMX_MMC +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/03/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MMC +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MMC policies + +
+
+ ADMX_MMC/MMC_ActiveXControl +
+
+ ADMX_MMC/MMC_ExtendView +
+
+ ADMX_MMC/MMC_LinkToWeb +
+
+ ADMX_MMC/MMC_Restrict_Author +
+
+ ADMX_MMC/MMC_Restrict_To_Permitted_Snapins +
+
+ + +
+ + +**ADMX_MMC/MMC_ActiveXControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. + +If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. + +To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. + +To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *ActiveX Control* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_ExtendView** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. + +If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. + +To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. + +To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Extended View (Web View)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_LinkToWeb** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. + +If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. + +To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. + +To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Link to Web Address* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_Restrict_Author** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from entering author mode. + +This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default. + +As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain. + +This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt. + +If you disable this setting or do not configure it, users can enter author mode and open author-mode console files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict the user from entering author mode* +- GP name: *RestrictAuthorMode* +- GP path: *Windows Components\Microsoft Management Console* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. + +- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins. + +To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited. + +- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins. + +To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!NOTE] +> If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict users to the explicitly permitted list of snap-ins* +- GP name: *RestrictToPermittedSnapins* +- GP path: *Windows Components\Microsoft Management Console* +- GP ADMX file name: *MMC.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 59e8966494..086d5e7cf3 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -113,6 +113,17 @@ ms.date: 08/18/2020 - [ADMX_kdc/RequestCompoundId](./policy-csp-admx-kdc.md#admx-kdc-requestcompoundid) - [ADMX_kdc/TicketSizeThreshold](./policy-csp-admx-kdc.md#admx-kdc-ticketsizethreshold) - [ADMX_kdc/emitlili](./policy-csp-admx-kdc.md#admx-kdc-emitlili) +- [ADMX_LanmanServer/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-ciphersuiteorder) +- [ADMX_LanmanServer/Pol_HashPublication](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashpublication) +- [ADMX_LanmanServer/Pol_HashSupportVersion](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashsupportversion) +- [ADMX_LanmanServer/Pol_HonorCipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-honorciphersuiteorder) +- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio) +- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr) +- [ADMX_MMC/MMC_ActiveXControl](./policy-csp-admx-mmc.md#admx-mmc-mmc-activexcontrol) +- [ADMX_MMC/MMC_ExtendView](./policy-csp-admx-mmc.md#admx-mmc-mmc-extendview) +- [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb) +- [ADMX_MMC/MMC_Restrict_Author](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-author) +- [ADMX_MMC/MMC_Restrict_To_Permitted_Snapins](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-to-permitted-snapins) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 5fcf0e0f585de0e470b7793d50d628e0d7a5869d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Sep 2020 14:03:23 -0700 Subject: [PATCH 16/34] little fixes --- .../symantec-to-microsoft-defender-atp-onboard.md | 4 ++-- .../symantec-to-microsoft-defender-atp-prepare.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md index ef82adfcff..94a5e41dbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md @@ -1,6 +1,6 @@ --- -title: Phase 3 - Onboard to Microsoft Defender ATP -description: This is Phase 3, Onboarding, of making the switch from Symantec to Microsoft Defender ATP +title: Symantec to Microsoft Defender ATP - Phase 3, Onboarding +description: This is Phase 3, Onboarding, of migrating from Symantec to Microsoft Defender ATP keywords: migration, windows defender advanced threat protection, atp, edr search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md index e110562968..ecc6ea1cba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md @@ -1,5 +1,5 @@ --- -title: Phase 1 - Prepare for your migration to Microsoft Defender ATP +title: Symantec to Microsoft Defender ATP - Phase 1, Preparing description: This is Phase 1, Prepare, of migrating from Symantec to Microsoft Defender ATP. keywords: migration, windows defender advanced threat protection, atp, edr search.product: eADQiWindows 10XVcnh From 9b945b1f4706891b96a89ff7d3fd4029d2ab8c19 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 8 Sep 2020 15:54:15 -0700 Subject: [PATCH 17/34] Added list of 104 new policy settings --- .../mdm/policy-csp-admx-mmcsnapins.md | 428 ++++++++++++++++++ 1 file changed, 428 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-mmcsnapins.md diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md new file mode 100644 index 0000000000..f10ab007ff --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -0,0 +1,428 @@ +--- +title: Policy CSP - ADMX_MMCSnapins +description: Policy CSP - ADMX_MMCSnapins +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MMCSnapins +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MMCSnapins policies + +
+
+ ADMX_MMCSnapins/MMC_ADMComputers_1 +
+
+ ADMX_MMCSnapins/MMC_ADMComputers_2 +
+
+ ADMX_MMCSnapins/MMC_ADMUsers_1 +
+
+ ADMX_MMCSnapins/MMC_ADMUsers_2 +
+
+ ADMX_MMCSnapins/MMC_ADSI +
+
+ ADMX_MMCSnapins/MMC_ActiveDirDomTrusts +
+
+ ADMX_MMCSnapins/MMC_ActiveDirSitesServices +
+
+ ADMX_MMCSnapins/MMC_ActiveDirUsersComp +
+
+ ADMX_MMCSnapins/MMC_AppleTalkRouting +
+
+ ADMX_MMCSnapins/MMC_AuthMan +
+
+ ADMX_MMCSnapins/MMC_CertAuth +
+
+ ADMX_MMCSnapins/MMC_CertAuthPolSet +
+
+ ADMX_MMCSnapins/MMC_Certs +
+
+ ADMX_MMCSnapins/MMC_CertsTemplate +
+
+ ADMX_MMCSnapins/MMC_ComponentServices +
+
+ ADMX_MMCSnapins/MMC_ComputerManagement +
+
+ ADMX_MMCSnapins/MMC_ConnectionSharingNAT +
+
+ ADMX_MMCSnapins/MMC_DCOMCFG +
+
+ ADMX_MMCSnapins/MMC_DFS +
+
+ ADMX_MMCSnapins/MMC_DHCPRelayMgmt +
+
+ ADMX_MMCSnapins/MMC_DeviceManager_1 +
+
+ ADMX_MMCSnapins/MMC_DeviceManager_2 +
+
+ ADMX_MMCSnapins/MMC_DiskDefrag +
+
+ ADMX_MMCSnapins/MMC_DiskMgmt +
+
+ ADMX_MMCSnapins/MMC_EnterprisePKI +
+
+ ADMX_MMCSnapins/MMC_EventViewer_1 +
+
+ ADMX_MMCSnapins/MMC_EventViewer_2 +
+
+ ADMX_MMCSnapins/MMC_EventViewer_3 +
+
+ ADMX_MMCSnapins/MMC_EventViewer_4 +
+
+ ADMX_MMCSnapins/MMC_FAXService +
+
+ ADMX_MMCSnapins/MMC_FailoverClusters +
+
+ ADMX_MMCSnapins/MMC_FolderRedirection_1 +
+
+ ADMX_MMCSnapins/MMC_FolderRedirection_2 +
+
+ ADMX_MMCSnapins/MMC_FrontPageExt +
+
+ ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn +
+
+ ADMX_MMCSnapins/MMC_GroupPolicySnapIn +
+
+ ADMX_MMCSnapins/MMC_GroupPolicyTab +
+
+ ADMX_MMCSnapins/MMC_HRA +
+
+ ADMX_MMCSnapins/MMC_IAS +
+
+ ADMX_MMCSnapins/MMC_IASLogging +
+
+ ADMX_MMCSnapins/MMC_IEMaintenance_1 +
+
+ ADMX_MMCSnapins/MMC_IEMaintenance_2 +
+
+ ADMX_MMCSnapins/MMC_IGMPRouting +
+
+ ADMX_MMCSnapins/MMC_IIS +
+
+ ADMX_MMCSnapins/MMC_IPRouting +
+
+ ADMX_MMCSnapins/MMC_IPSecManage_GP +
+
+ ADMX_MMCSnapins/MMC_IPXRIPRouting +
+
+ ADMX_MMCSnapins/MMC_IPXRouting +
+
+ ADMX_MMCSnapins/MMC_IPXSAPRouting +
+
+ ADMX_MMCSnapins/MMC_IndexingService +
+
+ ADMX_MMCSnapins/MMC_IpSecManage +
+
+ ADMX_MMCSnapins/MMC_IpSecMonitor +
+
+ ADMX_MMCSnapins/MMC_LocalUsersGroups +
+
+ ADMX_MMCSnapins/MMC_LogicalMappedDrives +
+
+ ADMX_MMCSnapins/MMC_NPSUI +
+
+ ADMX_MMCSnapins/MMC_NapSnap +
+
+ ADMX_MMCSnapins/MMC_NapSnap_GP +
+
+ ADMX_MMCSnapins/MMC_Net_Framework +
+
+ ADMX_MMCSnapins/MMC_OCSP +
+
+ ADMX_MMCSnapins/MMC_OSPFRouting +
+
+ ADMX_MMCSnapins/MMC_PerfLogsAlerts +
+
+ ADMX_MMCSnapins/MMC_PublicKey +
+
+ ADMX_MMCSnapins/MMC_QoSAdmission +
+
+ ADMX_MMCSnapins/MMC_RAS_DialinUser +
+
+ ADMX_MMCSnapins/MMC_RIPRouting +
+
+ ADMX_MMCSnapins/MMC_RIS +
+
+ ADMX_MMCSnapins/MMC_RRA +
+
+ ADMX_MMCSnapins/MMC_RSM +
+
+ ADMX_MMCSnapins/MMC_RemStore +
+
+ ADMX_MMCSnapins/MMC_RemoteAccess +
+
+ ADMX_MMCSnapins/MMC_RemoteDesktop +
+
+ ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn +
+
+ ADMX_MMCSnapins/MMC_Routing +
+
+ ADMX_MMCSnapins/MMC_SCA +
+
+ ADMX_MMCSnapins/MMC_SMTPProtocol +
+
+ ADMX_MMCSnapins/MMC_SNMP +
+
+ ADMX_MMCSnapins/MMC_ScriptsMachine_1 +
+
+ ADMX_MMCSnapins/MMC_ScriptsMachine_2 +
+
+ ADMX_MMCSnapins/MMC_ScriptsUser_1 +
+
+ ADMX_MMCSnapins/MMC_ScriptsUser_2 +
+
+ ADMX_MMCSnapins/MMC_SecuritySettings_1 +
+
+ ADMX_MMCSnapins/MMC_SecuritySettings_2 +
+
+ ADMX_MMCSnapins/MMC_SecurityTemplates +
+
+ ADMX_MMCSnapins/MMC_SendConsoleMessage +
+
+ ADMX_MMCSnapins/MMC_ServerManager +
+
+ ADMX_MMCSnapins/MMC_ServiceDependencies +
+
+ ADMX_MMCSnapins/MMC_Services +
+
+ ADMX_MMCSnapins/MMC_SharedFolders +
+
+ ADMX_MMCSnapins/MMC_SharedFolders_Ext +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1 +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2 +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1 +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2 +
+
+ ADMX_MMCSnapins/MMC_SysInfo +
+
+ ADMX_MMCSnapins/MMC_SysProp +
+
+ ADMX_MMCSnapins/MMC_TPMManagement +
+
+ ADMX_MMCSnapins/MMC_Telephony +
+
+ ADMX_MMCSnapins/MMC_TerminalServices +
+
+ ADMX_MMCSnapins/MMC_WMI +
+
+ ADMX_MMCSnapins/MMC_WindowsFirewall +
+
+ ADMX_MMCSnapins/MMC_WindowsFirewall_GP +
+
+ ADMX_MMCSnapins/MMC_WiredNetworkPolicy +
+
+ ADMX_MMCSnapins/MMC_WirelessMon +
+
+ ADMX_MMCSnapins/MMC_WirelessNetworkPolicy +
+
+ + +
+ + +**ADMX_AuditSettings/IncludeCmdLine** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. + +If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. + +If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. + +Default is Not configured. + +> [!NOTE] +> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Include command line in process creation events* +- GP name: *IncludeCmdLine* +- GP path: *System/Audit Process Creation* +- GP ADMX file name: *AuditSettings.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 98f3d9c90c1bfd28acaf1979a8da62398c0a5388 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Thu, 10 Sep 2020 14:29:03 +0200 Subject: [PATCH 18/34] Update windows-10-poc-sc-config-mgr.md Added markdown code for code snippets. Corrected an URL. Multiple small edits, like removing trailing spaces, extraneous line shifts, etc.. --- .../windows-10-poc-sc-config-mgr.md | 383 +++++++++--------- 1 file changed, 196 insertions(+), 187 deletions(-) diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 67a95f1168..f66b5105f1 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -20,19 +20,22 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 **Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides: + - [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) Please complete all steps in these guides before attempting the procedures in this guide. If you wish to skip the Windows 10 deployment procedures in the MDT guide and move directly to this guide, you must at least install MDT and the Windows ADK before performing procedures in this guide. All steps in the first guide are required before attempting the procedures in this guide. The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs): + - **DC1**: A contoso.com domain controller, DNS server, and DHCP server. - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. -This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. + +>This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. >Multiple features and services are installed on SRV1 in this guide. This is not a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be extremely slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, clicking **Settings**, clicking **Memory**, and modifying the value next to **Maximum RAM**. @@ -42,8 +45,6 @@ This guide provides end-to-end instructions to install and configure Microsoft E Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
-
TopicDescriptionTime @@ -59,24 +60,23 @@ Topics and procedures in this guide are summarized in the following table. An es
Deploy Windows 10 using PXE and Configuration ManagerDeploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes
Replace a client with Windows 10 using Configuration ManagerReplace a client computer with Windows 10 using Configuration Manager.90 minutes
Refresh a client with Windows 10 using Configuration ManagerUse a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT90 minutes -
-
## Install prerequisites -1. Before installing Microsoft Endpoint Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` +1. Before installing Microsoft Endpoint Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1: + + ```powershell Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ ``` >If the request to add features fails, retry the installation by typing the command again. 2. Download [SQL Server 2014 SP2](https://www.microsoft.com/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory. -3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: +3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\SQLServer2014SP2-FullSlipstream-x64-ENU.iso ``` @@ -84,30 +84,32 @@ Topics and procedures in this guide are summarized in the following table. An es 4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server: - ``` + ```powershell D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms ``` + Installation will take several minutes. When installation is complete, the following output will be displayed: - ``` + ```dos Microsoft (R) SQL Server 2014 12.00.5000.00 Copyright (c) Microsoft Corporation. All rights reserved. - + Microsoft (R) .NET Framework CasPol 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. - + Success Microsoft (R) .NET Framework CasPol 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. - + Success One or more affected files have operations pending. You should restart your computer to complete this process. PS C:\> ``` + 5. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow New-NetFirewallRule -DisplayName "SQL Admin Connection" -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow New-NetFirewallRule -DisplayName "SQL Database Management" -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow @@ -115,13 +117,13 @@ Topics and procedures in this guide are summarized in the following table. An es New-NetFirewallRule -DisplayName "SQL Debugger/RPC" -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow ``` -7. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components. +6. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://docs.microsoft.com/windows-hardware/get-started/adk-install) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 2004. Installation might require several minutes to acquire all components. ## Install Microsoft Endpoint Configuration Manager 1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: - ``` + ```powershell $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 Stop-Process -Name Explorer @@ -131,7 +133,7 @@ Topics and procedures in this guide are summarized in the following table. An es 3. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**: - ``` + ```dos Get-Service Winmgmt Status Name DisplayName @@ -153,19 +155,20 @@ Topics and procedures in this guide are summarized in the following table. An es PingReplyDetails (RTT) : 0 ms TcpTestSucceeded : True ``` + You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**. If the WMI service is not started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [WMIDiag](https://blogs.technet.microsoft.com/askperf/2015/05/12/wmidiag-2-2-is-here/) for troubleshooting information. 4. To extend the Active Directory schema, type the following command at an elevated Windows PowerShell prompt: - ``` + ```powershell cmd /c C:\configmgr\SMSSETUP\BIN\X64\extadsch.exe ``` 5. Temporarily switch to the DC1 VM, and type the following command at an elevated command prompt on DC1: - ``` + ```dos adsiedit.msc ``` @@ -182,9 +185,10 @@ Topics and procedures in this guide are summarized in the following table. An es 16. Close the ADSI Edit console and switch back to SRV1. 17. To start Configuration Manager installation, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell cmd /c C:\configmgr\SMSSETUP\BIN\X64\Setup.exe ``` + 18. Provide the following in the Microsoft Endpoint Configuration Manager Setup Wizard: - **Before You Begin**: Read the text and click *Next*. - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox. @@ -192,7 +196,7 @@ Topics and procedures in this guide are summarized in the following table. An es - **Product Key**: Choose **Install the evaluation edition of this Product**. - **Microsoft Software License Terms**: Read the terms and then select the **I accept these license terms** checkbox. - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page. - - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**. + - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**. - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**. - use default settings for all other options - **Usage Data**: Read the text and click **Next**. @@ -202,37 +206,39 @@ Topics and procedures in this guide are summarized in the following table. An es >There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment. - Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete. + Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete. 19. If desired, re-enable IE Enhanced Security Configuration at this time on SRV1: - ``` + ```powershell Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 Stop-Process -Name Explorer ``` ## Download MDOP and install DaRT ->[!IMPORTANT] ->This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). ->If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). +> [!IMPORTANT] +> This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). +> If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). 1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. 2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso ``` + 3. Type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell cmd /c "D:\DaRT\DaRT 10\Installers\en-us\x64\MSDaRT100.msi" ``` + 4. Install DaRT 10 using default settings. 5. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64" Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx86.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86" ``` @@ -245,7 +251,7 @@ This section contains several procedures to support Zero Touch installation with 1. Type the following commands at a Windows PowerShell prompt on SRV1: - ``` + ```powershell New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot" New-Item -ItemType Directory -Path "C:\Sources\OSD\OS" New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings" @@ -278,7 +284,7 @@ This section contains several procedures to support Zero Touch installation with 3. On the **Network Access Account** tab, choose **Specify the account that accesses network locations**. 4. Click the yellow starburst and then click **New Account**. 5. Click **Browse** and then under **Enter the object name to select**, type **CM_NAA** and click **OK**. -6. Next to **Password** and **Confirm Password**, type pass@word1, and then click **OK** twice. +6. Next to **Password** and **Confirm Password**, type **pass@word1**, and then click **OK** twice. ### Configure a boundary group @@ -300,19 +306,20 @@ This section contains several procedures to support Zero Touch installation with ### Enable PXE on the distribution point ->[!IMPORTANT] ->Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, type the following commands at an elevated Windows PowerShell prompt on SRV1: +> [!IMPORTANT] +> Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, type the following commands at an elevated Windows PowerShell prompt on SRV1: -``` +```powershell WDSUTIL /Set-Server /AnswerClients:None ``` 1. Determine the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell (Get-NetAdapter "Ethernet").MacAddress ``` - >If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**. + + > If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**. 2. In the Microsoft Endpoint Configuration Manager console, in the **Administration** workspace, click **Distribution Points**. 3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**. @@ -325,13 +332,12 @@ WDSUTIL /Set-Server /AnswerClients:None - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure. See the following example: - - Config Mgr PXE + ![Config Mgr PXE](images/configmgr-pxe.png) 5. Click **OK**. 6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present: - ``` + ```powershell cmd /c dir /b C:\RemoteInstall\SMSBoot\x64 abortpxe.com @@ -342,31 +348,32 @@ WDSUTIL /Set-Server /AnswerClients:None wdsmgfw.efi wdsnbp.com ``` + >If these files are not present in the C:\RemoteInstall directory, verify that the REMINST share is configured as C:\RemoteInstall. You can view the properties of this share by typing "net share REMINST" at a command prompt. If the share path is set to a different value, then replace C:\RemoteInstall with your REMINST share path. >You can also type the following command at an elevated Windows PowerShell prompt to open the Configuration Manager Trace Log Tool. In the tool, click **File**, click **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red: - ``` + ```powershell Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe' ``` The log file will updated continuously while Configuration Manager is running. Wait for Configuration Manager to repair any issues that are present, and periodically re-check that the files are present in the REMINST share location. Close the Configuration Manager Trace Log Tool when done. You will see the following line in distmgr.log that indicates the REMINST share is being populated with necessary files: - Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall" + `Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall"` Once the files are present in the REMINST share location, you can close the cmtrace tool. -### Create a branding image file +### Create a branding image file 1. If you have a bitmap (.BMP) image for suitable use as a branding image, copy it to the C:\Sources\OSD\Branding folder on SRV1. Otherwise, use the following step to copy a simple branding image. 2. Type the following command at an elevated Windows PowerShell prompt: + ```powershell + Copy-Item -Path "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" -Destination "C:\Sources\OSD\Branding\contoso.bmp" ``` - copy "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" "C:\Sources\OSD\Branding\contoso.bmp" - ``` + >You can open C:\Sources\OSD\Branding\contoso.bmp in MSPaint.exe if desired to customize this image. - -### Create a boot image for Configuration Manager +### Create a boot image for Configuration Manager 1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then click **Create Boot Image using MDT**. 2. On the Package Source page, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then click **Next**. @@ -380,13 +387,13 @@ WDSUTIL /Set-Server /AnswerClients:None 9. In the Distribute Content Wizard, click **Next**, click **Add** and select **Distribution Point**, select the **SRV1.CONTOSO.COM** checkbox, click **OK**, click **Next** twice, and then click **Close**. 10. Use the CMTrace application to view the **distmgr.log** file again and verify that the boot image has been distributed. To open CMTrace, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe' ``` - + In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example: - ``` + ```console STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=924 TID=1424 GMTDATE=Tue Oct 09 22:36:30.986 2018 ISTR0="Zero Touch WinPE x64" ISTR1="PS10000A" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS10000A" SMS_DISTRIBUTION_MANAGER 10/9/2018 3:36:30 PM 1424 (0x0590) ``` @@ -395,7 +402,7 @@ WDSUTIL /Set-Server /AnswerClients:None 13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and click **OK**. 14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example: - ``` + ```console cmd /c dir /s /b C:\RemoteInstall\SMSImages C:\RemoteInstall\SMSImages\PS100004 @@ -414,9 +421,10 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso ``` + 2. Verify that the Windows Enterprise installation DVD is mounted on SRV1 as drive letter D. 3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**. @@ -424,12 +432,12 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 4. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**. 5. Use the following settings for the New Deployment Share Wizard: - - Deployment share path: **C:\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT build lab**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
+ - Deployment share path: **C:\MDTBuildLab** + - Share name: **MDTBuildLab$** + - Deployment share description: **MDT build lab** + - Options: click **Next** to accept the default + - Summary: click **Next** + - Progress: settings will be applied - Confirmation: click **Finish** 6. Expand the **Deployment Shares** node, and then expand **MDT build lab**. @@ -438,19 +446,19 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 7. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**. -8. Use the following settings for the Import Operating System Wizard: - - OS Type: **Full set of source files**
- - Source: **D:\\**
- - Destination: **W10Ent_x64**
+8. Use the following settings for the Import Operating System Wizard: + - OS Type: **Full set of source files** + - Source: **D:\\** + - Destination: **W10Ent_x64** - Summary: click **Next** - Confirmation: click **Finish** 9. For purposes of this test lab, we will not add applications, such as Microsoft Office, to the deployment share. For information about adding applications, see the [Add applications](deploy-windows-mdt/create-a-windows-10-reference-image.md#add-applications) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library. 10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node under **MDT Build Lab** and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - - Task sequence ID: **REFW10X64-001**
- - Task sequence name: **Windows 10 Enterprise x64 Default Image**
- - Task sequence comments: **Reference Build**
+ - Task sequence ID: **REFW10X64-001** + - Task sequence name: **Windows 10 Enterprise x64 Default Image** + - Task sequence comments: **Reference Build** - Template: **Standard Client Task Sequence** - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim** - Specify Product Key: **Do not specify a product key at this time** @@ -467,7 +475,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again. -14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**. +14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**. 15. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**. @@ -480,7 +488,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 19. Replace the default rules with the following text: - ``` + ```ini [Settings] Priority=Default @@ -515,7 +523,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 20. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file: - ``` + ```ini [Settings] Priority=Default @@ -535,17 +543,18 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI). - >Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. + >Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. 25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands: - ``` - New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB + ```powershell + New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20 Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso Start-VM REFW10X64-001 vmconnect localhost REFW10X64-001 ``` + 26. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**. 27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated. @@ -560,13 +569,13 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi - Capture the installation to a Windows Imaging (WIM) file. - Turn off the virtual machine. - This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**. + This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**. ### Add a Windows 10 operating system image 1. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64" cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64" ``` @@ -599,18 +608,18 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi - Join a domain: **contoso.com** - Account: click **Set** - User name: **contoso\CM_JD** - - Password: pass@word1 - - Confirm password: pass@word1 + - Password: **pass@word1** + - Confirm password: **pass@word1** - Click **OK** - Windows Settings - User name: **Contoso** - Organization name: **Contoso** - Product key: \ - Administrator Account: **Enable the account and specify the local administrator password** - - Password: pass@word1 - - Confirm password: pass@word1 + - Password: **pass@word1** + - Confirm password: **pass@word1** - Click **Next** - + 5. On the Capture Settings page, accept the default settings and click **Next**. 6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package, click **OK**, and then click **Next**. @@ -645,28 +654,27 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 4. In the **State Restore** group, click the **Set Status 5** action, click **Add** in the upper left corner, point to **User State**, and click **Request State Store**. This adds a new action immediately after **Set Status 5**. -5. Configure the **Request State Store** action that was just added with the following settings:
- - Request state storage location to: **Restore state from another computer**
- - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox.
- - Options tab: Select the **Continue on error** checkbox.
- - Add Condition: **Task Sequence Variable**:
- - Variable: **USMTLOCAL**
- - Condition: **not equals**
- - Value: **True**
- - Click **OK**.
- - Click **Apply**
. +5. Configure the **Request State Store** action that was just added with the following settings: + - Request state storage location to: **Restore state from another computer** + - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox. + - Options tab: Select the **Continue on error** checkbox. + - Add Condition: **Task Sequence Variable**: + - Variable: **USMTLOCAL** + - Condition: **not equals** + - Value: **True** + - Click **OK** + - Click **Apply** 6. In the **State Restore** group, click **Restore User State**, click **Add**, point to **User State**, and click **Release State Store**. -7. Configure the **Release State Store** action that was just added with the following settings:
- - Options tab: Select the **Continue on error** checkbox.
- - Add Condition: **Task Sequence Variable**:
- - Variable: **USMTLOCAL**
- - Condition: **not equals**
- - Value: **True**
- - Click **OK**.
- - Click **OK**
. - +7. Configure the **Release State Store** action that was just added with the following settings: + - Options tab: Select the **Continue on error** checkbox. + - Add Condition: **Task Sequence Variable**: + - Variable: **USMTLOCAL** + - Condition: **not equals** + - Value: **True** + - Click **OK** + - Click **OK** ### Finalize the operating system configuration @@ -675,26 +683,27 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 1. In the MDT deployment workbench on SRV1, right-click **Deployment Shares** and then click **New Deployment Share**. 2. Use the following settings for the New Deployment Share Wizard: - - Deployment share path: **C:\MDTProduction**
- - Share name: **MDTProduction$**
- - Deployment share description: **MDT Production**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
+ - Deployment share path: **C:\MDTProduction** + - Share name: **MDTProduction$** + - Deployment share description: **MDT Production** + - Options: click **Next** to accept the default + - Summary: click **Next** + - Progress: settings will be applied - Confirmation: click **Finish** -3. Right-click the **MDT Production** deployment share, and click **Properties**. +3. Right-click the **MDT Production** deployment share, and click **Properties**. 4. Click the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**. 5. Type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell notepad "C:\Sources\OSD\Settings\Windows 10 x64 Settings\CustomSettings.ini" ``` + 6. Replace the contents of the file with the following text, and then save the file: - ``` + ```ini [Settings] Priority=Default Properties=OSDMigrateConfigFiles,OSDMigrateMode @@ -712,11 +721,10 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi >As noted previously, if you wish to migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts: - ``` + ```ini OSDMigrateAdditionalCaptureOptions=/all ``` - 7. Return to the Configuration Manager console, and in the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears. 8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**. @@ -727,14 +735,14 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi ### Create a deployment for the task sequence -1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**. +1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**. 2. On the General page, next to **Collection**, click **Browse**, select the **All Unknown Computers** collection, click **OK**, and then click **Next**. -3. On the Deployment Settings page, use the following settings:
- - Purpose: **Available**
- - Make available to the following: **Only media and PXE**
- - Click **Next**.
+3. On the Deployment Settings page, use the following settings: + - Purpose: **Available** + - Make available to the following: **Only media and PXE** + - Click **Next**. 4. Click **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages. 5. Click **Close**. @@ -745,7 +753,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce 1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 Start-VM PC4 @@ -754,18 +762,18 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce 2. Press ENTER when prompted to start the network boot service. -3. In the Task Sequence Wizard, provide the password: pass@word1, and then click **Next**. +3. In the Task Sequence Wizard, provide the password: **pass@word1**, and then click **Next**. 4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open. -5. At the command prompt, type **explorer.exe** and review the Windows PE file structure. +5. At the command prompt, type **explorer.exe** and review the Windows PE file structure. 6. The smsts.log file is critical for troubleshooting any installation problems that might be encountered. Depending on the deployment phase, the smsts.log file is created in different locations: - - X:\windows\temp\SMSTSLog\smsts.log before disks are formatted. - - x:\smstslog\smsts.log after disks are formatted. - - c:\_SMSTaskSequence\Logs\Smstslog\smsts.log before the Microsoft Endpoint Configuration Manager client is installed. - - c:\windows\ccm\logs\Smstslog\smsts.log after the Microsoft Endpoint Configuration Manager client is installed. - - c:\windows\ccm\logs\smsts.log when the task sequence is complete. + - X:\Windows\temp\SMSTSLog\smsts.log before disks are formatted. + - X:\smstslog\smsts.log after disks are formatted. + - C:\\_SMSTaskSequence\Logs\Smstslog\smsts.log before the Microsoft Endpoint Configuration Manager client is installed. + - C:\Windows\ccm\logs\Smstslog\smsts.log after the Microsoft Endpoint Configuration Manager client is installed. + - C:\Windows\ccm\logs\smsts.log when the task sequence is complete. Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open. @@ -783,14 +791,14 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce - Join the computer to the contoso.com domain - Install any applications that were specified in the reference image - 12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account. 13. Right-click **Start**, click **Run**, type **control appwiz.cpl**, press ENTER, click **Turn Windows features on or off**, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This is a feature included in the reference image. 14. Shut down the PC4 VM. ->Note: The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete. +> [!NOTE] +> The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete. ## Replace a client with Windows 10 using Configuration Manager @@ -823,7 +831,7 @@ In the replace procedure, PC1 will not be migrated to a new operating system. It Create a VM named PC4 to receive the applications and settings from PC1. This VM represents a new computer that will replace PC1. To create this VM, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: -``` +```powershell New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20 Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF @@ -837,64 +845,66 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 2. If a PC1 checkpoint has not already been saved, then save a checkpoint by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Checkpoint-VM -Name PC1 -SnapshotName BeginState ``` 3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarchy Configuration** and click on **Discovery Methods**. 4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox. 5. Click the yellow starburst, click **Browse**, select **contoso\Computers**, and then click **OK** three times. -6. When a popup dialog box asks if you want to run full discovery, click **Yes**. +6. When a popup dialog box asks if you want to run full discovery, click **Yes**. 7. In the Assets and Compliance workspace, click **Devices** and verify that the computer account names for SRV1 and PC1 are displayed. See the following example (GREGLIN-PC1 is the computer account name of PC1 in this example): ![assets](images/configmgr-assets.png) >If you do not see the computer account for PC1, try clicking the **Refresh** button in the upper right corner of the console. - + The **Client** column indicates that the Configuration Manager client is not currently installed. This procedure will be carried out next. 8. Sign in to PC1 using the contoso\administrator account and type the following at an elevated command prompt to remove any pre-existing client configuration, if it exists. Note: this command requires an elevated command prompt not an elevated Windows PowerShell prompt: - ``` + ```dos sc stop ccmsetup "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /Uninstall ``` + >If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by CCMSetup /Uninstall and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the Configuration Manager client](https://blogs.technet.microsoft.com/michaelgriswold/2013/01/02/manual-removal-of-the-sccm-client/). -9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue: +9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue. From an elevated command prompt, type: - ``` + ```dos net stop wuauserv net stop BITS ``` Verify that both services were stopped successfully, then type the following at an elevated command prompt: - ``` + ```dos del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" net start BITS bitsadmin /list /allusers ``` - Verify that BITSAdmin displays 0 jobs. + Verify that BITSAdmin displays 0 jobs. 10. To install the Configuration Manager client as a standalone process, type the following at an elevated command prompt: - ``` + ```dos "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /mp:SRV1.contoso.com /logon SMSSITECODE=PS1 ``` -11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here. + +11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here. 12. Installation progress will be captured in the file: **c:\windows\ccmsetup\logs\ccmsetup.log**. You can periodically open this file in notepad, or you can type the following command at an elevated Windows PowerShell prompt to monitor installation progress: - ``` + ```powershell Get-Content -Path c:\windows\ccmsetup\logs\ccmsetup.log -Wait ``` - + Installation might require several minutes, and display of the log file will appear to hang while some applications are installed. This is normal. When setup is complete, verify that **CcmSetup is existing with return code 0** is displayed on the last line of the ccmsetup.log file and then press **CTRL-C** to break out of the Get-Content operation (if you are viewing the log in Windows PowerShell the last line will be wrapped). A return code of 0 indicates that installation was successful and you should now see a directory created at **C:\Windows\CCM** that contains files used in registration of the client with its site. -13. On PC1, open the Configuration Manager control panel applet by typing the following command: +13. On PC1, open the Configuration Manager control panel applet by typing the following command from a command prompt: - ``` + ```dos control smscfgrc ``` @@ -917,14 +927,14 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 1. On SRV1, in the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**. 2. Use the following settings in the **Create Device Collection Wizard**: - - General > Name: **Install Windows 10 Enterprise x64**
- - General > Limiting collection: **All Systems**
- - Membership Rules > Add Rule: **Direct Rule**
- - The **Create Direct Membership Rule Wizard** opens, click **Next**
- - Search for Resources > Resource class: **System Resource**
- - Search for Resources > Attribute name: **Name**
- - Search for Resources > Value: **%**
- - Select Resources > Value: Select the computername associated with the PC1 VM
+ - General > Name: **Install Windows 10 Enterprise x64** + - General > Limiting collection: **All Systems** + - Membership Rules > Add Rule: **Direct Rule** + - The **Create Direct Membership Rule Wizard** opens, click **Next** + - Search for Resources > Resource class: **System Resource** + - Search for Resources > Attribute name: **Name** + - Search for Resources > Value: **%** + - Select Resources > Value: Select the computername associated with the PC1 VM - Click **Next** twice and then click **Close** in both windows (Next, Next, Close, then Next, Next, Close) 3. Double-click the Install Windows 10 Enterprise x64 device collection and verify that the PC1 computer account is displayed. @@ -932,17 +942,16 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 4. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64** and then click **Deploy**. 5. Use the following settings in the Deploy Software wizard: - - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64**
- - Deployment Settings > Purpose: **Available**
- - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
- - Scheduling > Click **Next**
- - User Experience > Click **Next**
- - Alerts > Click **Next**
- - Distribution Points > Click **Next**
- - Summary > Click **Next**
+ - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64** + - Deployment Settings > Purpose: **Available** + - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE** + - Scheduling > Click **Next** + - User Experience > Click **Next** + - Alerts > Click **Next** + - Distribution Points > Click **Next** + - Summary > Click **Next** - Verify that the wizard completed successfully and then click **Close** - ### Associate PC4 with PC1 1. On SRV1 in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices** and then click **Import Computer Information**. @@ -977,14 +986,14 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 1. On SRV1, in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**. 2. Use the following settings in the **Create Device Collection Wizard**: - - General > Name: **USMT Backup (Replace)**
- - General > Limiting collection: **All Systems**
- - Membership Rules > Add Rule: **Direct Rule**
- - The **Create Direct Membership Rule Wizard** opens, click **Next**
- - Search for Resources > Resource class: **System Resource**
- - Search for Resources > Attribute name: **Name**
- - Search for Resources > Value: **%**
- - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example).
+ - General > Name: **USMT Backup (Replace)** + - General > Limiting collection: **All Systems** + - Membership Rules > Add Rule: **Direct Rule** + - The **Create Direct Membership Rule Wizard** opens, click **Next** + - Search for Resources > Resource class: **System Resource** + - Search for Resources > Attribute name: **Name** + - Search for Resources > Value: **%** + - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example). - Click **Next** twice and then click **Close** in both windows. 3. Click **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Do not proceed until this name is displayed. @@ -992,27 +1001,29 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF ### Create a new deployment In the Configuration Manager console, in the Software Library workspace under Operating Systems, click **Task Sequences**, right-click **Replace Task Sequence**, click **Deploy**, and use the following settings: -- General > Collection: **USMT Backup (Replace)**
-- Deployment Settings > Purpose: **Available**
-- Deployment Settings > Make available to the following: **Only Configuration Manager Clients**
-- Scheduling: Click **Next**
-- User Experience: Click **Next**
-- Alerts: Click **Next**
-- Distribution Points: Click **Next**
+ +- General > Collection: **USMT Backup (Replace)** +- Deployment Settings > Purpose: **Available** +- Deployment Settings > Make available to the following: **Only Configuration Manager Clients** +- Scheduling: Click **Next** +- User Experience: Click **Next** +- Alerts: Click **Next** +- Distribution Points: Click **Next** - Click **Next** and then click **Close**. ### Verify the backup -1. On PC1, open the Configuration Manager control panel applet by typing the following command: +1. On PC1, open the Configuration Manager control panel applet by typing the following command in a command prompt: - ``` + ```dos control smscfgrc ``` + 2. On the **Actions** tab, click **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, click **OK**, and then click **OK** again. This is one method that can be used to run a task sequence in addition to the Client Notification method that will be demonstrated in the computer refresh procedure. 3. Type the following at an elevated command prompt to open the Software Center: - ``` + ```dos C:\Windows\CCM\SCClient.exe ``` @@ -1029,18 +1040,19 @@ In the Configuration Manager console, in the Software Library workspace under Op 1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Start-VM PC4 vmconnect localhost PC4 ``` -2. In the **Welcome to the Task Sequence Wizard**, enter pass@word1 and click **Next**. -3. Choose the **Windows 10 Enterprise X64** image. -4. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1. -5. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs. + +1. In the **Welcome to the Task Sequence Wizard**, enter **pass@word1** and click **Next**. +1. Choose the **Windows 10 Enterprise X64** image. +1. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1. +1. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs. To save a checkpoint for all VMs, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Checkpoint-VM -Name DC1 -SnapshotName cm-refresh Checkpoint-VM -Name SRV1 -SnapshotName cm-refresh Checkpoint-VM -Name PC1 -SnapshotName cm-refresh @@ -1048,7 +1060,6 @@ In the Configuration Manager console, in the Software Library workspace under Op ## Refresh a client with Windows 10 using Configuration Manager - ### Initiate the computer refresh 1. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**. @@ -1060,16 +1071,14 @@ In the Configuration Manager console, in the Software Library workspace under Op The computer will restart several times during the installation process. Installation includes downloading updates, reinstalling the Configuration Manager Client Agent, and restoring the user state. You can view status of the installation in the Configuration Manager console by accessing the Monitoring workspace, clicking **Deployments**, and then double-clicking the deployment associated with the **Install Windows 10 Enterprise x64** collection. Under **Asset Details**, right-click the device and then click **More Details**. Click the **Status** tab to see a list of tasks that have been performed. See the following example: - ![asset](images/configmgr-asset.png) - - You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**. - + ![asset](images/configmgr-asset.png) + + You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**. + When installation has completed, sign in using the contoso\administrator account or the contoso\user1 account and verify that applications and settings have been successfully backed up and restored to your new Windows 10 Enterprise operating system. ![post-refresh](images/configmgr-post-refresh.png) - - ## Related Topics [System Center 2012 Configuration Manager Survival Guide](https://social.technet.microsoft.com/wiki/contents/articles/7075.system-center-2012-configuration-manager-survival-guide.aspx#Step-by-Step_Guides) From e334e2adce321b5703e10afc489daa5c508eb2d6 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Thu, 10 Sep 2020 15:04:37 +0200 Subject: [PATCH 19/34] Update windows-10-poc-sc-config-mgr.md Converted HTML table to markdown. --- .../windows-10-poc-sc-config-mgr.md | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index f66b5105f1..1db27c1143 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -45,23 +45,21 @@ This guide provides end-to-end instructions to install and configure Microsoft E Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
- -
TopicDescriptionTime - -
Install prerequisitesInstall prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.60 minutes -
Install Microsoft Endpoint Configuration ManagerDownload Microsoft Endpoint Configuration Manager, configure prerequisites, and install the package.45 minutes -
Download MDOP and install DaRTDownload the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.15 minutes -
Prepare for Zero Touch installationPrerequisite procedures to support Zero Touch installation.60 minutes -
Create a boot image for Configuration ManagerUse the MDT wizard to create the boot image in Configuration Manager.20 minutes -
Create a Windows 10 reference imageThis procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.0-60 minutes -
Add a Windows 10 operating system imageAdd a Windows 10 operating system image and distribute it.10 minutes
Create a task sequenceCreate a Configuration Manager task sequence with MDT integration using the MDT wizard15 minutes -
Finalize the operating system configurationEnable monitoring, configure rules, and distribute content.30 minutes -
Deploy Windows 10 using PXE and Configuration ManagerDeploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes -
Replace a client with Windows 10 using Configuration ManagerReplace a client computer with Windows 10 using Configuration Manager.90 minutes -
Refresh a client with Windows 10 using Configuration ManagerUse a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT90 minutes -
-
+|||| +|--- |--- |--- | +|Topic|Description|Time| +|[Install prerequisites](#install-prerequisites)|Install prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.|60 minutes| +|[Install Microsoft Endpoint Configuration Manager](#install-microsoft-endpoint-configuration-manager)|Download Microsoft Endpoint Configuration Manager, configure prerequisites, and install the package.|45 minutes| +|[Download MDOP and install DaRT](#download-mdop-and-install-dart)|Download the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.|15 minutes| +|[Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)|Prerequisite procedures to support Zero Touch installation.|60 minutes| +|[Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)|Use the MDT wizard to create the boot image in Configuration Manager.|20 minutes| +|[Create a Windows 10 reference image](#create-a-windows-10-reference-image)|This procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.|0-60 minutes| +|[Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)|Add a Windows 10 operating system image and distribute it.|10 minutes| +|[Create a task sequence](#create-a-task-sequence)|Create a Configuration Manager task sequence with MDT integration using the MDT wizard|15 minutes| +|[Finalize the operating system configuration](#finalize-the-operating-system-configuration)|Enable monitoring, configure rules, and distribute content.|30 minutes| +|[Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)|Deploy Windows 10 using Configuration Manager deployment packages and task sequences.|60 minutes| +|[Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)|Replace a client computer with Windows 10 using Configuration Manager.|90 minutes| +|[Refresh a client with Windows 10 using Configuration Manager](#refresh-a-client-with-windows-10-using-configuration-manager)|Use a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT|90 minutes| ## Install prerequisites @@ -219,7 +217,7 @@ Topics and procedures in this guide are summarized in the following table. An es > [!IMPORTANT] > This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). -> If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). +> If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://docs.microsoft.com/archive/blogs/zainnab/bizspark-free-msdn-subscription-for-start-up-companies/). 1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. From 938207fdc8d05dc45a76d3d7c2e1dbd44bc376af Mon Sep 17 00:00:00 2001 From: Sunny Zankharia Date: Thu, 10 Sep 2020 13:05:35 -0700 Subject: [PATCH 20/34] Update appguard-gp-turn-on.png --- .../images/appguard-gp-turn-on.png | Bin 149078 -> 271633 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png index 1afbd303b083267401540bd0121b1dd9cf4415e0..7ee172b509f4a9130745edb23bd2476d72a5cda8 100644 GIT binary patch literal 271633 zcmc$`WmH_<)-FgONC*-VBtU==!6i6Bg9Udj+}+&??h@Py?(XjHE`__h6_nh{d(Qdp zcW?I?{inO{9@Jp38nu_qHP@8qnN^{3GNPF1MCb?z2$`dUCRmgK5P6 zH>{tSVOO7s`rq{<;mGpfyfjlkFGwRMGMy-B%@(NGH)UwHVw0Gog4vK@dMRrr{Yk(;67WB}J?zQ%kHP!Ti0`$U9N*Lk z{^zr~uamF@RnY$3)OFnY|7*~eaX_|4qqX<*StEzFW~cL6noY-%6Q>rWVA1`!KC|N6 zO-j$kCFXzT*>!1q^aq%Z*WwL%N}x@OBxvDY(a_Mq=uxcA&ToeQWfmA)o0ptqrKXyv z6#q`U9UsRmFPA=;Z2Z6WaeUT3GrP9Ds-&Y;Jez>KoF*ZOE?JM9zv7uHQHT6>%;!du z)$QvFPkB&*rZvs!6ZvlBFv6rSZt1?{03( zo=E@c`WufX*CD$}AcN*%$*d~wuE}7(NERQ7K40JrE|EROsiUiFvhZ6{ysx2=kvaNT zS4;|KWpv~+4AHU@@f4Jlc?Cl=vu|(gXX}sC!K)FsbA7vcFFXFDLw_dY8~SL7H^ZZaBr6?Q&^{sO)gV4K(b;Nr_90r%D(Yyp;a;>Fl!Vp>z!jsMN4nLs1Bj{T21Je`udXG!XUVpndjl3A~rGPm?V6XFn?B3_9{8<*iPkhvdSu` zs1(~MoLZBjX-UjApDMbEUoH;4esnbq{E3kA{JIX0Tb@B)&sw!G|;|OW4h`$99p^LX0d}qho$xM+#|kur$E{*49`UM&HQr7ep5oa}wUI<_DzN z)ajPr+4<_Hm|`VUYil|x4r%(%+%4|JtD`6Qig_1DoVe&+?P~((RwvH$L*O;kn&fm~ zo9rsiMARiW-aXK9inKg^&GR$!gp3O*0>UP{KCFYBmeo;a-~Fe$LBrC$k{NlMg;0KrqOcqb%># zn@hzOSjsAR!B5hgvXZ*K(O&ZDTH^WI(W}|W3v}=lM)QnL^Tf=`@$RP5h=8qV-fbB` z{pwXU6Vq?cIEs6Qp7PDHu;l)c6qXI&ZI$U(S(tLVj!xR0euYWKWGe>WM;%)-=iO7M zyNcG}MSADp1Ff&`f3?>5FOejEwt6r;H#6`vTpT(oK`0b`BtdUozA{upJ(C|f8s~Vs z6YVY}^O$^CRO=b%yd^clQ2S1Y60r|C zmW?K7Safhdwrky!`xLjbc&lPtItWjJpw$s|t+hQe{Dni-94|@M10BL=6AVt)7##QR z{fdvqS-Q?)TPETce>@-$0UHx#-5yLUSS$Ya?l+NroEsUWa`JI_WBp!&clf5SGS-*v!l%0zuMo}PvKZ(2;o?sDVa?!z8Q4F1 zArOYW%E=V*r)4Rh`!Ms&O0)Nz*;{I(_J#W-;y3$&UtXSM%V&L)PZQ0HKC+K5qWtft zINL!#_0uozmXHvBO^1R`{L7}!J|;s5tKkbZ3Dowq+Ryna336j-S)Detq_a`(pZ|Jp zA+hYk2hlaUU1;0UNnd6)S)*i}^g3g-X=C=9k%T?oU2yO|-MqtwemTt=%!DLmeSuzv zwo&TvaG03gWbP0|hjn5l-3JZ$IMD2?+nz>#I~tce8aMd8h#gwlN3mFP&8Oxj&rO%^T{IBqrN5`>tybGKh$jgJg#hATD1CCSo0g>4yqF1 z?HL*m8RSg<4Cw_?oY}il>}@JY=>7&MLmFK#@zRnS9?jo8^S&wws5M_w6~FV*zV*u> zvK9)5C|~j~@voigICPtGp));*P~XhEWy5~HK)qtMV<*B$OAP1;-4+h?WG!poN+?DXyDLrg1=!Yb;EQ!DIp|Pi$({Cd-howrHO+JoN~@nAGz(` zZ(%yztPOCoq_0i8RyePNs^DI|DeU>A2ew_8?PbpTZSrO0Zv30ATES?@A}kF&K?&v| zAOxnZ+^TEMi1$z9Ef1>fr>iA+PYIoKFgilGTk)l#+mPW4>F2}AxDLj)~b`G{xjbs&uGu~=f3%j!AjSQ*2lff zC`FS=JX~XwywRLbpC@pY>2zJJL`PRW>C=BI8@GH{-- z0{EYyuLj|dt4!;~Kju4+EWvBOL3Z1s)0GIV$;>CYlfoC&v&~1DN<&lq%{mn zVKnl|erMGK?V4mCFO(#O`umOfog$FENW;=#9e|mtjA*Nlqhlx_m3BrKZ0{Qd4#WcL z_lw+PBwX%as$!Ete^;G++lQ z?VXPsJ3FNOAP5ZY>A-Gl^=NcfC(j8_h?x-J=Q*P>GrtDcY+cm zJvq{?F1d2nvGViN^3rdWec`#iHG`X-51BLb80k-dcWQmA{i`h3e)FCESNVkd;ZKa; z1JtXGX)FLPkz-2rMkI~dA~(v8%y0dsanrw7aU~L9%?T*Z_`%ZUc(fu=be3{nvnefr za~YJyPDT0z@&Y&k=@%IQCa6FD)rst9H5HRW%tDKAcwZ(WzADzyvs?P~_t{f%u3=Va zbMJJ&ICnr|TYiP=uhXZ^4XD#I`Ou`kUWe6af||X*%u(;qX?tpg`%KF#c7lHg)S#bb zhj;UaxPVjLspr-GqNMHbS)85R?aR%bQ#67;4qbWMCcQ8Fv}cBv0q)zLe>6{OZ$2+5 zU0Cr)tY(gzkp8&IDo*kU_MeyI^J~}L_wx5T zpVm5bp!ZXgu!p6l!D!g#;2_Lx^~eVreaO@)<#t@@Ryi?0epd!)C|-6@EFBDDkB%f6 zZMdadp1b?4I{Q3Y3W+8-*rT3N$d3)VoSG$vhXAj#O0LY)xz~15CN5r%+~gzUUy%{r zg2x=0spjMr&-N2AIz>j6cYUg@Ha`8r?@UG;cdX;0@FdKx;CgDZVx?0NPPV{fK2<&z zHrP+6n|QGKlRS=*Dd*K=#i@hDFZ!qK2g!ZOSMaA%D((%;*+Jx!21(sL5CD<5)kiuI z1#zPT^htH}=B7;I^*HWRRoqM98#JWJ`330{x;OH^PoPwkWy6VtxB5QqALwg7y+P~{ z6(n<+0?ZbsFIgg5VR1+F>F0xVEIkaSo8)9q-%z;|KhY_b`(xjPr_tey`44DJeLb>cSd?)~a#v`OJ#zJUIoY9c<(C7L1DzdS${w(WdfvygKt;(qf;k+-oD(`#yG{c~pH}XN7gV{V4(T zl@Ap?zB$EG<#6mM#v=yrZOQ1lS+4(A{148Ghr2dQ^ebgKwggShSffi5juo%L60hRl zo=fmU{UOs;>NqbLREDZlk2WI#wlz&o*rzUPe+0YPHH&<+$mJHCLwm*0m39R=9^Wq& z1F_Q7)$Y~zBsB;QmKXNS-L`_POs=yWt(2u-rq;8>eVzL1v9)Cvj=cTx^3}mYU&Da6 zC-VLnZEdG^6g~ilYWP9y&jyzN&gwC9KuI;stnj2>9dB#G-hm_u=gXTS;FO84xfW&( z^4)IbdRDzxqUpSL(W*AH+Y6E04Ug9sO_hQ=0{qDs|<}6AzP#m?@ z__Cmkreww|S!E7PnYjB!`?U()nIKthaneQ6@PayxK~?M&c?ljhr_))_3;9BCYqcom zf@s+|4|AR5Md#n9^;bChKd&7P)tox5$+UXfc|aOL@uho#K&P5yFE(bv8#JBsZj~`g z!o(9xAL12@HGw}?eA_)}IJ^mV(m5^sL{z<3ycGa{rj8s9RrS-cLW4=!4*@m^(g%A6r=W%Juq=4-30UB!nUxHd~U^tnzBTrU>T>X?-Vk|I8uwrJSI3E>fT|mj0QSpkk~$mDv)%Rb9IYke1@F#NDN@b|a;_ zoS4<1lW&!Tf>}pv_r8u91qKq3c%{7m$EaIm;^&xkBPxKbP$h|6>94(KS6&*cDi&`t zH$mFdhX-EHG4=J@V-MXpih2YV4JQqKZc__oG)~nw3;}RRRd=X~pBl_4L%dRWZh%$8 z|Cybs51#UnN+x1`r*+%`5+_w^&vRr=P9OS3p8_wV8{0QvvjvSl^==Cn>`;Sa{K`oP z7U_ly`-8*9Qql$=bfGNnW`v4*cmF$$#s^&8oH||fR2k6YyeSaPu z|IS)o@STsaaKdo+z$CArFT7u`PzL$xZ?Gjix-Vt(tLqc0^7kUsDHfrDKY>jsW9S%- zBFu+0_MMnSh-oQUPsS70{AUc`szXsmpPV|7!h;pE+Y@Z<_oUKkC!DG}abe`gzqR%& z*9c5|^NBv(PIKA&3(vS$ORl|lq+QRMUwHm)p_%{sH&*~JKd5@r1PUv}O7Y&_*PPf#-6ar-*ZVNU{JAzL$H`$@RXEU@rl(C5MX zh9GU-XXPL~+SBEHoiMhJHrv_3b|RHGR*3vcoSJYX-O@-#C2BcO$v*B=aKVRE=4NVs zej(-f%+$98q@-N#HG=HOLBLNqB|WFL{&b|el{Wr&UDo`lS}%f;%~950S{^^k(bN&> zqWThSOWAcq0I~(REd`1&Rn2XuL{H2=sE(={HY_DrH#N)zJa>JhTQH9)*PBK9M~?00 zB$Xv=4afvb7sYWItR|Jcf`2s@OVzTbdH5La=I;zF`Bj=hR_6_Oi(3ZJ zrH{0%7&6A5KXvs(Cee8h*mr8PjRR9#G)jRh_P1-(#}l(mguXAHv1|Z@k9%eQ#C)&O z&@TDuHyG);^A0g$lrIu-Kk%jD5Pc3$7@lE{b+A{ct%+q}iDPDYYc?X51WyBIW{u3u zUX8`mD&&)dGTl4dX1)q zVbGLSY?XR6l{1Bdv89WHj~1JK==LH{9^V4c&&vHBP8Mt~w>@8l?`v5I7uCUSFqH)f zVMkGh*tI-|#<2tk%CZK$}%zi_QHDxPTvqoeNm>w)nov3I73zvY|VQS0y27 z9$$QPy4&$MYs!=K+Ozm@h|AI29I{-#P%M3J`;}7=b2aE2y2>{kK zA(|t15q1B>9tRz!M>FKcfl5wXMo!9}W`jq5m0!*FuBw@jma76TyTrsFUzv4p)eXco z^JX8fD}n|L09Mf7foWJ_5JaJ#&$+wTuEner?Ci`GPnM2z%SBY;hDv?QV%58rO>kTs z$Bshq0|kC?U~uq2e}7(nJ`HXPJpTL6$5`t^G%(r7vt=)r;6Ga{AcG-oDGNeDyR(0! zUn%v2aXxF&ok+Ya#ZNX1%j&&RMuqI+zhZnB7KC}?8Vn%SeL{G&~DO)10Y(r?_99F(dl$*T5Tjd!N&d$T39Z_nnx&F}qbd)=BV*?vE0xkNzZ zN<+uPL&wVcg_HB}_Gq)JYF1v}#Hc1-A3EerPvOQ&hc@4JVooFL$0jx-)p zsg22R<#{aQ8A}%!bWrjeRnr6yVo$#55cr5|wgjgk9stwAuz{gkBCYB)&Z7prQdLwG z!o=oDRHj0Kyr?^5ypd1g9^dgXSUxJ5Wn0ox?zZ}(Mo%DmZa!@8lztxcL*xF+%UN@! z;0?e3l^+P@lng~hz_z~al8ZBWc+SEEm8srpnE^)qX{koUEK2tTLTlWte0qlEX-6p< zqJ_Ve7c|aq&>*U&V*C{2CL6f3Dbe@A33!WRBHHvZ8^v1a{h2aTRjM<7it3rfAI-yB z+WC8zrR9&W6Db=8g;Xu@9W}P4q?oFY8{0|Fu!8>jR@0_VR-xYi;wkKo2FU(5l47c? zM>lZa)chWJEom;IYI@b53rdnDAezK?3f^~0AL6?pP_1U5G7-{k z)6u=`?hVHJu|=Ldc$!4Vf4OiN{cd#xTlbnQJI*G>h^~WBmO8S?3a z^5`~Lwvn9fFN?$gr)A*;3`q>ZX;SgSS0xfLQ?AmYN$Q0ImAXBm3X0>(z@o~R``Q>2 zC%6Xqu z;rwHOoBh*|+*Rh*wD96^dNGus{M@Sb{@h696W&A%bzRdmHIxnc59tw0f7YDc{=#~$ z#66s1c!GFK#Vf-cAU!NJl!0ofvb2GC)8$$AvQ^Wo2?=3RmK8SJ3z4GNJdnQp426=fe7TTk!+_X62~N zD_DkgWKuS~@hfc{)!v15#RKckm850tO+x%HZ>hn@93A(Gv_FSyYaHiWycl{-IgP zy}S$n%0ljX`Csb4@Q9P7%DH~3IQ-!_y?&?bpc2xK!bhW zK|ZzlE9nQKf42B=WPUw7sWSbd=?_Pp1?{ne(%$rNvuKZzH>H7Rw1^dE#H#CI*#k5L z^Z7ITc{C?(>YI$@e7ZTM`MFGfpN`tvo1Q?@+EACHnS6`IimU$;t#32a(Dpc>K-J`G z^e^STN%}86{%vEk-sXOnmiapAm{_B3Pr2qcJvUpv6-m~H`%Rmj&6Im*oP~3STI2IB zN@v`lpn)Qb!-TSmlgoqWGrgBJT4mNhdh&PAw*K}w{$B+lT`vDml^bHLS^bm$DJ=N) zOp=84wtaB>;J+AoNR%XM=zi6s+h6(oy=*&oW(0C3c@t;){F}T{g zz>85XKK`fg|8pfJS$NF4n)?{#N8ecYrv`$R+Y;OUpJCG{S)Mf`CNtGSL z$~TsE%A;8WZRP6`POhNCKlAu38X{K z+m#GV%?nea>WD`$iOfXoN|XTNii##KtF!mV}E{27%AYD8;K~kcAHx6NOJlUraK)=p*wjK@xP(RldA`%a+M_Je8=U@n3GLK zk9${~71~>A8)Di!`^U7BnyyHRh8DBDE{V{fH`D`}XZZ$ip$RrV*}o= zH91bn)d)s=HP5ek`M~O&P6&NqLtC<~E|T~RJWD#|!m<60$7SZZ@`Y%c?>8x~U4I&G zeE#$sC=@O8AkT_&7~!bRrarBlQ=#DI*R#iBG$s@-C_?IZCdfiU9eEw=9?~%Gp|Fd8 zd3gIdY=E7_Au`sARU)^|*ds)kR95;nhNwL@g8pILZs5k!-0ugM!kEya2 z&5;bZR79Sk0@EoT-$gXqcE5++&kcfnP0di0xq-A{CHbaUA|7AwYUQ_BAk)D`rO_Cj zJ>)sO5{nDTE{0EOFRZO!OiQec;`(Eh0*yA&s=W6dtY5SoiH;Bh&!I-|8o3`mLU`IJ zpX9-D5g8e`WVv%T+lpg+%)sz_oX)>HiX^6So2|Vw@Qq}NA|FfmJFn+Oyg5_kQdgkj zzxNb47wF6C+E=G68Uyumd%@D?!gWaApM>=enEWf6@BpWzFd5s~(+Q=~hdN5iCw>4F zchfL!2ehcNGMf@RY9eVl%w|&bJe=|p1c(owwbm&{(bdh|sxqc7JKM-$57oM0>ALl0 zvZeX)*j4d1)QV*7vPEr!=T1m*cLROV(XXvY+GL!e+_^)GBROrInd0I3TI`l=N5?k24#w0l=^)6JB!%yMG-=>!fJZFu zu$ze$0_=^hsm*-PVg1DDeOIj`v-8{DFi;AR9UUFIFFAoveE3QI@jNV(Jyj`|@oPBg z68Nf;%=Y!;)ejY_tO`#f4FdN_;sZ9j64h8chbKrJ-thvZ6F!J4iqYBQaGHRO2)5Le zUzgaLN7OR1*uXKJ@Z%Xop$-T>0s2H<3H|~i&1MnZOy%wj*!oZJP6w~M-e!wj(DRa% z*u=9n%&6G1rA^PO|AdrDtFu5%_;V|u=Bt{=2c8$4$0iIqyXQ?Vfb2|rgJ`a^!`KW( zQqAY{0BSywizmFrhP&0f-&DzX5`{3-jyn!xvJ^N0J><*Xplm8N(-$c|OYb2)=N`_d ze^Z&I%T*;QK@!p$JZW`espk%OQ=oeKO7s4_&Tfa|>e+WV`Cu?I5`1jHA%gN+IhCk!S(7>V+-?*; zPGu7V$QNq_S=O^Z!pt;M*Ltr5tNw}Vitot>>>p?RTZZt<2r|MaFF#oc7AXIyerqY z@E|D9VV~e0wpdLevB6A4JLw#FWbHZ==`8o~#C_U92CMDvl4<2#rd%JBs@;$pGdS{B1Mqvn06HWj2wFz#~@ z2?{4wZ@wiU-oB$3w^Z0=s2N9}rqFE=@`&?Y7QpZ?zzME^AC(T!A}d{ExT2}ri0SH8 zGS;PssRehvH+RQ4>z54rf!pzcFO|iNbYu@j2Vf_hx9xl>K+LCptNCCC^u+YLc;bik zwY+`Zr-wa(T0x~5x_x}{maVEWbjYKu<7(zUp|EI#TDM~Bzy~gCS_7}8o%>yaHRqXZ z?zaH)q#D7_Cp=`(aHs1sFI}UmLJaZid#`T>%>AJJVIBDx_*rCq&p?}}M014t3x|r9 z_BDW9>fr%iJZuZM$5wC(H+%T5EC#a$EOyN-!As$e%I%N_p)yFpbKeyCJv6=(0I_gA zKOyBNXl635Imm|qvY!bb@|$~0Uv~WNqes6dy_Ix;EWUTH{8HL4>G;C>G|6l=)6@DD z-XGdGs)~Z@IE4M#o7`O6_?WUyBIo4EyFf~v{fRtvI(nNRqw#p|hE&Y%HZ+U_aq%} zq{oakav2VxfA7iAmq1+2T;97MblI>?W9qfq&kRWEp6>?Hd*ZNQ*4)i^vqV38vD-kN zmL)lA5At)VXmRV#1Kncp^Q%eri?e`m7{5rdQI!U-n-A`c7QC*G;`o+*R^vujbvIcV zXmLUPOOrh##ijjs6?yU2g&v7`+rg$Wur}Rs`%cAfmI2gp(AffOyGw(-iz?Y!L|F`P z9bpX+Q{2}l?dW0dgtjf0N5-`0H6|-pS);52GUg$dzkov{*(h%jPAr}RX$q8p%MngR ze%Wt=%#(6iS0=Gtij39aXBK39Ive8Qvi4~+?u}P%&VXwfWvyT>^-!iFr9zAe*nk`v zG;4d$ZXikWgos{q-}fB8=pmo3leRU8g=rXw0*@&pY#V85Z>OF{{EwWrdEoA$?-r<~ z4Do*lAm4-+vj0X6&*FeD(=CU`n2^?ekempkwh#uHgHkC>WG2w{XT7*?`+u$cDYk23ZXoi8h0j*kq>}q1# z`28K0H11#~DLM4hRa)8$eFSTywmw@~8f0Xp&-?y{S}w$U6pVKy3uQXVz!Q9$YZbPjuNbzP|zEs%&{4=(}VLogeS z$C++wl-73fMRku{YVqQLwH`iRfoMYF&%mJb8)iW31UFA-C=mySJL00Y_?gPSutIxq zdt1jgt?udT1O-fV=!ZCN6MAVNWiCF8Pzrurtjx6tp!;Y~X??5zvWvO^Hb+g2UB3FJ z&Ut-g6A-=~C7OsK+&iZNX0H5GT#Hrtw90STd!3;{=JMLr{pq(QAFYxIGV6@gv6TKF zzZ}hh4&kI}1!0T42*Xc%lP*@}Nvcgrs!Hz7z7j;q*6|Bw*GIKXIwHnjNOHTZHzr=* ztL4R3yq^!ED9KjL!mlwx8o%48)w2W=i=DhzU4R9|M^u zKckJj=6dY!Tb>Lz1{;BIYTKdLS1ouZ*JdB{MbB!qZ>Lph?ssL&qq(9yE%8L4R*jfJgVL+92T?Kc^oL1tb1&2P>jLD0z3X#8OW{<4Q1O1 zt8ni9HL$eM1MPE3;iwt|OXANnV0|E?a0AF)q`#bxq~m0MF*$*461{mTvd^H;6-8lN4V`{K!Np`|s zqYrF)AdB#}qkxE-;-qcoI&G!cuodDftT+c&^}@IXj;_2(rvhZPdV` z9_0-*nv#oQOT=?W9&{I>j>;%tA}b1s$hZ1EYwDhUzv-i>X62-0# z5Hf$66YMr`UdW5?Vvd8**9RTu4BDNR)QVecL+E#Pgrm{#on922IM%-7+!ArTrnH(C zb&J%HA@JxRtwep#LT- z7afQwTAT8i1)`RYH4kKB5DIt2aA<7`exp@dH-XXkd+^@uTpHBJH61^OGP_=_elsLk z<3~(Czdd@rlWW3M+EJi&)EigOt^cR+q*g_Oqe9)MvIC*;`$wtlEv!|youHbBCmWI8sNj&~hu8Mu>*o8Y? zp$lsGoqO0TLDNGplW`<~G&g{Ah3ejpckK1IHBaLPpI3}IfsTednaLFHL)YIV&Qi6R zWGvX0bR~^QZFY^A*h$}xKV;*a>$Q;gop)IBS)ydxu${hFHx5M1!Jf7A=$&}OW&KQt zGkZLn+4WWSWkXV*!&n`!@nBK*%aKrjq{Ut+CE1nH`vnj5Qr0j(x_U0}@jnHK1rzFh zWjlzYs81MBj=+A*hAGgPq}Vere?p1ZjALzS93cBwh6VLd$MjqD>yabTFuL;?HsA;Z zH8|R{d_#({EsZ5W78_1GUZx-g&P_P9{zUof+Th^Ux#SSKFFgavuDXh;fhV{LkGAQk zP^aukcfCNCZ<)uTzsF_4ljpEb|AcrYX7H(S%nQ5V5hB@tbm0ZhOUPV9j6IL8j-GxY zUrg$-+HJ=IU`tdLi9vY6^gi)`UC7>uRrk6BzR$Pc;G^#?y54Tvvn==c6P%hUinHQ{ zwpyCBDqP2h=!NX6IXuo5lwHX?d@XvJ`VGD=-W3qm9_)!$~}eRhlIIpk;FUzZg75XCl`t zJ<`!4q?q43fCk+hiPHLh3RO+EdhGKa)w&F?SQZcR71jujoe|?z2eVQxJWu*$EgX&? zG(+2Y?6&Vi-$DFv@ouZlp=D3+%R>%?Y|3s@WPQDEtkjdf(z;~goY3rC*HBT^tm$|@ z9*8Rq?-DdgWacKfaqVb@g)TDWH)O~4%nXAKEEP_>^GPfD@3!Fa}X>O(|P`DqCO z>vG$M9>1#oW$$;Y?az;jJ0h@~8=u_p-K)t?_HN2hhD1LwAKd4i(!RsbOl=bWP+F1e zYuGXy#xhqX7b&x-os#67y8qI3Lg$;^_J@jE+}=V0SBvfUH>a_n@Q&`Nx z3c2;k%7yYYGKV}7CKni~G*cv*$B;Z+*?NT1fVfo$9cqh$2y30?Fk4xl78sge!+m00 z^G6#Mf+wGfRrZTK#ki?PSaYy;F;X6li! zTOPTdbrtw{jsINJkHvi@%ZfqO!k<-b29B^QoS{8bD6g>64PhW-={@KoqTx4KAhvWf zUgF_!L&x)WKd&geR-xHgw`%1^GY)J?$-GrM>S>tft1%x)VtsMI*EM)1I*sLj1< zM^8bTo~24sp=d>|^1%mINKm{2+d;V>JXboiAT2FckM5LuP~=L%TM-smCn1&=SZ6oM zFKbKLUhP|>o6{B(V2JuIC;&YLWEoad_Jbbw0p#a$%jyd6_l3Au(8Jf#zpu1`S2pl% z#Is50%kvW4XXYl(6DC|bLL>F6^M4T_zC$akT_Cwxx_7fLEra~7-bv40;rMZYti+^AL) zUJOREvV(0?UVSjJV_*n?J-~CCPmL)H7hGEmUl!a$R#mRTxq$9XvyS`pe3NOgR%;jy z5bBW6b}Z(j5&{br4aIhFiRkQH?o>^q(X{^(3fPPJ_ypi`RVjioKYl*GM?tL|+N#WG zm=2?JKb)rKGrpMIhCv*7`*-I>3oq)LlmnjU^h#E5rjIK zuE%i*|)kv_Uz-T!hWN*9Im3lcDsXeBTZ$q{#2JpBG z`JZTz9oj)i`j0+)+N{=NxbiTKGe@DLfwJP)XT0?NewWr0X9)$weoZ`RtzC6uror`^ zyWJZvx+5`-LneG|$NUi+ahSq+1|n`YVdER!=en7A+bcvXLe8gARNRyB`3Ei)2K)L;n;3U*P1bGakWgXZ_w zX`}W_woHzfs8`x>H~PP5lh81FJLDdCQEfb)Dn5I}mTQc(-e!bi zMPKfHvN!}}XSs%urZ->D)qUO@bRb&BR-=0wU)3^bi(TkXV3JIgh!7vWV=DE2deFk| zXgWx)QLwnsY-1iPT63^1J_yH_@vzyJ;QEeLaXN{?(4L$wXtX~FBTU>mhNIu``Vsqnk5%Do0gEfwoivR!j|3Cw+GMt| za6wUxX7+(-FH`4i71{-!;VZ(WIQUqZ!) z-L@uCi%dA&MNP-g%sXhaQt5rQ)MU3q>UH=c75aSFFEj~HSeb;9db(-<*!G_-i)~$J zG$!{ri7jTGRuNj>QvPrW@vFULBvZ6aOeX6{UeiO0yj0Ef$_RQm2@g)hBXY-pV~2Wr z#D`5@?z56`tOiH+8Of`nklqcIq%k_^<+Pm#C={2=`n5@*CPw^gA8WdjdAWMG8pW|{ z%i}uU?~zIl`3q2;cCbJ0E+(1R4*_p;KWf@MBaV?jgS|Tfyequu-M(53`R4CjynfC@ zcL(8?J}RF=A!cV0s&D3s+z&9&^;<2Dm5ZsJu+0BB$)!LCN33j%cB9#uh`pI2o$I81 z0d+}6rZZ>f34R#|`iDD`Oex$js{Vke*N%?5VvPz?iJHN&H%=A|2H&49J3J0;b>;fvOm9uU`hDcatZd}&rX}ym z{w2%RZT*gU^4!`P_>VB;jFyOyerg$_i>JIE?9(`5wrB=I$v zLy!&l&l#%^s3||& zNE&yk#ri(&UCaBhP*%rx{kzrqOh(dFRw}kHO%miqDuqg2%0r1AJQ+!;;?xxr#hi0$)ZQ* zDHX}z4M_8jo*6yKQ|)!9t1U~k=>OUSx4~8=Bxy}dgJvR9ujJxgg3es{&4aCsfn~FN z%lI%39FC}eT2hXtN6*(Cz@L}@0&4gDA8fs4RGV8DHG19}1q!riu~J-u6n8j4ahC*w z7I$|)72GAb6ej^fafcRn3$BF{+?`Kt z*P6D*>)HGH30tlK%&P6*l$RwGi1;Ta4<4E<2lTF_+{9X>^76bp$R@+Nxz`dRn50}j)_;b1}4^*E;y_T}}2^j^>I==V2t&;xmTi)m$l+i!)FTTQZ? zuQGDxWTy#5sCp%Sv!>c|xP20LjNx;gt+|ok0tFbKuT(j1Lur{>jWOXx9YO0Q_iKI@ z!*MKzkN5k^#K=0hNBp`#9|;%3YX~Hf4!3ZVHcG#JZ#^`s1bGRJB|lANASoattr&!-5LG zdiJ$Jz5c>-dIo$U`0=Wb^xGcXs$vO<28V7qZVL|;#1^^gbLH{%MH~^!EMMOdv$RxOFvtr1qa625L&-{hn%Gqj zR6keAt49w1|5Io4b(fE~2i{&Dtp=Y?MSTCA%gxd zuPU!yDk;f0jgW?h)Pwz#_jUw54ulCLE-uc&!NJJLC@d_@${L~kc0jMH3a}60)~`qb z;PyiWNdF3%mZ6b_?T^g1CbC!ZST0~ z={M$F8Y++P)@Hu&Ib^NDqBQXBEqFXFQ1}4q4&M2>t2kx#&Np#68H+fkN~B<_Z{Uq= zs)$FzfPmbu+5m?iKfxeLhtO%fmi-N>x15Cvjf~|v^}VO`C|d^hm*K^xuS-9LHXOgU zoPR~R;F>jrGar-p`Zja&?oAJ8dG%1s*8{(c5)Oyhzn(@73$+bSuQN`akN$NTvL`c& zqiFyc+p|p1$zT5O4TS&TBGkc!OEXXPY_RDq&Y{WDY;0oexT}A2YHL+U6RJNyOxA&K z-!deWisjeWrybqIGMQboKhI!A_z%09DjXgC#g1$4oWSOpb^6}5iM{q&736rPJGN8) zns+V|U&Vx6*%e|Jxqms%2HJ2LHlT5AJhBm8^rGAYL(A zg#080#BNHEZIt@v^TXxf{oiY^ES0=8<)rNWCPMfQW})adU%c5tXTXc)Y;$Bqnaq#t z(h$kntdjwSW#%iSkZoC-Y&%h=HIH76Pt8xF=9iWy=B6Qw6Z+Z+&T(RNj!=-p)#38a z&Q3s?OlWz04;@IlBu&-M+`oQ*uKl7ixHhn=L`YPKLD=Td8p~=_lzpr$uVxE^=g%mt z2T@pA(IFQr!SwHq`BPWLw({#+_#bq0xSk-u-mz9-gj=$ftz0*DB={P6Atq`pyB4w+3SLXWSE-Ek^(pir$v zCF%;-coLENM7!&TEAM9!1vdnj$|^+^iMV5Rlt~LQlSZR4rM0_a3yn8etNv5k(!V?e zKz!v+FYSuaTYG=J#Ke33Tesu(&tSQJvHnwRe?qWTlwy3(t8d#+R^|;XmKqFR%!7{9 zApNGVIBZA9PiQ~v*9Hw{h9l5U~qR{Po7^{A0Q8ut7GI*0hE)0kC#)$ z*1i5%jCN8{KWd1pSOg52>qm=Re7PtX<|j}qI`&t` z{B$+abuf=5PVMlW#x~#00M}D)5f3h7B89$#r>4WEpB153Rq?shkDun_eS1NIwNE;Lc^c2tdL9F8`N?K zF}|-jm2lgGtO}Z3T^Jwo+T0@C^_ATs&tPCQW8kWBRgRP4VT&vLsQF|@@IVlmRmrKV zn~cDJH`n3%r?>mfofYO*05s*~#rZHX{Fm*|(bA`toLdjJ$%EQQ^PmBMI(LlGzf`$u z0*6)5JI9dD8;iOshbDHfxkO=TjE6depd!gQM^=#Vvg2d6OSzH<>s0)p4icGbTh!N{ z@o$?gE^DcSA>Lzr03g}58~WZZ^^yzaUeFXwNyc!ju;ZUa;`UZXdFhwbws7~bavwVl zfnF%ZuK(0DSenPyc;|*xGHv_)h`c zUIHfY+3?pZ+@c zuHPCy<>Dy)w7SO;Kr6+eXE@d`nqiLyv4rxj7%SS>I;2L=C^+8Kdl5y30ryXtNP=0S z*E$HXMv&CduVhe~2zfZ+(kZNEV$Lulyxug(&1Eh4QA+v37_+*puRQx=YvVtAk~d|u z`&%Zbq>@J_&0NxA-*A8!P|D^=GwtPa)>mV#YSd~rpcba~09Uo-QHR3_8~ z(y#eyMEI@1lPDfM{e?zG!ZFFl1K&H}N7OvHmgJ^l24c>RXE!Qw{%};H7P#c7E#yC~ z&v)na(zfhF3P#Y%`SEsD!sp>;K9|dI)6x-^I%~*PInUKmdw#Pu8`RSm@2BKn)NQ|{ z{4Re>_dwCG>_h*xvJAyWQTE8-@zv`0gddwWJa}LG6Y0Fd4+}bT;#3~kkjaCoCv9X@ z0^~X?r>DjM)g8GuDcQ*Ff1lUQvzs~o98o1(Kl+--e!kf=A4(gn&s@Ni87)qh_6F>? ziQ2l$CG)MM(t`A(?}xnF((rn#C7z^l@Sv8JQuiyGH`d#EdVvgT%6+?p0vbkmc9EvGjeWe8HxpGNS*m~QkYyFS$nM`~ zbzW>s(oKy}>jabe6OSx4#CM`a-G7v8$h*@AUoR+i`H!@#MACJ1TzXIpb=iL7@;ArF zbB^PuX8?WV#e3mMNZmj$Ufg;+Vehe>vqPlbcYsQ-y{y%Eug!b+Z?H5@&g1%SH{G`> zA#(M0no9F~iQVG-8*qZ}7sRr-?b4*n=G&s=!{YbOhEji4gELyv*1>Y--^v=(0{^3oU1)93N-9Hzo>KUfl zXODTiY<`#oE_iyXYH1e}Kz`-my7N8HA|!}W+>_6#Owp@fqZ1Pm(jPd4R6db(X1%(pMhQ}lFQE<~VDGi#b;t;%2g^Hq>^vGVxP zBBU`>!fK4i|HVgjgSZ-Q3n4$=wqv$T_YV%=NQE1BzP3CN2k_qiXr{IJ5gaC1HXa~Y zVpgkr>ixFu(6uwBi8efrtfha~@nmW4ld)vScAk96HOm~Ob>j*yK4s>z)Nzw^z^msb zP{+^833@A96CK9GL!IKGmxi>dS6qu1W|&`YKl(GWpO!z5DvwVa7{qSx%78OS!itxyO6^olf;b7W#UJ( zR3hbH(m>1k>(bAzLO=RPRb34E(z5%_hlL0Zot55P={i4senVdd-aL#W0{+$aKAE6T zw_0_mUSGxG$6}Y@j?i-}KV-${iQ5f&Vv93*KWys|s)NmQ$;{6qG;G<2tzR2%<9z;q zVmL|8&~Bvi?sSon<@7R|Kea9tv|C)@_X zmH~CORJC-I$051co^~$t@=TMze^$Jc&`1ED;DE0ND7NdUe+Y z;Ums5!5ah2!Q7^8wZE7b^;U+1`fmW?UB*oRB$9*;(B)w{cFwAm zr_dp!sO#eF^n`6=x7HL83~By{A?HFp8&f$K#6)9?dun72T6(*?pzZaNR-sJLuW(Xj zZ}tLE0(p?8`iiOJ~(PaNH54^e>5IpA#xhxVE zJW`l@{jgEJ=JAyy>!`+>(mtT(?8GL$~qZ!~Z^XQ~Pb(Ec5{-?K8I7m=Z;9mUbWX!>^-apXm z_KhbV|1YbMhea8_AY|WV`hO-wJJ;u9zo9<7#;P#6Tq2~vmM@s%do=~OS-nT`^Yc@;~5_q*%G5H`tCRJY|eIp3Mo43cXrF)3bo4 zG<83Mj9mgQA0PIEx5w{qe(8ufmAD2H4dN_^{>}aG4bkgK@38hbdYPBu{jLZnA`Ky4 zccxstuo`{#>4;=9`9tsp-Hda|doKTxs4uO`Y-kZ$yj3+R;}7Or8Zh;u!_QA(Y?6Ya25=1)cQ@D#!Z3r|jD)oG6c*wu9B}O8%^RxHh;y2( z(#T?S!1j#LofFDpF<<>f@^VyT@Z1ox$!(s>;akDe^Th z*2JSS8}wnj`ji)KhIX( z!3QxF)OZyp_L<1in}P2Y8heq+&*$H~d6STkz)0ZDeb%)0WmbkIBi3;z)1tK3Hv?58f)i3Cdg(!P5< zI@YEkOBXx-{grDp_h@r%?XsE6U)o2vTAJ#C<|&r%Nc``n#;+(36dhAq> zAwk1GFjO3Iy0~-aeEI7|f)|hK?VHXDz8VY}T!g+3e+qupGXf~y@l}qHk8CWfHm{EX z`xeMTxS6&;z+e10ep@#80mK;ve%sjV!}(LyLSSZCPwcuk@u%NO4tL9#tPrTXs$($j zn9H7WFbPrqFrOv(pqL>4Qzps_qvAWgi}3VWe*N19#^KsvR6NBsRy zN5nj&s$Fu_A>2=*)+TO@nC-D}o^A0J<>Imw3kYz|YP{;ct5P_x=}U7p&Lf3C+q}d> z<$b1^ zi}&l-W&icb@Mph-lEq~4eZ4i zf1mpx!ptw<5vIJJh*ko#!I~E%br7#$Y(`ANMAXE@)ErT2x&y>_)d>pe#Y%CIeun>@ z4dU!`J}4g%l9v!i*C7<)!cY{_o(awK`${|ZNh8Pb7;9BAe}H%8O;Z%J1MCc!g9Yz} zYs&SHmj3&*svO!~oT^{n|Bx-)pH{r6YS|JUJH_JZy#hK*KISXpUNU3Y@UXq>3xJ13 zeyQ>7bY7CByYd!W?s>8HI!N&Uh{0(86@y`-xC1dBmEbbb%*AGkF_VcpLk`;}gkv#W z${neYnVX*Uj*5zkfG!#Clh^six3A-&HxBhm{PtXyp|5Xg zd!T(T@vy=FF@@t{B~xOtcIQ615Cvd4awTRvnL7^q71Y+fzKp(ou#>Zqsa|A36kg@k zqtNI^Rqlhw!ekMut+jY;UNjJs(8lbxeXil`knjGBH1KZIr1FYl%To@KMOx?Wv3Nuk9>AM_-;qw+oxG~M<^dvuCY33k3$qYt~7do ztsq68?UgwiXB(5`5#r(LYSGpAt0%_syu}uKvFkhDpJJMu>AqjWcliNqT#FP698S4@ z|L7OKJD%me`K%MP*V%Da_Un45(N(!G=4_!y{;MNMRwdWyac|@VLz-dh<)^YdrHS`n zDEW(o%~}IdiI$2$NhVSs%Q*@i5K`_oKf_Szx_&Blsz3Gj zIKLbtEY?WyqW|30%6w#a$>=h)blmUcq5gCV;02i7(q=L|Sf|FWFFK5ADoc?1g$nzX zr$oUX1r!qaGyL^M%_8~R(rrA~<_m$vYS$zt)Heq-eZJH;J&}PyN26w;kn+S{lEq)9 zUNZj_fa{ZKu1R4__4l}TJ)q{aHam2UbPHru*u?^)Qd4n?Vh(EK>ui+93bRm$~H4Ho6weJeB;hH5#}ORgoa_lZL9C zEnw4#BFV|PWH3gt2Xl>Ak3~o3g>~D~R3Pg$|IQ!l&XLjc7WZLp=rxst`rTy%5EObA zc8=be^-(nJxrQaT5pzZ+*j8+6H8QC`h!PHJr?F!n4XB=?Qr#STok-%cN>*V zTWh;|hIeFxjGB2C=g<{riZ#9TFLiTbxOX3Q>yBbsygP9f@hHil32&^Rs=1t{q2dvh z!;{pQl3J8qGHDAR=?MB_CxEv%pmX3He9NtUfHCn;Klq{AL`%H!gUe(c*KN};_Dtls zx17=6IIG(Gq53Jh_YbVNJRT^`Vl$)>0{>$d-*%*_1f|w5)1*3)ValwLkKt{TR-jCX zuhEC+!cz|6`1^j!m-;crqAkK*n>Jl8O=p*5R5`w>qTASU6aMx-&^#aCYk1>veEbiW z3?J+6HERaVlY#2;d>zXKgkFz|w|asS46bF#AS>USgCCPxtWZ5#R zFPtqz<(T*R1vM`44*me88+b_m4OE-=Um5)_>I7}px9~!Ta02VR4q}{<%iC?22R&u0 z6qNyszBh7xMb*-(78V;1Pj6QNZ(Jy^b!celWMwurbzp-NKOf(CRozEzpR$GAGA?7y}k7_kj;sh{T-HUe6RX#0~iW?b*-2|n<1^FiG(xFOU;Pq`gVqpJvc=k<5t~wPvkN0OI4*gp>t6kI4rWV_G zUpIMk?QI+0A%-4442^cz4IHq*~?CffVY@CBWpEy=3jb1oT|A18fwLFKM3@9x8PzF0QeT-m}aOR59N<}b`5 zh2J`Kid%$vyAvJw59eYQL69uskp$~O_)TO0>VFPOn1YrkWPOfs&U_K@%5#1L0Cpt|0i*xu6L zI>;5C;{PCYQfZFVLzlpvAnGQ ziiCtT2Q*xX5b&rq>6i$rDye}?LwGw0WqfTBONGR69YQKEiJQ6AXrpvb%W2 zIM7_XpuVu8wKlIwWxCW|fV)s7)w(-JO))%nL_?96gHXnclzWYhZBnyQX$ViH(a&FW zua3Bihe_1qXqf<-XA-1-{*^}ja-VpNr7J_IEP8l(2nU@FrA7;1UiZ#^Yc?%zU(oQG zi{CoB*|J0hZ5-CEUu)Lsmv0gyrt|DPHGWs|nRK*%>vnsfA5~nr;PL!97EJB=Nu5nH z$=v#lr>2P!vP`24e|0+mbB?0erkVlU_vwCsQ8cGMtl z61?aM)h&z-51(uCJ^}%Xl$lKDXINOMN^0P62L@U}^NJ1HVgx&otv8-Mc;+WDxFLdm zZcZN7hDSdJ%`N?a-kcBwV{lYkIo= z{QUgl;@o%_uI)J!TU)MyP-0b&jUph3jEx>usN5S6Fl>A{;1CFR3=9mduTPnrjKwiB zw{Jo;4eyj|WUz~ium~IfZux{y3fDmsBdZY*Cd1X0ZEhP@vwj@Bua=PQt>M(lcef+Y zysLik?&esAB-7@Yc~7iOe_8&ZZQ|H}Cdd*)S-toc z!$xFyhm#(#_iXoPz2lSB=k7nYgMb#wIlm-EjK@Pj2GHQM)*-cto?iA`la4#tyr67o zZ}Z*jZD>FS+n3r84{$0ZmmDs)T>bv_b#Qxs zfY8u_&u;jr<@0UlK|fB>mWSbx^O2+AcFS(rE*lt(zG>RA#kMxnCgPo<=E$huREjB9 zDw;gbZ4)i!cZ@)`mLm}5>xSuGg&RUIESM2I=IGO@-=zVzR*L@4>bJ1Ndi_9qFsxlk z7Yxovfl0_H2R%G1VwyKYwKk(H)P8G8!cU*UFSX1Dp3A`Mi0gE!1;?* z8reXNF2av>b)vff6zSLJJ&7vYY;XSQ|0`@LRXy-=L-b4?G>8B@1cmUQRs-Bv=r=Ar zZe^34j@vccFmZws?O+vk-{On>RS$hfOHEBr*%14&9yv%qfS`Wb!%OK;>KUVal}e)D z=I3c(U@b3yHIlg`IsQT4U?D1M(5)J`u|(BA5?rLO>UMw@lF8Kp($v-$32*T=dk?72gG`xKK{u)YqNQCTkcU68>mE7Eq#@~ zm_VX5w6i^8-?F5W=g6T8L(I#vDxQY-*G}9s%&WRA`e-O3i`yS_phZB1v@?6vJggrhH06Wly8K`VN z5b8{f7A1tr`TAy`SO3^(yTL6P&1i6#-T%8Mqn~bJIRlgHh;9k6}A zoEj;@#kY+^Q8&0W70n0Lm$O4iCuHU1uqRDyY4f<_lH4FV@2J4-bfWaIO{M`%(L^#V zwM++XZEekxXqj#cw^af+Pp&VjhxpFlL~c;Y`c>0OGJ-mOgwM#r6-*bjfTrvM{HjQu z=krraer|+yiT#4V5{FRLxbV#{()FKA-;oRrX)-W_w6v;EaiUJ=OOEDDx?7jT;|@%l zp+|~#kays+Lh1T6=Xh>fA$qlF)nQJ1f$dipmOVY_{XkLn3MH@_^9>lhFo>h-n&-H+ z^Jwel>*r-k+b}xF2X)J0z^G_UK_eJsiD3HW!vpy%n-)y0lNJ%uQ8W50XLWv4NmpMKiNmc% z9fp;UFYvdYeyd={N2YP#3<*0sMT{;de+R8Q*H-0{AUJup2_p%=-iwRhi;3&HkVWQ% ziHpm`M%HYbKS#?pKMSt&SX~%@HTK%F9T|H6Hc%fvk{IHH$u+K%l<44*vex)`pb_eG zXe_ptZ7o~baXeRZmMog287L~?si zxAoHA#I@-eD-ST>Twp&t-lq0W-75Q;KlB>{i#|GxmVrQx=5Z>JrT^^}xaDR3?*(@;y z=xYbnAhc%&Ag|MJbkS6KMeU*8@qk&l*b7u03B)Y44@S0EPqs%6QijGx;bkvxaayMa zXD3Yh(Ti5a2@S|+js3Y3Ei(ETx+GJ+ZSOEwG65=N6pq8>j9fQe3xNx;E- zi`^K8HFEiBHOx7}SL(qbs^NFn{bsCX$S|3a9ircfLtQ;8Iu1WFHdVm}>fqp`q2c2a z&OlrCH&O@9+7!00V1wLIy(;eHCB9j@= z#KdmS#nuan1Cx{Ux|O_Yx4?MxN*3OeQL$8r@F$kG-VHJ!IQB2jZU<8_&)kw|}Fm;5Q+) z8MUK3wWHS8meJb3q~2gl0l=9~nwW?JT`dbgGZ=2B<*{F!peas{$ftWacyM@CP=G?Q zCXybFlId~nn#z^4iR-)dve%Y$eaT1v(yV?~m4*%V6L7Q-`4l_cehYX=46N$f&QY?G zwnTj)mAH#k?_@BsG<%a832f&{#<$7s5w~P2W~(nA#UFl%#RMvgo|WgO<$o+XDtwl! z`_A|+gBw{?P2-p=38pEEi6g)#LtUDjKhRFxojDc_+6-p#Gi|d;JbLJ+!~C^M7Z>dF z`bz1VJZVeQnJi1^1lJKvrYSi@IHT@=9X2%`cJrc?`)XBXPU)Ulx3nk69R9S!H`=7v z=Q?!?Ltvuc@qnViG)D#5)@-lYwh#_>CcikrV3)B9EnfFgYO2HAUyoJgqK3OxY8MWV z(kkW%g7_}G3hcbAJ`=oJ9)*4Upb1fM8<9e?d}NnNJYqf)iX)no_CR(|2@IV4Zg9gug?sI!Mwcrqs}I9AMNG-T~D1cIHMk z>l*zL#MkAl{r$@&KijjbqQzViElc<*FAt$*)tcrhgRH5yv+Hb;l>~^Gh?*fHDppY; zRWXUk++6z)5zpxq;z@;4IxHiJQyp+ui;a$nh)88*8YE02G$$f7FRb3Df=Wp#MH;># z&!8ZqSLBKqWMQ2kt|4e=H9K4xP|@lRD;Zp;<5f1RR`OtsjGT-vteM>YK36zZo`tAx zb!S}Y6m!huVdkI}<(J@OdMIZQV1f+ROFu>^Dy1;>yBG2l@pP0bsDj<#x!uRd8!r{@ z64c6&pWf}sC`SUk6q*hkD-P|lvf2sd?5(!*m925%zTzjc-DHVocm(0??F%+%)KSoqk;6Dpu?_)??2U*~#EaZXP61 zD13lhstQ|Ek(kpGrly?*2Nw-74qryb#lkEZ6ty=dCQkSU%;^ZtI|~Ti8CZLE2Gn8BfQGG}N5X7<3dtqxz6^Hs^f?W$E3pZ%SIu@O-|(_aH0LLinO^j2OL3cgLm zdvSAebL5bH95yC-?SMht<2F2tgp%)OuxIa}PdrJc#s=3dc1tW){jL^9hez&cpW^dgk?Fb6j$r}lSsGfZkrX1FGv1z?tI3;}vI9eEJ?M9-#q#}Vw{#U!G8!^U zGJk>7@{RrZAAmJ$NqXzUiFuzI7PU(30$bAcv;F0m|BeX!8MuFG9pX0Ehwf&67E&Tt zLOOkZx!ch`r8Qs~GWy}Fhk-R;nG(e|+E9O4pZ$m_t|~mr*H6eGC8t#%)Bp_`DDSrT z-D29CeD5LJ#<{ehsvit2dxmmWYDRvoBI4pKU9VHXtB?XKz~RbMhKYbcT}45)Vh6m< zWnwpQReoVaNCYSozV-8T=I8H{IbP5d?*dpO2Kg<_-vK^ z*0)y_j9SxRx)GIeY|9WGW;`X6N7Z3@Nn@8pB@H7TdYSg=_g+^^ z^{N}3IY0PAGfFv?FLN*1wE4clKOFzF9EK%)Ynb;RKy3BpQ4HWRo~!dV%<8R1bS;k% zck(&iw=!71ywDEt;lFS%w@%J*9PZh|xmc|RbPpoC!k6-gbQ9*NRxE(6UVcqn>#`4$ zczX5s$(2Dx21CaAX%|YM##=4jY0}JpTU;Lar7NtYLeRuR_dU?)9ttDTueF&tMT2m0 z5K79K%F2~?b%KK+pm<)q2oWVGH%K)^Y?c^ec z@r6SPa2v@jdHl?>dJ3gK$5e2Jil$4kE;P5*X+8tNGXW) zSZZ8a(n>E<#Ad5D)(QMmU7W802nHM~U)o}JS`pXlA~J#A+A_C-7lV`+P(?UGn_FMD zy}nAy$N*-NMGw+p_~^36fl#ez)j(Zdj5s?7_!nj3m>?k^zsX|dMygaeK)fzf1fv(q zHJX0C2It`$on71KNc!2LId?F8f#m`Q??E~~!|?|-{`a9|#(I)_U2WKQb%qrXICQ;o zN?y{i*0p9E_2Y4o%E-CDj73>oY>(qn*JP!Y%fbE2!dP&R<`vCzpSBHhOFbgN;qv&5 z89L!{RPe$a*TZT5T$Lon zaB-HF%M2Wbu#e!plJKRO^6}utsG#G$^vvK5^19PkAq$^a#<)KQBJquQRvga=jF0Ct z^*$zWaG3i0e7eAu^g&m~wYA6?Z{}Jn-ETzUX)4n-4BxI@G2LHF{%Ztb3WWWJRbT(n zC1IMN^R-m_8RWg4k%NO91X2ZAG}QI4K<3SgfrvR5y-&MiTZf63FRHRJ;VIQ$IV{8U zhvFut44XUP4DVS5{&|)=S2nOzk$iOBcNanv@cZGVTcv_zd(FgGkqoSKR{Q!`6{InU1Kw*Km_ZfIm$zo%*aoFM|p-4PnPyG~2xO>R4O z_UNMG)9R&Xju68_q5UcN@87@U<58x3+1LantYUoMieD>QX;_%HBaWrzg91Z%*cj;5 zvcR+Y%X3Bs2+dMAqNF5LwWt?!-`k5D?5gx%B`9=+Z3vre zjuz}qQZ9w32*WpQO$C;oEsr#4cxUIA(M`?pbIc%ab{$F24mr1!?Lfq7Wc$=00LEC7 zy;>OL!K<(eDmJvyjD=(-q^C)*DOHc+oGg}|V;V4JsT~K%$Krze@{f7ok|BCjfm+cP zTICb-c9dh94zS&P2VV;Z>5m?!fyxn84aK%oRv|X+ zE8n>)UY?c;VRpKw<%1d-29*OK??K76Bk!TtJ>`;tNB)w9J8MLX#i(N@?G3L5Sx~_4zshd&>B3I=H2aH$M8+U?F6eq4~gGiYaHO(rXPjDEFgAy zJUyYs`hk4Ro()@n;#wYU%KPeV5VUlsd>7iSC#q*b5`!0K3EWd-Rg$+RyIWn(2T7@5 zZ6Pyf0|-mE`+mt`KEc(ql6Mv3C8w*_DDrb!k`QKz+kr%aj)r56kM-Z`r8pP63hdjj zOvlwFa7REW-C4@rCQXe>{%urbVc$&02iyB0ALQ%kmw?B1;D@cRO*EqyhV}bV=plOg zKO~V)VtO@zBe22)@?Z)&I-y@Yn~XEEi{uyh=%KTJR4OzM^(?H}wYhByJU~C#o;>(p z9g2G{bubKZaoP6u(KK~jt+WQ4>;U*Ha0-3~+WJ6gKW~Aso+|=na{=$vj;Hvp)n=6P zs<9Jdifs_Q6G6zStsRK0tUO$pZL2`1W-8T13hl`g8(@#UOeEeY!{NLn7SP#}!z$_x zvz)4*e(SfZ#HSL=BrMD!CL)hyu{}6&yvJyP9v%6I$~F8v!1{)zwL&b$_S?IM2YUxQ zZ~Ik=Nk})CWLeRKwwj(Ew(@y$i-^QrcUn-g5i+@?CT=kH?RnEg=M)>bN#7rN<0fNY znWsRSL_(aL@Lrii$8wXERRWmslXmZwUZG7Z^`?n9e_;U;CGJVG`-*H;Wla2B1PZhT z{AiBw1(k#(Zy^&=MU72aV90YQu#M(yGlQoV)D_q>_q)?k01ffAoZHO(7Rl^ zJ{88N)7E@}O89;xoo2T$uFJ^uJuKLRt zvo?XIY9UquO!-H;2=$Q^Rvnzkncq`AJsFdcgc*^OM7S2*iaSl#Zs%@A^^9E2Qsk7R zC55kHy3=Q-JF_!#CwcHIx5XIH$VCwpIw3{g!29pjzFR4(KU6znnPK*DVWBu7bxP%F zJ3WFNL}pYMzH~I(*m<^i40L^2)1%E4y;R+eb)9>*?_ZENd~_b~dFzp2AQ2q+Yic#1 z$@CYb$>$zFuY5c;C*O9ZBfCS!0VDv<(qjPI0EJOTD20q?S{`Pq`SJFGDq(vEfPE1K zLDS$(YsZ{)wD-J!i9J_Q>JY1ut7g8b(pO(`XE* zh=E$;Ae&Khx#k?H-~z0@(?u3Ego^KR@mxI};Q2qoNcM7y<&eP-0B8 zv}=@=4GDm-Xp%69mcS2xOFHiL7PYTH%$1>P9vWT&distAh&*ON#`btccMJKgTDGZ? zHgV5XEGMfsgE#}8Q-e1z0!`G7lpTdT*a9F5`N?5@YzR6xky;8PXH~l-re#2V)}UZe z#O6E=1A8X-3Y3|5s_`~l3I*`C1x6Ci&#c!!|5w8_4O%fZ zMjmniZQwMl9Pz7FQ@P@%#te`9*@HM$(Ot30w635RjH||sU;_^qN4BNu^<3V z)HTbmEsy@6ck>}x13f4?2jxoNafS&QtyiYzaNIJ`3r$H`=nX}(WeX_#YgPW>S#5(iiHf+G}xQSuC`X5iwGE9Q*T)wSv;tf6Ow&Qr)v7p-TE zDp#P%GCV0fi#-i`F(R@7V5=`eJW=}aQiOwjSsC)3f&np!Rgs)LgK{U)>Fyu?-qXRs zmC)hML=Qz9vuK98>Ha}*;({Bv2>gygJx{Axa|4x(U?0kiz~QmD8JL(Pw$!kTVK?x; z$XY5@PW)JtUFlr>I{Rqv)z1>Dey^jYXP|4j z4=?)zSP9`yCF0f)7K|w{l+aHmkgSuz$X|){RLNpzGC4y(q1+Ukm z((cv~Qy`;eP5}~?+-0}BqK3OMQ^K1y$ z9gg>ltBlL6?oz%G27VB?h%lILOm{l@;vDR4_+K)Z)Hc#_fx?G3@Ks%+u9i}T4I5x# zD?!3JtR5py{f3%2r_fHRVyD8c^uTe%mQ@)5*rRcyKz0J9qWYd9Oc&ba3Xs7r?V<^( zH^Qb6C~dunS{0&HB@>Dq3D<$Vup~dN-70mSaW2;VPSb*DiCygxac zzlC0MypjMVrxp(?t470mBY_D7#Dj#MYOV>LD)l^)qLm*i|6$9^I0gF-Ja1y=7h0?SZw6J~z$B1tVT?E-GRAO|UQnE6BSC?oMKL*J~YV`9= z5}I{mPgoOH4;q|h`tN1#aSCnb& zZSy2zY}Pw0VcXNWsp}fo0VPFgKn_V5ZueJ%1`@1|2NYR_ofvH7RHGro2Dy-CO3cvVr* zx_IA>oZ=k30BdG=slyJlml^kHS{9)D?HdOEa$f4*@O0~n^bkJ}`3`>#H>rkOYnNHI zZr{J7`bn`SR(-j53I6cvh?rY=@#%u!?%%~f^OsKb73-v0eTATT?&MQl!`l8559q9r zv8GA_kpm9W+}|SJW-ZsplNBJzdvsS)&=u|ykjFjwA0Xq>u>7a|^)19p&MAY9S(DT| zCHVMr`j5FOmnI%)!dS|m9PK0+F*#k_%Si3yZel(=iVS~0gT?0Ep?T*rVZYD>o^<_$ z@QT$8FE$}QwmLSEHsoPvPfq&^{^dQ?vqxB|i2+1Q*S(K6DH+Scj*G>QOO*eJFki3B zCd=fytltIOqIV_+CakZeUtttVTa zBHgh8X(gql8w|EecbC8>HYwepAl=;|-3`**#W~0G`u@kb-|ijbez^M!u=&NRIoF)e zeAb*lf#>&@#bj@X|S%$Qiw=~08m#BOU^T6LSbT-+LV>*fv3tnyK~j#_R}r#Ql2r$hI4R!SloWHwK7 zhOF>cifgUZ#?Ltg5~Ia37nDEmp~pOgESqGp8x)77B1c!h?(B?4>{M`y>pe?R*NuqQ zOn4M;RZCZ_lq036;4hFE5tq>61Nvb+f@JRpNf)Pf*1%fen6n!&042fcbUf}*n>HG^ zJ-XLc^f~6o=a|%w%8?K#C&6BWI`eKacbE5>*Og$S8CQL$j;r0vq^puN{TczM+~xUt zEgVGt=e3@)1xbQb!L;%oQj7W3ayu3*DnY}Zq=%}&A?(uUgS}c zDB^QQLxW$#d0bq^Qhr?$cTVm@2pyEMUu{{VG?KW=t;=J-tJDS{qy6@mcJ`X?R`lAD z*5LjSYDno>wY7Csb=1HmT1`6*Xz&yII=bYqCK6($oGzJ1!t^Na(he zF8rE^i_H4^Rv3}D4mD#v(y3~QGSs;^UH9Ki2=ur zxO-YIq{~!#TfR`wP;2DI1zRq-k(UR!jlR>W1;nN*u>Tx4v874mB&r1Da05O!M>91WKQfucyr zOlf^hWnFc3U1d#OmgARCoSW*_@+(lbok72Q2HLK&YqF2*W#9=au z(pWLeMjDEYDA{Bcm?WVfnA3bMqAxC^KrYNX@gf^^UraRldy$%=r?WMo1wgQLRQ`L~|vJB?h?(W+4 zP6?1X7!u}K%9JPMDMT`?Nv`gimz|%PeTaRP?a0By?08TX<-A*Y>r{y_GJpHDsPF!%u|Xh_V|cX!h=N8WTwO6h9)nxu}{jIWC?KMrOajo$U{^5(GK>DFJ*&g3P? z9;KDF=*Ws0e)F@r+%j-Oc3t3pC&N#N27jUsHAgPBK-_$58U{ql0}B!>mTG^8LtWhb zAX%Q6_A?MsyFcQ-zSp2y^d37lS802t4IJOkImmyRvDKH=?vdsVo+kldqvyaiesCXX+wenTaP*+oTQphyspuiiX zhFZmDl+?6K7+2<}!gSU9lkHQ<2C0pgWf-#CJ96=CIh`i@SF#|wu4wwDv3n}=vFhnu z1;~mQx?0Z$D*a^Y9y)@mG^x3{sWrK&sSz|wIaYF)QeXEEEI<@GN~_#s*rDD)>(MD= z-skRY$;d@DNc!?9gm@+NqFW;(Qt7cwg+N%AwyG(#JqxPq`w=PQ@~AX*$Xq7o zjT&nKV;XYw+5JtH)I8CjP=OYooK&40h7dD*W78hQ$4}`NJv<}RoWteATv=*dOV6BE zs$(Ef78dW#(h-{bJwYS_$7{0>vXl~Fi5^!AQJ|u8?a!-=CZ6nE{;8K)3;5HR*GXyr zu6HzRO{}FZMe!>6#RdhuVGnKNO+78xGGchWGCd%ES;67Y7Y*D=IGL%Fik& zurV`3X4?sqqs-jv^#AGSXUC3>GhkFCMnp(+PsJ=j44ascBwqDVw1(k|HP`gYYqRW> zM{k0zHfHP6exc{-)y7p95wjP*=+wCLJd=YUVmvqNp<<6}Qc})wFFRiMrP1^P;l9Z6 zImwleB5F8>#X2&piTHGz^}pJ*Tqz0?{A?5(>O4=L6T$lB>k$d9WfkE%a(LsQ)N6Lx z&HCU1j|4mF%j=4mfpLqPNwysq%FE&pjrQ=D1c0jKTJ0}J<|h_q)9tNJWp~x(lV<=9 zF?k0a>RwY@|3*+yw#t4Q!HI~7m@D)1^MkGgCuz}PQ1Mq@5(Y-Oa@dI>Py7|-gf=-9bm))h+YY&1{?D=yg~&Hh3W*QhrQneHnsJ^>~v1Rf7f&%{koL2xocz z9!^=E$W_JUOQ}+q&@tWj|KqhNow&s;6gd`^gA)TIrYAuq+Mb^Hr>AaOIqhpOXfaO> zAKLGX+rKpnCip_$Pc54$GP?}9Y_}Xp9BmU*?KCg(E08#mNzJ&l75&CnaIrS{d5s=V z0i8N2+|nI=lQ)duA$C<5A**Yy>!wF zBwA4&^xbEDMf7OE#u+?(_>XQ9{Iu3kzl)RcNC5of@ox!O??LawLZN(EBpS1I2J*_y zzA%Ev#mAqFT`Lz9=li;j1Jpciw+KQjc73l)WVnE7ma@0!_}!gDQ#gtQyAhmqss)f; zpXL^e;YRAhgm$F^7{cF|q_v6*S`q#8*Gt?#p7vkG-OO#wL4w%77uNN~0TfIw zcL@Kv?He6PAp86G*Z(j4?yx&2&P?)0OXz_7{cl_N%~=};gWdh>{{iX_;@|X%D?q+` zl(*a5ryRZ0)0bR-|4Z0`>8Zx8^U`WmPr@-%{ z(_KAeLVt@7N=3Of$eK03m5NuH5eh*)?p`;u0BI|A@n?@F!}rA~g2(ifRnpkv^;5fceF4C_q$6;&PQ+j=ZTXQ-;)z(m2H`$$#>xEmHM#m4msynQxPb;p*5j@kU`AjdYc2}j@6S9h;%3#4M0p!ClUY`$&C zG1NO9@#uKiE1Qb^Gty{)#<^_LA^TPPpr?u_y&CrX6;`$p^{6G?9gU zxjUL?zE;NX#B=Dn`@>g96=be9=J0gv#hXv3S1p%0EO`%s^}fzkzXd852-a<^W;Xj@ z{>q#oyBZXWOF9eL^!Qp)rInDxtXCvf)6Sq}H63{N;2(YP3v3JxRaI4c`}_8Gc4am* zbp}m-AS37H#kRMzy?s3EtA^yugG_qWjNSqe@0 ziPpI;QR*I-&y%Qlx9t?m%4*`xh*jG*#(Ihu zn^iFloAd4u;VV;1MhQwr%6TT}?zM))8q)@X>8?jgxW`yYsXUTaFsp~fPwaZ2-e8S7 zfpPlIHox@g!Q?|2(IWNXL#s6OPTRy8!Y>18Vv=_%D$#2AE~JuNdA0=pSbUfjZ+?m@ zDk?sI{#->ROpZptWoH&7FnmD5?=buA#_9IY#!ol9dJ8y{H)iUS{YXT-5`-h;;>L%E zB_emYP$%oF4$wY^XpV=IU3nSq%@Y@?I&28BJ}A*3!t|4A8v6$KM_pohA$a94j!~;# zaA3f6uorjHH0SNo`9SAn)iQ?DCSsd1FtfDdNb*y}JQf zyyRJ9SvJxw9`AH}<6ykh^U%DY3Dz@Fpcuc#?bsA#_$(Xt_G~F zfk`{-Bg9`MlPIe5cqg2tT$Nf_fJd2Hn}<1#2+x~4+T3M1&pCLJONqMFQGC!UUG8xO z$82l2kU(us8Hesm&$*vm6NW#d!i&>nc1t3e>2gN>$3U zx%&I*SYod_uj|;zA75f@GkJNHjWm#i>b>)miXHueA@zIL*%AZ=n80Bv2WRK#s3`04 zlD3HnP#5`PKv4wq!GoxdMXkKD+SU@lp$Lvg^RY$%&h3yw;ruqFv*{=4rm% zohUCaudAzz&#W`cfL5VcssVMpVeNXurj9UV8Sjg#`h%#7S(|drZ5liG!@gAkNZ<|r zwAJV75@|3>p$&4oeGi9IQm;qRkho29>@I?YIJyCgiKLeuV3boOmY?`?%{pwLxN^RM(E{jHO80U}MKja(3bhZRrS} zw`$}M`^gd^it@KO?K0UuwXa&c?co(q|FOtWoJosBZxRs`%gV^~_xG1sjunA~bDI<8 z+oOe)^z_ItU!E3>{5m+$sdDgj^S(HB+{&j&RFL#y~+WFc~u$*m^qAb5((^k|D8ZUkG}lL^iT_u+Mn@Wx3I$x=>;#6X|9oyv5f!y;gk~Du`n8sfKaxJb=ZeLkt&JoT~G*#}Oqq?v42Z-1C;jAYSUiBp>Y1tKJ ziR)P9&L>B!8grUNXMQ{uTrHbFStVZJS}&gH(89G;Z=C{(Wx8=xllD3;wO`h~oBD>y zmXozgT|5H`yjtNIC{q$DEEP%=a!V`ZHyPTO)Wf$LdmRZmwaH#!@xO@-tMxO_ez)%N zZe~6B(wteXh&=T(RJpuN33JFb6Z!EuM+=ichlzQ__rXn+ZO0zL`Q2s#Vg;%6OhiAg zHQ8wSiz=(;&c$`{eJYk?v9jy5GQC6GR<>9#`)O@XH>qZJdybQo5*XNtEMn1|ibR>j zJ2?VIm(lYy@wLateV6|(ocxXCeQqyGtXvt`#W9JwH-Ha!b$KyZuU&3!>*@Hm{o#l2 zU+tF_PG?UK*OAzX3N0Gu__|lS&eX?pg!{dzN&<=|tDHpPEA7KJspX$q8WWnigW|VK(Lc^d@oTv`idXET8DdtM_@Sd`9e4~rw0NJOx^2$ zX#<_~9tq})j}KM>ao#f>@+0-f<2Z7PkJ;;`TMRz69>vogK0G;#H--C5hndvx562SG zPehI3yw4R9Rs)4hC&MWD(@LbsN>ye9EuE_0IfwkSVBgq~GyGUFkWTL}wHN_HZU%bT z5=`dI&LEccLRPlp-OW2-mFM(zJGAdGSyO#w{zK|X%ADv;U3%?lH~Wbq zQ6b&UL?*Ymtb3+=yh4e2ASthvqj{}CFu%$Eo%+)zP=nHo%lg~ZhPMdfFirPTkB=U@Rd`JHVd8eQ~iQq(<0g`8m~H`Kt9^`U^$Ue zyY31}q2%MCal;d8?AkgX^)|!{WB~sgsw0=L`QSXGhh+WF1_!Uj=WP0ymg7qVJY;ae z;Bgx^&ctm_r~X0F`raQV)mzOYV_RQ9#fPlg{;a8im_m#3V>K4x3PB}3QOY5M9jz0P zGTCVxy9+C^LaiOs3&Rofw3*w}P%T(_9Atnj5aQrgW>H`t)A#$XJ1? zD|}5m%WNNu5Xu0|)jdkd5-aC(vkIMM>ZD+WiL^Is-)#5(YX4B!! zroj7+GX-P#sN~!7RgB;s&(ocN-2&zVS94z%Rm90kdj3eiOnOqN@5K+l&(DX%>k2mp zGW5@9#L3YDO%&rZuyz&Wr%%sTEevzIlDIt!ibcWyFEsK~t?S!_$N05aDwH?M7tPhP z)TXXVR@LoX5^s-2j)xFVsT z){rhBfO=s}7@gL7VdWesEZDv)2WT@_mkhy8O`Ztdp z-D$4y&IJ-64e_gg)qbC~Ce%{Ts;;iCtc<iCm8R`8Ne1A6Xq4v^%}jS47JT z>7$vSP+pYZadSOU38%3bas9N+BOXbFxsgt#>l!8D+O(M{aOT?Q&T>BCquG&^yt!CM zIn1E+2$_rUdc%a7#c#-XI8)wqb+UXRa(QrHx2`|(VixHeMX?sZzDMBLoV_=SI*nm2-zm@1LMK84_R0-rW(Iq`B3zdho+uKw1yO?zDUHaibDqEy1Dq48kcnQ) zEJ>?z^_(){4q*imIFHvM>AX(-DvzWa5}1e|_+2#2{3BdB8xC z4);%hb)>ZwT`ep2ou>i5qx<}seO8YRu%g|NO|3kUdt!+B)F1KbgogSHyz=To6U=WSbbxWEjbj9|FWGvxMOF+EMQJhniL8f_m*KG7&Qekaz z}7eCWtDMqi4rzhcP+Y$Q51_nBOX75?^~Xf$Z)XmGCtD@JwU$JFI8VR!@0J zQFxB@mEmC_A&m7p71T{Wd|mDMpunG~CP_`YS{FY{Ul{ed>IaY9M4ilFx7awMa>keT zhT{<%*L*9EP1yMP8Pto&!DHz|t6)kn7se)g=&OgAbxBa_ucE8qTJC2{*>4GS4Ph~6 zzeM_$Ox1>+&V=%?7l}?{f8T6!^MIB&;*D8#n0HP%rHK$t>Q#oJm594D>d24M9W0TH7td}X405X-Q`9W-hSAlCEx15o2uQis z8nfEF+d91xd2`JabOsO6aACQ`P^g6Et-;m@GDbK*=zO|-d|0QKuLOS~d#q-DQE@zd z`}RxOqZ3aX;aVE|rOwzks@M~@<<9sR^o#TT9)0f%MBME^L$+@CJAzP;VAH4_gGcIv0(=9-6~o3+@dv~vt7 zxYK;JvX2+qcem&s?0cNY_PG0N+W-ykcF<2(>Sp7paG5PX)K;Y3%J|Plx5C!69wiIA zQ>$7RvX;e!naF_mhk_aKf=$q1p9*@1A1jd>@ z=lMvWFkWo5soWnkle#Z$m;@V4Airug>~fkZ`OYxunX(@oS7eyW*XSm{bU)eiiItO* zR|6$AA5M4Rz{oLX3!m5ScZ06iKR}=SXc26|Ha;|NOjw%xwUJz(1e-mORv0~j^K~uL zm$cJTTM}m)a&XSTnIGDP@?Y2P+@XEY0_soC*pHoP6mj6>lhSOj1(7Z1&b=`)!|x#6 zXEG(Q8NYS8<>SHP%UFQ;g2rSigj7<__5RL>zg=oyY9Sim`ja<2uy|Xhxf0c{@-&Y# z*zZ?3x{zgN2-0zs$@a)U^Svq^n*F0xCy$)B9A1y>)4EOP=%MK*MhtC)D$?I#?TvWe z2tW553QMr15$KGy|BlG!2vbpc9?QwxtNs*PNz+Xk$-2!l6;Sb^?7cPu+g8u2K{t+; zhU*7O0(FI&DD+i^U;yP}QwtB9)exKahvbe*)T_}1iD>cKEJ7}A!`LHL*HfKm-z($C zZQ&k%UhXg6!EY@wCX%gmXp0f{xG@n z4K=|LkPYE*r7sPORIrutDHa%n!>3Sf7sf3KlUq3HI#W*|23r>k7N#dm(M?ks?&P;| zv=f$#Gs9($R^8zCaaGD5k_*(y@ z7oK?EVsL1Xf7++V_e`J1)(g}9)C*7JVN^_Vo-WxYZfzi~J(m_RPJg%IL{;9k)-e}igL_K1_#iZ7pS@w}xwv{!8wj%V_4tB`j_CA5S ztZGV4jUYc(|4?eak&OX#VRn|)d@$?FmoN1tD@U~nA|(k43C#h71A8z!c&b>Rz|;wz zDz~kU&_JZuul7TP=$_!(<>j3A^niO8p(*>+zL}@MJ@q|o5w3%>sj3Go5J%)GtR>MA+Dut=6sQ!F(oa#Iq3*CX66(GTQuT; zlUjU=YLoAv3%ftYO5quTEprb&=R@R{U{qU+|B=>?xOSQyXOk>DeV^OvVxVWn78hap z)oX*xi?x^OXh@|?v;LUp`4&=!OZMC$%|6Q-cNpkD(e-`Yl=b4|n0r8c;fD;#*qyQA zWfP*}iI_e(h!6YfU6r?7VVjhqf!(BH_7Ns)C+pTuz8HfuaVXfaDl>T42uMgbh4xY!sJ$IYJHI* z{{9%z9hm6oKoeaZ>R*YMZ&ROx{-Je*+eHz9FUC6D!~s*`XtHUtSgBpxgmAVflQ=#8zMzQ8)jX7-C^e=YE%=X<#G z@-P^lj(Pwt2MdJ?Gw0Ee$o(b!3e)A%yg89#994IUF&Y1t^51Pz6uo z2=)_f*Sbp^a_hAB-ew5(D8mU}eCWV-2#aNhud-96MT8o=n(De+I)9 zGfBg-FTgF^Gm1nUee)8D&9Ehv_JfKKq)GD?NgaCB5CbCb1C>+P%2Vdr)m5Iwjciig zY9hi|$D$R>Hk0r>jSW6ir3@Agq{9*4<|Vlo_4FGpOfW*xziVS6|B}wPuedlMZpS+* z*7qZllJZrM0B49<)#>%OjL;RUzO{YqSqPRZWq&-JXtI zY^o%88bjTJeov2MR_IcM$9TzgJ+{))l<+-92(}2-l(D?fb*x6zc7Ca0l7h#Xd)ydX za@;z*+(Y*If5fzIZ4Kb+RvqAAer;G5vOL;}M*(?XPNed86sFPb6%?kXrlzD6l9beK zBr=WxZ)Gs*52saR=irFdC~Z~UqYyGQyl!Dji|OIo(6eXH?%lfwP-cfSy#`PPYM{Sg zih65n3(??@&%zGoefTw$swcxJ^^EO~E62yYvrGS*JPIdG7*i7GACO84ypeS+-XB_8 z^|tmmgPK)gVMlRf7t>#1bo+bF??VV{bSE&w(G#6tv5bC?+g!9=$o-nMG6VNLS+L#i z9N!2b4C=BZS0Q)FA^+=~6AEiCeugMCQsx&l1*knLTG|l@JO&1afkYWZW_a;sMvX60 z>FLwA@$uR(U(Oz`kEp7ut{&C;h+H01GBXFk=6?Qs1`Y7@Gr;@uDYp;yITn{@w&+N) z{Du8x#M07cof67WP;-9Wh~)S!(v$OrhfSge$GU3;Wa(3*RfnbwOvD*eawLBTb<3&YHs=SO@P+~Li+Q^fK_jgub|R8(Qi zW<5itInsuLW%r~EJ({pChhcOqUdfE@W}ha8FS#!VG?FN(?abpYcA$}t=POI4WfztH zCgvQ`kKr{dkEsP#h1a9eE)oTubOOSZcgLGG0Ix%=J|uf1YHPIzV(Ik?Iye}wBI)X{ z_1|N7g6stv2w1j<)7En344OG|@Re63H&Id5b6*q!4!TI`iaPfIu#m(}$kjrlLS&eA zDxN|S0^?kw!!A%n)8y*pi1kvrPU^lLvwt~U0e-n8FfdR=ae}BBv17o~cxi@D!5n33 zG4O=RYMy!*HEDL|_A`m9Cj#1EvyGiIuBug1)&vIDt9zw;JZCJd&kH6*<;UXI^K$EF zB+A~-W2mNNOh;5{4PUEK?myM&n&V@Otc<@J41xgE*wU|GXB8LkCkeUx`S}^KYsx>5 zp9fWjyxVkub8l^Jjkv}xRLEW7nr}&q@DZXA#jN-CO@y=~%<*+=?pqqV(ZNQ$!+pqy zLiC4J-W!6^uQ(E>KDfLReRfO8txGedcYSi#$|6tKrBNqH%p`%~W&R|6SKXuSX@+jY zW6|x;V|opgBU>0a``b&=A;#*j@n7^bR=jl)Q5Zdn9iFj?-wQWYT8Ly#VGYy!yi=s) zLO*wa_HMbd@vLWYA%TI8cX|KAO|wpZQ>^}&&HBD3=6i5qgwTZPl_=5tyepiOrYvjs zbsX~LUMwDkcx17~uJ{u%p=eMVo%aw+Qwc=swe{C4> zt9DFxm!D5#PN-WD_|>08Xt=z&(h14+{%b)reD0x_?$n47sp<>+OIs2C)>h^w(7~_s zFPx;}o7-ImqNiNJ2?qxTVcs|Iv3wz&FLzTXhroS5v#L#>JY zZO#mXrPbcv{t1h0ZIgGn7wBP95wA``vmf#C=pZg>u{~YuP+`9_`>aw&VeS0+y2#Z@ zPqO!=CJwfld(4HjB1O(Kzs2R{@XEU?H~Ru$Sw5+DWa+vXg~b?}C7e{HF$q`e^6r$Uc2 z*~J|g#~G*secSu+268L1ASW+*Z zhy)nO6paa;9>i{~nYS!YFbO`LPQBUr(L8lmE3lqk=+u*Uisd^qRkQ+}$n58BZV{tt z#roGrex;5)EZ-*X{@$c(Ss`wl(~~eMBrGZ-0+Eri1%f01fm+xf+X7ZXeaH4To1yh3_a#kOIEZLAbKJ~N+NN`d(s7%dB9qMd`F?2}3ay5ITs*+QY zE4NSQDl?tDH;$=R{o{7vi21oZ`Gmh<#CUmSC|;CI$AWnJVwF4EH|_hsM~WPhovxmv z230dLS?W#{n3|f>$k(X^!OoqXo%NA|nR@T~)YSL5UsTD{Riu+>sHj4u!8lSjB_t-c z=>So6pn|ETv&`PO>7PmWifSggWv;S*C+G}i=hwf=R0?jcW=4%^r|!p3A}CxD{O|%a!G=*f`A*!73%Fu-3=b3kvd;m>bhwH%=f zxp45;7vQ)4<3(IsK;KyZcsdFS>wU!EOqq|@*P`6N`TLoFnQx6x|NpIEN&Md#CNOKC zI|zRr4pv^zix&0oi5SXOO~G<8vnL1BUaL>W#2W&h`#!rQ=gKU`=y>0&2>sLZN)_&CNeu6OX5x8VJE_L{#aKv5e zu{l9PS5ako=4>C_HXPINJ=ZW=1Z(V-W7d<2l=I!j^B+IX-3d?7{RE+pkT*&&e>*4` zNTs}$m6bdY5}m1=YH3*pc}EeR-WP}XQ^PbN>^^cd`-g|r9M%(Mfv~W|#4gx49ih1K zGVRBE6^uQ$j2x8eLbV@lT}1s@Qrjas?-ytbir=F=xfI0fNt~xe&^;38s-t6v%i*8e zPD;Cadr{FVE_sunw>mw%bB11_^Bs!+j2jXr+tzmz>xr89?r{^IOCMG5_GVLkPKY?`m9-f|8+Wyw*Vic90 zXJz&ES0H4A$E@?(!a~4myaceGLNfs!f-)SK?kizNc%Y&akOP&rblGSrxC$}?nC#%a z(%(pEWB8^x_#0Ij<-MLRWvOMHpHYyb0_>V3|kcUbE89+rvjbhQSGwmU*@+<*N z4PqW^7gyJ=c%JR*?K)y1w*wHcUha&2o|MFE`(7?gCS9)YYWwPJr2cYoZA}Ks=Y1)N z{QBj~Tkvi!ybv0~aMPiBAk;?!SV3e@Tr z6%}nwRhN5RoVxBW$tUt3cCgex7I50gQclaw%WJFm1yQ^(>9b$kfT`nsyh9$lK67>X z3w$X>y&w*Pd@(TuCO6!kKvIGFeqH@r+<^)U1e=%j=vQ)9R#tv~eh~lT+yeGd1&Fj; zT5bRenXpZNb0D$JWJPFFl0pw~+9EfmYbUz8n4nNU&=o28YcNOS%)ezG4wEtj)F?oa z5(E-%VnQ=TxpCc+?;q~e*4EZv9BI>Bn*B%>_phm`=}zE#zT|d!?&{=p1R`=L9>T5{ z2de`B9e-^CMPy{@__h0Cd=6TWoEC<}MndSZNhl9T?$*Z=$EH_)s*Um+)ImnjBu+9t zSaPrCFy^dzutQlqnPw-08#x}vkL=CThiir^|LV4xsSKo-yOlt(_@T*xwxU@zC0iz& z$~VlH<<$Mo{)u}`Z0+%RYu=VJJ+&XBpMkn8O-d03wIgv4mPl7{z}{#H8uH;&;y?G# z9|LZf$dH_zb%b>I`}gkw04FVkuwAHUP|uA4A)9D@ueKi|floNX3?|BLXzecm$_CU9 zFsop^#_bW5l0g7vON&J+P4PA-(c7#|cC0HJnjqPzCc=@9lqq81+Q-KHFXkDYzFX z9a2z#$xlc3874a88E|gcmnuHv`D+TS?bzeYM>sTcPnx)GrsbAS_j^Qgva<)xxq@5b zd2J2eykRXy5n6$*)Vvi?VYP3l`f^t&eXs-bj(Zfp!8Y2n>{QS6;q z+Yh1&d9=aLi7#)Mz9_IMPe>$*@IFxReV+<#y~;v$wOymW)m)BVTyW=m6g>sUSvK<$A4iKP+H1G zzqGI*)^n_50Sw-SCLn77X#1c5Z@8rswagn8`^bJZK;0Y9-@;g4l1hdTr{(^9;S27n zk!`vTx<|>_d%UtoUn@{sUfPy9g^+q4=z-I3qDP4Fu~Qbxez`f!`5hlzeFUQ_w-g-r z1XlKiSMw#0s_Jg~508G7rJ^UXKAdtyl}WY2VS|jgX3R9`P7ZTL6*C;`Y9tpw&O*aH z&d~UC0$_K);5rS-Ir+-cn=@*`+=mIz?W&)nxqPv%8T*zJ(mCavdFT&05Y*lF{ zf}@BLQWc(Uw>i>E)0zczm8-=W4t|FMd@cs8xFDbOq;X}_2|H13q!sxPkL?YrlT7(^ zeXG1)czSz(S&y@&8CbUGem#=Ie=5x<=F4rVzn2#K$a(bj|D4^Qb8`)gb|2oq2bRD0 z#fW!kbLe;!lQy?$cLIJ8gO~|b6Cf+e{3Q#(E{T*$2P$EqE&REtXbjqlvi(Ij@AuBt zq&~tV1GBxG{Hm@Lk$B;sbmZHHxNe?W&J{jBs!HTj%fMwH3k*}yOOFVh)~^&G$lJX* zZ2t@0c6eFhkG*Tfm;Bl=gW0l-+BJrd&~bCza7c4CZhi2=fFCk0neDjj5@Jr-9^p`n zt0tXI7a$O`#kUo(Ttxq_a$mIAe-Uw7g$$7s)zzmIs?L@i$(N8YNo3@=h)U5-`Ut;Q zZJ{yjBa}=3t|i#Ay|(USxp#eN;j9U;LMTcPOdjYIp-jYFMd zykv{DM_w*_Rfjtle}FzO&KGUsXG8=of{L9VVt&wlz;64d?5(@>S3ic&^IOsiQpS}va|7f(}?%0<+I&B?^`!DR;iH|?k8=qz=yrq`I zqWHN9@78z_*q|ML>r6(3C=oEP0S*YTtC0eIMR|GZz_a;aksk)Oa&nzuZbVMvrxkDp%+%zPEjb(Q5{X7U$;HOuV|}&h?xh z%QtmYO~Dk53S8e=)c#R4b+5@-hCkRzrq1dHF7=uC0Yc}{{lX+-QE7J~ zd2*D^uD|S(Tl>LP5@pn?E?TzWe; zk}y)~MeC0nez%s>Ij;QW{#pP7qVnS0j=^FR?OA2qjeM>Z>FXeD^C?g3h}msVQ@6r` z#Km$QJZJ3}6!i2N_%9T{^KB-smfLIAP#@;YHYBdz7-#*%UZNBc(WeLn$yoRW1h&VD zGqbX!Xu|t2sl!32N$NQOXn3r~7gkoJ+AXK5A_Z%`F8E_%dU^_e7u#2tEU^rE5Ii z&h*I@KS?7-82#YhR#Wd7QJ8nX2X}`zFgW-YPdDrY=HM|Ft#u}{J_3f;#QXo)!9&1f z1P<&TfTj))G4J1}+B^fU!%7+Vy9jb4cEZ>W5ZD3?UPRdBq)tY^L?2Qq=55E`;}&*~ z)a`M#91i=7pt>8LF+>M?5@OkqC~3vrF+4%MoYMzJ+>Cey8UN^Jal=cc2K8=p4) z(jkA#{Vxa!JX8>W%>xc(|Icn<@Gjc%0pmXJ>U>!QI6$WIQi#o0N3=q|xwq+~l9Lse zD5NmOI8;)w{n|YvocMnPZSo{e72K&#dY4w=L|!S|2())0E;V}6Vx#FkR<)!rUAEg- z3J{mJWc7tHK*J?Ahy+7=Ot4I$@jp!VMNW+9lOra$W4zVc@s+VP(dh{{AIa%W2)A=l z{pjwoaT7^&lCyh5+k_emU)9AEN)M>21iOo=e3qV8Dd~l9!dCRt;r9w~nJ@)_FegrP zhQ`Wim%Qu3iv2afLhj^5ZgE0h33Cy?7Q$-}=`SI?_Q_#Tz`j;dRdwD3-21a5Fan|G zloS*IBeS!&SA#<6_kltJQMuX=(Cs)SEY@*@VFWj8{9`JbQKn>BBsUfcmL~ zf2w&QL+S?U7#e@)6|s;)=c+}+)uxpyo~h7>L*zi`FH5)o>*kOGj` z^n9u&7&_WToQ|Fxshn+|sOCN0qPS^eGy0C!G%@vBPLcyC9Yb5Yidv*hQCS>hSWQO; zPY?U*#~9(;eTW?D@rR51k7V&V}UCRsQCJoc8kEX1bp!Vu)zSbuAd*e%3B3^ zgbcN7Tu8`M8W8FV#`CZ z{{-Q#+3oG^pFazYJMc6#G)RNX-44wqB_;9k@%IL&rV{1&9abLF12zs?ly4J%jDCOc)|04^klD@6&84NX*L|tre2QEGukFD~AF#|~1zp)) ztH9IQSHUKMh!LZBwPZ;uoZNH2d{R&}B_tLHW!CBs5M(t|J%>!l4W!|C2pR){IG!G? z0%rx3k^%f(;2(yZ$AhyVsIh?4E9M8m!(+GS4pyRDC>N7erA2wmL-wD28^DSm|9CJM zkypP*Bo{avc@9p`fXmyf^?NtX9gau8W}vpC-npKPJjm}ynGYd*ThdH(C9W@*`S)`0 z3{T#O;?`>f?CJWSt{LacozEu^uJ=kU+TZg!RHd3i-WUpKCnf6t?xJd$qGVp|ctWk< zN``;01PEKO$kh^U0AP#$_xo&382@hcf3<>1t4sR>P*`6g|HV@C_#t+E&CmX7!k^F` zIsb#}YkHx-djZx4IQmBLyG7S9EegTy-#!29dH=gX{D1LQH(+SBL;sq-d%rtz{hi(Q zWWF7~^&g!9MB_jBahEh4;A?7XkbQ(S!pPW|dLQw~TLTKqeXWjj17#NT-({p1gN}q{ zFDxv)e~-H48qUtnPKA9BTzox#Pya=yxo9DN!NGrnAg^#nZh$ZZKpGGTDwQx-M~4=_D20Hb1FS_RAj zDr|8{Niu#1I)Di6{A>gk=R!STbA0Cq91nh55K>fOluxyXMm_E7sR1M@bOJeOq!dTHm7Ud0a!FWJuNIO zOc6@Q#RaN=W)H1-U##mR4nYGl3!tFHEKPWKl8~(5=2-Ek&QfqP51f+X7d3!d!KlUQ zBNl`Aao`KP?j>K}5sRky2qMrU<+Qc@VGODf3uZL0Go_6p<|0|b`jti3dT>l-eZmCW zaEc~XmKmed+6U6A!YcQrh~{lwSzr1InheeIs>4U}pA-vYW0 zM?OqZL4x>C|G#4_8qkXkOBF+Si3AA*H|;M=hAlR8gdb2~;6+JOo@^Wb}3XT+=DGes>2Y@BY6_S^+AiIS|u)Zdl26@)8dnxclId}9*;l^Ug!OG zDAo4?ESH@POy1mFMw&bQ${;SFr`H|f9twDn?VX)+($ahmD2eW_EBAhx5b#BB-Gei$8ty!|a;%k3J=Hk#FK@;aRSPItf+UK)3?{s)hyzz~bM150lDc)L5Wxr(&b! z9)<5#ggYmd>;?R)+YO05FTVzNuIPU2gF|ej63{F_edOUeJd5UJ)b0GMVk zuv&R6M;`*1o`fVZEKKyee;^xYVPPR6Y^vHB=r(X%jt!%C9{6GMOf21)g&lZr@_23o ze9~)ST}qeex-*x`|B4K?3VABfzv(0`<~7Z**VFxE^~5}TTnJGBUB3Xv1UNj(!NHNP zLO)d(y#wsTjg1X}Veg-ui~Hjx3VX%@gt=dlEPca5U$jsjyfq>6YEy6odMglWMv$17p)Me%swx&rtm#aBA?(Cd| z-g)1IkW=WYJtAvX)(mY>HBu>Mia#;!*{4i9V$t=3-JRY1R|)DdL);(*Y>?A9fwjg< zvbvA3)}bNCeuOko*x=AL0z?m3egeo4B*uY2AczKFu|4Lq^SSP*44kesp&c`&2yJMj zE1@&PhvF4)aFce=k|aA%9?KIo-wz~cI(Rlz_S){_mMr9oQsO3k9sSPu9>nf=imkh8 zEcdeG(Z}|EM3bUNEHkLA%A&ieWkHwxJo=Xm3NsU(ULdY4*XiG2J}_s94%)uhmhJy9&fYRCsxJH&HXcPm;89BY z0SOsOT3Qg4j$tS%X=!PgAq)`d?viHc?g6E{JEfa}8HRzO-pv#LbIyC6PsdOD^5WWi zX3g4b-S@AS(QD8#fcgRm!xZpcvZLbb&UHd1uP-VK3KWX9&>l^JB&_%G@c4k)fyt51 zk&jVwS&v|M=q&443i-V??V`U&p&Cfg`@G<{d}pjPSBl!(!R*rQKtY-?Ot$;!vvQ8FFw-;Y)Y41cdONAAaV_x908MNt~hks#tq&y15|1vX7b z8BI_^DFcnd2f)B3by4>$)R4gc{HgbM3HCR*umjoB7_5pFn*!hkPNQZ((=SO(M3k#{ z0!p(1a$W%ba|Bq?&B%Xr?JD|j_1Rrqx|ZOqh;aDNjFb_D`rV_ionoB?Qt=6I;M{+} z+8MN`bT7A|5r~N-dQz)YOU|iWOmD19nVmhVO5^E)N`bjU9iuYwcu_nCt4}`Fqt1#0 z&H-SQVC$h2{MxZHyQ6aFQ|@eFK-)R^A2NFu z0M5w1JB|@(!9l5oQ*fiJSd;oBv4j~{xMtE%SzQ+MY=xYa{7X@>uF$#4dCzO_osVwH zAhR~pM6b&UFhTPNh4)cz7C^_D{d^?DL1O8>MY~?Ndqd_48O4sge~`U87TcA+Bx;|M zx9`%j6+%-ENmAriqu~-?|G4oYeci<$!Bz2>?2qP_B|uxfs+8MU=l5+545+I!djSxb zZRDGSM7ps>d+IWPLH{oPU+bVNh##AmZlnrY`~Ly3Bm1z2H?6d}c@7xv;_8|z=IJCS z_W*#?fN?!OeB|ou8-YG{WFcRbNHwE~YUCF)QhmV`t;X2Q-|Bk!Q^J-|5w&GI($nAl zVR(~dNi^mH0KT34Wpgeh-!)v&;A0r+1GlR63LSlRo07lg zxR|tkK}>4^h+W31l;D_Jh@t9Se#q9G&+<383ZR1(_w)qju zlINVw2Q0x(N#b2uEuq&NpXPLDlQXUI*x>V(kjbO!CC;k-p>;c;2S1$rpEg&{pZ|Y~ zApjx)Diw4d`9iM+4nXL-IkG{cPryC?1Qc@q_wFhCQF6=qn?1>h=n`2sv*787?jZAH z-mtXU=&=?dGZ~+sHxRWBUp?WRxnn<_#_U?UG@|cD+EY6;Lw=IFo@0@GVK?e#!VCUSTgX5* z+C4NBFUORTkpc8Du#-JD5Gbn0On}fX?D}%)n%Q}MZLO}pK2iaQu9Wv*BLm3tVfe7; zZTIZ=8-A`*kDFc?zZ9PipPV5%M|iZI0>l?O%vpcXpvMFJN_`!w0dNcoEIkN{p?-ON z5!Pc}_T!a-lVF++3Z&UE;d{~CA zaEe#23wbYok|u}1=n1|z0I}{@`YsbXA00J0m3#`~9F511&C$5G$;)_G|J%Uy3!mkr zAHkT(UF`H+;8{>R9`Aaa9C*}n5C;IPwM7{86a2edPqL3#g&wvEsZ=JKPb4;e5C_1! z+P`H>05;Wz8}hw+9oBO#Zx(o*+0$YK_>H!XlfVo~a!i1DGCm+600=|_G&)vB&bUY` zk>pEEyb{YZ=d;sOKmm{pi2@Ee1q3D{WcVZ>b<+JZ7~Ek*@@kNz2O1mm?dFL)ohq+&;hhxqkG9x1%}%2*vQG z!hsnq6tb|QyZTrztK(O)VKtYDJ$`|deZQhRNDeK$!X5o@E!zKEVa^t5tNQC#1LU=$ zKad+x?T$1QnHTmr{Grdq>Ux!dNe94Jpx7#U7+59Vf0fM|Iq}zx=&48l5BTQ~Z$J=f z_4@Epm4NB;%iPLy%=;M>c>sNz`LFm=m5H-DqR^ ztdET=4Q6bw3^V*lyNx$Qeoi$jScBHoI}Zumn8S{t}BCiJ>tSQsy!wB z{if|^`6Jm%sy~!Q#Dw%_P`}oag0LVOYz_s%SC1+=pbCOkQGah!J2{%vFN19U-oMgS z{OOEllBi9(u8m3g61T>}_jkHB0&I0oHNK}Bbbl_3(BFxQDWSNv2>RcLWb5Ttb&fQU zHUXd#K$0T>a{x*Nqgs1fxFFzS0A!a!LfSdtNZ$XNe0KJpv6vWAUN!*bBV9$GnUw%2 zHaRJ2gu+&Lxc$5MUvA*X0CW}1 zQ2nkL3;&+Y1*72Sq=4QZK!gDqYs1IoFD)%C0RdeA3#@No z;3>AaGf@a+u^8ysl=$_%z5ek#w}z9% zy-r^c{Qam|kkgx=Db!W-yQ=;!Bed-R^Y*`Fc7RL-sHOo~9kf4z2auApsA`uQD*po? zMawburwp`hq7#3`>V>r}zo`EEet&;@z<&uqGZwwOKmMPf+?FC>i_Inf_kN#h@_ax{ zu`3dq|2@E=r3L%$zYw@v9(@#fMSqu3jEc8J*g#C}h`)YCO zLhkB}&77MgZpFkiwv9gYTo}dYL_Ill8P1!1YHE;@rk4U<+nIlgHb&T3nJKcwz8G7i z`tQBG0d0%ZD?*+eu`z`66;TvwSpvcj3#&~wE^;%CGyGhRsy}9|XHY9^e>NuG;nM!d z7HKPA9+G%6`L8--*a8^64+EeywR@Yr$jchn3#xeICcAT0kB9yl(zEw6UTp1DmqmQ{ zlJbyhKDKMt$$v#dgY2qz8=v7$!&kb|{Oy(&4dh4z&I8}>mVXil=+R3z8z9#Ax=ZXV zFXEXmj`Y(7HBjdi=5*&(-0N7mbc?g8<1ma+W6aLyut*BY^m97HL`0n5k#f7z^DbA@ zVlwJB^>1{(krhgV#(5jyf1U}L7y`cu&`J5WSKfGjd>X`sFLFQTJ~Da*RjQQKS!zYV8^+c zWBZ)wqk8#Fk?WhRQC-NS#3vmqOC%)zdEU*~q=DHgms4Br2|b7dZ*X1E?WshYS~#g>53{`}kg$<7Tk$5`xG-}x}33YNJs3hOo{$>4R!PSIP{|~t|w>S&^ea2MVIy&){2(*kw$>2|{I6U`3Z9X{%mV0e|9 z7C3i&TM-ilAAUpE_sgca58jPw^d_&MBwsT&=@W8%x$bsCr|Xwl!9wQ5xPI5Ih;=>w znqO9L8m!T*Y7|XR9EsW-HOp=)0L#PI6?84ir-jZd&cA%VY_2x*&F37jaA#Q$&{6%J z3fg!}DygOBq|Ckz=?;J#SX7S#iqHjTixwX@+nNR7MAq4v^0!_lw#KczLIQ&2?~`5j zyV4H2Y6yfKS^2a%0g0!DW5sW+{5d7TxwwG?DeiU?!MQKk%T9D&Zw#a7J*!7K9{M!P zT3)@|$wzGi95bnnAA$)lLl8c`lG?}tl4cCelo?3ITCK0o*&#w8h~V98Ez2l#Ohr|) z%{+FuhwALgP(|x)Nr}Awv7I3S$-v}-+ppy&F=?>;q+#ek6#ei0n^wrsKPr>deAJH@ z{_NIiR)?I&sC>yr8-HtS9(yZG|+-jM2iQ zNf3C|CqucI_+wIs(D0vMxRcy|^I9o6O8*@7;oIZLwSD-+Gbl&>iCsC2XS7>@t;^%G zL4}8Jr9^bm1H^;?`aiwKu%Z!F4Z(&xY@uF6G~A0hVcac9iH60v!!yygq{^c^*RJ~9C~){1-R5QLtZkf zPSbKgq^m2&5U_m(aZU}kcoM$-R5KdiN~8iaI#wT&*q$Z&rejRJxW-X;-hp%9tE1zK zZ2@lb%#15T=4rdBthA9BkU-m^okJQzXMT^+bmkbi{VdDr&m`= z7?fCPkA8bIFzit$wgh8=K3l(2v0$ae%H~Tqv1GhD0g7zPb1hG=q0yNG;9%Jc@ zslZDc&$gE~UDLRSIX*{_w6%3G11p`4ps)G&cp0}8N>E}y)3fkw?_k-cNV>E|K52YG z!$BthzU=Rz~iqh6e_Xea&Dt6dkhkEP@1 z+>grH(-Ek2wk)I*m#o?NX!~;F&7-wPyA!*Lu*r}=sk`ppE2kdIJiSZ)Kn|wDEXEkh zmWS6-!jWN?Ia<_5&Ck{t?f=YMd^n^3b#OqdNd8ZvZ za=^1iyTTzVRM-{B_vXLk+=q9exVehDJG;!V3V$)jHK?MvJ64+?J9ykcL9ZFkR;NWfCM3Oa?BAZI6etI z5@%6ag9>^-40)a%nkya3D!>ob{YO0Z7Bnscf*dim`7Y25dK{qk^UO8-gI)92YQyZ7 zKfct6hvt&*h~sffw6q!TOs#H|VCs{NNGUFyDKwtBwS*J5%O!4?wrS{Q_H7MvXmQ7@ z9gR&*j~vj0b-4y!ZudAZxa;QTVKm8571@3^b2M=SOw`be)9tVl;}Q7^ic$-!Y}Ogn z>_If4Qq2PCvz+sQW>z7~0$=0Wc8bWM#R$q~I(57MbnFd29 z9>c-j$P6*&R`)AN*!~^x4+#0L!@|<&bW`x^a>D3TViq~wJ6!#C!hlp8XVub!ii1p+y*k$~pa&1pC&@fcb3=-+SI8ilU%*yF`|P~Zq(^fXZqU#* z{Jq^g>7>sNZjCg+8PWP)VCQKa=`hyl6X9SFeO2NXWE(+^?AR*4ENVtF3I%H;kvkJ* zK3+W(Za>xKxLDedLyfwc@dtP@nYMX+<3JPmR5}{Or>>92W6)2&Zd1=>9{U(o_mG? zfY1iMCi_tRZK|yuhf-))ou8nRKLmxBhb^Yz{Sjc*RpNc_ZDu|(*Hl?<#ahTb7iLZ- zs8m!j_ag(IudSYW_{%Rv43pJQ(e_Y z*?%15xwv4HM#P6}T7q-C$Lgr=rgs{lRzjYBur`?~-uxu>^}deV{(F-?jL>iwYgR5OAZ%{C&S{#UPuaoO>P@8e55*f{l#Jg@2wKx2V47|HIu_zO^N znoCO<>Eu$1$+4Dw`1mkHjk;)S@nLYiJh}Hocvf_@MMNqN9AaRpIx~RFT#SK5zzeoKrFtD5+iX5=!a>NN+u4l|wuyBQE zXk@rUAFb?(bb2Yd$e0VPa(Xy7e~($Ofbm#faLuztPR(>()rjv99v8sXOy~Z*^;-a- z!_>&25x1X$<;j_6)mUbm*S$89(4z^kQ7U4v!*}l%#Gbh2@3_7=uShk<%;%9G&nF2j z^sgui#XG<)e^{w}&Nb`YcI`ROdns~d+fEizl8!%fsKY{F=Zn*dxIp(b&IX~gM<2kC zW0v?S()?4qlKw{Cs#wT&RCT~K4eQtbc&HYd<(w%87KpmU=RxIC6pIk zH@4(4mum4mi06}oJ#nt?$T0z54f@{#dnmW$1ds&Dp8;7Y_3CpnyUHr|=cCIp;{wu2 zXF6P*afS3o>Of7}SRa+cL9?3O*jtqe7G~2l#6|GuzFa=cY;H=lP=SSYr9>$>j4@ZN z0R35MN?N=u>&2{Qo^&UW=KB29kzn< zHMBxGR2deU^1>lVK)BB?0biW6ZsX7@+^zGq{+&|I^hpSOjd*Y`Woc}0!O*BbwAcQr z=cLD_<&`;hh?`1$dZo|5wGqngcU!^0!yTPsjFTi>(85!r`TIDT6@_;v zc6V|&Kzy_ok*>39$Vt{J_y+)ADCSA81L4lw+iNZT=r|7p_@7o{w0JXV`hw;|7?hTIs} z-O(1&s4&5q#F8l#9p;%3TgBiyTu|K2b+AkCM-#f}w)L%eH8RZklvCe-jx}cdGiu>#U zpwF0I)6u7{o>B!%O=d%EMn1UPx`;uSz~!u&T`U&JcM)6G8*yKq6m1G@UKr--3af?U0(}Tx-ITE^?jJ$!T$!QCr z=OL#IAXO~qsQy`*@45`yUF1=66Z0za!o~(5*YQo`d@%AY88omoRTqU>e*TdAkNKqk_G?%T%(r`E%$+*i-|#xIh2v;=YcRLyF**WYpoD4kvMX(W zX#(x|1JctqNpxU63;Qjz`?xbV_3de=gjwz|D18xs+0~(IXWZS#>}qMYr4+!=Rq6jY zY~HsNFhR{@S~_wT#M><0N2Bq3qQgU}=O<8ErC%H*;OP42^|cth-4j|7<@qPNNY0TX z@*L?{)s74)hra0nF8hy$*{_y^x^kV)FD<%kXjx41i8 zeL*x|Cbw)mR`5CYrQ17Dwsyi_=+G}igreB81e{K6xx%{)$`IuvxwUg#e?E|l6mcFn zd4lqTn7L{f?%dSm$8?L2z>AYLk{U4`yyfpjhXF$ZAz#9kE)hUc=jvA*w(XqUGZirw zNWuqXEZLxpDcgbmHx@;XX=V#;TgNi)V1r9nXy-&ofL(FpW0-Ea#~nUaqan7X=J!=r z?^gRNZeW%Ix`3oAgln!eX{?t=V2&;fy^Q8sU@vek(R_+-%fC$v^IEBaVPnD@6OZW* z9%DWwX3M$+CyN&s`VCE|UZHOv8kjTAZ9p@&q5(Li3TZH7l_#L25D|(Vpi|LQX zZB`I_Sr8#VjD{+KtoiLLZR)` zMWyto7Ey8UxI{N__hv{Wk~UKp-iuvL6#zeD0l0jtU-xK%v3di?Znahl@KdO#*P3@Z zLL|!bFJWp()?YD0y_`&7<)~ zF(oPKc_dTr1{2H1QlE!3zV`S4%ZUiRM0&ah{6HV>$^3+pIcqGp0X{r(Cw%R$RO0=yk*pJV1vnO~x5-*@6IIfUhDv8s zKV;!*%c(yjZ8hSK9t^QlioEU8lr8@}sbzo*OYjvCb?s|spq<5DjEI9b?Mxcl63U9b zWsYxY7SJ38nq%xgkkx_Vfg|Rud9sKd`(weHd1fHo``{TjU!1&X7g1 z!42A0(UEk1XGCc2NsbtFbh;;@A+zoUpWv)z;qEy6c;DY*ntR@BMZpA~dE$p)lCT}D zjebdRCgi-cXTFn}O-qDsNfR4db$L=bWz$12>SbW5l5k-lmjWq{lJtpix%gR=$R|+y zU=@f5`C7Z(9g0Ub;9E`ZWk*XJcag-`jRavtXC*?+QndH7v zT2cq=SPE-P+$rPUcRc!<5`)m2XR&fvG;0~gv`?(%fdq1*f>mvqOTBnndt>;=o6Zl_ zvjo`t604D@g(Q|jO?+LI-fe_^FsqdXy`<0QtU?DDaM~aUp5tCxR6cfa>z?d7@#viz zj?tLZj>eRezp5K3w^bE-ot#Vd7b-$ZEWaQMHv_Zhp}zQ8$fp9vkDl5wO<}ccs9yl@18K?G#ES=8S>bWl*!?9 z9wk!X0+sXqcm`z4nDg{FL1MomVHFdZ^$EpeT`c=mSax@==?Zk_i-Mt($!-xex?ntM zKiXw~y2d=X+TrJEPqen}EG>&q(Itas4*{CKJx#c5!qoy}c=2^8GXFR;uRmEMiloVo zaZvI zi_j76M7t30ttw9LNPKZm6cZEa3?4vfJl(h>dzo(3(<7~f&Rxoq;W)J=@JigIs|;DT(U10$8KLN-z~!Vo{kJl z-JOox4-FAKHWZ(Ss(0`JgdgZk+-9N-$N4xZ~%Too32s_sc{Rv3sHsRhDYk z2L_EURAt?z_k0cQnaIF7mx2eY_8WI4uoU7JhNF>gYpjZVSs8BjR^hv8!V}hpAjl=_ z(O{N=N~(mIYkNfVT}c|=)2wFk{?L%wQ-_~}tC#Z2>N1rFU03z{cfD_Eh?bDLU z&`}-{(t0$l=w%^=(D5WfZ(^X%33IG4_@EFA^X7m5eS;1hM;oG~R9s|9A3O+|WFa{g z_6o=_6$Aw>fQ^iz_UCwT}`YJ$d17h)7b^EKwT+v(7lt%&>1eElxo-EWWR_1GiN=dW4Pn)P7HYM;BilI&V{ zM9)t5@s8hc#=aRekEVtBPnczN|C3z@vP93$#Xg`He{Z~9CRe5l5W zB0@T9OTyjh_e&A+mT4G6VUt&-gQ@+ECp0fVJeWy8f2Wg>tkZP8O%orzf~VBc;qI|2 z$uGEDInJt3t6^o8`++j=T(pSjYiB*n4o#|7jDk<M>BK1Pwfg;Gl5mq8=4fvxUgOk}7jA&Pkq)4HDcvc)`8>yxH@^_)iriF(q}{?6j=T zO)%%REaVJAzQdcem*_0+k7<4a0s`utXD}@0ovF-oc~h{B4cbPcy*$q@oZJ39{Ok70 zrH~w@Co0fiP-{;mbvjP`JQ`UkPlZEExaLBjm8&dv_qDBS~G6E>=S^gXy0RnkT0k?((>_n_XNJi8m}(Y;L^i_R8{3e14SyGMUlbHNw6p0!d;>UjUqu&dkbz_Yq2?a zCN3feF)~2umxWkRcON*j!~|)xMKRWRudj<6aT zS9GF83m)%~L-WcXn8-jO4^O>5dB#g+y(T$Mk>(!_d_$3nPf2(>Kj|pm!WFIv4^OzS zmG_8cK{8Ry=hUy>{_Wt~oIECdiPfQGG#u_IioQLj!Xm*DtAGUb^_#~;)WKmz#Ci1f z&skI-T6qe4U&Z_Q^!X8o^fwY$Z+har?PQ);{Em29VLIb}x4%c1dh;WV_XJTiexfVR zVrGX2(Lj9ZgGma#z!awV)~B>)OXrFQ_=>uY4?lE9VCjN`6;Tk86stv+dVkzNRh}TU+8%=4dVcX+4?8&NzHj?^(>l5ykF0tHXra&tyF1n;}K$^ z-myhJv!K&F3;nddF+m@YhaFTpuS=F+FtlJqQj)VEBU1OZh@9U~$pE>c=dl-ZdYfa@ z?-wm;=WHChtGQnC@-8nTrh_TOeA6UdP6NCfl51gkDxmB$ulU~WLawyN7>O5E_-q#D9{RmCnefqS(N_A(TFR%5Y2AZlgS4Si+j}+G}qVN zALX8TB3|r@{hSQ?6y`E% z>D_%o$=l--4Ew00Bn`FRn=qBI56-iD(4=W7rS;`{`}?mkpVOJ8>we@>4_l!2>-l)h zj!7@?e)aTjMJ{mg{qk2l>}d4hp1zV>6t=FVeO{h9T|?f&qWoPY>yD!TyF*R*$ezQV zg$ETZ2CGY75$u+3Jw)=y+fJqk1I81bgdvl;ALI-wQo#5C zBy`2iRl@a!4_NLDy{QW{Ri9mwM?2Kez0MV}7xrRdVbDDn6pj{5eu_;kd)K}f2P_)` z&gTG&S9%6l1KjrZ_6L9&cKhjbHa0eHZf-zv<)aYc8?7DF+j(`WzAKO`P15Nl{LAfj zG(KBUPCx0b4;>Ns)eM|BrUx<1e4Nz2&IW?TFOSD}G~QhQe5A9=RGa#j-2l5ev1xqR zR?%Evkv`OW`-e)A8~qhjupW1ubp-j|0iDWR`cj-nueEfyt^geAW*o0v>n_r4xn8{e zDR;1O<;*IaXdmWNj!8J6otap#D7rP}m?|29ew+%C)1=x*zBg{)nYY9>Z;>vD5@>^h zSHtWm=UzJtWnuC(3c4!**-!{#PL!jN-V0r*x-ec5Vqiu%U{~}usS>AxPqsNmR!Anx z>YHdgUUIG=1(|nfc}H2!Az^@nNu_381nrR7$FXQ+9K05`v?=v~PwYXyPXGWr5r$Al zuQH=RsB6~so(-3Hsqt!1tr%CJP55D{eO)6?_xmfSZfTPPr@9V5}SSk60 z{cb@Js{dA(ysas^)JGy0K`a=JUu}amydHXc;j|V96mEFwF_N)71MjQpFLG8Vnlh8Z z08er+o})3kW$UWMD!d+6s@>9`(pD?vtB=>2QbleHo(#48rO(k`zE6##5Fx&oxT3q7_5FXJnQGyos;YE))F&M}9h}GD{Rmm^m<#L9tn-G^=zI+u2#&6s2k7 zSc9>_lO!&N(XRw=-T8Ux8v8}F%C1TmRYDDcGt{xPHR(J zyCa2DywS>e!bIm;xU5LY*e?E4? z^-KV5+fad1k?=tqwr&s5Q&x%)CsRj8Uav?F@NXcM{bvbjL}y&lrLOx3CZFzht_fDj zTm&n9v%wFTljd2~ix{Cee%tn)AFWOUZ)};!G98M|l@@;`tL`}1*lDw^`UnO)d{CK4 zgnY-8Y@1DGO=z=QX$ob%&XW=yv=s8_GP68$ZmivXVYU*tL#N#@>;*e{Upp)+V!HSz z6r7Q@YoSAxOjLa?Ag@)@7$&e)t5^AWWfwaYZLXgv**YB~&U>h0`dQkWEa$9QG9tW9 zbY9tVJN&iP!I?0kKlJ`=TFB6t;17kh%LN$i+{7`j#=23eWM*mP`dgdu_Nf$lp-6nh z)+MNUxyAZbo}2gEq53G@7G!e6Rt>uDcBgB}&AY>iX_))1oDJ$*`C@=aRXP1EzDr_U zzXVhD!e3}IYQlcHq|cpfc9va%`C#dUzxs@4e5gA7UUH?0gP?N(7umF)`<}`A)2GSl zS94}4;e8Qnm|tBs7dN$V|qUhvGbEv~~lvA8VTvr_n$+ z)lF&3#$#g(?swtN9=AjkkGNh0B`Nk>yG3neOLJZnjN5K)c$>DUc@A(vg|h_bi?lG$ zmmka|AYE4fnD5RNJ<-aO<|y3OYY(S7Uo6a!B!jNo$t`(~p{S>R<6&A9x6;NfNVLvu z9H?g6-GNlcEMa(rLXLup%A~UI%IfO6)4(rj!04>5{uo_A&c+fcw?#>fuFa9we5(E6 zH|HlvKA{yrhQwMxIp}Q07j4&~+SalQ6m;EYV06Ogi4Dw|eiCeu*x>M&?o-?5x%)(> zyk3iw$FtNQfa(=tgF732jZvM#N1`@E-@9(Lp9w@klYUZ*cjwhf%I(KY~-rhAM2P#WpP(s{!V~&x0^)N<{vZ~EIbO9 z>XY>+6eXGPZ7CS4TioU|d9y&h^q3IL0IVVvQ)Py^Z^#W;UN+Jqo_T_ip#=wIA7-(^ z>5~rclMDy;H_6sQUkD;spcOMqAA2hj?ke`+wWIhp&GvW9jHZtx>yHA)45IN9E^A+$ z9a_#B#2lEP{MBnJLmy3-KAkpFuc$==A0}8VZKWAVHZc=Sa+h98UV6Xu0fm;8AP$cj zQn`+pI1*=1PhefEFK9aaj<)28t6w-!WS))8sY(yFpVz$Vv5Ma>;^^<<3d?}STOlE* zi=Wi5c>Kw7gnbBlC~g&EKa}Wg^_;fm5o&zjI2F~%pa^9jZ{^P1$dz7K9kflIYHK%Z ze}u#}R?_w6`4b=HEnQq5J7nCZv!MtRvR^70%&TCAt0}gCl5f`UW9*x(#^=o3gR}hg z1T$UMA}5pj>{VjFzX|5rCtX4EXZ!45L-AfzoX)#BUWV0sU5#2j3tjXM@anHleVKe3 zcIVc6em=5-`qigEqM{+-ztZgRvSg3#g&Oo2dT8?k3dP|+oTgo)Q~L0RP|KBP0Sj3& zq_OQvqlJE?T+xOL0v^q*-oq?nQVY+D3S{@^<5Q{Ly9TM#~3@vylSn{uF%lTJusnAW1RV{UUPto&e zxbllp!Wic#YBlgqwEJwXPxQ2^-hf!L zzFHFVJKXv?QkU}yS%hFA$z5%igK^W1S<|F8pI9*l(EG6JSlKQja&J5zLHo?Y&5`W+ z+ymXbx6j}ayaHZ(5m-?|8rQAd1H#m&Y`@q=lBv9TVQn@vb~t7Y2HkJx#96cDI{Tst zuGTU`#zwS3?2H6i8VqPIzQMIgaaEg4%6Dh2;;xI_8zFrj-8!}7xXl1U4F+Y_Nax!& zoj!*?cw=Em-{T(bvCTcA;1WbvWW^q?+5e51=8}NV%JzL>9^0)H1z1QVoEj_`*?YDnx`<+VIX;8?;z$PCTU>lYA8Y0 ztIXgKq~3+yIA1WyogDdR`o?U|zvF4PvD*MI6jn|78IAG}s2O1s7VC$8S9e9F$BB!T zx%|=Rb$qpTPS&4_-$+Ea8O6bx0|_7FsvoR5Ft#84e0lXlJ!{{<-4MvsuX>?80f;x~ z^Xg{^1$Zkjw&keMQDG~|0Y$}&yC+9=08WkMnn;SruRaXUuZOFZpV$mfdlk(kcFyM2 zAL$-_wPD3_C5s#dN4C9vM15>rN({yBjn+rI{ka;i?EmgU^Q-~P0DzRMjrlB|Vogp7 z2f2ldP4o`oN`;M_m{F`VdS_0p@ow3o=T!T6%9-_t-&xySv*MNi6dj5h45)A*`<|D? zWy_73PX{EU^$k$%7bi!F0q&2!Y;#pb(j?aY-Ov%z8%`rbEs~W}l=6O?l_N+dY`No? z5#gTgq~*AwvEj1aXXUA|H_uvH3ZjXg95}+uRMt5ttJo zwPjWk6CGWS7=gYi`ryI)CS7Q9`?1AiOmFeLvJPTcdk*FFVv((rzka?3h;Db%@>wn4~I<>8b9@qP|Gq z{4*6p*9^ZYdB$1rKIPiV3 zr8@<4HF`IbS2l1%#ou6Q%z#_g^B^`W?S!O@kZQX2bwHSSQIWyjOuF4LOEe>nJ0=U; zMwHr#9uhiT2j^YZEU((X(VApGmMyB<$N_eKMr&QrxLF!l-9z%Hk9CVm?gCUd^x_Np z5_?jpjXV_g;x(H}!S;t30#SlT+Uo$gUFA=`BrA}7a9FU+5jWE6J+*7do{e_=5R{gl zJXJ=xUAm4fBDZ~H(M(BI=Y=-R*bu}5UFz*yF96tkgtiO7R_E?*jrO#>f7c z;+EhQ+(Aq~+kyThM!N3l)Ve=Cn}Cw;h%A7CcI8i)#V)J35|zI2H9l}OOnzb;thVx^ zTYx`fdE3-8jl>u$Pp9wr ztzamk&6?c$EOAU=WZScCfZDAHb_RKVU6R{pndK1Vc0EF?oe#_vSxqt~S*7a;a|>aN z%)sI3tYJ>BMVulLt0cm`(`_2B%~r^2N)_|U%Wp2#+`Lv)R46oNd%mpg$Hr4_I_`$O z8W$A@5>qW~#@x`Noex*GBpH}2bw;E#Ind&((5Z_xl6AU#HJ|>@PHmPJ8k|Ay^B7PM zM+>ELmWXsfy!39rE^UCSFk~sU(}e>Mk+EN+uDQV9?q08>g!m@7MI3cd_E3N)krDqm4Fyo&o7b z>kFJD0WKe=JbQ-%Y!04iC|~|Yg-NX?7;c&s?HTVmDPvQ(g1t-0g)e3ex*bq-^jZ#Zf&3hE2VGr+wd7l+3i!pIg=vG*xxy8+F24GEV4wtKVQUl-3p zL%Xb-1+ZcT?UtOu-NiIe6nn08sTH-tU5dE`D)+RNrwQ0EHh2Ix_cItcSL~)snR6^+ z01gFSN-KJJV-$O}ngeD4UH8^Vkh35H2+!+aSRzCKvN=T$d7;Z0m>^cw*l{jy_r?pC zX0=K7InZ_Jtq}uR=J*tLaNihr(D*fvE<}mFa63ImD|TZ6=X#RYx!*m~e2~6Hpn55i z70k1HseZC7gp8Zo2BY||jweSDp~_IN9Z&ye2GU~C`t%T@UsN^WvTf?MBo!()t8T-k z;grbXA^?F$Z1fUlfmA`zhBJ+k^aj&qTdr$w&1*I?8Z{-&A%T9sFs%7Eu|PGIvVVSS z%$NqAi}loH@IW3(P@%Riv+qaTRHC;?Vp!Vh%%O#W$kjK5#GY!gh2%d zk4tYr+`f{e&Tk)-kFozd_gXc$LPZ4~pJ`k3OW<_fEwM0)2<8bye8D$ifpVC=uMr#BV!K*hI z8{&Cr459fm+s-)qPBl(#91%FR8+L9U-zgNVMBuMe7YgQX;ImYZl#q3gb9?*Q!YgbAEzKF1wHI+{tDf0KC&>7VQRGQyqpnH8~DRWQn6p1d_%Ppp0FE>&@>)Uqi>r02QC0%!S672*I8&KsM8+6BV zrnd)obZB+NuzEums@)O>nKPmk1M{Ovi_;Hv;g8aeoYP!o>$;NqxhA}U`)N}YWg}hy z>=#9B41`_9IUFYVv=>VAkinC2=c(Dp)l)c3P18;eI;@p<6?WTOxIwR^6RceynHuor z-Mj*?WJlQ9bx~*}8ktv7sztMr3IQ>zj51@0x)fa)hGy-T|GJ|2}Gd-8t=9G%sIO;3;iSo$Q#x6a`_=;T&T&p>3z*>EPz?*Y|TEQv;tGpwN!0pzj`wG&MkxWa-G`e0oI z84ktciDih`yV`<=i?@FIc-F~$-CDKZHnRY!wIO(r~e97)G`nR19>&Ry~v?QnAs=Z7t9Uod#wXoQPy1z)E z6+XYP&}P|z??381PDU@;;pK2D6OmHM{{Wp|;-CE}m7AMJwo~h{A)q{PGG64?1S`lA zFepMPN&9Fu-B*7#a8bZbr%6(0BCzb=vV|p$$Lq2F`bk|RWo?kI@P#k2d2V!SZ`RpB zHZ2zr@gd2X4T*?2Je%Y6_DDa)>kaT~WZ3m7JncyxD1KKLLwN!7VD9Hi#=j93blmG1 z)rCsABjcJ_@lIdaae5lts&z$yQ#wPct$3U^&CJX=C%hkD^yzmdoAb_(DIAOldN-=- zgI`5CxgPDGNvh5S^l7fRt}dQ@{hHUJk&+wT?|zoCjH^8{Jkzwnldr`_)mNHcVp^(~gXRl!JHkYr@pDSGpHVRyqSX*A14DTP@*HeZX-Sf3dRw-}B$RcCg<>@|O~&fhDAFD1#RR=c~uvgzNKN`G1KOE5HSYD|oo z!qBM4r)-rPJw!(NIX-FK^-e)^C3(^o0uVx`xyiRU1p>&tlrq+-)B9k5qqv$QWxSU) zc{dJbDz3Y0Gc=Qq1UFiNKUl@xNAL|s*t$I0EGZJQUA>v6HIKwD^uXPHOvZZhEa|ax zf`T_}clBl~%}67Sp}8Cq((UhFO;*g8khd#KqMi-$@Y}~JLA5E zkk^&Qh_&SUe&V2@sa@{ewJWUD9-7)SJZ69Z=k>%r$r*4j{0xknHD>DGa&9D|%B%52 z@brv#KU<8lh_G`L9LFr`alg#7wnFsExP^JkmEg{zg!=ysLl@B_=&0jrOO_nngmz^Wud*j zbL7T5jwks0zmf)oq`>i60&&6Q3H4as9|tp1UCGPa1)opu%a9F7DU0u=ovQ0u8d~WY zSeQ<@4}8lI{PJ>pq#%HF>O0?Bz>)Jt^;H{KHn%?kcYp3@)#hN0h)%g*#HAzCmWlXm zskQR1M9gM`4)CxqqX>@m4^E%uhZt2~xWFP&YR}fE!4F ziN;Yowm*DqA3{NUge>X2F4IYbbnHIN*3^uCC)1&TUYE`;G|f zk8nvEx*G4EDaSk|l!|b?+EWsO(g=7YKzAJ?ymofgqgu5#n)&^?w@2Y^ef3tu;Wts| zHKkSI8~X2nCiH1~UzntR?b9y#aH);4-X97b#WPoCth+ybw0gPD-s~TU@1dh~ZF#CN zX9p>Yo>b09CxleRfy>HV`)8M*9K9b4U*&oJQm1Aw|M=N!=U?s^1zK09T3=JHw?CU`N7{E(pS)_ zfqg(4YH@P&-Z)r+N0qK34}am&4p*y+VZ@{KFp96NTWTb12WEu)d4asj#FD5?6lG2}5E z>?w&%V;6Wo(hk2#=E_JF1rH{Rutm!=DPPXgfRBch)!$8;6o5Yy0D99-7nS@Dgg<}T zUb;xxv+GRJIZb(UlIDtL407;!WdzF~lt~#liQG{kLB4(wKallkvp*2%Rld12cdw?o zQn15kUNV{`MXkg8G5Li>X!d=-=nf4qo0x^xTVtsiirf{t8Ly5YC0CsYiS=^w(Xcmq zpE>M|rf}GAOyEpZA%SC8$h7ty98V}G8B_@O~gg_v{!rc>z)j3 z`r&1}iW#&0VAOCtC`ZaIA?@sP;QIP1c)23&C|6p2*@Gm)HTy&7-lJq=yG==XUU3w@ z@|Icc3M8@aoZHr;3mR4tb@e+>c|Ok+8iXlmkoNoLS+BCQTm8-njunI*tVr^k>y>#c z0#8gLTC>IS7;Jya+yv>BXgB3cZR%fVtI8{y&g$oQl=MR*Y(?L8S%0OpbXW{-J9bM4 z+J9yH=D(+sP0ht=QN48BIcdpZKk?Q@yuO?x#W(En zCc$#3GFMXjS4xddJXFLKCr1Vv zVH^S^QGg7~&%0LJ5Ls|ewn~f-r@cZXs3>~)Af55`r6+!>%~aRAbJLfA4L|6)7u8=2yPBRQA0A*fHxts&3gF6Uza z$O|=4rcfG_0styu0ni=R@ybzv-!^@c-T9+VYO>`ce!=sszp29XZvY)yBU4OZBc!4S zZ!0jT>2S0LG9MiuO5(m>68`)ciO`gs9S1N-?i0dmA7BQ)zz%imcrvS^d(Or_>jPrt z`8|pHKC}8kweVBZzf%w3KGNTp1-xE9@ao_E4S;=MLcskW^Ve_HAWV548r>XVDQ*7g z@AjC@R}___HvGqz#fo{jWA{{WvcH=KU@-gV(-#9!ar3`r2>#KQ_vI7yCsG0|8|?p4 z``%aOo}chd=|0B*czxsty33y_)ZZoEpCvyp@8drzoUfRt3HrxX+~-gK*RB3$bg!v> zuW;u&NFopH=ZpTma{6bLzX8ElAhm&mqXtkUbDhl!4Sg9T)XZ)A^qv$l@V6QeKcFrT z#88KZh6s2)##qafUO*+{4=WneO)`0x$aetLp6RthSyrk|)@~ z6a;ks(iDemLqCui8W;>Pu|B`gfj9YA;{n&^C!P(Wpb(XjDe3$I=%%TttBY%cYeLrn zr13JPYZQi&k@-KX4@eT9)JBgSHHYi7JT&UxDE232at}i5>gq{xac#@|oB#nDAoC~M z(LMAL=D#!8Wkci%Cjpri$GT|1+nhx3;y=;kj{qKo5D*(N_v$EnU;_OMTK)*C`A5m! zrobN{|FGIc@FP!T+URZX1g0O82q@y+Mz|iz5Q^L$ zQ^H-a0p0BrM1t-2eg4FHukOO1{D-Cct@mMFk@Ke){6;}mngYOZ^dO#v#m@83v*{C?&9eZVBf zpC$*6x4frd|9*XfJQ(JO5C6T2{^@wYKmKp|S^pap?*_C{KW*_J6AM&!G9Exe^=j?@ z8zRgSXvoAODDl5F#tP8jR9+8~3%}cE0K(m3GW7dB&~Sf?!P_AE}xI($COIy zwD01HV)xbA&j)%8q&e{{8XQT)$Dr{O(>=U`nMrSC$ox$RxxtaJw+2WE8PPw=1JLtr z!+AisKHTb`d>`J+{X6eVE>bGUu!mU-xDeQ{&m}(-s9;VUDnIKdHPx2aw258<6sE0- zYf;n0$nVEA56`rAJHXe%V!xdR)R3amDbV3V=x}Wu?Cexm)=RB?iPIZ>bj*7>jos63 z?5bBZ`p6H6E9?xH#}7z5Ntz2qy}I_AqSO=>k+bu%bjSkY)X)~dqP%=|)^Ld!sS@Df zV-n!<&g*_ZfF>sZawa;+w-Z%+9I~gT>5~ok4OG*Lc(@A*WB&5z9;Hn4f3}AaLXIJ> zefx@*Dq1EV!MWqvd!PtwGHQ|$T$qHDui36nZYWqiO z_ae>0d6X{`s_+J)S(1C{xxhnjn|+u*0c<#Ee6GMnF8JySrDhk`xZLZPkWb)ut4$ey z5Cup@I|ZAwpVg*|eJ+rz;q9h|Fi2h*(3lhJh6#d)xwC2!43}4u9_4om9g1>RoyI<) z8t9$;_XKT9QdgKnTC`hQJO%7!m8EQVXJ-A6JXH{l-lkz>aA&65IpLvq(uD&KaSSG- zaMk+Zh^VV$wmdCed~`tZqTMsf99gBo5L!TLoH?5^KREF<9Naw35hnn);+t3==RZ1< zz&E=AM;d+q%=^HZK|I`5{@J7&UnM0}`TUEwJ3AXSL*jQKw1v04$&Hrp?#!O*kSyA>r~ z1ED~?DQnI;9h96m3?sjMF%YrVVpgznzffyo=o!DZquD`KLuR4^Mvtjg$1DLiukx$X ziDC=ZJAO&l3)}vYbOh2UoqdYSHy=N*u5l4HJI?bn>Q{lomu>WvZGw$Z%{bx+q~n`) z3N9Rxxf6xFQVGmoBLl4kMqqe23a4D%VAT(0aU7yQgb;t5+5cWgnEOqfa>H`l}QtrMpa;2KF zEm-@pZ3RGZCQh7qQvvnkCd3pAr)Pm>6qHJ0cN&+F$N9ONV(XVw(4!+lT7a$6Iy~~M z7meH3t@Mu)Rye}5-RZn=+<7TiUnk4NYot);@pAX|kM;pW=sv3(u+~URw?N10_Gw#m zjaqspb;ke&I2ATT(Y(*!x>(0A+X;5WE$L5O3WkzrN zC*9qJEAJ2tGrt%9+9DoWMrYWNkAHQ@P>^=mZEWZz3cYds7&T@wnv>mP3;>zOudZsQ zE&!Bs#|j%}?0&r!C`%bcphMV^a4V6bRoJMrSE{e^)n?9mvesY4uNj(k`x|sSQGGipAsVKEr3kWjj)*K(m#&q zUKsE0Sv$FQUL!G?#Im@zB5t5KtAB5B2Al@KvL1mmaF42w{K|-n3OR^7Y_Q8Oe&kju ztugQw76HH!@!;FeQ}*q0@%bgslMwqVGf%}pk;2y;7>_2Np z0rGk0M!BSw?`Yv8)7>M|6CzuJNEPBE^@Dysb)E41ZR9Si*fGt1eT_16wY3Vwqihtn z5hKSuTr5*XCc`2_u4OCAy?c|F*jn-N$bojy)S%KdwGo{W9H}XG$1rf|P8+hd{DvBq zlaC|1iW+t3l|ssm<;=wt^uR{LGRS}$xkt6{Z)^n`pozm`(sWwV8g$&XqFLuUgGuNR zT4o$ejPeB^G;=1AIWf@!#?=shP#5&|7;=VfSa0RUAh3Adgx@nLJ5gvmcr>r-B)t}J zB>cC5>)WnXd8!*d#P_lqN)4yl`LWr)DM zJ;=fe1msdBmInmS@j7R?dnePFpM3~1RCIf*^>sK#(5x1syJD+R+`;Oj5No01fe(J~ zUNqn`m}ZENn#GX2{!aWLvg?pelAGRiSvvW4s%6m*){KDQMIP7TU$kef&*!li{K=f7 zNpE85a5IWJsLM{AjF#?IfPb*BZ`<1o(kxm#*vtE;DZfV9?DODbTVjZ&dEv0g=6RxGIc`pe&p6kE@dJ89AIJd&c}gz^3$A z!!Ay5ErSmzgGy%to&~^mus?MH0 z%$<4E(*W3+d>PKn*|}pH9W{yx*|88Q6)(dBBO>ePXRs8%LORj+7 zhQVzp)s-eYZi01#2J~zj)RbKsNRc7y!X^Cutx8^O;@kWAvI`z~ptVF5`sL)(1%v5n zRI%X|JMG$au_o;|zv|!9*=rtPHf1zdt{7OO1#_YesTP{cP-TI_hZJ#O>XDfaYd$e7 z!V~eSfq!d?dOxE-;FQm3_bxBk;IaF?Y~6R`c0cVA#(`(y!gTZS??U2eSRLCSL+);O zO##J=V03r-Wb{3HeUV!$PZ{$%B&0m^W|d|?g^_1jTn~_ik(DHv!doiC9j(xkS&2Zoa6G#0SFc;ZbNGFhwjhi;|Jnwl#rBT?>K})QWci(}+7vZoG9%Tn z|8S#BX@p|K?IN^2GyOF%`B;#!7u>es+v|kTUo46=2xbjl8TlKXOEMOz9t~JL3(nVD z1^R)w$N%x1wj^CfZ$IdLoU1VEnZi+YH+7Q zUMTmbFe!13Q2;V1)fH<8^=NG8xrVW3M1+@mcCK9vYUkT9t+`X|_KT0pB;ooL9V^p- z$M9L~eimSGmB5P23c=T*r8_~|-E2i)^$mN0?MxcgIi@Wz{m#kEtXp(8{FttE#Y%ci z&?|)luf?V0b?mpq@it!$u&j7@NTcu)rXM6>EZc!QqZGG%RvVRW(O&MUBDxT=(K$&B z4+Re(+p(ARnc;K9kC%@vBwLf2t>L`)+TFnd4!z>heY?DN`)g?P>2F{m{}TX;@@u^* zqb+TTx;J!v3O2f~d1vihIoWt##9%+U$07V~UfmSlBIg8P$9{fSR46JALwD;Pjivuv zI5=pnf^xwYN-Q-vwl_XyQc$Q5c?}NC#~&{D2S-{lnMLJtyL*vPzLG(f}H-LC`1To=G_mT``_ z=whNblGd!f3l{O;Nr<~{7{MgM0OLj8lexe;8n`IDr6XdQ7o=G~TmF}kja42nh(D+D zqOVy&-H2%U-lwgMIa|&=D{oa`zXVd)!*SneO48|TXS3YK?07Ty#LD#0y=#P(Pct9d zSPe{{jf__H0g%*E~^qLI+(=tWr+TyB)q7JaL?27Qy0S|k0e;9dd<=sD$zsU z*yo6I|BMYdLFGZicFU^83p&@pXSk#iVEpuk(%-+YeDJctnP~ks?)CT&4g1aUw@Yf@ z?ZJEXY4o?M@6WB@Vt?wdf6t^!;2-<}|MllP8xRSgXYqZxOo*a0v@_n6I78eB4LA+I zeQY#wAbB*m9eWf_A8`j7Y0uXE=?55rzdS6I?>|{T{ax<;`~Me?m-D-cI`mSq;wqH+ zi@+=f{_(g{3MKwXbxciJIXMYTbId9$;a{NQqUv}e^)>|IR&^>f^O<$aBK3q|h*=HD z>?x871N8@?R};=J34KWXUY#3}#YAF0M)-Aki=Q@S&Y0MfV!ztc!^dPlEA(G39yqxA zpg$hY`})JVp#O2}J$%|H`{S>E_%tu|M{V)p)6e9GrSrr4`xP|mf3*V8CPe?`n1O@) z=Lvsk?$+(OolB;p+Nb+6RcK$*NIMgF6H?|*1o0U|`3j$8jxQD2*dn%_Rg zhXSnM{Xd=YKmPeYzr=)YEr`QJv?0}hl;>+xqp70eTta#K&w2yWzc7?F>OY>xhkDK< zHT$pq%c}=8zt4Y^^*^uMf4}+ve>fptu0Vep4;MUe$)CKVnwteY*yi2>dgdK`_ahe^ z948$UQ%uLwLV$9~mv99_vY5B`kJBe_RD-qfy;Uw^PEPDQ?uR4S>l<$`3o;c$L7K*UERJX3o~aXo~tVgA6S=;2^X z!a6&HfZNaDS9Z+4{ST{kxb@Y#y@o%*t;@fKM794!DR}<;z)$zPxjv=+c`&}c{(YDE z`~S4#004@;KgT!YKevCqEjbNgT-?!A9jdwqlIT(fqUUy!~u1uP{Tp8V<0$B*SR43#WV_OLXs!$1Rd@*ezHC#@@pZTe@Z0uNSwUZk}4u^ddP{!9Zgy^|yF(6>u}!<9EAc z`6x7KQJ(^KN(v@Yo?o}&18A%)fq52UDgVgR{tY9T%KeR6e>;oi z#=|eKRt8X{%OFnJ_3_#?Q@F=t7DCx#8TL^4h!ZYbKAo(9irKUc+*)uMw3#RQ+j6zk z(ev>J9{nLTUd`&dD&PooGq`W12kSeo|Dfz_!(WVCGwggF7hJz0>%w zumMzk#62AXJM{_5f)8A8|Tl2b#O`zi4&hZEM$4$-dOM)}<84?SRm>;_a_J_0O zr<5vEJU1oE84W4!R3N-zN!~Q)DwOJksn7*y9AVJyZ@uLi=5UbFcaL*teJ{3sX{so= z^sB(jaET6D%#PxH0-+~km*h%S9`sjSpF}1o^g-uNAOP*=1xX0iheUZP7Rq}%X$tCG zChRsQf#e%f*&eGYB<;+bR`BlMl8{`e^;gBdmh=Z!b%5x3#NAT%{YcfD1>{q}qog@A zEkBs(<4`LZ|NK2+OEqX-*j=o%Mc7|L3dwQ`2P(4NDmy>o$Ol+3qXWBk(^cu6O3$X1 z#IkEs?6$&yJ;Wz!E{?rKj|M+tv)r^6UeGWk*n*nf^R}8JXM}gOZ%(YAfFp~Uvjt}6 zEYwMQ!#u32Ce>^OJ7)%5d3`@fUec_9@plI{GWr&Tagv2XXU$qLLDNS8E-Y@Wy?DS# z$#|#;8@GZrajl#esPBuTDgPk6q5~Sjan{?EyaBIbAYQVP;Of^#fvF)&oGWQI5|M38 zX+!)N`qnuS_*HVRw3O7%S~{RgCvu&ga6g}6j>!>#K~#o%BTMdW%m7m@52l$Z7Q$wf zbrdCc-3Bqvu^$OHp0_ZdrV(!ADCsZj=5-wq&YUHXH>SU!6trc1ceyhN2yT((%{YI* zDPr3o6i0Z6IT#0M$Xz8PT}|8&_^!#!+6mCSi4Js0!FICDRMpWiMsYx<8yzS4UeD$2 zQROxpogTffGPz!7JT!{>9z^1sEkHs{3<@&ibRDXxCA)T%Y7O=6Hpzj8Ziy<$fWzxL%j-tca`vDxwgBp^XY8@c zHa;HC+BGzEIa0WrARPI2ap!|P@BYv338qhJLpxGA=HOQWEuFo+!hLVc)_5}j;UJye zB7=weF=Ji=_h^4VhZtae3ctCY;}mRod~dJ&f&5?%KwsnwAl{}DiEsi06twl}h%vuQ zYa9sAv$N@!w`}sT)tqy6sXs;O_u?6!gjo(>_s2^C2(v50Uk>vJ!MOq!taat(hd|`n zTkLBEt&tZv=dP!1%faQl!`ZmMHgOi1aXkc5+mrS2s(wxO)- z(6-hA7Dw{INSos@b#P-iux&c{GxO>b3-#rK!HT0UVKW7DN&iYZZUG{!Q7nTpd=fG} zCh1;-6&1y}SsAhKOuK7J=Gc)z8nGU1L1~wwCkzCZtX1s?+MNHH+DKjlJbDnv8;DXBa~V4}OpS$z zSY8ob3KEqvR4P>p(IUbciC-;e%!>Io6k8T&oEwcmSd{&aOX_r|upVIrjJjj>8jpti zL$$i{5UdE)6_r4%{*2on2`O7sN6*Ug5xQyk`f?{Y2~yIY|FRv=&CboyH&2)dRXNUx zAuA*;rK`*MNU6^NAeJO0N#WQMR}-;?1<^3hDq|+pG}N-6$%&&u0y{gw7b}jBFOv0i zJJHE*K3qqYUW`8dT(y_$eM9#sIjo-0wjySa=#KgqvsvAbG>ynB3NcP|14ns+f@-8V z+U&BZD|Q~FfYEI>s8hW}sgGb#Vyd|G!hC#($ zV$c|hJ!!dMuxyNwrjq*4$SOx=j^vVAve*Uiz-4CcnTLh(wE2Ev$smX&bd;{xz4i>9 z4%Ftf(5Da(C-}2(w=qq>jjGw*Vp~B^SMJoaQX%pb?cCVW0xC~uY9HyOJZPkEz-N7w zQ81nr7$PDt6V~~34D23p=MRm%uB?6Ufe-;>_JGZg9w!C0jt9F5Dz4 z(Eg2a<|w?RopTujJ^z}-_SQD*!BCia2j|4Au;+z*(S^6$GsolEs~w)Uu-8Gd5G5ifF7 zWqkU@F0-Bn__;rxr>0Uwx*4S(`=5OqTuU764;c;OL+kKkv}ZYTWgv1nQ~Zi}>-v;)jC3?& zKJy!%s(IV%33_iGXV6Hs#G}v90~Uq=e`gGrP^IjYg85#*8-=!A#c# z$LllUq8pRw0IIl98lpJyqr@t`y%pwbG`NX%BhWIE*j1b7XOBw))byg`QyWqVW2tYG zlkR$@CHE$HIW@xoH=1@9{h4+sh6}6Zks`se_)W zArn^<-s*}l8EV9QIEel`hbWwb(`roP1W)N-qw0FNx;bGwDWARLJtg|A1 zuP!q1#N~(4qqXA?*2|VBP1{2Cn_q=T#jUGE^P?udJd?6OJbz7PDJ)W@v@% zqPy9uyR^al{)}4!tN-}aQ;wVu>ENW44@xdEq#y?}5q`xFCK+ziMIs3qgbbu5dI1Y7f>ycy4(te)BYh|vt z_c5RZ8(A`W!nLCzX(T`(gX2e!4n8i_*tzvJqH!qRcFp2PceWr{AJ&&E>&Y71v;yBu zK&DbisAsj8s=k!2%Id1J+m|qW`v4!a2 zCCO!C*UIf;v$e6iY@T(=?EXAO)B{rI9tnQBb zVg}YpnL29TO^sd8=jF|8jrQ6(et+`{2|irwTtt29^#Zv%gqN!k=?HIOb(c}^WOD}q zygX9XMH9o=`&2U2eb78y&S63u_Q7d`PD6#r+$@v^P|0q^FD$D4icQxfUD|E6gU1$W zX0}VO*LvOmYfp2H%?z&TTf)Ko2K@Rspb@9po}R0Jx{a(xUqk1^Z<}82+2Jhe&f~J& zN?e#Q@D+iDO=*bk%f-uG{qd>R3B%USxs7XRDW6d>N7pQuV6kNN1&ga#U{ zQKswSTs5T2=unDWafc~Q5ShVvu&eg*G(i4lyBv0x!I4@FQBhP_R}&e%UpY-Q=Lvca zA;l7FeeZ>VdBG$qrD7ML8e87n--`{#C?6R=DO*w1?NZ3F%!$bvA>?h+WaCLpNso&S|HtM7~YndBvJHLLxsatBAQy=t|W*A+X>uVFx~rJ_G*93w;Y&G>{Oi}t@DVcT79@|*`JU2 zW$u3&e#y*?Z7vajmL6w5Wu+6j3zqfr;m|MEj%D;k&6_BVO(y-Z?2cDEmp(uab_d3?Ci z4XZnM*tuWP4(MyQDF*V>XH81a;$D5r`$C5i?021%k~MJA0uw5qa@Q#vK-3#XkxV{% zdzWeB6${uYa)tMzSFFKoK7Sc zqdGmu-jF+1X|;d!Cd7*p^#x6do8krb}n#~%hMavfbdc5Z#_9v^~aUwQ5HMl81uqr z`02-Ad2_rLdr4*i#WXV6W3?JO@cWJs&i~HL0%KHpHFXwspg-8cjLXPd50#TaT;cr& zWWRQ}{KIxGrA~43YkS(V$`mcSqO-xC)PfvY(Jwb0MUu@{;MSa$tq`GIrqvjl7jK0% zX&cMrNM7wDyd{s9#24K(WYpbh@}R~4vS?fcdy!ug;yu1lDB$GDqik!U`@s#VoN?Xo ztWze4+XLs9OEehF+gF$ITN(}WoY;0Val1t*7ZqpiUG>?kqU{< zdRMqqj7`nD?b#ldVGwg34RT-xMLuoYVr7cT#uBudhNpeSi;eErk@+m32}?*pDR`@R z55*3`m^Hwit?_8IjOB34oM46niZM|i)Sku!VOSB=-I(OaGi@Z6&x`e`VAGCNLXc6W z%yAmZjw6!r*Axkdc#j$19z0bxbrhZ@etx9On!CT6FLom;MBLw&99i@Y*;?;0a_;^a zjMTSK6e=p%c*`XCX$1^;9wI%v${EN=%6q?lLp-aP;C4X&0GV%wSK&Q7W6XRtRqWCX ztELO~1u#9uugC2C*GFMgM%RqyF6r9Ol?g1lG>Tk)g)+K=6p2iVU2NQH5#Opg`$K%t zFlIFwCWDu`mr#s?gw!2&as}|V8>2xrE+8Q?6r8;&>+AZ`t+y9(BcvP7Xlcr^YYyK} z8jgG4XH3YZ^76RlBBy4+ZJuhSEpj&_A-t~b*VJr>Z>*FV7HDh1{<8a4rF!? zg-##yZCb*uP|o6_QfXvO1v8iI6s6golD_EvG7&RrHDd-68(-TH9bso+ytr9P=aTDG zjQF%wQ#H6G0?Y|>)+Xd0;m2x2J;!jB>yh4v_ZvNnC?$Di(v}5hb{WdKT!f9Kp($VS|$!(?dB^V*Z?YD@N}R`puz{o_S-F z=^=3?MXwOemLO6BW<@QEfvFy?-4i`#rE@_q;|h%YIz>iN=(FpW2>g+oiOu<-Zd^qi zJ+jo@AFLMAE@)wT=fax#EqWQj#{HW~aR~wayqMgN6WiUFOv4@I44FuiX)K==+ zPM%$Tt`8F>%T&fsfM#cWbI^3rGE*bg_4G6q3+l2ifhB}ve-v`W#tWIj@PqoL=M8&$7=I})YELu4e#Qog zf`aK^c66TS#WZbQ9Oo2*Q#O;^(b1cnZCL(#csi!00(M^^yiyHOFf)-G)1ghA!g{>? z66A7$lkCo>25F4oL~q5%yw3F!45fCbJYBNX+G3WwCvYg68j1x2h+RuL)f?jdqZ_2d zgDI}^7{gL4 zyl+n+z?ppPXtv&2{-Ny>jYQ}oSuU`+LXbcS%ve`}mBYJ(RdQZa|>VGT(x;);fFzm+K zz!coM_ryJn+pxU5;G1g2-2k&LPQE56-7l~4zB|H>T{HL`8mTr)KACdT)0`Urv>J74 zSx!|e6fX!rHaEl9?1i_~BW2wmuyK;SN*Bf$mt`BXS$R1J(uDAD5Bi9tP%OYDKdL8( zKJz92-)!t1*RET;@r!%aW1j%EfPZ32I%rEq?)W8gsK1 zgkM#q+2d%6*pbK+lf(soa@TZ@lvi(^BbnmeDTWqBivARl)@5f=TZ5=4M|bMSlP>K1 zC~|TT^Pe;i_)F}jh(P&-&DDG$HqyaVNxTk&sLftZGVw54+zj7ZYrptW+qN%H^+AH7 zW47_uF&bp7RmwHqMbNs&`!ooR2>A`S>> zh-BGk!{iAU;ineOFp|HJ@J(93nHbmII8)gg#`y@)(3Zx9a2}5|opFzrI!gItPtD{q z$8DqR4_|8%n(yg{dcMXezIS~EunS!6WPxxhk7V^42=(rb{A2B#w?wo>HUd`Rz z2FT>&0kP>%_(z}|fi8Gs_6=X@gBDLISG3V zwhkMfHp41Z-W2AF`|>NzA>pz_ioT1a$Wa~?;h`vH&VH9md%qaf4yK8NFwy#rR#yUJ z?+9ant3zxJs;T0=)_TGzQFQ(y}vTQA#M?h6!oRF$cTwJunP03t%yO4!;nZfSU{`Y;W)^E`a0Y{j!PCA}$ z-dtVg?0uiF1Lxvn6wp0gqvWx{NVG6R_sqn0e?J5%)W-fCt<&&TSDF#O;?(b2Q5xOi z9fa#ef;1jasrk{`(dwlu%BHpP=h*Lq6I#ad8BSA#;#Hs(t>DXd>x0Hx<}iij+QAA( zw-;4T&78~@erA&Iax;u2crJu>9yi%;M8ut7U+JwNV`Xg7@*`T}MfKfJs&K1QWK`Th z?4wH2+X2Fvl;zJsNE%~`d5{}Vge#RDnPlZg)>q!kPId3U*nx&YV9!_Fof|Y;?{!l3 z^v)gy6Qo{k&NM)^$gR&sE8ArxF4yS>lolwM#lcM5Wfk7tRY#i^&^>_ra{GqWsb9 zS@u=4vuZas;OApP&-A^XDaw2P^l_Z{&Y1N&#U6@L|0#r#*i_P=dHD6=h=y-1DEhDMY9buvPTx*?VpC=+=>74F;%xnmW z<131JGfshexvk+&-yurbeUJRev^FL)yK80?|*?h^lD=QPti;VCIap*VSt#D_Uz#-$jCcW5T%-KJI>E8uexvPP#|25~biy(oMh&)RtMRKPV&!G47aYgbap~y&u zGdT2FrVx={+NGJSPG*MvDVDf8j=9>@4X)^E%w2&Kflm^dlN$cg76#aP+r2?N#&Vnnh=@RUX<7I#sI~PKVZ?TjPAFnaf?;nB;xU!cJ%&Cs$cWDa zqM)TbN383XTvHT1WVf1ng>5^Z_p@%$LJ0cJLB}QKRDD#a)o4eZy({qlV(%@Zs(Rmd zUj-Ee0Rd@{23eG}Al=;|E!`m9px~mryKB+iAsy1)Al=<8U{CP-i~T=)oEK-DmwUZo zFc{1^*E65I@6UDJf;e1y+s%>3fS6=^dqyTTT8Tl%rQvdd3j^&~+|l!A(n@vJ^@T!u zLig)HAJm|J5ds5oYU$PLLS@{xQSJLx-=qZTs~am?;*uloy8I3`ln3Ew^(Z?AqXTOAO^yxY_WTe{2_ z0A;n`OSpo@wwnolCuN!m?mr8DooACG(B~>vHt) zT8m)S3yJ`X_dJO^pa1kMxJhAP?F*B{anLo%QPE-s&y~lF8smXwk>p>xVnzDD=2Qh;$@M3>8-w0GK!tmrim2U~NZFMtRNJKBO%=D?*^G`P&-m&bLjmZncv zI|eptyR)UJ^||~5Fv{~&boyRkBVOHbp9vF;*h6hjFa8MoQg}_r=W52gep&!yAb}Fk zxJ8S8E2Fz&khxFAf4G@ETvMdOhWN=^MyOMnwz?$!F?D8g9ZRF6^Cc#4u>4}=7{(piZSqYChs>F!tc_p?RKF`fEK1!-Tg(vTRL&ygkdAi&39{NF*M)(l$SLvS#Ew~!kRE$X zfn0$BQkLUE-hxr<&?i*Z>3~9F43e-UX!{o>&=68MQh(Mku*rcqP)qA*ume5AXOx$< zOXosZSovVYntca_K3qE?y}ECYsV8RiH?JN@e;rFM4NCUz97&lQK6&#*pff*~zj7R7 z5$VF7QNCq0$5oz~DmtZTOd?OYakL@T&U6}n8=+Z<0Lz8XKtb+sCX3W9Jcu^t?wgFW zt{^(ctN4oO_?08|`U9BC;YrjcClDFlA4H3tm-(6owt6$Y!w|(zp9RHK8#|1X0E4-2 zuC*&!Tv|C>V+o~+ze|r_1kcVrCr*^F$>A6E1{tIz0NJyoCW;1JG-HLK9L$=cuicO^ zx?B1pi0r0%Nj}yhK64F6W0Izkwu|CKYsxX050pg(fJ=4wtgQ9?CeNw=beFIOz28_{ zV_4P5fI7=Q+j`XbfA>uF6nl)+lBM2m9L0-7N4qu4lA*nJvX{Xzf-VFtmfJxonqMS> zDS$u{k$it6l&9q+tu%(-T(DbD*J!EbEpwNTBqLspTaBAtTuyyb+{7wv&zi@gEsD0Y zY_L?Y8=kL1tN1k69f6(z^=8`L)VlXLuzewhtDfKW<+f!cl{e?);c;UxiRi{6F(Y0( zp1z*(k6lGC(07EvAU_~5vG~Jcb}`;+2`fU=oMTPH9PguhQyix!1_pDcJW~}XPSw8N z(^@mff(dVQI%L^?ZmV=rr+Qa}1Vjlj_iJy`vYOx1a;1j>$45HPtD}wWmiN6@{HA@# zsVmYHqZ?LS>NLC}FH!yUcY(|{u){(_r9aM<*>k~>y+N9DI5K6(eXm~X;$S^lXL0H~ zD<8&m7a~ub)f_hm^}$6Czfp6!>dQ<}^B`5$)}YJHDgAB@?bqBUe^U?CVFja*Vj?kZ z8SJr8`zXyV)j=#GT!$t2XisZ55 z#02=ZYab)K^`mCt4mtYe6F=k7w}+g+=oJ+7*4{6@)Y}89jmv=F_>oE6UgLSV$bL}> zWp#NTs$hNCcF+qOj5H8E%jv-imgIh0RLk%7CjLgv;ZGfbghsgV!6z*pC!%0>zZ}DM z`so&jjF<6(cd+@N8Zz*oCtL&8u6?UHNfNk{@3;-`kyQL7u7eODoB>9T%Y| z(}rWnb0}Gw^f%w{%ffo8K7eCS`oc_Ja;BV>!<-{kXXC_wGK^>0_;PJNBetN|Cd|V?TSve+7Q*C_!q`8L{})* zeGjom>$%dR6<)*#QlpH|M1|jngBfmb=*=jQD*0D452V3icS99-)ZMtm+6KJmH~NPP zopO^L(qOw8PZKFH$COKhf$i}8PHpzFt%c-k{h{Poc{8waOFsEm&({DV7llw}o1r4r z>Z?-9%*4vz>Ztq;>g^@mNzM0s7##@aE)G0`!e?>7Sp1p%vt?m!+A?b@Kq*mASC=0K zR%CWYR%*aa+2b;AbrT_+pnD*JMJFw}-M9rKkyMX_^~DXxv}z=kaEbye`MYwA5Pr23 ztaK-Vp^S=j_E7Vy_9dd@d&5>3Iq zf&%45Q`6u5{POnaR6>vJ4gj@fLJ7aS`DftOjQO1;iokY%QlM&*q}_)?l?5}-tDF}b zO}sS<@#ndr$zUYEOm&drK!F(aIIy)#AJ!{6P~{hb{o%f7I#_0Il^zc$98=@M-lD@LB0ON(hJp6cJqsLfO^@#SpyZ1&$LTR? z%4W0ZbveIBpxOPZFwiexw%KJA9!mkif3(|nOvlAO68b`7btA2eSuG`Y5gu8PjVpkB zV8F`SSf8wUTQ$z(q&=9%rBIuPn&gM>?n(`-;>{%X?Q;cwo@6W244eFUjc9k1Ev)8JhaheLm4-u=WVmz2}v%awg2A$K62jJ}OUEx_bIW%6`SmL001- z);6=r{DFpbuEe^!iK}RJt0<6NDSaG*39w5N293{x+-y#d=Fw@vOb8YvBU*^n<`o=gn^Tdww5uV!w%!`O3}^Mp1<$jnpJgrz0J?3-8`MEuAY$odj1LL_}Yk zTOOQLR1^ZrD(0@fpUWMG7BJ7_!1E3Pdn`b$&@%OJoc5k&3PH)>9tZ#9#LSGJA2P4t z$I|pVnFPG*LqTa454}J`3nRp`c#~sPGm7(ey6BG|iRx=*;1TA!dmxsseXpeDwG$of zw5R+1EvwzLwGDagt>bau+8xn&7ePPA8~_JWvcmfN+h!t9DPW*^2cN}C zVivrJP>(GM)uaWiq)uid6@yyxg#>VHhjJ0QIE~5na!p{OO+UMh_DL-<+C-(MlNAr? z;3KIsjV&x=J?0D^~HV2So*P4kb+OG9X z2}7jTNdkyLzHiM#wRbsVRCsFD`g(9N!q9zy{A>Hx>TQx^nJn&=D2|pJ|CDl3C=$Qk$jT%EG_|>FCaL6YJYMpIR{$ zk6&pxSQWEk;J03t9f)SJLnq&|`+hr@4rNWKUohHCi?2g%6w;;7%sJ@OyH+O3bR=Gj z-$Uv2jd|>x7-3;YKedEO+9}QL&a8MYVWkaMpqen3#P_ImtSg>IPp$|l5YrNj{06SR z5`izQKaEQ$ZgBKe2@5;fQSEG!CFQR40C7R8_7+ZrQs2m(p3wWv zEwX>!A8V*b=XMf)K9^)HK_+U#Bs;RG!Pe`UjiDGvt! z*5uRLHM&!JsJ6Om@zXs;-2UzYrU3BoffB@9N`lGIxMP1CR+xdPQ_H^ivkm&Z3U>WH zY#gTY>pH0KB4p>;mdB{#))3D_lbnQr^Tre`Nzl1>OKC^&R zq9U}jFM{wqSWdaU2Wz$E1Kp%a)?%_ow;dxZ=DNN_`0b`(85uHe#dW~-7kYufs0o#_ z-0H?(H*-mVnmj3S9etp@sr&033J+Co2@VEE7Vl0_QISeZx$68?5?H#GX0=a6WvuNt zv6);-Y<$Ykf!O=+@yfET7}Rt?=i{uI3Fj?M#YoO|O39H66znMIAC#7g7^EjBr>%)A zI3tBk5s1v%#%a3M?)J@F0K&9$1{lhd<5|VNg@K z4<3vKp6V-xBJuisl!G+mU3W$V#r-L#G6e@pWjz`b$nGpdh!2m2kg0a$^Dtqu5?8;}4!RnsWNi<>CcD(aLt1`Yi(HIjz2s~{x% z;X#LyKW)2Ozd>Zs9e&KkY57q?6;_f|`4Skg0!6c6Kb?`zZpfsKC112?(Fk=)6{|lO z?0n^wo%J!0dLps0Yasnj%S)Sh?reDUtAWx4f&qA>gRZ}ANnHFl9dAu?*XH$BOT5fG zICBA(Sf+QZr!xiKV@k1cy zA|cApa7fG!K#EV?7X6T_UJV!bd(yM*@FOq&7Vr2(bJ7G1!d%@2top>Be0~Se zig2Oq_KX3-I@$g;j?+LkR~JY+f^eTL$oy-?$35NP!cPfK23s&WrKY%wEsACeDo32D z{xr);m{gR-R0>9^U`p$KekJpN=4@8N_Rw2XG zImt_5+F}D=&Ois^qWFJm2lIo08Ia-OYo6Nq#uHhA`I zOIkx(o3kxkfBR+v5_Et-_KOqScT1e@uFf^8}3(NaF-LR@2RMZVy#o zAaMrIlm20f=bIb}NRs<^MbPUKx9-6 zRZA5u;ddWfuApoeDhx;BVM}}$jfuqCfV2ykR{lO*6~tA!HeXFD z!o!`f;52MvvJ2kaFg}Hp8a^&=o%3lx-594P&44Q&+U=W*xjV|p+H-UckYV^`7ng-7=+{BGC!}? z_nkhfx)F~k7~mGEKA;$MOqA`BOxcGVY3K*trW=ofp{eJo)IJzB~ub!>og83cKIJ5{yFs(iI>+d!J>r7|EwpIVWoHjAQm zcc;w)Q!9$S75{G~%iOQ0VR4$1`&WAF0t5KXgUCc1+{`gu_V2&3)e+NqLnu`>4m`_QZSkTwk-$k+3fvLM%+_(|47!bNo_1`+jYneG>S;x3^e_Ef%|# z#&g>?#P@){|N8+ToP5%h%7FVCaGn}`j0y7gv+w(5DuQS^)GDi`=c`=<8ZF#sTZEVS zKLe%`?c^nFx9=(>e1<=~62x*WnW@N?o_32GI4o1#`Xg+G2-6BM?UnDP!7u7!x!tBF zzw@3vrmft6!0ctr6L1Ukyinu4B4@o9H#@H)n9R}7a=_{wc0Kc=b&&ov*<&o=Mz_9F zvK^RJ7vp>vns?5})TC+5`s#}rvStlOzaS|2ht*&PFa z6bp<3J2p`;&>c!}9=qBDH&;9Ys@S^{)e0<~jsE!6eXi+|k=ZCyN#>6qE36aW*V1w~ zAUyC=`oD}W+x3Zr&l*V;B+K4VR(iJ?qq2Hv&jSEpXoCZHW(2*0FJ?^J(mT9T-spV9 zl~4DHXh=VGdlejarrtMZ2?{a{e`Zn>th-Ka*`d(|fj>+yMig+s+CDbL@~=&2KHs`v z7g(xh&5@-ow79uUUEZuQZgq_mcAf^jPw^s={5R-`y9pb0XMijhAftv0LjZ=h7SrEk zoeLudV>Pzznij)Jusl98pm{snh*pr`Im^b0M1uE$b(_)}Dz-R)D(E;(u*IG;k%tL) z%{$GXh6;_SJSAuDdxFi4H`r&rC5fa%8{1GXj*7&9uP~|X@7E2{nPLrS$ffBxukpNd z*bcyOMMpSN(I;CGMsDzFN8dVrMSHNin`rdraI8Tk^*@L4>E->_2mY>OZq}n5HvI4*y~ccNCAO@Q<{$A%Ru_$UB%HI~Dh_ z5jWD>CvEN*-ESn&z1l0sOvt%h5wXN&AYoab&i52?f9#x$-0PvfSM*x<`-<7%OPH6* zfU#q^7p0V${KiC}?c5_Z4%b>>viW5u{0kU^t9k9>4O3|qvX$8kN*s3bl4*tHC!a+w zKo$BpNP&{tKt@kYR8(}&P^Cl*{G=7t@>hg!dRYh^^2@Fk^eS5j^LFezRqC{C2vd^tfLO|2z3-=|?H zj>a0KV8ck=(paqOl}m`ka!qA-(@C0s(526>U1A|JxFAR=LHnoAGRJfclSf)0hmR*I zDkWKkPTuW(u%Ke}5dTI}g68B;$+;f)q!b@1i6Q;<2@_oWqHy)|Pe_Ea!Qs82l2x`! zptxzp5w^9G^iHy1S7xKBwOK)Fb&x-8ft~X#F_3q=ET_N@W>1Qvwk*7|Sd|2la$D=Z zO57B*gf2S@S_-xWU;1f#q$MJd{iFN(3S>2T)<<~*GEb~IwCsZV8&5c*DX)#iz_l~I zj^WOgN5G?pX z?U3A-6A{`%QB3RHmNs_CbjqT^04{VD;=?_Cet{}Q%a>mU^0xL(Nzz&%GL7*o5J$uo zGoB!)%*|Iy0$Dq+lrzBkk(oUdRH)RO_7VY=B#qluA;pjbUTO3{$Y6USeWm+j`t0r*eJ&AExR+ErKdfkX9HmS6-B zph??`3^l{Z2&V8rCbb;vt2?M>Hun%DHDY^M-r7Y$Yr!sHz%X_EV?A17&HM$@(@^Jl zE{R)SIDJy-c`o(mfkXphHIh>-L%TtmdtDcsu~?Qq-MH#0cHB&^di}-8>OTrJT2unG zK+$r0JRVAOZ4ITOw#ax4@ytrHP4nq4_5%l}5gc~FuV??^PRn~#)*4rySnIq>Xfmf9 zB-=KaOXz>qzckk#F4@(!o&jjX=Qos3>X5Bj!2rk;Rwf!av^bMKa`NqoC?{3LKt`YzIQcaPXp z+X{qpCk%>ab#@pon^Uty5MUuzIx41(-`TS#t3$_qAI`7Fm0k{IJkE*3EqHj}p0SqM;xKrgU*zTa*+19Qyp3?dK}muR5Sj$jN=0ASpmcTYA>3m(DfhSx zw+-(vbrKC`MU8Ld{=dtcBnVAufAh`fT1~%WHu&|6;RhbSE{TBAZC!lg+t-S-Nq&ed zPNQR2YZpTm_(h`ndT>~=*R8E`4UQ#=EMwVL+A2%V3Yxtjh-^1vsEl7~JN?yO;_}N? zV~P#s$;rv;I|}z%OJMQ1wr|(hvq=qQO)ct>Psk~s`z>-wss8EZ!woO15m>S3G!oXe z`P-opkKx)`SeRybc)G_lLIkApyPs|J38K1wHp9H<*kJIf1_8diJ1i-QE~}N+AC^9! z@!!AtM)WqX-+;S+0H8}1Gu!$oJ>40OB+H(K1a5t?1sW$vDrYE*1T5gO0ZaZ50&Eu&|bt zzPM^#{OPHA;}2->3PKl@^P(KoqJC<|m6`0*r)KE^XS7q?zo2+v;f~Mmd%oqr81MxNOWS??l-cl zi+7yu$dvEO>&^j@h^Xuk6(>6TQn;@1=54BL=Q(ZB07-b>PAkJ6S}26_z88z=0h8r8 zP(ff5nJiI_cJa(sSPm&R)a}cMWhF*wa{@DgbPg%b2t^-?*Q5A9d5OY`gohTLSTggZ ziQcjxutz&nRu7etpwr+RYV?W3s>(XqPGotIMa*2SFL8bNuzqsAHF{+FMa=iE`*U0x zR@8@V{(4$Yeivjbmg$9o0oS%_QZ|JA0*S!)i%kQ@o7fUpTl21m7v$%s)3#M_TcRM~ z)2SE~$zH+Bmve-fj>tM|Q}U?27nZB61Tr7;m(zBqJ`@)9e{Ld8OU0NOcj&+GAaQeX zHo;c=6q0y(dLD$!D)ZspYcRAg>GNEy3tnWem1{}87Ew#4*c3pq+p_=y3?IS3veO#! zQUvxSm#hd}@Hq=P&at&od7qk4Z@+>;qSNMG=VWZCk7xm*;z)t89QH5D=sZVg>3M5(O39fZX0~9`g%)vGO9Ex zYiGRR+U3)g8QVR%OyApc@LM73=7WsONHh>9zcuNL-QDO+lAxhAnv$5aHQ5+cQusjD ze!r?rQMEvr(^eLy^R8BL6Wt_Ju-cq@)fTF5|o>q>aE-2YefBYFK0L4zfyPh&NlPe$n zb~YcI#+n+0PWXnA^r_Ma*RGTd_)`+cnjO~tGRpnzgPG~*RVLsT-iTi!4@5^dW0B}K zUNodD6t7jC6htc5#iP*(ySW~F2vtR#cv12cZ_}Q`MO*(N}(?2t}Abey57Ljq^EtrS3zHWL-n_IOk&hvLaBXT#^E;A={`T*3%oB zWGO-<3wycn>!8+D0xW56m^7roV;H$uE@E?WLsNz9`h1AKa^aN{L4$c#S^72{o=3F7 zXMpJnt}5L3Kz^~3W??N!Fj=ZfWBTr7*BKxAcBX0I)c21P(PKk46$Jjn|2x`GsLZSH zoA41exDj+mDB~}N6*h%3oM12!3vRD}G*e)7?k^{+T*x!|aAUpyj#OY(j@m={jzOeH zI$)vB2Gw#No?4*2IE&wg7R?&nD8y_O=MfF=-Yn4W z&*Wxw|J&O4tv=deog+f*OqMx#{^q7lPMd^RccSuBbcbr(0E9EJC3C1Wo(Wh?QZsM- zwhQqALNNbfr`zvo>5(q7-3=1K`d#bZ%%ZX(nG_^UEpR7|`7x;V?D5e0)Cw1US^O*W9i#xGNfvmY zj&%~|Suv)^6@Gf!N~l>2EE8Vs-G>|UEy~6-J$9r05_`yfSnAIZMkJdfleuQr>xm$Xve=$eSxICrj?$I51N3=d2+XA3psB}e?s6Ds$$bA7eG=wQU0@23nbF17-*# ziJb7zm-<6}H*s-s7nh4MBLk)W$i)M9dvP$whv0-S*zxay9)$lCm3TH>p+bhSqGBlg z(m5PH%Mt6qtw*^1h1Plz`Q5-@^s{XD$1Ko~mLghQZ)5|+9+Y_I^Q|^h$bW`FWHon; zvI4gY+OMZj2`XPFIn$y+Oo6ihuS7W962v0c>8PXO3f|XP8@tR zN`xHJ7(qU+NU%cb*~Bv+W6ZOch=}qsqni1Zd*v9ESW^a!OD%1AQbUA?q7K!ZD>XrQ z5glYtIsl&~$Fn#XU3>tS5Blig$%X`_%6#(QYznU=u3X*Y!r z*;!h+^v2l^jPwKy0V`{GNgA`3bdO09U}Y4vIYH4=f^go$5vE82!JYm#M-YZ?H{CfS zNdy;6MtN#M>P#jOPJ}L%5sQl;L}v5rD{O`#s$RXTjj3;(<6C4VnPL7agO&m-D&hSI zezpQK#m+PSAasB;lK zmEy%g<7zIpDIz?L&81jb2|FhjFP%wG0d@k#Q`11leCwlydxE@S`xC;60C`RToD+3U z!p~uYW(zd*dmrOc-&6kaT|6r^Qb-^1l@AEF68u(&FD)hIyxnelTjTbzKb)W9()twP zfwY2;HN;h-f@pQ6I^9PwVj}J3oQDyH%?p@t(ea+mDckAjYk$Z4<_Jad204*C{btbZ zeBu4%EBykwKnD$XS$S=GL2epgW!;%xMbJeS zky}Ppj}T?zr=Sxaw|J#qbodd}=GyF+D9!32i)B+*qxp&8a_naS9Vi$OAN#PW^8Vc< z&=l_woc8u^vAnvb!^8|%V-A(ETg7t~^OQ*XWH^{1E$PJBsQ~b>4aR@3hA(RJE&SED z)jn`#qG!|LVyvjc71^1*4${4{oN(Kufu5u*suCcK-8-T>&?m9DpRDMF(Kq-BgX%$_ z0@#1gD#oH$xHP_upC58P_(P47Uv|z%9r8c$&DFl9ub}aH#Y8*HRlj?(jP#k$t2u}4 zZWJY1KfUqQNoiBsbt)tfzhH5vGX8o?Mc@n?S9CC6|CH5ite~9iBHM$GAS6m%L{i@{>iFkv6n5{hS5TfOa+mJFwCdR5PsS|Znz{Fu{Pu+g`-emkPvh=+`fMW>#Ot;h^<41zQ+bGDK1g@TzgLW+g;tn^*~C zC=vRSqdw5KWyZve&UFjF*%BbaRr?&IRc37~Dflg|7 zU0X>>!LMm0tKY-CAV8AT!79~|JOqL*_NsdP}?p~(ey#5-N@rabvzus-;2Y)D@i~$ z!im`CnuZV;gU}K2dc5=xcj^l(f4#LM12#qz?s%-J&5t2IMe*B~R@8Si@sbYq=U2w- zMz{BA71_DXfM^-s+Fc1cQp&!%U@o?m&G$+$;r3^pj>u{%=0~M2qW0~|qxu~FD_Wsf zR!z4$f(_mpRW^v|8x3*9ORNubEtU^AG&AwIOYD~5uCvB|s@_Nfgvk-9h; zv*M(zOtjp(16dx^(H~v`xv0z6d^)$->=S(xS*`%jl|`uqugd+qJzAW9Ga#nxTdHaz z3Cd=vI$qz{h1Hjp;1;2r(Z*O$2S1P0Z26b+NCy4M5}TqD(UR3#m=5(Yv~Pm}ChfnW zwX$fok7@O_l1T6zPBE>@9?+rRqF`AinMh>IYsRnnz7?cmYRiwpw2+YZ3U^bM!Jh~m zBWaBb_{&QF3?AOzxi=AreQD2-UvS?9KUklptYGV-$xWZ zsr8Qw_i#mu7`TJ~AXBkEASwz7CCwvPX3oNDM^%cxuwTE1^!A>}tgm5O<3$TQo32Es zSIFp0Fz0EE4R;vDmdPI=1xy-PAv=A_HLIRNg2%a_~OWjo6gb0t-0NcxiD(3 zW`H7TQMgu3%7E`J1>K>+gjIjb!L)CUp#pg$*N3AD`&nDf#@}D8u+YmzUrFisH2zWv zQ|l3Zau>i+*+=E4MU&HXW~FAQdYueI6+E9IuKJjj-Q$E7WxX@xqg5%aLwHMzM%j$ zZ9*0qSF|HzvvVeXdpbX3DLyVHJX~EZ`;U6KKl#c@Tce$79VcC}pg0hqc1-0nnm3wU z*(Lp>f>nNmlas~M6%e95&_MwTmm0SY1W>QOQ%0OCx6$`ldPsaX5He+tXlMXeA#+5W z%&;(EzMS^?UoOkL@rv+UB517HtZ)7|rT^%!eDjn+1H7IA#lw@|I^fE@ zwe+{f=rYDX^$5@2$ftWUJtfz_tNc@Ua2WXg{)xK=dWOz_U(n3NGS4GHGM9<*WTFdi zEGrpx=JBpa<^Q?E)0yM{i|_NJ8VC41-u&_BGr+p}pM~o0A09b}C&P2#k)QtXtm$7T zoPX6;{Qtv#`u{%0V;uSKOMe1G9^b|PeJPKv@QBGgwMGRSBLo5 zHz%0a_xz#Z|G4|s;&?u{<7WyDRwP${2F}eFqA3&!$kF;>+N$l$o{;#Wie-9ZY&8*K zOVk$DcVOe_tJ$;U;~iE!YdzT6R+ZC^D@4D8of*4f&4wrY*~d3>BL>DTV8nLZI$O(~ zKpNok(C;p2t}`u-tg1R3Su-mCnpa1*UV|d?<|Mvm$5L$Q{TzH?h!2e&AqUCIxP5V3 zc*%Pfn}WxzC6%3qjm^$#w*kI1`u#n%;4kO1^B}&-$@Z4($n$zQft8#5@hCEvCvVsR zXTYQU=2e$}f?;%{#r+*krvpv;I(W zGfQHo0Mp9klj5DrPx7A25cLNy(UV6vt$UI0n$`&pzd-XW6A`Cxa7zv)EwtY2C%Oo$ z2ji3xcCfe*CW1gV;GWHW8Yzb^?dU`D9Ymo6u5|Iw~uJ~YrlHM0;(3{ z{IB3a2lBU6hgTx&2uD~L$1{#oZ&(FDGyr1gz8-n>OeX8%FN%WR_-26IBsZ7+Z4hmv zr~8#l7XOsPRb0g9>E`^B{Zdx)&ywn?${7%SZS>J9UXZ)o8vwv1Cwn&A)HWa-B@oKz z!l1A#G_?jmHM##Z$40OOSa2v+`JUkB%aa@$J7wor=Nw#G)MS`3z*Z4=&BDsi)ZA3ZWWjTo zsAYx;tN$2>#i_Ik45o?~BtwB7X$a3yM>jze0Z=5Ty#2Qb9v&JOmglLWz#<8iL}=o+ zB+1)1#sbjdH51WI(AH8tv5})YB{VjCiDrXQTF42-UK6{#LDWy?h!MaVcT7Lj;c*NZ z4f~0;WOKS_SNj0K%*+ULz>?o?Ec4}QNhuvOoNe^-T7ULK*_gAPXw7C&z3q0YD*&iKZcC;|+}af#?p(4SKQMWX zhuYR3WAXG)^`52cSLeR#(JU-IsKlY&dcbYLdo zcm)}j0KV9IJpRV(jfW5mcx0{1RQgGa*K=>*zsFoO98=MzK~k-!FqhKjq=u^Tz0O5_ z(BHH^*?KwER&kJ0t32#dk*9>It6W`;xi&(tg^1GP@DbCQx-9E_0KO3DT;DGMu)RZu zyL@qGugLL^`+=M0SJ(7odWFkvH7Z6i&(-?<{f>oBP*URPxjTT}h@EFr2l@=d3%0j1 z@ffX@vOJhlU~cH^V=7K<)7Fo!Ekz?#mH$oPz!#&&zK6``Q$A&w$ln?d4hoY+tnUqv zDS^tuh}c%z9hVr>q%}RWYVinbfL+2CnL}Uxh_p{7@gFX?_E7G|wmax=(hvTcJi+3u z=QGwwp4kn?(%`d~^69Z*2-b0w2zt56{#yKTm}Yg$WEIk1rf2h=2CyhYrBR4A-Y_sB z)``NWkDb;xCsNg7hV<{aF>Abi+)>#T`YI6f32jW-&IbkUd&zLo)VqJP^UROlh0Arl zI75>s7FzK+nWpc;M)hM|^%^u(UMXp&coepWMG~?v0Pc0SmRz}vgGeo2&20lw#V~3W-|G@Z2m5@yV)ACuP(ig37 z=hNrGwt!XScIj{nrN~16IvX(@K|r_8c{a)@it`AH6y9;Fp7-SYhg&&=y3#5$QtQ84 z$gN@^aJ1pp<>_wjpJPeAg#pDxKKsnJ94YJZFbc`IomQcFfPh7$Tfl1HLumfcJU0;Pnk=Fz_AKeUJ|YjR1Fap8GIA zaMerILO6f_EwZz5N#%Q6k4QJFcX0dS;=1~q(Wf02OTDzeg|%9o$i^4qB)=usUtVc% z*;%ZXybg@JjNA$mah||Mb_=to?~`inhLsSPHe8RLVksz;F*6g8;^q)~go-M@(9rY@ zinn31utY1h9xT^~i+8nJGb6P2(4L^=9H^|ZDX)J#AT!0E5?c+EIiKjP3zd&3RTGnz z7MkQwtH&HYu8^0g<@XoVP`~;4L$Z*Q2upr2bgWb@V+<$0@Pxy|+tPO%O-_Itkv1K= znXi%=2-Yyypzo|9YrDy(Q5MdqtPkh!FIg@ilnDSUy;SYbs-}?3H6gK7dIXPHk+`Td z6?T=#Ru-lk!X$~lghEL)>sG{9+6nUBZN?{BQsBpbHPKyWy*$YTf!W1Upmi4T!N%Jh z*JKr#)T-7Nz35rI0LwIInAMp5&5Sy`NO{&+C?O_DU6saa1~TJppV77AAW!Ts_@zMB zE+Iguo_$!AJYOb0JVYW6Af3|esI%>iS-ac~S*me$QEP}Uqin)L*FR?p5hh5)Gu9t|f(laRC z9N3S!;CFPHWoPDFf6kf^D_gW8JNoi=w;N?)-(MM4WsieA+4d$vFviRajpkG3lgPAB@?g!-dldY?L4Sza}BY&7wLYC3@hj(Ro?0Bz)R zB{sTF@z)`ci9+6$VvkmdNlUpGT42qrFGyiE;y`5Amx{n;l&pIR!tko=wtkDVE;Ut3 z3hnQJNe*H63nf;6U@|N1g^QuN4t0e@3-7UYAH zDa#3yVS^!}8FBy4#F*1%q9mJ~-Kd>)(7L8wxP#=syvrGE!tODp?9~Vp zf&-8t{6zn4z@15jF?y4zA1IjA{t2&&`)fo)VDOLU^=~_x2QASBLONB5;pm||m7lWt z8brxR0SHXy(M|p9X-u$Xj-lGHpbAk50IYh z7}DvmP-CB3z$7R^g24V4fHrrmQ=dj=amNf74BKC3yY)Q9LT^Z{;4@9n(n9A5uiApU z#R4~!nNGl(OZ{qs-TJm|L;71T>Rf`L?DR;tlEtwhdP@Rojn(?RST!@=He)1ya?{kl zr&l!|Em?5g)TNW`Yl;}skcxLLa%xiUhQ28t%Do8hb;O8@Fd8m zIUQ-a*p?W1ihB;Rvq`AWT%UQ*DZ9GXMi|icdW?_vw3HusDSbrgw(0I(gQi9Fb;!+x7CG7>#O3? z=TOBdDq9uJK8OJBT}gp39$p54xzOT3Q-RTF*m*k$*$kP(;x~O}s>s%bCN5z4k{^a_ zCb}(NVNybn&tQk!1Of-|`8_2zACw7yOLi25sOlG8DJyual=+pwnf67Zs7W)pzH@8s0JLowQPK!`UV(jKFqK zSnKJz+jE^vjsLt?qSmzyi(N;_6J8X&|ANJ)ts!!CILWX}r|hc*87#q6o_d|Ao*2gS zT;+Se$S({MLSuCwL*kR}l7gaw;^NNDKmkLbLNl7w8qe0|J1n1eoz+O)tg+ujV{B|} zuYcN4^rU9g`v~hZrq`<8OxW9R5sp@dwOpJ$7Trq2JJSb^e~Coh*yJUu6Vf&mL&2p! zAb4+LA?XnBalWr{1fa1wXo4bf^Wi z`9mWAP~&$tj5}my`YOR|+akwSkyd>mojb^3-fRz84*oAzc)gg2NXZor>(B4wL(b>d z@2~6f$NoE08zP6r@{N0FB3PKs(b^^v|I3$Jx4R~FX069thnrOP88i+FS9L%?zInSr znf6l9Ye+06_j#d`nvBVQW>bQghx{zm%ik-bwzh5a_Z_u|`S3{TiRdGgzwmb%z1T1p z`rtU#j_^>)<5yan_gix^;VOCPvyOi===B_})c*ycUu><-$!&|QG|hsa=yyN$6kXEQ z)#~*hDBI>eO&;S#zFZ)0#|%oDl!oS@Z6A_WOM951G1>%8Q*K;TnNFv{CVm}#yDn}# z3$w@G#QB0$X?7KCGjBMvG(k*snt5GO-&mOB=^SJ9|5E7B_&S!n01ADaQh~^Hq#KLr z23MUD?98&=_B9%z_=HHA+ObgpI-J9JLkHilo&6M0QgF1shcT4W$F-}4;7o;;1^AdS z_=&5U4tz9OO3)#4o6c%E`w#ndZ=dCE<=3=4lHi!3z?saY_9Zl=Cd1yGjV{Bpwjj9@ zaE$;$;!Dp8`F&rP@m<|n{S+K zI1dXAJIiNY2slp*xRS&;(Jj0|p1nO}u~E}ZQFQ`YZLN<1OF!aFd6H#M zDwtct>PYRA3)5i#i>kA-?5qRKb--Q1y1!_?sQj`mFyDvrBu_!6M()cpqlI(?(c6Sj zb5xJAQgESU{M%>^k{(lxnXz6ley(mUM{Yt%yk63U@};E=C{V&%3#i=Hx<=V?ENaa; z4L0(Z+CyGBtxJ-TqK>(Dn9XtTUfdrg8yoBj!vEdf#TNYL#Y&91koTpDxr`?^Gd|B}b^~~8xToEa4 zoRCineC!`lkO9BIqn=2&PJPWJWY-caIbg)cjTxSEsUj6K)7=+M<{V4zy( z15HKUEwCSg99TG>=^iyrKUEzyfpk2MntyXeC2Dd6(+xK{c;4sC&c3961ol?ZJo;{s zt(KXYgv%~IIffd3k_Ar(Li#7ht*h34gLcNDsIyWxcU$H0fe&!9WV~g9ZDKCIAAoJM zNedV}xnKxBfg(eD-J^enq$9%4t0OU|L}o8xee=>+{Vbu=qd>TgIQbvYcEL<>ifz^1 z<%PECrC-vXOKvka5DWAVz|INb{r|%NUno5Q=1s`ow4c)$M^y~AystXLjkZ#yK;F*+;*kwX#e$D4F4hy#gy z8Z<$K!jCQ^p)&nNn=`~$7}ItNqkfH3t~l4W5sy!mgS4a#ht1yEP{@U{f4G*~7=*1$ z;;!#nL!TeLRunV;lR~ZoudVW|m;UN6oGp=#OBMejO84J6-eMZqB-Ix~?QZh&gF9E1 zjnfs;2u~4C3<6#pUJ`|o4bSUUjHuB&p^F6*rg}j3z&pHVu!Qu`lg;4?U$fX3&dKH#r8z7cfLCwI#;!j93~rf$XGs)^GU0c#Y_K#LDe0 za_fHmcxbjU3yMrki4edrEbL79He52NRU(>~z(a}iAgAlHn>cUc_iF&Mr}Dm!4ql9m zD^?-g-3pgl#c@p2h42>ZPq9dT^PQ?YT~p&yo~zxKD0nKTVHXJ2<1eMP+1O~Gk1%^S{7c=ww-XpE56Y% zyrxLO;}V}M_%DRJ=H$N+?v(*L-MO4$mGY;g>4Y_PIJKw)lFCufzqA3PgO-AVRz9aK z*3rGB6iW1Fm&cDn#LW7s>8?-)~CAm=! zq?2*{3^*;jmP;~nCpm%!o{lfWt^%Oj0syWA`iFSE-f=R4Y$o{`8`B+=BV=|R038qTpDK=9%1>GMj{w9tzX<<*>U0(?=D~ybe-<^Ci zGD66Vg1Q&&-KtNhTX}NvC-o2!)g0tzjT4P@;G)-cn)+ZROr_+ubu_4G*UtC2Rq$SJ zwi|7u+;oDbV1(!JX}hCfEc{POJs%kH3may0_yRf?&ExY%$Xo?}@#y#gBe~adLx-+f zM)Me<>rLkM?6El+d4%WHe(k%^%KHa*jQe^ca{H`yh1%t4~SpNxCdbCJhae|eIt8JIbyZ|8ZWx)x*>6t zWUCE7#aYR>butaWwM&qoo;zzIH2=eE&w8myeKTvWYey-Jye^~D56E59DOKddH#MO$ z_>ycaWZe8Q{{*3G#)&EpVGV@csG4m=+_&(OfLo%%A)8Pnt-)mbGjpIrE`qc;P0iZY z6aGnWfN0w11Ab$324A!zptSxi2?+Rz#o|)158%1B8Hb|NHv4!1i^To!x(4hXQj2<) zLuyQct|+HaQ*1^-qO~)j=w7jKq zdLnk*X*v@mrwmt{OZj#h1>=DR2>X_o_`->hq{V2O)e8=eYYLCQXXG<3bb3umn9s9F zjOrkrdPvA-^RoAWtDwAFT{o4ekgeT^dV>FR7HbvVuu zO21)0m@#Tti}<7xR-mrfTbTIg8mH}avGt3^X^;Q9Q=~3=hx;u4)T%`>M5v#Gsjn~N z!b$cBO-{mr5`L~-byRv7@yn<`O7M$8v2cGQGDoU7K?CHg8r@R-zcL5v_VHZ_KR@KV zj?LO|9h?8X(EkLn)-4zl74p>TRxu8^ik=7AmPQZ&x=|=!LrCT!G}m}pCCOyE+bgX{ zIvLJ=kr{{51$+4+AR#q6ie*dHVAiH6?WJ~$c&AlaRe?~zVQ~};B*(m{^lI*`za)G; z8?Cevg{*dhcy(9vOK6tXb?poennkUCZMITwi~ZAWLHg4;%>-9Yd4|5&XqfBnui<`j zTBIqV=4kvY@s+P~4oxBR7b1i%Zck{Htj)Nq!By89EMqmow+3;sp{cwHbuC3{aMB-Y zDF{wqs5M@iSQ>8Cny9Wqx$bAb(J9ds{-rva;IBG3FStam*0x8zhFYx4Tm(41NH9!- zwpjOoS#E&RTkC-9DAI8g3C$X1gMW)SAAYGbYYZ~s-xK=l@&KR@PVusxVCfO4@}8&d zf%V;6s_e1ei3d=@dNE)0AkYK(h4`=TGs9Up1ss50wpr6&FSS-IO5kKvRHHi0G(_ zG2p3I6JHHEs_42-!L%?<_6QYk)2~1XcNX@UV{lKk$|ysFJ{X_?+u*zN_JW1?o2{RE z_Na`MX_2>&-<#kC?(K{@4y$tJok>&qg?ZVNZ%h_ue{{5XbzjxwI}><08OL!%l@f}F z<*?*PFSA!xY|bTonwF9TYk(xJ@NxJ`@N*M%(-~1_U+k#}S+z_)HT!1?9j!8p#xIYn zy;zd`CvU$d_%J%$!aDDp1X&(kHHK(fYv*^K6YClpO)b~{SOF`nYc13Z4AA7@kWtBP zW$v#gk8~0p=g~MT^r`-PEkh#h)o?5}wbKD53eJ+4UTUz2$#93huQX4Y!*FS2f`}2yv!*D z1Q+9w)K!Hm*HRCY%uw#)VjtTpLa|xCPK;MO%p-6uE!EWfX#m|_&NXwEf|tE18#@18 zIvmdjF*kf#8SpUQ{JB)&rf_NjYIn%ZRq7L6nEjy$>w!YGNqf8wVE9%`eESOaJXo%L zzh?R79+$r6H}PUYGroq0daIHu2llHqa-yqaWX7&yAZiu9Eg)0ZCq^7VcP^x6BtwA@ zqn%CdccpAjrgJ6+01`RIvYP9s`T;49x%98NBg9LDa^SjjDTL51P3M#_5x#am#9m8= z#JcO@uG~4;sx+xPJ@IO~f`P}YW$FAij4%y{Jj6uaW~fs9RA7ENmHoc-pqclTWYNTY zTlFJKV#;ia>p{2posQoyC8POEW8&29X()VK&jV#EsuY+G43ZOwH@dm=B8Id3hAqsh zQiJ|Q*9h+h=V3)HU(4tegIGu9o6X0>hZkm0YA@Z5vzLXr-UJL;ex5+)2UhkP+h5PH zy9><2DCEBycQg&OPrf(+c9p+Y-Yvx4@dH*Z95|lMsbJ%)@Hf%}*6T}VI$EcYu_0JsHU}P*A>@C^E32<7pPMJe z9I_VHdy3t$Ls8~-iCPOPgLVeD_O%$0keCM!j z&D<>TMHg8$;e^v9%UwUz6??`~>g-=bN`Vc=&;;Y*9_ZW!4Kk-!HyMEcCgw5o6j1_c z=E@ZGu2}j%n#1$M{U{~qcAOCL%JVcHoMv)~9u_xh;wn;?1%5!tKI zHIP$*_#^0h^B)&U(-ZNwbIlnBxni!EEpXj+V8nhS6fSRc7Omr4F8KeQ8F1oCb$x8L zM#z%2GLCxz8?mJRDZkc|@F{79k4ZCgM zto8~?!oA^{L{lN&#pD37cy+ps*{4%hD=R;bx4++6LtZ1!!-m-wxl9dPLow4)N~lBP z%~qORAv5r;P`m#1d0-@hXHkJL)K5n>Z9tqG73FkiQqu`YK{)H{*mKHj&DL)bs#Dx+z&_f1-^X}`d`nM; z6sRvKOO?jW9=8H}eJqy;|FA20+NCqAff)levf#J6Fue6q7>m zQ<93lLL~+!G~g$E z#dpgVT4Zm%+dzl@ZTs1^ZDIp>4v9B=QP!4lysUktWUAH)V)%-0uvn*H8r|6h= z>I7P;9RFZUm=)uK<4(=$=KT}-CMT&7E0}A7y$I`Iy`5{-HH4n1j!m>0&l%1E@~%3T5^qWMPF1; zn=>zKP$B8hI%(WcAWWts>g{rwr+{J$jVBi$Q-q8{)49Ber~Ss4N&kD=<{(V+`1>Y6)|hRYToMpEhK6eGb+1ZL z4)?b`oL03&xp?hWBS}GUdP1 z5omiR$CF@Zay@ri}l{CcnUEcn^=tFwSo|)!!k~|OE zI&n(SbIUYThKzy$H1YJuI#Rg^?kYQRAru07q5+7p@AM4BHf-iUwZ=$IF5=H2l;p% zdC)cu(v!ZM2v#IIhkgr;_%JQn-PEEV2?*u?uYiWUD+rs1*B)XD5->bEW#8Xf51SPt zs#DdT+Gip*X;=y2t1|v6NXrXceJv4FUg0Es-1z4DqKY8;SYe_v%HfBLsRxh#?lxlH zXRiF#!F>%XKT9q?C*06 zhBo)Kpexz4!*!bZKDXw==klO+ni&7ROjM|*a}BeLNWJc^Gg03c*WtXdj7P&BX#VLR zp6RuF3!Y_9*J8}%U5(_06v}JPqZ+VpJUmz(*NK6$A;0WmWDn=MMK)FS>3np)&HDA| zaYZhdVeLg%mDjv$&w;w=?Nb@N3d-z#s;PS5kvNmn34x5SDc)v zNVanV!bQTNm*~`0$y;@N32-T;UB@K|lHectExP0Lq5*7dxKh!d0KSETU)LqR{Qnph zQv^&g6@>rEkU)s~Cqp9RA_L^w8oC(9_8f|$>s#8NG={DT#1`Z*c~%1-_Zq(+t)2H_ zrpf<=BwS=_(*QvRhcRC2XTqeB6jo!4_H+TI*cb%Bk34A`A4=DWc0kNA204}l(wP%E zsuLdCOEdTlNRNzxei}CN1VU*6&uESlPSj%Ya`@*dmk(~fy)ojFTiS#gz@qljmLdjJ zayhVcenk1&RT{lkD@=CRJcASyu6RX&%E$?*mZM3x!a^er?ZC>JRXg8_ z5wYCv$C6p+6HT8ir%Ac5V-H+`kcav}P7{!3DZdHrPFD;iw}pm6vKvo_uOw5Q+HDt4 z?d+5v0@;rFkGzK8gJONzuEJlI-lC-NBYqYf@7*V>O&u~jc-VJC&`W*1xiR%!u{2y5 zU6E7Jk_KyB{0^cKGjH&`ifuB^G0t26i{IQZht9fk?Mo1|S<##DT zXU-yUEi3`Qj4FG0p47sMQ!NuVQ^-3{HA7wLETC8V5LCzYy%u1Ps0U{BzW3aZH*GQXncb z{o7bMH$}+~9L_|P&iuk1J!DuVVa#wZ?V1(|z;{SSgtx=jDF*hlYlq88 zKN0_@SJJJxjBM-C3nR2r41Yb-y{>~cEZt0BlECe>C02tP73RTxK{wZxYWnf{;AUs* zIOvbj)u)`7VtbaD83P7GV)10wvE^G zU4GdzO>xP#b))zaf52iPrFe6l(=LB5WB++&Sme~B!_yhs3^Wc-)MXjf;C!o1T^QEm zIovkMvjhkGMzc#l-|@0<*(x>K_qfhND#@>H4q4TtOktM)VXB2M)HKu$lV?kJ>+8xx zs1=Hsf2n9e3v!$P8b@u<@_oPmbiuVB}_^*!Q~!M0orp^ySQFYxtzx!)3i3IIi* zI%muG|G;>|<6QYQJ;c0z)W^E7tEY%-m%Jvg56qwMCc9MeW~MKrl*Qr$hIXb=(HX+i z8$-12$K|Eh(ClamD)nWfBLbd zO{t&%#x%J&KRYqeyPU#iFqkfCKd4KW_2(sL)ugRQt`)7ETOqU}lv#_DKJRrRITxt|DK`Tdrm^rizlzZW-u?_Am zJQF`T&0qcRKY~+S+uS#>-ngQ=1>@yGR5@n3vD$7hFD;|+{K``Lcjy~((2DT}QMHGZYRNfXt7QPEAxIC_NVc7PvuygcRmhQm<6|&812IZq-Yl_E`8^4wKmsoXbd|Ph4kONx)=vDGF4rZ7&2h_&Ai}h zE+5h61^G{by-JE=Vq#}l%)7(sd~QB_83HQtyS)ZP1FJUj-3v<38yHzlOMIpI-v%I~ z3x}-R$NT%W2)(EJzH-XKXt1yKK=Q$0pfT#bJgOtXpn@>kYyZcv-Rs#AJ1)1EtoO%A z%*w8mwg$wo!>U6nVz9T%yYmv8yg<>xgnas9nKz{CYWL1#Vf(kg@cZbXq2V7#j$#&Y zX?&dnFR6DBbB_p7xq{+C*j)3=zjcp8fjASbiKY56{0)h0f)Bh8PeTXpEx& zH&Yt9H^V}9PL|ILvt~33*x!t=uKpdb5(nVOn{t8wl?A931ySb_jarv_cPU2pdhB-F zqcDXy)(+K3VIuV=S>6HjW(n~{H2J`ORUl*TNviZ(-zR#0jBj7xWQPsL;;*%n#ah=# zdva!dMbKRCw>?v(IW36}g@uVlTUZ;3}hB3${iY(@x2 zB}SC7Ipfn3WY4>W88^0-MO`D;KU-6&Ljo~h*3Ib;W4`q+2M|%c2MXF#{dHLfFo1XH zB)>x#yAi-xo&IfM-jNijr3S*?&|5k?F}{Z2F9j&*aXzT`K;`3L{?{SrL`Yq>;z(Y$ zhNVFdIAULjjiCw~t>X5`%F!a?o=|2H%lhiB>?%7l5He@&94;{M(eUZ;Ano*)m=8hg zk@pg9at*B^h|iO8{+Bs_h3y6Gyw4r&=~?K5^U35LV7P&iQeczDmpqiIyi03znY&{w zLRcLwH#apw+gl6OU>F@ONzk>Ln$WIh(+{)g2?nR7ImXWlwFeCemrwA|KK}srsv}^p zVwlV!Gdv;atWg{KK%VH(DVPI$!5$^5q?YDF=7>#b=$|+MHPSU^#ZZ}&dEH@n0O}Kh zo?=s{``TF<et^HWj2)KutX51YEjP^15-6;fdyb1g7myE2*#>^{7!6@3ZIzPLU>r zCx5wlM0||nXS54y>h2hA2o)<29+3`-P-8B{zs)Z3emBwMAt*o3D=O=-)CG-bvDZ|O znGivj$m%C4LPj1rpajUYEk2IzQb#=fZ8L`{E_-XE?_XP5i1JIxB>s17Ng0MRPxxoh z_K|K44i-*k&N=n!R^k zlmftG_(=hMK4W#MxqH;9lkK5O(BAOvH)7L|8Hrmd7EgM`!Jgy`zh`FlvgO!3uPh*l zeb=T{z@3XlF;AUj2sTF{rQA`5T)GoYF(w=sXmXuE#>a)&oHUkR#K`zhV=nW~K@ak& zD!MH44WOCzA5Q(KD|mZemOB``uJB$y+V6VllLrhu>=(Ao)s3y$udH=FsCizrAd{4bC>)j$omt8q1`R<$1*CQ zu_6d9IT`LzZCKUJqk;)#P!s~RKQr%Zo~PHMrbK|NbZ>LYi}o`(`FVvvmZZ7iM%|}P z+oDPx%ebIoygx=i%$A$e03=CYdI`S>I*|qw%4_Kc2nsX|?bGGrinI4&*1WD}$0FtYv5GdK{ldfmBr`Oe`+ ztE&(yPkH6aA1R_h(`mx^*wOr7EEA0w7Gn8HGJUl)6c1O;k(n>!gk7ILiElj%GW`hY z7?lWFZR)MYpS8lol-F8*@y$l5s%}%o_AS}IoCs7We$u@GU(=qpz3LjFRH3w~E`S_T zU&L%Pv40kapK zDf#2XwF+r9>kHzQW`lkB*ReR>E@(F( zK0B2u601@^`4q|-gDvcpfsy9^Jum$6^RyBt5hG(zoU(j5uR=&?Bb^SBVM29u%)~)V zG-l%mWun@5!QEkF>ibW_Ol8lzkU^0kANPTkZFBg!6UlCe9hbxdiT!~6>yN`VKCoq& zIFGVuvdMm^QfQAYi+c~!+v&sPq*cMDdKiWqtiNL8 zwSJ;&ZC$xvuMLx5+BhX8JIhU&pi+ydqqGx!ek7CO=Ux)e7)MRStkw4%3Z-}Q6ef2AGQ*JZ(HPglQ*H#xKHM*BUvu4 znR*u}AlEde)bJtyPnM3zRc}Gz1RL>4L|ibMs2;Mf@=uxo$TitB2BztDMIt0V)p>>J zU&BUdiyy-=04hb6TuV%nVlFpK8{;7LhX9tJRhlh7h&%-R?Oo2i`QB^#B zH$_nUv!+);T)p7sK98#fG0AjGDX{%fwlyv*jyiimBXM-J#o6JM@%{qm6oSK{g}u6< z!{1B^PO}^k9fgPrme`BOp^wyqM9a_f9r9U0F%SJD}^Ta z1X0eLtdj$!>WR$w9(Z%~I)3rwu|YZoO-Rr8Pc~GuRwQIhYU;}Uw*;2mk5sOXSiF1y zDgH}2eU8-tRVlJ$_n{kg*wc^PGF+w5lVx3ef%wjYuFOQn7~0BYC^Yp?mr3ZLhIIp&+n=}`K)OAzg=@@!KQSY-o_;=j zC*C~G4ukZL4}tXWS`}Al9>aH>9|rswIQ$uCZ>0_0b*W!c^r-xl>g`<*Zn&iS^s1Gr z2%r+b6(4gj;sFW5f&nfm86GHF2RG!tOAah1c4B01ntk zHS900BE1y6a2x6zCaiP(WZdp!zvs<9lm?NOO7fvvUuwXW#XX}0$RagTKi5BP zkpIHkX-t{*5xf34*I7>5vnsX=nxw)ZXpat(mTSih8BrKe7sX@pdbVV{<`DlNcsi9l z!5*1tu)`x}NCaoY(wf_VX))>_pwlcqCPYSIWof*_@PIa4ZS;#=mceeQv41%>+Yq=C z$yoZEk#YDB=qve#>GtV3)Ku&b!E2q=WlJG*)JzJ@5-$B2IQJ*U-(au)Ae;wox(HR( zL|e-}MCRz3CHz!ZCEs@PkAFYNTd6?kAJ6g%+#e!F2P+(2AO5{TZ`MLJ`TW8!g<*3x zyk^Dx*Ln0mTN^!0jv($oWW;^#zaJ;dmX!|FEFSZ*71Kj;4SUw|IZd~T``bJLYK zSMNupqGY_Os7z@$Rro0BM1(_XX4i$R3n$URvmfHie?1%6A=(Vz`{U6lYDQpOW==}5=WijJ$u`^qiVD>8cpHY8|HZ%P9;<)L?#iB zBoOfF#(^4ujRI~!!T?8FkRnSE|J(rX+JyHt0RMf?pSxC}#Z?0TJ|~jk!e5|D@SleR zN30-8sD=M|c%*X|!T&xpWDq+eqd624TazkO7s$$qr z)iob42|v*D`X-SnlV)U%M6NTXBiJluOka#1bPL zLX=Z*zjPrE0lG?V`dZ7f&1A+qGBUFCQeGt?WTB+2!sGiUaMwrA^@dZH&u_uP5m}l0 zqZ2=KnQ8rfkc6!7Jy(Y-x5%N=8Z^mceBR(DG#u#-H=JWWi*lxp64Dl%we(aAN#T(n zGozqfF&1;oOwxdc+da&EZ|*BCac)uBH`i`H^_$cf@&E5f7{ng>rmRxHX;U5aE=(}f zePlE8x~F(k#Oxt;N~$;U(AWeNTARjhHG6#%V2UkKYZ{oxbQ@v+vf7mH{H*QkC6cvA z;F?tDup#UL+hf0u*>vS)Q7T=i6o?oLQ#Rb>RhpK4qoR{kb{q9Y@&hr&Uswf=qseM0x9*pXI5k^{Fcu zjua}m6<0Fzc9i7`M1?&=tzWv42RwpEww4#sHXI%K^x~-b8%x=uavrh8(Jo%lb-31E z+~`P^BrV&MzSwp&Jv;f7TXl-=?m)C5CaLVm)YfM{*H()^cp%khTBCJ4KQB@X$>VWEq_fbBOdX1Az0qP-s{y($zt7@A}}lr z`j~CNv^joM0XnYqpNH9AW#>Oi>T8#6!nt|Yngpjt7mJ2(|ThTi7r%%DZ&IWXm0=btC z*kx<~ie1=pEX78AV;XE^|6cN$>&0=;B37RExx7jc{s(0n+=-}ciVb(^PtBLI(Aju0 z%tymYjrOxi&ay*|Bn0jU=6KVLHSDka{<5cq-!AneG9EZNDE)31r+V zMiTPrR@^R2su=Ei-=&woTD8ph>nA+CJ=O|hR|o>$jJh_Mx2@D}sbK^_88p+yxpBmX zN~9vLnczw^?)Y3#j=6*fcX8H)LBFVxjB`{J7l?0*eS*~@Re~5nO{r@n@-$9~>IVB^ zXNNL&fESf>i8>nO!>is7A&e{$EZhlGUu_^y!KStYD{on>OhFj}QRrTpFivT2RW9xr zM6xln9r=ECXULp0wRN17Dw*CdPnpB^2SjYdazyOg0Q)=G1nKDR_n zP6Z14^nIFr8r7Z>LT2r7e=_ZhnNQ(4h_qu{qVW|66NFOy>7sPsmg$~u$|1@lyL9C@ zc_{rkf6WL_Es#bPvCMq%LsQS7qZ?Wk|6K3-VIMQed9Xm$?&mF4lJp>8**4!%WI^*CJ|kz3Cw$!3`AD{T7J4Dyp(ij?xuD zfogXY=Ed2An%=T@V9?R*Rrs~{>CzFSiKAy?u=~jU;}Ahfzt1)wJ83x9z={o7v*a|a z&ResW&Tk-&nUGpG7{03VBAs((#E3_2VpS?JN>f|q8y+55DHP(vwW{Ja$cpN9c+2Ih2P=BQ%K`9eUuFMEVOooMusm=yD|$ zS-lc-op@QM0{#fZv-CBKrvnAD2HV#itC1TDhOu0%c?;R@b{8!IL$EfzM)GOuC1bX{ zbekb1JqFRlduK5BJ^6i{QjZ1F=mI8~cv?fhB^%7x40-x~LJu92I9V=gREUUO zq+wxaI@NnDJhP#dUVlMdwM`dn+aU_oO}qqY!g^daRs@Ij|4j zaz`omW3Rr=5%Z>xSd_|V*iB|YF{tK}2~dE-q>dfYZiq~Uccc@0gr?5W;7!=k%MlY( zwHA06Hb?ryud82>Qzo;zw0Xsxr90UO%s?Itlgo?=r-^Ar_e~XeH+D5q-s1A9oh;tg z7|2hzw9rHlhHO;v_^{NlQuCqDTfRsn&LI<5 z*{6lfqX0@5^~{97fa1tG)tOz5@HadRJ)7kfItFtD{@$r{L9AwReBk(u)rU$;tdb}$ zM~j>Q1BNWv^>6sR^tC^$%~T53mls2=o5R+IYgz1UlIkziz~@Tf3K$*UN7r-5DnWhT zoL`AI>1cYp$T-1i3K=z=ux;x*WWqgV+Q@CkA*65=YqX3H51U+Fusx^wcS~Qrw(E+= zaHdG2ITxf>Mqz8Y0|fT=gqe*r9)RfS_E4ESi61(y(kv9I@AbigPV(p}6${R_z~6Md zIG}}suu4HQr3^$i^b<~9tt23MUc#^Qi94&&Kvx`&*pW!P*>`1&MpO8_4$&FBDHTBf zL<9Zw;3l;O`Lu5K5JtqHzaSPJzqb%u;QZZsCiy~PhscU=`3m#1y^MXyPl#TW;HgR3iR^SaFbIvN3Ky&tKkws zEeaPmjb9_sw^sNo!(?kbS3`1j5E-F&a0~7s?L&P8&~ z>5PiMe1vF9s75y=;hCtL#d)LcGk7$AYERn1JU$N3*~1bS z*d3Aj!@eEbwAiQ=F#X1W3=9f^w1W>4sSA|6X1;KHKO4e{Gyv-WL$mJ!_Stc}Zpdna zA))r;M^Py#47B6?zT-}<=&>!20;{a!72A4M)wOr#@N7?i<>tvoej1Q_C3ABVl{L+) zQfKE8u~LE10I zVt5Twcq<{WHWe&0vswK#-tS=Epr3WYr85-R@NrRDeAefF55>>KidT?TLD|x-I+0Eh z2i1DV8Q$_5pkz+H>zW9eENv09+a<)k5ic;{vX)1io@K0MuQwpQKRo=^i?F)jNS`}^g@ zI%5#3hlk>m%h2bw{*OHM>6FBuJsu;DnRd`nC)Xn5ewrvN#UwN>jV&#l>U$_TAN-Wn9X5*-{k7WsZV)ka6w5?X7xbpXm>2qF;a2{ z|3|I08&SDLqA343*p-VBry`j*yKm%%FIJhfL$RFA#>G_gJYp!-oL2f{269&34wa&4 zb!M!fQmp;gbBsB474$A+je(^k7n!i2b)_c`; zY-!@*x4vdoa?)EmRU}V^dgr~5JYwLT)?LR4T_I;K+J+LxP3{|_=$wvg99pvc0{_s* z(fETotG8vk!GRh*6xTQy)o%ie(Y4H}f2SpBOhhH-@jRj>Y4c=1HZ&|xDUA+?fS_<^ZpW?1!7C@r)(Rr4Kj z|033PsiV#STB|&9u%sNjB7ZaC##KT}7K8np<^$bU>UXfl*{NCUA)5U?qJ!4u9+LWf zJ!TQT#9(;ZvfcayZ|Bg{GjR}Pw8bX5FI@&5wUVQURB*bi!MgoZpx9M-+&K<50r}ol zlw5TIT9TzuygI){q?$5u^Vmi~Y1!`FB@W?$$klQ<1grDAFOg7A2A!8mf+|0DhzZ+K z{|{5&*d7TRq&vX`9cyCSPA0Z(+s?$s#I|kQwrx#p+dBR3?uYXWI(>DXs=8H0AG+gC z%R;TB`;(dkxwj;md>czIv@s+(?(jKmt`G1kaCdi!QS*bRCSX!3j7Xy0OWg*oxEX*# zmmT`(z z=R9gx`YUuj$2$)~xUJqzmwH13$B+=!M%5CQSLQ{2@1(t7mCy@ID&bXI)skjnEBla} zp1UkJUTf+&EKo46_N%VHNRe)lFdj-cp3e8TLIj!zGBG6=9>eBL+F4VY`>AC`V1)cj zsFR=%tCz9DKt+JdZh(detC^W|=kc2k7e)51QZrc|mI!^m%7EA+)RT@50vQchC4}?~ z+aKm)B7gBfFJrilV94$K$1zY*NfKMzUP(#+kH>@M>sRYH5fN2!A;w;YUT%GcU8QaC zB#KWbNvOi4dFGyj5RT#DoEs_N0*MsZX`d_(r^{FJ>@XsCRVb>#PW9O>yX?QdW6n6| z4h`1sofr@zB1rXuxU_8S5xX()GeWe8=XZ`4QK^z~p0mhVr-)YQT&@rc20|v&KlKva z$bWG`zg;22z)^%V#}X$8At}Ll(Hqk72jR(i%MbfGI%yDt@7Oxh$tQZ^`l35P>MlnS)1qCO@Ih7i4oG^pWvx4_LKCD-#JvW2fgE|=z& z_QM>wZ~O2J^Z>L2t{DR-Jsz9z?$eK6=9yV(7~gU{^W$B{4b%A-%!tl_fMrikZ>G%k z4)n**HEMY6HW&Nq#~XoP%qbp_wpu-t(3fS?3>8&oj_b#+b+vmj`p+?tm}k$pj22Il zqUQFoH5CKq%sf;!p;eyNqCd&dvp?Y*?=^bHp9<WqBqQ#*+ib+8 z#LrSyO>=xcVb6hIn47~jHr=fq^;Eiv?rq9uV=HhfTW|crZ?g-hJ6~OtNjlm{qKY72 zah3U$-_EUB8w`tB&RyPPaQ`h*k#d!~=E;E@=<1o$V*QxI@#jH3B8*yL!@;?U@qAk= zqul7cov}cWN{ow|Ww)b?YdIR1$!)xF4OY}#KDGvo)1Jj!X{9%H96~#PIlX_N=XXy{ zfsv(Yoq3t-Xta&LRgXg>CbNNty4kgcQ=Tqn!>h)ybuvdJ8%RSQ=ElcpHNVv__T`VO z*SPNLzFdKXZU-aq`oCVu9I!0&0uwki$HXQq*pig_nKk^tw zGS~)pOAhi~ToqY$iCDecP?Y&P&%dWia#eVo?AdJq@FI5K_Or3HVWZ*4>30>_s?yAC zvzKN}=5NyM*Zj+DJ&)7T%MhH4y1@Y#Dd5{l8b2zdr`VUi?mbhL6}+V@(QBXuP@PXc zE-QK{8U$@*G|XImI44sj7g!r=)ekOlJ8d#b8WMsez7@W8ep{iE^wtal+CFY7S|*g0 zy1IvR=lq3Cy<%zw|CYGAR@Y+Bw$zN}N-)pu>h??;-1&8PIYn0Ku$!swb<{KqMsl{= z_P=u~AApA3t&?q%)^DpIH?rRHO1&o^e6zLZ~ z%R(p9;_`4raz05+8wzYG=h03rqM{&}w;IRv%c{dxv(*cnB_xlC)BA-!!&SvKyA8tH zi79h?44ciM8DFmChWEi@5TMSqGS;KIvS+%#RxP@PbY;$pq60#1K8~d z$VxcB6ANj=U!@Wwq!#Cx*Gw1`2xsmo|DM5Yj6~|Er$&x|{v9JHBcp3}{97b@0(D_AjEB=iOurQShqDyYHCB|R! zqOe?yVg8o~=QuH20)620UJO=Djlb+~$tZy_U}GebujntI(1$2l@ddI6>#Mh zViP1O<$3C9u{oIMj8x-8!o!x*m8NuoE-fWc;FKEzV6x4`GO*4MkIs~w!Khh($jBy< zjGFaIfBEq(N|fiuPcGS%e3p@y zyJ@0B;0q2WXig-3yX3yQK=Zw;5so{Mbte4%o^Wp!!c=qqQZy>v@?&zU#ty$B$fCc~ z9_qBEq|z4-*I>^RtIgtrC)(}QQ4n}RtOB_^_U=aMf zN7Q8a1ufhVOD7khOMeGa$MTh?AXjfAx4 z&4Xh3P>WQa*0!@BV4jtOdBte?8;ZclO3~=OBMW0Zm`)pp1A_G;D~w{d|K~OmaUq$$ z;a;mLdZL()2CXvbTN17-ul>u9tfX^n9oVSRb&ZnVz1_Oer`9=;zf$r=9!MEE&>o}h z!P1bn)w^OJA!3X&l_SK#T@bkRbXeU?1IJNVyihfuM-b1X44yP_P{bO9&gyyfjR_4S z=iThaf4}>vNm-pi4IHJU68zMVaU0E3Wv>O8ecN@Y_{9+;(emXz&JjLLdARm(8$|PJ zMOM|*QZ711Coh=7r!~)hJD4h%IBN_~QU8>qzN-$Ad*>I+;B>40?!!?YO#WrAA+MU+ytcHS zTD_~af*i%+kq%m4S6Zwy2J5}`5?8vPeiV^aoOtT_o zOFScY;k3y)YHF&#*o+jN-3@jr513H-=nMIkT+N#jL3M^5m(4q|@5U8V^tAkGd@As< ziClN{#8~quptKm}2(KglK9Stq(!UryDagWKPvg|;G5u~}uB5bJ53^pC9*miK8!Sc2 z>O632idN>4v`j3E&!;CPxo)DEuUuJ1K5lqXckvecdor=R zsz&f$B@kBhORpp4{bhLTrKA|5rk(eA&#)t}tLc66g|Jh(-6y|mqTQRe)*mGoj2!W1 zK0lyR49n^f>tWNs(BmSh{HaK8y|J&Lq?*g+@Kye5aEplVlkkUsJtu&z8{A=R=?OIKqhJls|GrSbF{;7FcvN?1Xp8-&J$$L#W8zHthI zq!v+8F@gV`;6U7@tL_sPbj?6Pjhxtx1JlwXs^hr8$z(a%CP64_31U zK1#f+!LjE?)jvyugalm?#WhzKzi9}hJ+L(eWFxnGx`=mYzPD;)kYn4j9ZPJNSiTETt;`8Jqj+)e*cvbyOvqRR}WTh&um`SnA@Vkx>$o`P* zSUO)RNI-8qlLv;b#o%iqh_3zdX>c;h<_HqR53@_6MQ%2B&AsXEh^DBPUa_dU>E5D-2#?MjNwfF?An|LntZ*L+?jq5a^CfvC(pWG zqk=~T0(K1nXGQ}_;83v=(a}VmAk`LfzwWG2+YXaqEYCk3$++M2#vyZS7fZxqM4XL( zAmeIVa)jqo^k_`bMV_!FYT;Pj2S;)&2fz8G}1lFNmL*@^E3(mImAtgdP=#+fCx)Y z&d!#Bmv4@p9$F_mL;rV3zX3fGC+wp4vhYat;gSSB_#=H16Q7uI@YqfqQ(Y6 zrq6oeL`3{+3yOu*s9^G|icDP2knk2VXu75ucr0OSGcncF6ub-pOp9QQW-d-$i&A<= zjVDnLM11>HE)D?-t(^w+IyfLPJ_cxlb}#WZ0Dr*!yLbDc9X_0HeH|u>>Ro}Ga-Xpa zm$carm3;&1Xd5}gaJZ~tUnj#{~Y!vlVqgz2Por}yI@mcal zTL|}3;oj?7Ew5|f;p47D#^~D6JR|!3t>1fX5k?>)_u?eRB^E-RW?exs=ZFVDsMG7=Tbyd-q=!>EfV8}e*m92RrC=qS`s_MA@%4_5f z5!F!O_Uf?NyVN5=4M&J>tkd=hp~lMpa5l|ji4A-71@HKXs*#H3_%G?h^5yaEJKu}i z54e!K(*iLdS>X(vQCP`4$^XLJc+1}2;9qj#0y&g4C{o{_(SLQR*1fodP1IcEFp6vJ zIC)9v5OA3_ST;GDhqZHx?G8OSdVX067-ghv*l_wb5K)t`T5lY(1JI`Ek713#@5Z+( zY6U|F-bIU8CY-vDR0AKOg!UQX?wA zM7F^EBdktjlmZFn`%z@-$%@^<@DA9Yy4;RPuhFiAD-x5yjm>}0X}Crx$__U%(bHsK zm_K=Vx~KMgLKLe8n6HxgAUI&?K9YCpb{6S%dFOC?FsAiNb@LcyRYm3+AjI!1$J@?S z)s8lRx@;6lS!PjFX?|v;HY>&;1@1T)oY0nt6 z(HOZYX{)Pljc{c4FKUT!OR&l*rXkm%P;oTbAuQUTQK^D`ki$}~ogu>~;UIK?1*bRk32!MK{-H3b6kaT0wuepyV9q8_4vE>;s$k$=|BRTEI znPlG=R z2VVvf5EGXxrEwKTLMRS>%0KtakacN#ew(H($)Y#JI<`n6)(qPDo#O~RaukpKh8UXM zA|7NSaiP7^3#HdHxx01Wyfan?ZQ6&B<$K()t)*rBxu9&oN@p)fEJ90*!2y>pOZh(cc~( zf~Jv4jx&uv>ruKw&kMs1kH-N6mZ+#OLVciYoCT+4+V7C(27cvW@Td7J4NUe= zORhY{?qVZ~0S5J={11@!ojV1+b5h=g6vlxsaFDOT_8{zyU%^E++fK!cKWcs4{qd50 z^bsUe>sjfJKw(is2A&|eKHL{nnPURm+{EMJ*RzO^OO@7#eRh!qD(C^Oo5|QF7hZlg zeCtj75o@wsjE`H3p=cgyp*&`zBR&_YQFWQEgOCh}ucs?+n7f&!SZ@0Jn!XnS19GOt@`FyBn7$4+v?YP0By^M3T)YFQ103~YIx9w&qWkA|3X5fvn=t} zIs4+XG~q|tURzH2#y0g`_r-l>?p^si1DNFZ*zO7pRAq~dy?4%teAjp6M`WD;rPp7c zQ_FMdm-I*BufEpHwE#G}?~)>;mu+139XV~-%i9eU{87yILMFp8lFcp6{hmAD8|mtb zq_KB$xa)-#!|}R~*r!k!JG|`m5W|iQy!Zob(e6_)QmF_rd;q9+ZuN zG7&%*1>d!uA%B6)D_h$S)_FDKp!IM;92$#u(;1@uX5V+!y({H)Z4!E2+rDv^~q zNQ?JwtTDDVdd6kyKm|21zY0yGYL;T>-d!bT+V%^1zB6yTxd(IQ)XidNV%)rfXV;`g ziuKP!bR~hd!(IN9Vd#cF)#bijGqc^548 zqO!N$gxYtB5O)1v=P)q_P95R7r`}R{>W8-@NqI8fVW!f<3A>;#J^*l}nasuRZLvi{UTKt_fE zoxmg6raDLwY4a=PtD_fc(!n>YuC*n43^de=Usi2f`o)MNF*a0b&Zp4kDie;P&q-43;?VDe~<(}4F{mOx(RFnV87uE)GQEIp5qn9Q#} z14L*N%JFPaS88`s4*?H}b`p8hwy1tmdC2y3=mm&&Zopi^9TU+3^1y5$QjB}JgE6sj zP;E1ED%rijjAuauzlctIJ!)38!~5Is*UjR(W+G2~E@EJuoNjyE5CFV;;Hnvqf$Z5bflk98Q zPTniLIUR0%Vz=!*30L%Oz%I2p+R1r^-MvuZem;N7KuQbXsoU!%DU@~Th|`PkC5_3C z$QVJGXTxP@-bH$2e=3xEab$1yEn)HP9l~HaAKX-Q@9C`<{?yr`?u)*@bl9qO|SnqOvcNabCjSBx41$&bfwxQGqeDUQ<|HypBajh{y z*Qitl@j5}HH;l2S^!Z0sE@*dTS+_X`omGaOZFM2BN-!W zYBPX763L?$c)!jh<}imQe^W#|=*(^9WWAlsmwiHN);z)S<)o^-2v;#XDmMsPro#Q; z$fL}dkci~ywzJA@8Ht}MmV0sY>xNfph6Rn%$U7R(hqTCaWDI$>-E15l=redD7lM2c z+KP-HgYLLNZSvB%O#E{Qk9aZr)~nTt_F=w$(1$`io2d-%RYf6pUcsT#q}I zk@CA+7Y%h`8xR?HvuQ?fP#?=NTvUB#w+(TVoyQa|_5*xIOtaF#d5E0uFZ^;n)d`)o zi&ahzB}@C6JX4{TnbWS$ zSLo8da)#JYTe^-N_ub+llgy+4*m7W;+kTbLHUeJ{}Sz`U$0584nnC#7? z4M0&VsBucbKVP;T@UPPq60dbSf#hCO6E7zPb)?el>k4>#b!W24aP+&wG)VGQ@FjU< z^V)kequXSKwB9eKx$s(bFgt=y_ESxy5`_LqC_#$`0a?1MQtUuc2n)~K|%{)#O>C+jSarg@CC-2F=K+*v{bj;aQ3AYxmlwUxR_yf*IJo(2o zHcCd`T9GkjMRpt!q_g#R9m69_`9PHPktW%K)omlCY_4t(4+B4WoL&!$K~VNqqH$pH zkS%KqbbaPjyXrbPs6L_OdW{sL?8AxOuTO`v#dpqYB>eLfz7vD0LnitD^ul_G3&QF< z(1#%0){$Xur?I^R{m``=lE12jph4v5W`XG;_*)Q?FcQh0(PamszsQ;P*TmIUK5JJu zgX_JL!)At3%z{|LSEo@neP=3TD3kRKgkE-F2Y1gQeS=F`=RUnmyFZ zT~@@$KggAvbKUg*xsfX{1}e( zw=14^X4@BaouCZs$`cd1tVnx7Q4y>CPOU;gu{W=s|K>s8U6}=Xc78HFb%B(E0x3l| z5jof)NoU4?!_OwrlKKx%6sq>m%9#nL3t2TUsn>DSt)x%FIL706W$Y0UC5xg;s0hs4 z<`n7gDg%PnM`m5F?l#Ho)C|Z)%#k0U=DHfd{;HV;Ejsf6t%k#$t+BVo-ZCRJq3z`F zKFJUYsO@>Y{|z|f2TevT=}P;0LmkKy1@RHxnRM>u8n(Rh^Ip zgibc{fZ+sP;-KdQp zT1eE9MbjOy{$0U`W0#HUGqqbFFzJ#j z9$w0q3;X4VA=CKBIjXyFxDBF{xkg~<xH9vB!$x2tvY0s zUwPP{$`iW*-3|r_a(}$popbODJD)D7rB>%0$;TZ;mVPE6v zG5ZNJI>36!-=V4{gIc<;Uh(jZ0C*%*Ii{68XJ4k!BWghbrBgk-Y-#Hy*9Sr`SmIIY zdClY+$Nxq!drG#q|FnIFIc7dQbfl&I96D5KyFEYj$g7|5GefBMvXMANEPzohy%f;? z;Z$LisLOWD~qefX`Ljb>>z`5T3)sYiC3upk8@FsCQe>00;b^L?nuWXMeD zNI+dV1Z}=IC8_Uy14a0f&t)J7;nogSJ_EneEk8MW_rhi+Or11!pX#{-Apq9ZMwxSX z!ikx>aK1Lf4Uct&&*h-G542^H7|WX; zuEI3RX9yDhrv48Em=(tML*M)5V<7s5PYyqs!F$-X)dd@(?t#-D{IOanF-t7kG7Urm zhC%Ho_43{;3z2B$K5m~On8V(Y!Hn>mNi&Qrq50``f;BePUbp#e63|mqRKc&lkk{bU z%AU?fhhaZE)*#8Qy<4f^xfTS%lQ)oehXQj$mp<8;vZ4k1`&9OiO^6yx`l!?iYmE&C z_~y_?w5LTFCIy))UAC*nxF9V2fTfTkq%%LgVZq`F-NnTP_7^r&g;L7=`ZL;JIio`` z@npIjK={`A?S8oXXf(RZ!sSKf?)S(;Nz8@VHpa$O6qTA91Li&f&R$X`tY?-f24HtNt!>I-Q6^d*nIqAUxGX04XUcmg)bMV=glvdusvW(zjP!G~gd9A9la< zM}7eOW6P!TujI!-jR0KA{E}%z72>CRt`PjIEH8uamQsU+N<@%FgP=3&8hT7iam<_3-9_YnR&ZST95hfH$CwSR z2WHIA*VBvPe&)!&;I{?UYs!P&iQg<9SI39L(<}=mu&MRW9)x|tgYvQuqOVUHH=++L;9)j zOOn#2Kte6~ZBQq|Vm;9y!WEUf>fEhHn23_ArBD5v54=+T`xJ>%M6!4(-kaB$MMX5y zMfGI=uxxxBRV`ch`|y38semQ`7*qmhRXKjLt7j>mlMc3(5q1T=hOGe>9{lXjy?uWm zW#Y?oFNfmu3lY>9J6dF4Hy!Qo279~gNs-ac&3VqF46V)O8E8<*bc&qJ|4_#onDpVz zQ+PE6CLbofrYh=SNQkrx#m1iV^QO^!O+3)H!ih)he=M7<* zxYRq?;Y9h@Avl%zcb1*PEFi#f4bYhriAys!XNpIvg(A;*L$Wd z0xX-*wgxY00a<=2o`&sly5#AQO55D^6U?LXhz)}2R=Sw!<^^CjHhX5I?(aQ%549p#OPEi4unTX<1nN`YJW06a;QxREonfv% zK-v0T0hKw?3K;jABeSEFQ2bJ zPM_1mMzh4HM7X24z?OJHkrE`XlhTofrs#T4fJUI5M38`j#e}?vc@Io=gefb#;i1Zh zpjpm*@L-^NP_&;En5h$5z{lvs+ad5X> z?C71f3PGY?$`>;lqC5hMlrZpsU#5mCSaKBm$7Ds8zy5tL5Wno2X;NO;i9lH=hPhlS zY^5LT0ZH_e6dItGX^B6s7Ph*28a~2Cbx{-qLZxhi{r&4dnoV1+-YD*8P`=&s{v4CP zmu&728FfOpfB&AVifp%c`9!r>uWfCNpM3j{IhlS%Wxp38E0WQ`(W{JVlF+}9Qf@I% zz0bmGyOQiH0xL=&{-WRlyPo4kbiV9C-k)G=mhorhUj`o4KZ??C!Lnlu(!0OB3C`JZ=@bQ!wuUx_H)ZV|%WyBM`T)0U9W;vT}qJMBRTBIy37s2G8;^kUN0+yYx00BP^09uec|`x{@;JijE9&! z#zUvtqp9Z|Beq7;;4K&Qct@KNz zGd5nyMoy{7&|JRu@-0}%>Ga6T3#lOQ4ftfeN+|c}f0kV+j&8ZMAZ5^()^HY#Ge0cH zKrh=nMu>?y`;ud8({N)?&6Ud8&wUuep10G8I#G{@7`{j72|J!lrTd!}_ZXs!5=c>n z6;eoD|BT+BSfo|2{pp@!N3^gFDKm_8xP==HzoucnJ2X?N;}xN8h+XoX2)-AQV>GcK&-wq|PPi01}Qc$3g*#$S4jKek}+N`teIIKWdZ^V;h zF4@?Q5D1VB6Gv5w{_S;MVub&)Z&#_UU~N&t)gRbC@3x&MEr;9Vm??;1eOk`k$}S@BZSbDDD~(dXnBY5K5K_hCL)+7I zVVfL`_QVZzr-@SJ1&^P>d@bGTI(8zQ(nj7z@u~qm@>vffoaM*E0^PSo&d~j;DhphU z)ZhW}UMCShN{xGbK^N_{7R#_LdI5)e$%(izPtXp<9@X{RSrqZw=uKu{H+l-rXLfBg z?=bJ&Ma>`{mk^A~c~zoBlBnDqmt0P%CDD0k-K<%lu)77!RI?#@e}#)I6X&RofpQUWa+Ot!TmmDfB?{CI!lT!$e?di zT5YcnkVLfvw00f$o{Lt;BRjo}uLsB_=G_`EyirlNX~FYN?<%z}wx4!Izwxr_zv#J@ z^ErDO7U<>@kbQQF)bmEvNXO3Ozg9u35bnCPHOb@ixE3#fGco^0dV}C|jFe*PhF}0J zu10etMm2vTCE^%wo4$Nw)PWFz%j_4J@{I8N=4t4!o4=u)!eQCi0|=w_f}|rXVXMNn zy8mk@Cvi;oR{!cGj++gU=vSAj7o^h2L$8uay9L?zv{H%^YX{Gq zq}yd>ZE9>}VP^xlu_lQ~u%pnCs2Q9OvKj`F#OFKqz%tFYxO{niq#^{%y|R_%8^OUro>&T7r{ zfd`(mtA{DJDeS9_Lgn74x_at$T~14-bZSPkntI z(y5LTPY(gB$JGh%HzU^5xd_y7Rsr*4xfxr2XM+jrEI5 zxB$J)5Q*evo^{0-%*Q(N#prrkk`7hxNCnGr?zf;L50$yd|5i`I&;7!p1qdsvQ!To? zb~p6kin>i}#qV(G>1y=bdv)rP$AY=wRl479ySC0Y#7tlMKRQd+)S9Qh#9LZ!Lk~Ua zTIeHBY*oeYep}2W0zsPhf`~3;E9p$2;(dqrr0?>J02C$31V93z{Je_YOJTKW-b1+p zRM%oUiBxu(MYv3-UJw~62YZJ>R}H)U!sn*{)2u0K$~@)#%xy+8Tq#DRgj+N?x2lNu zwAVGj!{QWHK)Ne&h4C*VNW?J0qQ5k-36xfU?EM9SKwS@{J)XA;qU|3Rt)x%4%>H3% zSaFjX2L+6N3W&3f_C}@2U?H}Kf%tZ~~B-QUP5G?OQf@P9$!O5wvPUp^F zL-r?X$ABFEwc;C&M}yYq)Hg%?F-AhAbv>v(G`n(eq!+2 zZ5EqAj3{{`QThK{S{V+(Z<8!La+D_rodQ+esg+x8?nU;muph`5>42gn zB_e-{G5q?z8Q#~Ra`alFM6j&R7}Z=xD2=>kF$R{PlomnG&#b((Q}n#xXoHf5@p~=O znYcy`;ExlDV3`;?@47+mq1dC-AxKYPGJTyjz6vb@%Gi{o=5|?*&boZ=-QWi!F9E2g z1h-eySp1kYih%q^t=Uh5B7_~*GL`(>6ZrQ`T7Z?^V+w($-BEqDY~Q4cv4yp=_E>`u zBN5f~@#i<=K&A{Vt}kz&i3yBSwrZ0kUXoc>Xzj|{Im632aoT;sxPvmcE>f+a{yo7? z!Tr`kUVP3Y_mIv%lCJFpsIk{T%@%mb zWk#=yLhHShY7NT&6b|uOT1gXH$zHyV?1|M4%`sZ@Ctq4ZFR$2d@o7gEoIP@8MEqN= zB6PV5AXb79ImYh!9ZO4w-GJDdNL1R5!|CPYhv)r#I$8U%%r%oojPsDoh)dtq7twD5 zdB~VZe~|gNf6{=?({6?T^={Zx5*2!`Td+TT`J*;{qvHtfYhBmu>!}qd7A{2)PsO*2 zp6l$Si#2u6dC3;IZC9Dd^qXDT>jj3I4|m)nCdDww&6PBUs9x4Oco`SM*Oepz0aV;Z zX3D3DnTdV~=yV{k_4(`DnX*MzV<9@3sIc*^s#{-Zj*T!KusX65yng=TeQpnq1uCNd zY>fX!G$d!X<`LuK`opI1C)_-NAxfM3MnOcr@XSOArtr^4ZE#n>Ux-UR-dbsMcuXg`^DW)&p9Xl{u*wu7D8mY`dWtbk{afV z1-s}i?^UE|&sa3j(1_}v9n!eQs};|l5IO2xHF`Z!LjdjOiwbBI2+Xv|Z&o@O&-!@+ zq2!wxNNF$6PBzh#ifai6Wzi9!kjyIT4i`{yo z!=7+Nx5wi1$m;8eV>wr z<7e{@|Fy_I&7>313~4YeW-Bg+N&C^~*&aZqL4U74V_1h_YnuQ8H_Oh@s8#pbedZm+ zsZ^70x}e&x`?&pF*5#oTvhmwJ*cL|gV%F>87~Xc8IcbYvL7(D0{;3AHKx!c$LrcBm z?I#5BKC8inm{PaK{4KCVQ>O2jW1brj;+34x0#n^*7Gy35VVmi-69*~%sfDE zSoePWIVw_YhJUexhsEjeV(lon9Rf_O4RVA#fp@P0^FcXR%Pi#R;`h1=Kg)Bv0GA zqBVh7xGUy=d0aCX0a$=H@f))0JICH?2ZBJJZmiIr zR#dag)FL7X6KGK+ObSo}Eo)=NUe77y_ z1S1p%_iYArqSH@)`f{w%jRBz?OKCDtHFDnsQ;A~~x zm_94Q^8kavv=L7`1n=?0r~~SR2VD(6d6~K+8^{4AL#}S&DcNzvQZDkfQi0^Hu2TSi z9m-+2{OEly(h!KTNC(fJo0A`s1J&mJ00V#Vg@n_N7&JluuACvmQG925Fp-Uu4;j%z z{>5rIXJWRz45ONL+zlwC`BBnvYDegZkb|)YpaspZxW15CKq~7}`tfm>10%Pl#_qLl z({;<|Pnr9R|29^=;9l{1s~@JkPEI%51uVy-)z?1+^Y#=c(?>Qet>S_Lu`eW9kfy28_JL@hu0*1j2GqxuXI%FL!jSpk%1wXBQ zWv4nkN59Yi6ug@g)5=RjM(flX>V)8e0=EX#e?7Qlu^NKwidy-du42M`xQZRAxPBo= zp$?v@Y*=GaU0vR48b)jo%4{#XoFeRIa;*hQBti(SDZ6~h=iV0*nrqOef32oDe#+^M zb=9MA+)3!DLghx&y8;HSUEXWzQ_|t0M6pdwI_9ZUl|m2WZT_zJ3w3;E@#69zvi=B9 zPVNpGqFFgKC{eO9ZV{gwJz6pf`e7)rG$izOUlN4}RmN-RQ*2a1f5Ycgmz!E)4}lq+ z-swq*ttx}TgrPze%IN|O`X>F$%sR^y2+pf2YQEXC^+ay8j704FZ7d}wK=wl({?jHZrR1CICsN)eN9HaZY#cT9Wev&s?z7UIIo+8 zCiv9!c_$>5=550#;)>Svb$47PC79om)dlHJ+=3%aWLxpz4nm^;vu^ADm;mTuO+7oY z?IIauWw>()idB00c)k3gTORZLZ|xy&xq&PX8-#1R;oV|CQl+O=&PAIit@}M+I{MEa zeDC_0g@>FL$f-4K!xnQ8-GZ#gczPYSU}5wtUah-Ev@xQ=@k;rOR-3S#EwMgt`E;0~uLyyA-uJF`3?GieGGiN9*^DO?a%p>##Ki zF!D<4N{J#=QrkC2lDj<$n+h&;WNlr#q5s>y<;T;MN95mrALg*r_k6J*pNG z^gPrtk>W9Ah@nF@{29b2xr$|CQ{UAsPfHNdjk;P)^IK(Js|++EX<+V|qW%9l1Jw2p>=5GiXypX5m)KYcc1z+G5f# zoAhzFrxj%#{(a0nxF)7kk^C*P6b4dX8QTgEZcZZ^u&mTlQ(wg8_d`)jsX=eE7r@Fx z4=&}I>J&Rv`>$@QaR9+RPr;zA#{;QePOH)%*_iLYXO-NMu_@>zc(a_zZvJIyPO)ecOzC1r<2 zCf&6q?N?>Aq+SOi4+=9*-BrT##As+bbEYL^cX>sz`i8_Oe3l8mI5=4Tajyz5loOefiDDH&C=^Q1oSd4eAzQUAwwj_AP*#dhh;AI0 zknB#;(uTxUxeB78BtV9d0xU2-78d=HqE1Q&W;SA(M}?!7IM&Ld{nE4qh^FL}_Vjk*iV>2ayS_k=d5^j!;u_u$FX6 zu9E#)Ng@>Wpnitd6~~o3oljB8R~fdBPe`~vMqe4z;F8Xak_)eA1lu7YEiyGrSpg)z z7x_=23?>f~UE#u$KN_UXlZoXImjtc3?T@{*!cf(;BQWQh$82Z6@aNSH2d6`xo|Y;K zEM`)HyqGYTE6ZM?NC&0%pfm*)$Sl5eGH}7PL6(tGGBbB{0)iFmWxJ@NyW2&Hu;SJ%-2G zu8+cRoJ?%AvC*V)W81c!HnurIW7}?QCymqCwr%sB_F4b6*51c{_s9Kh<_PYYx#qrj zp1;#6s4mwG@gTxdMB!7k_f9sN!`FKz`)XV9e5y~YylNf8f3zu#1)FlZN9KeCITas} zhd9k#MLGN#hF@St6|Uh&povXj$4+R^N{JEkjH&^xbJDFir*;?MhBjs;fSbPG1C^ce)w`Rq`2&B{pF8Prk4L;%b^^9CvHKV5afDQu# zy~1b!I*?{j1ZNT8n)+WknyVLYP(+qpRT!1|Uol0mXweCCkNU93PHr_m7;^o7NQ%q} zEjroa_1r|L$-Cg>sf0}=jVGiwQZ!8rq%8s+^j6iJE=On$Mb`RTQ60+%3tk2?(bJnE z)QO^eAoKwOE-##Ng}Z;N=mRIVTx~<{Sr`L3ce6!1Tl_G)eGyICC`BXy!bo3ifF{BZ z08$`zUmvhbf8mSqN)FH1H?(TFBuF$#^Rpdcvs&zj6JTUqt4!%1D0H%2zFIl(!&Mo| z8#x@>Q4W*SIGGUs5$yg$89+uH?GGI)4|EB|^zY64T77chzUJxSNF*ro!H~- zqG=wjIVNU>O9RsuQD-3!&(IM&+|YU_N0=fmVxB%&D2a)*nVSR8zxcCm4>JLK4c+bi z=QM~*E-(*S&`)3(b_M)e*e2mmD)J0sY@ujTS^{uWn#ivz!(u4WNJ(w>)ok5j0lH8a z9?*g!AP%muP;Y5O#yIG--`e+?aq^%Q+EF;OT9~kW!VQ255FaxfVO%(H z(xSMq;w_;b1GO90jLn~AR&y+@c$niUGN&j1c4VNG6 zlEwMa=*X;tTm-q)#XAf$ds){*L|ybv9mhv`kqZ42(ynky%4aH7@9Qbj7L~F>da{|^ zJ-ecXR7?G!r3rX18d?roI9p7L<26I{siJO*a1iFx>qX92>m4xM_oW)E`99A@0GE2s zZ4mFIS|tCY4iiN^X*ePS>bPxU>BEa#VE*n8YtjDj{y}y+Q2Oi;CPPaifi?T z?YpPAEsCZC3@EVW+2R8YeF@Zes`D%}8VSEau)TKLk}{1wGhtm~m?2tO>LNK%`g;w! z$-lnP2_zrD1>x?~xp9B*it4pP;CFV=9-{g&ymS4LSl`nty4z2X24aUHd;z z-*rKcL(ibp<8^$tJ48j}D7oBSAE2P!86GX40tFy$oQmBGw^sw+i{)L+sQ=z?@c#mM zd655jyMjodr(5grpvRN#=EY4e`aMU@wPitwJ&{Ja<`#(j0i`t?*3mDc+l@Z^6r1sV0VH)uQBk`e-L4Tt%!gBA#tL(>(*YXpe(Ux<}92W zTIi4(Txxb()fp}ZeTxb>a8t;dRbtBr#AE#rG)#0U`rm*q!hfLQXjjsIeX9RYb>kZZ zS~AO@KB_u8qu(rhIv?0`RA!XJB-gKO;yWDbLetz>$6aqLo#b^xfZ!7u{0mp$?|V-C z+Q?SQ^DHbb=cq9}q@GdRBHti7v7Y*D4r=uNLnVXTIS3)UyEzd;onnTmF3i{>?BSfOv`eL*0@7O9~3o4DZoR)=j;)ZxjEG6>n~? zzcOUk)15w~hmxLRx#!2XHwuv9H#~xS;=%L@WTZ59G_%C@E+=00{9;xE(RQGmPFw2(g{8o`Q?}0s>SS) zCAHk0jy_j^Kk=1pOgx&^@9jV@Q$s^uQ`Vvut&zgz(<(6pEyZiKkO46YAzrPfR-E@j ztqJDtQg{*wP(uo{{})DWgTvDc_^VZd^sbldN@JkxOWGMfGTb_A>OXoKo0IRii)PJS za?aeM#g1!Hg*qqR)Q{e4{ z&>g0BM_N_qnpa=xwH!Jz+O`{;9N$g(xmx74m>NRJFjw+>JxtQN_uGVYF z{bjuw-Apj}^_pU^yHC62%6O89V~l&^!}S!Qr8n+#UYhGEvtKyw@TrjRJHeNT)o5>_rqL(9Q`0O!Ng&<_dhGBd7;xV?B0H#N7X-z_V(OFwVnOA zVn5*ng#1LFm;N!}>)`hyTUpizakr=+K_Y2ZAs;GvYD$6=_w_3xpsKsB_kH^~HzR$) z-mVI`nDQJR^!diuD}u#GlHNr}JV=>yvT5Pgu_`@Ji8OL5F8GE3_4VA%=!b^P{my=3 z_RTBVbqy?jDlB2GMpnK}^tZy z!hAjxRdqE`;@ZiQ7GwNKJp39A4}^rckFRxN$-jRsdQa4xSyC>f041L#ZnaKW@ATph zOat=A!BLlnETNxavhAj-u?++Pj-On`$=;H22RUTlL zLBPcT1oRo$l7%ufpP>DuDH;4>I!#UI@q=I_;OYw~Q+p_dx{|@gzs)ypFkD|AhuC@Z zQz)4T=I{r#4Nl4xddMNMFX%bkEAIf`L2YO}@r!zB#IMcGN;sdm#IaNa$%QE~DKH(JkI5gEznOQ3S7PyxLdtzR z%4P!F3BR!i=b&@}f!U#w2XyTAd}*>~?>ocvF~SMA2(*w<%b-XN_Mtx5n>I4C)G_+d zox6V;dXVK3LM>t!!~ZR8(+BMV8{Q5@2wl_@)XWBdn)#!PuBMfS{|-g9nJT5e2<^>W#01FJA@+ss(&N4K0m9$Kry3N+g2PD8YA zw&Bsv%qhBFN9n23Yugjyz86B+%&PJZ{ZFIz0xkg@eW4>W(>c&jY(SAzV{x3jTu?yP47 zXu)aYrmZLUXosv$uEEFKE&gbS<%;|lQ^t^`+Q;dShQQu>w6)uyDL(e{hI{8)jm@^z zQR=v?7x_2LnU&_Id`osTg5%HA(Ky^4p<*2^z^FLH8S7#P9?%rVrr{j z=N??Xk2Ni26I$B|mH425e9X6C4Pug+d^bk09qQaO)C4G`F5xw@5Q=y&^lzH@Xcsu9Qe5&;hr?Lv7Q*UvjGF z_>hABOLvg3seU5|>U$8V#=$ww8nG(u)hDEYZhHamZ?lt^H#ai|+0^s2pj@N(o#j{8 zG<9MJ2LOH8t^r|fAxf* z*^&+4+r0)caV3@c9T5P?<{%_36Sva4@(^G9z0U9M7eia;du|r}sNq@5Nzv#7E5?@p zHBw?g{mrP)*W@3zx1diP@t>KMBQogIDBeQ)NKk2%JlKJNgv8~eQ;OZ4T}BBalR*O7 z4OH6N`0e&PGjpEYBLgX!(BPBU0+A}WX`PHb%?NCXw5fM%w^vszdF}p*>%4kS7Reah zR|VW_xq%j-wJ}gL6I+?$VNdvZtS;4vC$=Lz<0x*Z^+vt64rZ87$mIpW-nvaQ%;y>U z!c?7jMcBsb&3WJrig?p|j#h9)dm*RD$Sw9GPfGxNI4cNPg~ov+I6q$yoI7fA;)|+7 zdN&@sH10qVOj$vJ8|q4h!X5A#M!9={me$!aQO{}oMXSfP_JNk{uf{7SyG0~EPVc$2 z5LyraQ|kJ>h@6si*Lqcw;pYZ>JvCv$Dg}n}uCW;fc@Ab_kr_6s3KfuNyh7(zuqE|(!p4#vE?2F@Rec6En z%`VZZHYUpKbu6gNnW^+~(VJ+0qZ^HzI_Fr9^L;$fri;CF{%11VwIc+m)1PyaG4)eaB>6|#rsyc68 zi>8RoX1L(;*p(=4qWa?U{e^_r!24rkwA3ea%l!WO$;sVX%e^YQeI@2ej2_nHRr|6N ziat*BYAk?0%|qVAe`*y){m5-o|DNIes1cA^h_S3e z>xOmSYd$3^MiFx`vG7ivX|*xgSG~}R7vrakt{#!~n4|{9$61$r9v>f*wni40vot2d znzQfXW9WN1;jTs={bkuFTZbvD=}u4hd8YZovNb?GIw>=ejHkMyq5%!w{P*vYUW%W9 zA!wq6FYVd7Gk`ah^tcG;TP)!l_J#(gx)OpUP2MeCRRiPsfoeV!iak}c(elvaKbUfIPii=KCtYJbq&5}V zN2yaK#B(VxkOhR-XaDTp9eY?n|EU zLfEB{SJd({x-VxNvwCAycm;AoW503^j?gpx{ z&&Z#6_Me-iHS9M;jGS~=tly!g2T~0qEbj>!pQd-;f(ex2b_hVQ#@8a3@^ro)Wj#WR zSV`9U8l8^U#^a>OpT7aK7(FNQf}4bhM%|HhR;Tv;OT~Nv1H%>GlCOUVXds~FlJzU zM@RlS3WlDXtt+eDRarwWiML|{uD0ifvmSj}g3S-m!UR33s2}RRY327^x8nzAE~nlD zi;B14n*8mG++mZD45!3LBP`65Jr<+v!w)xDRy0n@38&iqXK}bH_6ETF@$-gPM}bYs zH~JQDPR}!Gt&!}m%+vkPe4YUpy)&?^*ZzkD2bu zDW^P>A%cG)n(u^^lh+Pi6%bBu*FFy5m;J`-IsR>+;1f(E7(`*NoK>@%re>z6l1kZ^ zrCwjblwVsr5{-N3@tBJ1Rl5Sp29#)qq)pspM*`*DT8=eDi70J{Hx*9TW}amXx7M!; zs_>1JSE5T==Ji!RIve`<|&sb^biXXW!5#f>sTI-cvL|AlOZ<$;#Mp2;ef4 zcTVtQjF`{G!Z|GaNPT@Q>+QPD;DLl__mxL_)vT12OabxO%#d5j_#;^} zsbi|^`@_PWP;XPBQoN(#?1-JX#f|e!t_Z7JN$YD{#%X>)SdgU0enIOvSxzLKND}kp zS<_F=z5#G2gjQO(-HD}Mu3aN|OzNzYIYqtErzPP#MVC=(JkSjr4B86e=>Z7nLRkSe zrdNniLLswHEphqRpa`k)pTV^;dH-m;JMujNx#AX|)cpf%1gG!qg#9sMHsEwIpgO?- zQa*~HP@#IjBy{QK^{38e=p8|k<8X^uBVfa47hUWx@4V}3Wpk9=Im7+_U95*$VbjVWe z%+DM3p;`le<4oe=J=R~SeAb0PVrA9qDeaNmlCSIr5x*g`@+l5o^JHsrXul#a!z&}- zU~n-qv;8&{O?g5_Y%qugvrh;4byN=|!nGFd_7A-~71}G97%&BRtSk>u0{xK9itu4; zzYS=jn0||Gt44Kc?h#y?P{3km-wvP>_qANV7Ljp1Z<-`^Ep~K3GZhQ#YVTAJlFTVF)DkgpTFnX&99joIvvqBwLyO(H> zZyiP1H$mx0u?Y>gc?hCi#u!-A4;VpFH}_T`D_*zVJmTw;a5lOEy7i4B5vPSYmJnn0 z5-}8Wz{$g{K6Iy5GPvo6M@~zzW{5jlazQcNv3>Ayj{JP*2H&8UE4F;Wr7MaVr*DE9 z)Fgf=)#b~cyj;ekch*yYK`*aD0A@GYca*EgZfK}?l8(R^Y$dgF7NV`_uwOd3TBSHG zVK?enFO>Rg$nPBsyS;vh!F#%)AEwE2_82+7#iVVFiAL9cgSvxtkH<{CSY5;aHh_f7 zZ8G&8nv{iVaK7s=#hZGGGCx|KfQXOhX74pWgM5qllq!?nWIkHBvB57F{JV!*v)yrE zWNp~O$I;xweS555IaU3Qttdr+kidWMlVhv z&a{OQTtnbEi9?!TqA@A5y8d`?MA8%2qO>^G!FDz9-l>=q8VjAWVx^Ay>z9eye)ofk z%?1Z-S-cr?+MC=0s^3OukPts3oBMhbI?@_~p`R-3(=V%c+pOj4yA4nHow*`Wp zyu_qa+hbAjKJ6SIeOZ!@lKg0ROpvB9S>b;a?DE?Ac;khS&!Y@SBx{~sR61IW41>5B zt6t7XYh0(lkNR!_AtR4-kAIp!0$~0BwSZmipP%KR`H?mo^cW*zIy#JlKUo8PDB*W^ zH1I{*%`FD`FkWWGAa0#*o@J9+Ja8eP+07RXg9QeE9Y&=e-N7`1-!nr(f(~e__gu!K zZk!OI5mRq4InQ{9KSARi%A5DI@ezQ)-BtO?UH5$F?vc*&!k42U%;|7M$LAD;RNm=P zuITzvoA%ngdOxK4q)nn{@-CMwrxES1v@8>2X0J5MQT?*X)#ggJ(OE^;R1Ww*oX_vA zI(Rcm_7r=u{bQA*6yAqx$O*)WGe@YaXh_IqZ;a8mI+8h;sl-h0=a*|fW+ z%Cba&6qRUg-FoD?eSP|)0i)gKkW5ZjPDiP>SQJ~H0w^r~ge|Luwib$okv6`;Y%RK@ zWZauy#`-=+37aN* zlUTVj=*-uS-n|FQ>wVaNoH8XU?GPUar^S15<~Kxfd)?YcQ%s!usPOY*e*nY;;d{jW zz4P9-m9`o*q|J?EeZ!YR^GU~nm%3}i6#?Yqm>w}{?VXP(7zc;nBT}C}EZb}?Zx<8Lhi5_SQ5$CRhLsS;I~F)t^Pk5J|t z=!m(^<0efm`0(HWiK*6BeW#t;Rcu33?qixli?WsGd(;ZMNK$>L+~TfuzReLH4k;IU ziNyj9xpLrAnY_!`e@2C0fUfO_bu>_UZ`sxqijhIq5m4x^`U2BVs5l_%k3&0nR!)`u zgNc}rdCo{VJ}eZ(@gjhif_^ogarr&b6pE=Vnmiz`JG^s)%dl6z?aMDa#CSc|7hX*q z>%%}y|Cz17QPdp6OMSh@Xx_C6p>Php$*0&qp=>{L22*|b)E0or*%pi&llF`As zM~s6|wNnqQx6oKAAMjRQA!jQQW|$jP4UY3j%O4HC%~ze`N1bt`fT^gs6bQ+C4c##k zMV$`5`+j+9c?UCa?En4oqd-#ElxI$?(1Yt{9ztG~3FP$?RPWg7N&mJX%mC94D= zj`SRffj*?HHs^knEe~Y0%Qijg zm0^+nAX9O14nyN%2L>NL6ny>Em0pa$I5AWoZ4~l*RM_1;2Y&vT1l)HObTZaN+^r7U zEMPjquYGMPQ@dgopw#do66G83HIA+mo%o%qBO!m%u|!P%%ue|wK!y3X3t=N5x$C({ zW)B#kk?HlpH06qN&Sd2_I+9p^9Dl<5che)WFmh%llB)vFAgYlkgR;;gTCQyX>2noX zAH%@}G5$DYa7M`y6JBy)aGthyE;zFpD!hb~UZh zFazXuMaKr0=os6|uQn?$=bv{b$@y>IxRt#*g4e-5uSh$NBG&fR8R%v7wRcaGpoCIm zu>dhS9hZ}#?V`5A!o)pO11powlFQ(I}BOc*e`x5~ZA`CEBFf8%FQ)wCRPZs5_)8dSw}((o@sl6s}{@r04QB35Pp0$a%-*v?SZm<8YjmEpj3CH^5> zWi*KKM(vkIh^Mih^v39ZmeCJ4xfN_!XjBNkEzUtRHFC@7@*eiA6>fu%ar3`@w?GZ; zW6*q1b7?(Pq6#pD!MrqH74>`%yeC?{7yVj3>?)Y7O+`L#N&UmeZTt$gzuifiQh!b{ z%KT@ug1pE39<|FdF^knITqKzGNy10afQ7Q77W|q%f5H`~byG+1@qXzF-h*4_mbwLk zm&5a!T2WjiDP~wWrSpHMWtG-pc~Ahy$Fy;z?2A6d%TmKLCew$Khg*p0m{Uh4`lh=c z8}=4f8CA`=Bh6&D#n%Jp_ft&Hi#K9UFroQqPEif?wIEeEV*@LwO&uthjQ@Iw6W5i9 zv=86AVV=VHku4ZbNH+1v$`w3s4w z7GciKvimc1q0C%b0;KSkF8l;Zf5C7r&2%}uBJah|%)osa#)!u(v~sRzE3~+M|HVPk z2%ufXrH%hDq?de$oFMtDc2q9U#WSe|_$2)AFl@t^V&MD1#t}ob7cd!HAxy{@AXu!6 zxC*wdO%=cP1ktH6KIZyThMJpFRn5e(=n_LNlXmCh_S1MfBxA~5 zSV6{r>I5R}b7#zsP78>hsHw_=G^elB z>yJ9WJ+;;5LzJliZ zqbk0T;qXHgE%v}5x=en&N-$bT;t-h9b_V zK|qKGF%l{7+B6DUi1Wf=CKdxj5I8NFiz6p=h}zF6{vZ}`d!%$s!*gWAB-=aPj=}6& z2<=?^$8NMbN~&z5=%s$aR_~zjURPmdsi<~IP_^-PCLzyfk3sCYO79B0&9nDA(EEQ4q$7 z3AxLc2xs|Qsyn(b!v|$y97#of^7pU?#k`e<8~ zWJAx`T?KQh+%*Qz2isf36O8$;{X)~9w0kSUPl;;|ot)Z=Les6j`ng4E zwxb0DM$bW^ME0D->?PcU*#n^NI@;NWC&_8wWZfGq1gft!Y56YaNJiJL>{am(-I}#t zO$07-SB)v^uFU)tbzjv8ZmcVGa56uZs)ag7iV!jIRd}df2^wYX$Aevy-Qg47y1@DAj*C`6rIf;n_ z&CP%yV!Hiql>gwdTl5g|%svW>39INqhsSA=$f3hZLuF}apR|lBzfE;I?nIvExzwg*eF~|U8UE*C5D#OyH9q6zKv=PN==)|8>b$VZE zQ()@3$>n$!oS*{q*^c~-zw;8c9TORL?Hv&+F=5)CQ%&<(oCVO0FWe)b_01RqXV|}! zpe*Jrp`i(sbl+i;WSl#%6M#|t6@YOf*#sUxpQr3`at1jBREnQdngTO<-FuUCYLIEn z%Q!Z9P%Rs7Ir_dueO8Bob52v83)(yLb)aXtPFbTSuTfA=_o08t15?gZP?9r2Jr)3? zLEv|5Dj3*N7%_V+;9h^h$7F-G@lU9|9C9pV2cuM4`_1FI$%G;C%EiPQ>iNR(}fDfx2 zMdoD0p#-49(!Y5*zX4q70;HJ|WzHL;)_k@cTR{=sY}2Rmoqi`WTcJSCE83WG%DD z_f(swy_Fe60v{n?4QyGsrrn;rq~eETnipRl&Kbl+3N&eVgT&eMbkgYPlk`>RyS;G z6cuY|hALFz$xig%YAbJJ5i^&wgCNYR@G9)T8f52|)2HDicEB{~fP1ZZYt#JJpIuwB zXf-_^oGpWx+^^2{)$(y5Mx@&eC7Ye+H$tVI`T3_;oqII)m&?g*pNbTlR>j*?G|;20PV6vL{568M6CG|cuSSlAkzXb0bc*q1B2wIqiJL7b(;rDgfk zdL4m|MEJS!>#NYchd$f4?m(`_H1yWXr1Qkc6S1sEsMLC1EI3+LtZlP)h4pG#KOSN7 z`~aRE3?7IGo}{ctTjjN&oKCOHjltRKI4_1Bc;Rg8>W!d4Y!A-(Q$wt7bw}`Y#68YK zq0QmuOhw4()ChJjw)p#NxPYsD0PJc`fN!(`5WtUiHVF|D)l>%aZDp-OXbj>a=7ou1 zhFqR29|PO23!wsE6WSEzzyQj0gCNm<(;6yyx3<3%h&Cpop;|0MHr0!7J#YBRIlzJo z5;pE(!FbAeez-3_QdLF6w|3NDal(t*Z*DqNq3ni$R<$kFSH1oj!FO_N&$cSs1O7<- zr>7yH+Sa!3ed@5#p0X}CKgKR)is_mNE8##}Ets2=f#dLJ{w+0CpGi6Ne@`YcWWcH) zA>wf*yr8(pQ~rVm4ldM86J4$F`aq66@5^;OQlH3GU8vJ}>imGb=0$148d<&)qIM|X z8MfLo#R;QtyDDJm95F*4Z2nAvxzh%+q*E*0xx8}%O4-A#JNsB3zemhvWV zf{v}<#0cTT7$9YVK-Imc;-#%Kou|~Vzf6f)^rI3?1hPb6F}2&I^4)UkVn1h4*nPfX z0Byw>+=IRJvzDpVsMDn%lJbv++o(@oS*kuFu)7xXwiB4vUtbdpOooaI^v?icOe&bQ}v_9>DRw zG0pj+D+HBC{qFs)I%IDC&Q5fe@_p1wgcvE2MThx5Bk4i%_E%F zKejvG7RT8h1CF?=0Ye;&j@2pHlDHuL84-6}Ge!!*GXfe^Eux&{w`nV#Fil6g3K;kX zGStE3*legbg?A`ZXT&hLA=!>9D0A;>`2kLx1qb7XB4zz$@|H*gTVqgkM$F++4I;h; zVV6@XAc~Rd#z~YOHDgCMTbPh2ReNI*J93a%H*`J3<)~@W zN7fK_CWRrf63+-RcM1>pvDk8#1XX2l$308lQ)vnSrwy#Xwbx>Bu~f)7VJpv%P|Xo% zcKP*$ISz^(A4~mBAJv^J)6E(8h>UorTNIgbA zFm0h2DJ6kYp<*G53xx;ABV+p|4^WeW5dksPoA6D7{LEvb^aeGX@Op%ecq6SwJVyIi zKZj`bB(LE;a|Oo4>2v(o$=pFfJ?y*t2)XM=Vf5AneB#TFD2#+x}2HihV5J3b*xhRIO;R}>6itEYCYr_1}&6Rs(7?&iG5R}2Z_Zp9QW4WRT|eq-bY z-W1or3gB32@@YeI98A@D9N%4skHpNpy}l}kt$BTJi+o#60a^|L4*xj2dHl_&CfmNU z)UkW5ogQiT)A+BC3=hX3M2r2d{Doi7>`1K)Z8shPM&PQfFgK|AyfVIDz^$#R!>S=C za;~>eU}}@Z6c}CWQPZ5>o4ozp0PXHU2P&)>7zJ~1EKdzsYU$(3R0xf47(>Yc+`Eio-R5|pbq@%S$T})0Yc{y`prn+^Jd?Vf7P;D#XjZEBsfDj zA&8z!Tl+|)xopn&6|%g1u1$RE9*u;UfJ|Gi=3^F>K&cQY{%zDEYd#;PSr+{iB!fW0 zrK}}Lf}*0XR(Ee!^v0=d`R+GY>eVw&X^P1k!(%IH0?D6^k;iESOr;GY$hRBo`?S{T zG>wN06MUG3fIoq}NV%}{ZEm9$$MNMOH6S#r3)kfgrnqf3OdOs;Pet%y5f@SWXUxK5vE_ ze*v1$#a8b>B)CVsCr6P&!<@sm6KBxD))1UbwLI4+r|V9-*Z6X>NEWKQL0U@;UK6E-au^l#L~`&9EGQa_1VtR<|(itknNz) zu~DP7_l+-%l-k;E-yuuDW;Y9-c#ft<(Clm#gHh;y42(5uU$b0RKq5`7tX;qg zT91EQ%o6t|0gj{^CuI$8@v%YO0NR4?4Dj%cer zEBzU6PXuJL_JRI|n5IOn!5tE+<^yY>cfyx9*R$b$;{)$~0q=Xc>Kk#MO8%u|xZ@cB zJ^%0w4|E!x_@(3jqO@c}sa9-!_mUvrGp>&KcAT;<6D-O5;>@62^EM)q85q~c0m$1Z z5OaxogF#^0=ipq<5lXQ$<-_6dn#!EnkC1l}>VhkFmb<{3*x`;cDlQVgV8@{8x-yc5 ze%msZb;*i~#qX2priF$&aj=9qS$KyMAVR_=Gg?T< z9+qLuYI)Q4dLq1!@=`xECuajM>f__QL`eGx;u?Xj?4B-tTso3zJ2&WJFpgcJW_d^c zgJ-+@wU%oK3fa|&lxMyz*1UaxW__7!kfZs1)=;DBW2QQBh*-DWgueG_aKld{n909QayzZ6hNhR*uM@{o~C|@pX;*wZ(BCg_4%IgVlz0dXf%~Q zi&rza@N=3-V<-^VDEGvW#kEw0j4{j3>Y{t(KvD9+211Ic-aREU<8TSC<9f-Jyc2GC zoGTWKqj(qq_7f26{7hHR%3h#IHNzX!;E;6A>(&Zbe(xyA?0Ld#nfBO-chmEZU}r#X z+$}{W<2g;wKk)5um7$gAgAIu_{fbirdp?W~Rk^`dh3jTC@Bc8IWN^zJZo{wrP>OH!wqI047tiwP2z)vGP9x1=y zys(+DB&Qbo~-=9^qR4vXtZA3_JwP2MBQJ7QaarpIu07dy#dQz!u7JHa( zZv)>Tu2wSS+ZMXAL4W7kMR@F*+ML5AW8ekrx0+?TP1`P)Q(`=f6J3=}_#eg0b{jU>w*X{e8XD<4CKD)@cOmBAP+U%w_ z8g}n?I03BHxxvaoNg03{WBKQilBM=%x#Zy%)j(|vI>h^zwsD`EqNiTo%0o!*or&(F zQep_ua_G19Cw~_=O{w$Dbe&KvCKtlK>+361YDWC&h zqAb8*D8vCzfHmVNK~o}HPhxU0_Qx3JtYTK3Sv3}r$?^A^BrqLLY2t9kB0Jbt^K*#tw0W7Q|a*73G%WnuLH2;W~La^+fO++ zk-?5PakL7?h$VsZ)A$x z@LjdTZlp~hKeSP`;23fw(?lqIAYV5BzvH}JFSk==(fwx^3}!&hqv1v`3zB2u3?{rN zG}G=8M)Q}wF!Nt(f>v*cjlXAjy(kI0?Ew*{Br*ukyXrY2%at_Mf^sfRgVlno%>Q0l zIHg3C`lce^M4N$IyiI!6`8V*cES z{g2Nb$0{)CEBdzkFnYA+7=C3g$~#$l3qpti177~?RADMG*|8Vj)M&`l9qTo6elEA_ zd$I?fLdaPD0<_2C1fu-9U1@TvrjNIEq|7ieNSAs@6oHks))}$Sfqc_HMjO_0j-=EP zy&0+q#_qkeFN>DMAL0*)_Q&uk)yPTDi>-^u@#ubT?j18-^IhHuKn$e=Ne(}0!6NJ! z0s~q+JM<8aY6NDXs-8CZva1VVT0n)~Re%gsf;EDWpyBF|0xQ>bze`-f-TpRwUvH6! zL@Yu@9o_VeQ6`P)`(>nmk<)`FKZeOZ8_w~2Q7v6deSHB7*X;b}_Px7>Mza-lu^*Qk zHhU{#Y==x9c-sp4bi@r61TRmzCW)f-y;jY*4Z-3ruJM)mH*`MQ-^=f>x%U=JuasjF zg8_S5|6y*+%OEw{sFv6~+9DG#lfa6&xH5j8omEp~c|9X!VbIGc7MP2}-M`4+-&P5t zN%W2COq?V$K-g!_6}{bU^Pln#BiSBtp`wYHm7ySki`2833|Q6iW9+8hBp+}nX;+(F z3gaK?H%5omKj>3~1eRd4&Ii}*JN;q3@t5hDshAv+)+su?`>Qhf>*-=Ahv!Mh&)7B$ z*1a9ELP{n-_sN6+PFHUqACvo>xM-F2Qd&lG8AQI_1jU)LkK#(_L@r|bqLSx7N`iU(7=(`6uA7%nZ(taa)8qGJ&*m~H-1U-P35<;@hM?ZfT(6Gh6sI&n5| z3{)=>G}LXbcLQ#5TMX}2fEiIAZh>a$Fvq_+6^g>4?*t3}TEU@ng`{TVGUsxPID6jp zX!X*6?@%ozRjRRf<}aae-y-K(hJLU1ZdYWisAXbyUrIXs2>R#vYGQc+;MCCvjm$GG zX*y3(z%4U9gYivjc29tYzZak)_-^97{uQfxud1DN>i{8=A#tK^pIN6`5V!aORGKkl ziblh+LN~&JGO*VI#u;w85Rwlx+eWcvsi*=4w%-AG?sDNXwhZ|-S?9DiU7KH&08PT_ z#OS*2AtmfAus>&gG2O`-Vf{EzTZB-;9nFZ=xDOC(1!jvu)nH54v_!10T(OV$Ole1J^4UmAnXL_V0}~{ayz{Hj${hm*&MopE0);E z{2gEAFd{Vdfbf%}hegR)ZrJz(-toIws`rM?G!BxGER$lF4$GXeha5|;{EZo8@2sSr zdf$Zi*BB6;6I58Hq$Gwbp=bLmN-p;>t&+o8j8Q92=zmpX4XcMMKiA>qu9`hWp*9+q ztM@Xjw6CZVa;)snsuSlabQFQ2+50g~IFAn^q|!doZ4la5QlMtTtHMI$+{P=NWHDiY@$&eH8fmbFp78sKIb@*zp@k% zXq&w0GAR8izIR!h^#{x1o3=cPC7*t}$q7$&A$~3aj|&CeINw-Za;}q6pCH~D9zJF2 zY#*4aihK1?K*r#A$g08y{DbD6GC;7+C!DAogK1_|v9u}MNsPgJOZ>Q(zUG|*?Ltqo zRV5|FuhV}A>AB!?#Kyq4Jigic@V0(Vl}hNd3mXF<)xTie>8cxbMqJ9H^vPeyS3&^n z?V`2Dy!uCp_;WhgAbd(GOD1#+7Y)_h82|aO7+nOvpaZPjCYh|$9zDRfOW>RDfnUm&Pu@XP}fS}Sf#RPABQ4r0b?M~ z$5@3QyhqGA3}tplN9HC!U9a>P;M7Q-JD{){EwDTZSU!b|{YLv!mM3#KR}VpJ+p}%t zb73G6>n>j`S!HQQi`~SM>rb<8y+>|?Z~M=&RNxqSplG?CB*C`;oJQb4#$g$ccbRMA zeAid8&iLEl$!P${Ew8D`9ggH0IMagjNBk?L9vOdJ9h-%>Du5Dz>4g1?l<+`_Aqb+U zs)d!6Kb^wUaDpl`7Y{O213LY4pEPYX;)f~bFDZgJ^UC<{r7<2U<^Zv*6;)>HIiLvA znYlj^q&}`~NtyRKd|09hB3WS&7I7e!b?WB~G1AtHQUa0**c7_iU|`Y}1I(|7C&*XH zTj{#>jK~8d284H-#1MNWpXHvKqVwzc8bRtxdT3N(7qZ;m>ohgDBOLDnu_hS;Pm2YY z8A{GfI3X^_2m1=_54-n|d+pC2aP1OH{)5cHF=cxpB(Fu zwQBFiUsQjS!aAD&o||F@MIwpa6Vw#d@)VRsgNR5L(?(8&nO(0fg5pv@3ZyVeSKM(2 zMRqm4Mh+*pXF2#a!H&mkC_fo1vN-t9t~RN2-4EBM9G!HuGghfSVSjFaV4)eC+gaE3 zVgjhZ@J>i(%hguva*`}_zGCpm#V^?fw@GamlV?FIfXV++UnMQhBMqw<=lQktJg_RQ zn~@F0aVe&*rsO{5(m-E74>=!!oJnj%y5#`zssGq=I%uJVu+8>e!wN)e%ugw+4S1+3 zrn}Q|LcKn={}(!1jR4!KJS0Se0f1sH;P}TLJuH|7h1O_09V)vn0Kb{A)(Z;nVS!a1 z$>y))pdbB;>iqhQLX5JcNh1eC$1;0V@SO8H4ihIua|{&B$H(zcE!tf)8>2Ag?vG7+ z8jz4GLY$kMYSi9wy0nIqn+O?JQi^?2Gq!i;@qW{^`FUtYKzWu(gbDZYahxE_pptNo z(2eRl0+*ChN)s$rv_Hb>2!RmN}l#;CDIH06sF#kWg-Z{v!UR!R7c(JIwe?V11e{bT)T{bMc9i+MdJM1Y)>8NZ1 zYhKK+RqyJO0fiM)oILde4u{QJV7sempYI)c(Gt8Z6;O1dCQQIM1h95)Y&_Tue|`M* z@HsXnwh)(g_6k}$>m>gC8a-R1Pv56P>@mBR;g!m2WN%k?3&rmet!?PRaqcGE;N45dXn>(mjL2izXh0YUzd7eOmsd#bwkDF@Z!t z%gPElOY>Wy6RRyCts+Ll{rG^4yM3B%*bx#EqUYQssG*@$ECAgDw?+F-=J(L6=hpnX zS<}B*qW0QchJg4s}JjW)y@K3O;~PN)qY^Hb6FbLfx%e?tvr? z3EqT$9w5FgDr+>Dqq2rU3vl3k?yE*oNmPDOVnpT@i@1+7cz*WiuXU5pW(+)=AS9QP z4L3Nw5J=cuJ;MYhYW67c{;FuQJ;=Aa?_t1}(A~yKA`p$oG|x`c{WwCL`#`~h$ry+l zCyw~>(0LE$XH(7W=cOa3f>~!!>G?Z2L6h*{UCm%JpP25|;6WZxM2&eNz1H%tdY<_< zE(@(vIx1C}Y=|}OJ_j<06UN78tPJ0Xn6tm*@mWwV4JR1xLsl0Gm1a8~m}N_FH0j18 z`-Xd97nDkakuFKei40{C7miKdkQ!n4sjsz5hZzjFz%aduxq{N8Pg4=<6AbkL^?`sY z`bP-7)7Romtc$;P9IdsFRwCS-Y39mCBAf%lL3WvQ$!|Gk<34HDL%+V4uP(9`z2R%^ z5MqYF9KHpS9`|SoB_OtHjVkd%0NxcqxE9*YS4R(kSPdbi^c4(&J98i6zBt$cw-^K9 zk6paACh!13@BFY|R~S|O$xfZ43SaFW=Q%vc$yqbjS;7VYid-q&vcH_pMJj>D1u~GK zM2Vn;;20pFs}V{x?G@din*l-O$0?~tLs$=4b|LPhDJS03`_v4nWsA5qnLb3U#8MTi zW-fVY+){aRN_uC>l?M_{QclqX~5qDzU;UsB%5vb+|PaR(u)X^m5J=i^-`CFY? zj7$2_Hc^ktmXj5LZ14Db{hgYsp~3A{wT*^z(rKO%lu8$A$usdf5*ebTZRwFQ=89oh zAv=p{zFV`#PQjAE==GG)+s}Xh=^OheYhn#bg4TNIft9)5!5J0?26nZfncdvW{A6skei9ZC ztRCeEALT(NYd0Xe?5|q{$8@py&Kn?Kk-1#GJ!A+Od3hj7t#z* zSAz|}yYl|ugj0|I5l)?`9KY5EcCVEiywX#A>L$#1sb|)0iUw~av;CU;Jly@p0KPP& zuh$%U+3oX1ubUgrEMLK&-C*^|#yo|O7N!yLppjDfvk_vIfA`p2ZUd5#YV)%4v_yjt z`CB3|eyzOoc7`oY;g#fVY?#7f8P7FW-!`CPS0xcwLrCQ|R4ZshdM)~G7eAfJ;@a*X zV7Ae&tb4@0F|x7dU4PXzHJT2O zNfypplL_S%8CXrUE}&lCInU%;D*tM8u!n{Da+x1nMIM67dWfukN6)cOK;3gY{?EFW z8L+MmMLoNquoV^9@umfYpE7TRzKWeAQA9j7x79oVa{{Frl=MIm(sx(jS-_4)ORJ=^ zuny9V;%RRB3Uu*M2VPX;92p+S6we6f)$S+FLbZXhh>Sq}fqFGjq?>_0kKK7i!T#v5 zc_0J0Aq-IgQGmHlk4^A}WZrdX?vV^RzRtj1`Cfyvyf;Jp|5m#8qVq+0^W%Mh80{(PQRA> zOi!-k1Djpe#LVs0+m>BRAHOtQDE~CNF0I?K-$JfPr*3XZN!#6_x%<3fmbk>cJcb$` z+mz9&%Iep^X$#YBX-dQnBcKb4_MD&&OV8-b4HY-82Dk>i++sdp;EF z(bBFl96Z&`CtD3T&IC*-HI+5s1DFj!n**7ROnPco%YXgvlvMdSos$1jpOvZ z%DMjnV5#yIYIEG59oP9#E)9@%s(*22QT+>lrY;lJaJfCOU2bh64mQ{az>8TMUA1<) zx#_Cg6tg0f41;peQJ@3?KLhPq9t%c-raFS+a} zywEg?2chjg!zAhlqDC=SYMM}f%UYpnki+HxIJXECR!BhlET zh#UN?-{zo9pb&1qFXU7q*|pwCuqtwJ&O9uVz|hnqTx(ou~mc@+5T|e{AN?==C6>hu1SBp)_Z=L zT!zv8PRK7y&8duFLp+erTkES}$fj93qd(>pLMI!w=KSQ`oTcUh_f)*mS@j@915`?) z*GdmWEzUv5PG-_2d%sw7V@)IY_)d^tgJR>#> z{#7mUHJJ&jUFB-mVA4?j=rgkAJu+71u|g3{TP>3cfhZu;3Sz_pc`c^G-P3T{p;B?A zq{kK$1pXJDsFLotdt#CeYCwJT`>NvR?cxFh`$Fi6PUjPL~|Rz0}iVA})t;n(h1N(QMzB7E7k0Cie>7J9<7+uiRw zesEe*=>OkK$DumS7iVxG-h%`ONr6JosRB_o<*zdT!f874nBV#xdmBWutwx7<0XAC!kW<*jNtq zE%T5oEbB;DoB$~#e->l&9G?(iaj&9M2e#o|@4_-%*YnfYWZ#3907qABSN^!q8eai9 z`W&A~_6(4jA1RW$w?p*wNA;XtQ_!{l+b=muV=1;2pmtzfZ1_Irbj@2r#Fr`Yj{=$% zmGEB*C^?#RS~hy_Gml6VtnlpG05#QE7pN*QfIxb6tiFWEcPo@X4P9S9Pzm6RuAZ9vNRF1S4ypnC^&#na&XQG>_Grn<$yWl*E^$vI^DSs@2h~(Q5@B|$}fJ&owzfn z+1vX0?x{i64m%HBTT{gFj#id+z+&rQlc_<3hPEYtOj2x*Kkk;+GA`05O^C$G_ftFe ziHMcEy(1|HJ@1WNBDUee3^qK8(rns>_7I*~Ntp@tfCx+rqb)Hb2`;U_J3%zPrHTeS z_T1Dmt8US-nS4`bx?HJ4Q;&b|=vaal=PJI<71Y_5Ee)dyCY0(w;U#JmNBs1YV}1Q{ zbGo*2jJbq_UW&{2)Q%4If*VxF4wQUH3$NZW95N1hTb%`hkU)zl7s+0 zDGWpg0r@i{RW#IN*(Ds2udOE*hPYzlo*Fj-Zi~4yMLDV(`8Cewvrl{Cdw2r7cM>3} zJf~L&t}^cpsDRxsiEZ!2;{dSRvs7>HdK&- z=~17+J-mk+#OOR*l+L8-ye5qoFDB;!+9^VFkZvp!tCYB!@?*q>rq08#tI73c0_vIh z_%lerR8;I@E+9-ut?M&^rM3PZ(MDqrT87IkXl?cpa^AeQYF&scSYQ%Lv4n{YbTXa0 zkzV7+BvP$VCRX~K>j)FU6*^F9*xtDg#ND*3^VZ?$3*uKOE8sXN7yU*QpD+HljiKd5 z0mGV{-EN?&X0vELxu+uz14Lob1oM}4Ez%O^WONT8o8Rk>sS5q<0PN7`pq<8!E%0il z6t2)p9))c@m>=^BD+Hwws?-z3%ldJ35DAi8ED3dP1)x|K4-4h~RR1wt#YP0xkI^*1 zM9i&~b#=&P#&B*{SXg3MMsD2O530C~dxBaRn)wfyN024>-SIfU-(N!ro1Eb~wp{V{3g7CuJSYERT%#Dpf;uaK@C7DeysQK9+>hNS76cq=>jX! zn0(M8oQB%fk0ZD(x&`cv4GlK;tq1{Jr-Te4ciSN+LKqt&NPc9bP^++w5s9nJ3aA!| zmcSpAtnRSWj;*m13)`vbz^Q<+Vkd^Uaqf6sYRe#<{1oiexDlC-amv8qTc{4OT9DOE z;aw$WZ{mt}KUxxw*wKwh^&wLxWVee@=|IP2H&Q-Ju-a^PRiRO#Dcys1UPv8VW6QJa zbd!T$!%jIXxE+jrO*Pa)qx;`x*D^b49Bcep@aAbm$q=e23t9sKZ&ID%;b=A%0gXF~ zqJM<|_}0qMpOyY#h`E-7(1?+ZP+6dr;A$!n1c(qv(6Sc!9 z0rh8-;RX0=#2t8^nOv8wK*uMzKcDN z79hhs-0AH2tsfWUX}(u423eExp$SeU;td6p-mAfTzNE-QAK|oodV4XCUPbKd^2l{V zEm!G{_>fEm_7hiC^N*M>q{Pz$AYBW-_9_M{cr}Fzg~eB!hWjkSv7EwYAcC~{Ihqb9>qgEn<4cqQ#byy&5Fn5BT}B=;0`f) z{r}S$pyM{o|2*Npn>a)NZxnNr|7!$Mp#2;0JpUa5Kz@K8|9#&C0{pB0`R>g8zefM} z&=CN|u05E`VpQfvj#Y2Z1C>5{+JhTPqx1*MZ4+4b!M7|5g!q!jE6b3>Z-K8_;<$dn z&{cOS`s2HETUb<8mx6&-mfBhN!n?raPO}rzP9L)Gev8a7aWqJX0L26e6c{iP#3UbH zdit_Ldr0(@cvVg#NgDAwqJMSY#YUoMX+OJ$Ec|CS0c8GfD8yw7PLgAzc0;gEDaWZg zcXC~vq2W<8Xe$wT=QOdJxHSJ^Ap>}x|l_g(&A zA1i)wYjrea_j+{AU6^J1n-lAgAA9_KyiO}2rr9(f@ycIofw@K2rZ2~)ru`YsCU-$E zwSKVfyOm;9rjFmZ*VzA)?A&Arq-sfN6lPP52$5pMMANX-ZNN1OXELr>Dll|}OTO9t zjnOqj$2Kqj;Cr(+X$L|)9q=1KCl6(TmP%iX#tM`Au zr>~#L-bkd+QXAryOQC}P*qRz%zfX57p$b9S88 z3G4wuP()QFJT$KyKNDQm9hmiTp!@Du5WnbM<>FCH?7-UnH|?5)nuFAsB@*9!{! zOV}ZK6|r0^=dd^`6$E;txfJrIAL5t$Sd&$VKanXr^KR}1faubQ?S09ThykjmLl!Xg zA#z)@ruT2#TTpPT(_M0phj4a;5iec}Q=Iw3^ZY#!93E~1S z6RM6_E`svm3uU1k32b|J{quV=d9j?!QM$e&2^eTM%%(nIqp~aWy%RN&5nMfpWU`Kk z0m@7qH>`MmpPp$S+8BQ9_WTPtVS7u%e(UvjH~8YJ*KVGG!eFKsk`opw!4tn%4@GD( zzjvrgD(pllVTxznWU}QUkKGuN9hVPoW>-*@101UX-am17sg}iTuvdM*NhdT<(_Lr# zbev*axck_vRTX>9ELBC`#RzK{7{DuQ<-T2i<`b{*w2^zie3v zb&Ed^HD#t3?OgQc&Cb8$>9A?jRRP9N4^(Ugt+Xn5HE~IOEb5dojc%;cldKOgzDu`7 zD!IuynklYB%W)!1+89qs%{`6u7I z*8>ap7w}ryKiT-jw)&IhJewGHlx!BumoewWQq?>CkTAHxL!zZNe)()j3EvSeWb*A(C0w<-e{Tk|_Eb?QVNX;%K`$=&{8dau+?atER4N3H zC|LZL&AVJBS8cmSTZUB8rz8J2H03&EZ9;@(z869K=$b4ubtnCKBIpw7Vn<_y5t5^Y)F793?fKM*#}Pw^&oa|o%P z=mKVgF8F_DL@tz#v4SkyI($<@K~#fFAvqu)^KUpP6*7OiXk^A`-b2jq$?{`5y^D{_ zBsW=9sLf8_tI}}V=Ca#-it7$4kPi_Ot0Q$Xu%zvqPmisk)+S#;FQh#xX`SQR+qEwAu*hcjr z5Q1xT`S?Aa1YML0PR@Bx$NqS<%1&&Va94xZr^mU4;+$BtQxX{k| zbz!>myXrWdR;QcCE!1(Dm~_`Ry#Ok)d(u%-@={lKNLu`aE6rizCk=c3of-Y{w55@r zm=$3fuT4Ib-}YNOQ5+!uB!;PM`yF-jZ^|@Bv$VPN_A0-B#;B<=@PC`fV4&-Cs zupm2yT4N$F$S6{ahB!RLi2=bmwcO7TG)y^i!06{bJw>G5mC{M z86BGFk(t~%*pC%~l(aDs#Cj)813Qq`a5q$7KIW0Ktgkl&KivpU1K|yvGvCHnuQoyf z@^UtejEZGh;+vK<+Mf&r6D#Zj&ggDqiod5oJkPSE4Q4Cc(6*!wuiaXy+7#sXi3@Hr zem^6i7=ld|QPPe{B(o!v+j2_ua>c9NHr|EI(&vao9lV>#OmL1CMzJxjD_RTBSPCs5 z>u8=`RhCyoMWO})N5JJc>uJ0s(?8;j6fFfiQKz2s0S%Ppu_Lg|9L!64$9*!lZN}JT-JNB6@x;z=1{;=TURZd zw^7-E-{K`mban4$5S5ccMEC&*VTbRqjl$alU(bG8*%F3&Y*y0%u$T24HW9hY=s~a1 zh1u(6yPDoM*9}S$gKq;Ip$L9GV81@2%7#bMZ zNnD+z%htFeDoqHFRlkePhQ2|AmR!QLBx`eyk9)hW``e5^fVV5D%WN)i#7TJ58=>IF zi~Y5Q!`sk26b*mUzHNN26CEiL1^HEeIA`Ly-YNh2O}?>lc5(J6`a^R~>b>$vqqW|- zdrAr1JV986+P?&>wPbhSA)q`4xD zIy6f3g(<&R6>KXS*w*gBglpe$(?T4*vQ(;t9@)Q<54udty-PUE@TnWnELUkh%VTR; z>U{BiGiTyrQWjXu-j7ONP9Ene(GHqtUZjc^=;2ESi>C|z{1v#v24K=A< zW8Vr|A zTSz`}`fYQv0pH*)Ta|oP9KKiaDkhCWoQW1dHNwMfyj+@!nV(b6p3!!UJF`0>ttHQ% zA2zVq*Bd>*O=nsfRsCJeyPiSJrhVqW6Ujx}1EZsMy$)}ke*@gg5mXhIXJN}~dwy(c zdsd)19OlCy=`*D_fsLE~&EuO`f%np;gzaQk(t)c!SgR)Ot%cifZd-?u;i^58USt!< zC4B^c({xn>eo3&sc*D@k?m(4VTFzXVXv;A@-u@`WBg))vU~ThwI%15B5^4BE58CF9 zxP7Wot++tTRyC-lmyW^^ceUNH%*L-Gb>vfACUw7?y{V3sQ78oQ9Tr_La_mPI=<$uF=tD__5K`AmS18G-yQza}g^M;jYiBVqOTeoS8hYOYct+aO~v4ZmQ!7 zNqYi+1yrQu0?}z)iz;cxPiF^;b`_MT;YJY~jTahPu7OcBSu082__X-4 zS7yydaqi@0Bp;Q0y6=M~HGV&d68MLz&e8v@90``$R8q3J{Vr7dKfHTm?bx}gZ`WQ)o z9z<#`P#T;5r`z&%l0l%Z$u6!S%@m>x;aAAg zc}cG+R8BrG@?t?&iVY&CuH8H4QIYX#CDBI)RpV)~bkuZ5uLd_SkJ(eL8IK|}MX(Mk zR1s5L*ES|DubF8>yS9duD2BKSl(+a*h^`7CIm2W$y`}jyU`ZEH6Z@Sy1U`;MwQfMu z;M5N{jg#E7H!g*omFU;^)HVlT=Y0@4e_0kY33ClQ&X0dLE8=FSr4h4jU5wZX>ns_3 zo(ph5q=|N`wESGlv&_xoLHQ7P(Kg{;lxJwWSa!?H1b^vta}bjkm^ znTph-b5-*+t~+Ij#%1Jj&Vy^gWE-kU-DxBrFmlJQ=QI7yhwmHJahJ5Y#r#SvoWGT{ zKQyV|&dR|tGj7p`5GM!!8O!{{oah_0!{>AIy=jJja*CM~)@%z42m9cd&hnAp<>R-4 z1qy|Bc8|-XUUD7C>PxtjZD4>HHa#{w431343i!tPYdLb&~NeUP)tKZFWyFQi;vE zgzOVes|rNT=`qg@sqV^lA>dE7$&9D4%Zp4%cQs3iRd%mmc0TcZOADCP?7?8*udP0J zv6Pa@Of#p&1s_^Gu|C8w;la zvJy_R`4~JNEz2u#IyotH>>J|g#rSuv!FBGwSw%rE>@iE<+;167^J~QTs8;=Tcd{LU znD$MD`7H_f6Xp@u&)bAHu&rx7eC#u9SPTZ=KisqoG$U@Q%HMpRB;lt8`0&X~BhvKO zHQ5tuHT`Z|_T#-#QCENd7+|y0)u+!yZwL=Nr));0h}%TYsj8OnakF}Vf7J-sfkV${ zy(Q_l*@?E#eL=g;pU1d~8LCR$eC$?J z5?he<_#WI_Bt~WmjAKRw*Xk61?4ODpEPsFT5Hv4Y2NV(;%)5QPIqW$Uk(leq z9gTDC&MHneI~R-#%Bv!3TgYsMFh4@g+vNdTQp&gH=IssSmj7pVO~Q|H&xKa@kyG3s z-FstOVY=pd<(4^VR;b_KKZ({6>$k>){fhB3|H>iMYQC%mgM0A%Ty^oc9m?EQsK;k?W3`INJGS^b1XAf{F(C^y}0%~?a4kWuo*cIT97&fvf;vw6cz z4go)T!xf6KQ*+Nfs?FaiSA<&ZE$7{^Ed9xjj(q<1-)4U}L)oN#gj}y-beex16~r1P z2Q~ZNkR~qFes7$z+yy+tf@wsjM-O2fc+4hm2!H3Fu761o!!g1(;_^SD1oVq|*h7fm zdz~1ap9h5f8VJrYuqO~wMMVk_zq||kr09%+D=cxbTzJ${&E<3Q<2~XpU2&lA|nLBNZT!HDc#^R3K6mQRoS}57-SO(son5 zD>6HZ4(QF~;21hv?~!g9Bj3R#Y8yqo|JkyOvX=|}vX=qa|EB9laZy$w1Lgcs{aExy zmnh00V?)k+M?QV3SQbdDtL&Sfc9Eu4?b7-XX$mzO8!B%zc30vk#Pg!qQM^=TWi|+` zY+->es1+rX@o%S?T0Us0D#2YHdqyzI^R?MBcpV4F`_bWJts7>~sm;{sX@KCw_Kjuw zqbYtKyfnf18oK*6q7Xq|7cbd&!o0_TXH#F-mGJ3@5l^*v9wIwlpfFK$!=K#@oOEw; zV!RZphyD2@?{6vBwvJRaj#33Hhakkp1_u7e4S$R`^^DMMS|H1!w{=F2(X-&RcqS4y z0(d;fv!iR|bG1WMNp!~;xXp$pC&su2PkXCRc*t(&C7yce8xAMFS@5G5AH$x$YxOdFJ6TAgE3;9->W&3h!Cul zVH7MBXQv9|BS#Z_k(2e^V+PC1fkhEn7f|`S+FWBZYqP4z?s45)DbG8Pf->c4XpbRl zhG-{Oc3)fZT90!^spDd*?Q5J%s6>cjDe+}=>L4-do0@WK5m)M}Vo)31-^35_z?9WP z_OsmshS}IEfQU=Bmg+y?&47d<5riRQv_Mv2nHNtPe~so2aIt2eut0m%{$c)e4wr(M zFs=SEDBj1lV_Wq670RhScQ-!W(Lq%(-#_9Qv7L)OxY$Tkz?Z`{tjqVB6B1Q=zQiAM zT}P7lPTnC7OOPI&>9S{fdQb>LhhbDQZ?p$LoSomTF*eNHKkR3D%OCPeZtE!3 zI(?5!|6qBc%3q-^R7W7@2oASN`5H0W10T$;a#Y&8b$<1h+nKd~@J2 zY|B%&w-_cOOQa|)`m|Yz_w%l1&J(*n`is|s(20?55|rTch{iBDyzTFa>TZ)GF$LloPFVrypHg-bt zDETgJpBCH|Eb1XXe+dfuXan188rm_@bIZOnkk^fuya%?;!v)cSy3kR*JJGsWonR`E zZLBv45rmhIm@DMxTDGOAbQ1faiRg&-)89k+ zA5gZEZ=30@g+cJFK1Js4^pUEB7lfjO>ArjZpezmfp=W1Qad}O0-xA#+QLX1oPN;X_ zg5Zh``Gl=t9e>LZ@?$VZTN@3w9Iz65mEMRTKj@WvB8$^)@?y;y4Okeso*|$}*HZaF zNJ3RMd^&7!_Y72!Aa&(2esoAXIJw0nVai8?EZbr>rS;|n2PwkB2soBqufmAsM(Bq6 zUOO$Js2Ul0PL7T^%K?Rjd!UW|l(~uC~ zd(eg<9T{>iL$y?0U4^h9(80N$lLg6z|4gy=_>`bL1pzz;o>$WV3G<&j-^96@s=$bA z;TED?giuDR+{v~jlF@s5X5ktL>-vxwYSD##9uu$A>#;8FFk5en3vF;GQ-iTrpgUXp z=Fn0Es%Hpe!V~BihizC z!!@O}q>O9~YCqNvI4)D(IZQhvvStG6dil%7Hg^&;eJwE!v+rtcxT?o!DLMPGVveZ-@4$n=w!4y6T! z+~+OzJ>J_Af5zd?vBM1#miBaa*q06^{&dV%^V=CiIgE55p@k*Y*qG%qT%Ho!NNaId z*zxuEPRK!caPI3#%*usp5n|HD$JUbnh809f`^RNNc^N|R+G8Rlzz2!sDjX>*&Lv8y z??g$|hW@&bK-?K^26_x}sJ7^sx`kG|bEL&$n5WZ0CWSiesD6Ys;?(KR&J-^@aTs)XJsV&ane#IqL0%^iKT7|SK%`JLSa2>H zuQ>mWzQn;H;~LR)8R@0B-F~#5VMC>Nq~7~*G+dJZz9L_5?II*Mnqo>#f!sHOAGF4N zdY^6*HVsZyz+^1(R7y+#F*l6A4uRzNwpnz;{|$7yKl`wp?+bPsu*~T{fIoVea`zrf z;4_g5%+F{GlHD3aHem3vhb2}Y$$^O%OV?iU(Amu-i&_`1+$f))2isIg7rk-S_3mVdhPS3=r4}#Tzc>oq8;WZ=RS9*wi@qAB z!auDtT93x{=ikl`5#3up;IGYX&qfxv)%C*)4`3}|LprS!1 zqM{img5|@clr@fo!_Z1aHWo;%0re<9$|mm9CnG2l!nVnCmje{nDX&l8jO$bR6b~(n zVtzCz1Qomz$~B?*NJr~eFH@-F=Zfl#aJ^~r$K@6p$)IWdXhn?R*Ys!>vcQ>})9~Uo zW^-4?eemIE4o*h7?I#Gp!}s2Eju|Yqw7fb|{exk_d>8K+kW&<_|9Ua^WOtjvIBum8 zu@-Jcc!g#>M!tPXq4WtUty4E`Q=#S+lWRkav_#lFq+XciieXY^WzfD)|N4T7&3v9R zxoY1eG?)V0@z7}0TmG>Vd5mu`hqfit*59PROA*if9JY#l7IdLZ<(USUe zJ8I!_(Q7KJ-4VK3r9QtH{(An|Pd~$t#?qIxEG89D@yEAaJ#>!x%W=A5tli7mkv{Hr z*w*h$Iq&7H2VPI@aq=&WKR;mRe zV{to-t>e#K<&JrfvRF`psa7X@pj2a)tM@>myeo1#XgBRbCI#?vu>8%_-NjW2`oIXP+t=LC{yEZ+ z5Q7n95-|JdX=MxAf;SChbRA)3FoL$9SuV6=vFRHHmi_`6RVp-6bXXp;N(p<-_&Bg0 zB9%wiBrJuY>tDeV=&y?k!n6&*Ymy<5&I+#L2pKL+In7cDzm_gHt~E3>CyFR#0q>_8R2B^sZmdw zD#aPKHSKpb{nbOJy|2)USUOeAdY|?WP%PPYRz(#uPpVG*LM9FjuS%55XX@ihF9iJ; z|0D<4i3Zkd)f}=>iovb#$NH6d@gI@3%fCn@ix8b-rtaaBH_r}3q)u@GJarFBHz|EX z7`&C_RbSZnE)@P(lFrXZhsxqlA+|c)c2)78HG;q}G32J@UCN)&X`@TLUfN#x-{~iy zNaE0{5VSn2eQY2;k*Y!2qsr#Zf4BV0u`Ny{}D(@w-4T{FcP zoIx8zZS_Z9F_NPGV-pDl*vWEukkA_~*0&p_Mj^15pL+7TaeEMe7aLpa6Jb>8bre0J z-0*u(kR)y@&nHZS^u`qHX0bG6unhj>DT%y@&EQ!|I{Yh?-uLKNbHdUlXU&~3a{uX8 zx4Pu-OuZl~5tedLeP4{1mH4@Z6Bi#ru{IRsjq}8r;*+NZ_S^6=5cSbv<^cA=f@b|0 z4CmiPYd~=6n0{XefAoQTc+ma$TrS8zVID_pd=O^V43e2@Fj2-DHnuqXHRR1U@^Wyz zNAuYWp%&2zr@$^|l<{?a#2}TCjU3@|h0EomzbBJf7fEm*@hoj6*cj@vItflTRME(r z=V^~$qVxH$%jK~?Tx2{gz&9nhv0btL^D2|jaCX_6+SPpxEGmNJ!p+bOY?#&z_d@NJ zURb8Z<@oJ7ES}95(wJl;Bo%y0G+L*VFJiHiRmqd5>BRflyr2ARJIcq|&oTgC5V^3W zMT=LNr7hXC3_;Dk z5uVZ?TzpvZ!Ngr$H5Zw4akbVK^f(hZO3y8trUj5eX@9-uui_f>zKL7T{-Ju|l%DP7 z)h$*QQzN5>pc#+HH_vE3SCEr30L0LszPbtn9B=etQ6R}5{S0Gx-_Ozb67tqsY?JNMnX3`~M|jg|Rlj4?xb`_DuA(nO8pQ_+eF)AvLuY%>Ic1JaA)>2zx&h%J8?=eK8k9`Ba~dedo_lwY|i^+kge2fxu& z-dx2X0SX?ClAV~*_>~4*Sr`{-bY{kWr)L)VqC1OseQO~_rUVM{3Y6GlhfysO1k?)E zoC`zkr)Bo0Hs4^)~%#%IRadP=?UN z4)42s#^SPGQz!o!={CVg+-bgr>6 z1!YlSQjcvM1}yw@vE=u!bfusg``mc|7!t9%2}-)7c|)X|Ha4_Ov(`&}GR;s>P|dBT zCbePg8$sG4KL4rYdcmdx2)m0*6{0n$&HKll@7j}Q3Doz;l||lmy^k`|L$#X0V7)Ge zayeA#5NyI+Ag>X);)FQo$ayiDp_}yXVoOO(vd?Zz_c#fO=~)~lanZ!xHg-DswkX_n zaj=@c&wjX9F4WIrJc!!IH5JAGnpTL8F)p7;nTZ(I9ULG->4YaW;n}?NQT22+Rm%pC zB6C-OJtb_oIm1^1VeAN?c#G@EFH>;Nl~4(#14eO;lrj<<3}Ey%X!W)P@6vRa3KT0t z*p1p5_*I5bSM`6fc2`kxL|wb6ksxU_K;!Nj+}#3%;4Z=4-JRf0aCdii3-0dj?yjek z@0Y#DIhW^(F%syei>g|y)_mu)WP^o2HKFeYoHQRDwiA;GA|i_9gvCD+PkCHphkv+k1Aw=^@4YGb-4d;~xD#|HZ;w|(BBFQLkndo z?R49hI`I^<>uH4#4o8#w*^rBeQ(d0P`5SS+Wh~+8z*{(?-!I2^_#Aqs0=@A#A*QBL z`21ffzfv{*lHRl)QTwBZ#*3)VA}u!I(m%c;;-5hs2+cjie#MauM}A9u;>k6mZ+%-I z7Z-PXTefO!7=LQwp4yR8DkSBY&)vyN67yUUCav`B_alN@@osltNJBn#Z;t4z@cqI9 zP8BI>hcfw)1P@O&hN%zp8{@O7;7PFFdxgfZK9_99LF-TL0O~lk*UQ~yFH-r;WI-7~ z<__XUq#0iWZT#|8c;2z5&xy|WiSC9>%VqC(bY?2LGh1aRTebB!go=-uZ@^g1^-~>@ zsgE9-9N3Ti3#nouguX9Y+P7{KHZ|6xaBa)fm*zkbIYv-K9Oz9pXkG94(P2=tE_+Zv zs_6(7Z5;S9E)&pb!q7nx(VtU28A?YP&&)8@RUHxrKrd&=vix8kv$t0eNGi=YvUYT*D&hP?B0?8|U zL$w|hS`y=THH|fBXGGH3Zo`k{EChT+IGz)Clxbf;#trT&wcya5s$i&`+Qr}XZJ6K-8cB{p>%NHwtYcYMrtBSOGC@!M129jwzqwW?35!YNW6>f%nt*T z>9~THI5M=)=0_YX|3O!R{FoS=i0W<0dNfgQ#IJp!2&ATs3&HQVgg%n7oRS7UclY&7 z&+8tldi*32MSl`|>{Ak1A24=B0neDBg0Rv%oFvouq3Qi`A_1?RQ2Zc;g7swlr4GPVNM5pl}a8vbj@u` zvzP5`o-nN{C-+~?CWU|{5`~_8r@WA1WV#Ex8v0azr?$-X^g||91LXj4H-TCeiI=3%(tG|hFhK+S{&RY6Ty0=q5%uHR zi+OIwv;Nv24R(OJaPQTV1!;5bT!CbTCC=&r@AczF1wVD4^M+syPcuWjEby4sq;FlL zWW{k|@25>Q17QpWZrgAFcqr?F4h53mH%eY5*4vt&u>_T?+SJvVCMp|QJgj#c!ISgn zRD?7K4fN^zf1bkJ84>Z%f7t6pRGZ6O#|?N1@wu=4THl-$2_#84?rXZ*-^ziPgvsz7q zCWu3i3k|JESw*&NcPy-crG<%cY+dQ;vt}C^Axo02MOkGPTlXtM{n+!ttkUFPnGp`% zft7N=p0aF7)0c*7yfGo^Q*`rQ%T<)H;C|cKYtOL$qZp->>-Zv}Oj_gO=aRhb)qZRK z$^1pGfZZK*Wz_1{{LA!Wcse?H@XG7!?(&8Lw9ut2?QO|!!Bxv=Pp3GgA}c;wu_E{5 z_P|YnPg;hg<0`vpYsXhHe0^Pdr}W{!-10dKQ=Hoql>?5cSvx?}JlUNa5d8Lo^0^_* zsopZJ$fwG0k9A%3svBG>TcsQj&k~j*+11U_nHlXb$OlhOLi)|r2&Q7zp#YGtW4F7?$6p3s!yQ`7Dfm;VD zfVxEnS0*~eflQ77+9J7ES=<#nQBb1dK+ANX1^Egy*HI{F_yM-9mY?J3VN!0=`PT!I zhjoq&8$tc$u)-dY9oV(85H!*8+9co1Q$k|k(TQpQvgZs~#^`9Srd__E5k?uZx~tYJ z(@E*zLTxJpFpvMhUoV`goKrlQW}mb5ON*w{0Y!n2&0?f<-Hx!4UepacF&P_f;EI`* zU|&!~Y;ic^0>$LsNu+$~loW|jmdq0PVV0tWzdUJKca6I~O53|I$G{gt^(xbNqfgP& z@--|Y&gP6=9~aYfbUKuM9(pa+Z>)U&acs%ae`Yif=K)5Eo`-w&DgHFKCQ;3H+KQXO z&K;^m7T915#JsBDy%K0A`Z60~>_QbTQx31>A*`O^WsAPGAd?rltmrz@tdb3~3(uX& zg_~Q8ON3(6M!E?eKx-S}7N_|Y)+oflIZZ?d2+OH%3<)X6zAuu3;1c>BpFMjhREvbn zah%kE#8rXRD3j<7=Cec>){1kgT{Mu(B#!4ujrEEfI6)Pin;THqQsFRk~=}P47)v!;N`A`=0_I zR1gW^7w0U{Q!A8#&j-P@roxlm{)9oMx(|YgfLyO=kx|3+Q9!O1oc4)bP4AmWat@{J zNV6=;nOn$vb8_{1R=0mb8qG~8#sQfl*`IUS0JHAu&;dq@pM#xrxR*1cb(a88A4i93 z8nFM3+v1+5-$4ZUTqvs?>oAXz$6sZ}C4TCxQC0+yXrhgN-d!}Le>;f| zhoNgqQz19AK$+jtcvCh?cg8X(5N1rTvU#}+B7^WPDlV2FH7hFKivPHg=}DH1y1Ebw z9>AoFsAqQ`n<0yVUZm~x>QscSu|m0~3A4&rd|jI4+cZ=Z1jfz*$-buRWtZxkaBsXU z{}JlQ0&h?B8K5zE1IG6X9xG|MSz7UvpctM;jug-3kjn}Cd*n$l2zkZ0>mM1w{mi@M zTOdH6-wqICYO^(|j!3Rp4^kkuI@rcCc|6usvU~d>@;LVkMXMgRSo*h*_7kDmj5xF1 zhfGJ?ZQSEe_2CgjO_S0Y;f-;!a0S|~Fu63>MemGw@S4}q`x03N;cf((7bN%CyMFG< z_UEdq3h-HJMHPj3$DPL#Q-WmT5^;(WSyPWmFcLtYgPE%0a~Rj_wHUjXeY%NnoP-i^ zdW!6!I_bjmP**n|%yO9P{pJP3>2EF1_#%7cVa;Ui1c5-=cb8xZ`jdS;5Va!Bc3dtZ(Dgipv+_ zpBo)PLBCd9l{zs}EVNDge82`OZ9Sz<0O3H>&0kWgFQD57lPv;wmuX$cSHrCKfvwW0 z(h?l(FB=&1^Vg*SI8};q^4y#6$6?9Yx?;Zpa3{wCQZeUhSEpW+7Ur>E4W}|(hy{V7 z%W;`#jFz$!8E%lqP`?T>u1|h7We-b!G&|l2srx0co%&Jd&0~wOpq*;GC4UaE;9Gy1 zoC}&L6|@#0!TI1kcn>fy%W)IDtB0g1hxb|eq2>Juu))c5Cbs%B;_c8qP)v}IA*av* zPzn}dtV&}zxdcj!rpx}am{- zP4HC|nFv_Zmz53~rl+&!EVz3@Tem_7Le?Z0ZRLi6=ei%qN(D7Tr|qL%f2kDo5bioq z+ND^JXiZTpzK5)c%y6sZ;XuwV1AxPnx!8HM!!-v*9x=3@9T0@>?N}nT;$QlJhT0U+ zjV!PPnbN~)ahQr6EqZJ9j|zd^RB+%!Tq-wcFZzuc#iM`YZ3SRRWULD&Rr2F@>~mp- zJ(iV@1;g|f&V@_0cj<6eGIiWnYU}aO2WuP5D|%ZF?VPQ8%!2#4+ZTRwr9yiu1{1_G z6&gr(HtEtZoV{`N#~irPm-F}0V320Px!Nw$H`T^tp(z5AwU~0m8MVzA?MxHpI3k_p zjZ~Z=z_kGQR$(B-TeF&CMg}V1+xvSmx`q{Dz=Sn30e@67u8z&!!8^eyJc$C<0rN1x zaO|nL)Bl#j*%Ju`Y59s>MG&33r5-O2=>ZD{C3WP1aHMnlhSu)6@eFRW9%Yh zs!v>?0>!qU(HDw67f=q8Gu4P|G+82re`8cbcOUI<7wMpPs<$sSsd>d{OWWYQVq@XD zm~`!%U(aiMqt>t>fvVIT64DC?JS*96sy8~Zrsk)B!1Lu6$MWAZO@aw;{oLjHJ8Gpk z`Yga|Ole3dM+vvL@^s}FsDQv}qtPT2#$EeP)|&|U%LQ|u@*lUi?_14?!c-TX)&`t< zu`4BAlbhulDv>zGYu=kdM2Ew@LSD*)xHtfb#tF<;LmXj9Pd0psQPGXI&)){c13w2H zM1EuX6p(qej}eT9KUCES{^TEn_>PgRx%+^IhM=8JlgT*m^(II#^JOOO_0`WQAh05h z@z1d8M$v~&)aH$n8BA<_2+TsnY~f+_kMgrsHmICCZ1bC|-V0@SkELh%NYdFy1pGEq z-q0mo_EAMKP%?5q^Q%S!BQ5RZ+M4a=rtgfhP8le9cC+`x(*g?Tbw@9 zAHnULoj|9-;B@N4XO!F6XQWd}XEwk*E!1C9$xrxjD1py3v_#`zTopCpVNR1upSJoF z_j9LL4t&PxHq%`$ctR!@-3lfe`r+BR31?S$&Vu>r0ge^=HJVqIJExMkvOU?M#?6EK zZ5`%y#6m%qk7ai_hl3;*gc7V`F3(o*OK*0d8*lhCyp5eYIvN@}c8l#g&oP6!!pN76 zw0*)Ad?MvDb2Ao?rV)tBbZ%#u=SL28jpRc)Xzzws>cSsSh5b&78$9h^*8`sJvbSzX znY-KdRtHwIvhxWfF;jruOeFVTi8&mZ9l zxZ)663$){5uicI&{5u&JIN`PSS0ZcBx0T?Kqizpu={0&cZmaKc(|YG5Prr z<~$p;z&z{^`33Yb1oVgg{L3``+}Tp_3NaiphBuwP6L8eh0#1XT%u9sCWvH6=c7kuw za{2aW(h|VAcX;y~JFa}9Fg_8;dDsXj9Xb{X9ezF?!84|rTuf*f)+RMA0}y3$RR8(; z(j+S}8$Iq^Kp`K%a3?Ynu^VsFc*uI9h{1GNij+8_}uY z;r>d_WcX{5P*(k?8UwDXTK_Xmhh%GrG0}6mb5fKs<>q*9*?_JgWekLD=`48(=7WFz z>utiXIEqAZ5pVTmxs4NDnk};U~`1L^zUS%ZjrD>M5&;ANvfB+_s$0Tc& z*Qy63awP8|MgD#;PHpa*;~P12&zLkvhnE%UpVjPKbT>KEC-t}z5^Uy`A0c6?SzOqTh`CF|iRp_853E88lyXGOw1<~|5{d&!-Vb8w*aFF!M;L*jS#r#QO2qM>cJBb_vS6{y4H zLKDUrPm; z$z`JinZdELQElxZd;_})G^K*{^;WlpH_Xu!u(#*r6&d??Mi+XT)Ua}txo($&4j#+Q z2fdfAz{5FEwD={TUxa}mi~Aj!20J{wZm~;A0XoON!NI|y+_K>7gLP|STB2fr!JXkL z9=`qPR70NZXvYKp4X!DMkP_@w!f~6q``cPUIA&;bSY+h*X7{}Im>pbrFCLgdllzz- zqyFVS^x4|SZ&Mn!*PdZ=RZ0mcUAJwhW%)$LrtD~`D?VGBC1eN8I{$mNS!JNSF@mEw z)SRoF``dvBTMj?^k`JrTOY@t{S4JcafpQ5&*RxwK_DSBWchPB9_D1`RlTLQF)RnB+ z*h*<2Q?>TQu$N1(_g2xD_NvsBhsNYqJz-iJ4Ojht8P1x84YhRzfylu5dF^K3Ao8%nwiY%} zvuh&t?Co|-(QEG!Z>uK7<1;OP@Aini`JS6^AP8%qMU4+DyJ$JDbaurVBUCfKx3fZAGsg z(er$t{29-KMJX2!hZhguxbp>(sv~qFz(q6m2hv!}p=J z-ha=!KSbXQw%Y;Bpa7VdqIvs10E43=Vc} zloqm0Oe+rd{YcBip3eBWqraO;B9E+&Pz%3PS-EH>_~Vc;G9G;?%#xq9I>8jmi+#3h z!wiuq8=d|hqnMM%EO4WzBTmM;=ZZz!i`|89Dib;th?;2VdrfA0O|zn0MEGsFi*7e> zC$W&f*yK|pyUh}k>W_JUl+}jN64~$miaj(3gBn5c3bIRi@~(Zl@v6ksqmrVjaHf^p z0I0;7PoojZ$C{G!vJ>vHDWTY`F?~a2Xu+hh-)5yp%a~5JK6MaP&{$z61}K(+uKmQ^4O@`{`?wC(psimpG1f9g+9t2shx`|;HT_Q8lpr0 z?|90Z6C;0Gf9Ro5)PgC($;?9wwv$HCPnOW2`%`l0)QO9>*^QD2DuC)5xpY)p`@BY9 za5Sl{Tw(@>1kQcXXs@P7q)o}1zMq59fzo}UWwdS0g6@TTI*7$so7XAVw5zh4$8l-I zvqV$&pxtS)da?>(t68}|{qpnR`AR$wcCJEa#tJP!9p47FhI*krO3L=Kbo1RWp*Mwz zimbC{4Pc_GDfL5QOc~x6%v9lR=GHyLS#4=iR?Kym-fGjxPIXag$yA2=^K#ZsaKz<4 zK<4!|cD9Xje6Y(r<}o^5O~A!@(yAxr+QZdDY?Yk5ut@owJzd~-)_t$r7gW0{v3(ci z!x^C{Ed%iXnp9i(UC%OSKXdWL$(}Bg3Iry3ip%+{uF8^MP!Wou2PvpaT~3}dgm$1^ zv`~}&iAyO`#g6|nZ-pKLdXP$JvPAzJ%vSF6QGk^?MQ;a1NY)9d1e;5UzuN_G-&d)u z6C30wpF7nq%Q7k}Er#mHV6M~Jno2p=do)OP#VI=u3eKt_XneNGa%@2u%(bLD&?R>P z`0Q2bvOxdgPGg*bGUc@}cI)WDp3|L?I5dOg_@8L&{2XX!gYB8%WgOvZOcO4t!z?XS z4`181+{Mj~v+EOCpipI~H7HaFAl0s4}DfF~Dl-2JDKX9t{{I@I%yD>bU@h2-N9J3I;Qnkl1Ktoq{T z1T^HOI#$grf?FURO|UWfdcIgS(oP{MT@7(`23|a_OqBQFC{6UxaCI+AOc^D3UKCeN z;(EUo7q8brMsM1;&*D_Q=Y1Zq6;gUUU}9aDKPA9-4}5XIzej?OnvZP^mNucg&)Sb% z_iU4->@yH5offm6PorFbbY2hG(n7v!s(d$X1dp z_}ab?Q^Gu0CTe?HL1g0H`MeQ^j&(}AFw1ccHc+3S58mI7^DcmPmlAFhSdmxE0IwKp z$=4I@>X-q1rM8Tj^J&>9?nuEiCBULg7d9(Z^xw+>HDWl;Uo*xeD-m;$>?2l4;)t=>c^ zF+XTc$||?0V}|x>tO*JO##j*5pPNDaiSZAte}vMmHaO_(hg&bJS}~Q#3jCLuZgRf= zoK}1a$b;N}KiP*+D2l<5gV7@sGug8b|L;m=Y!~gY8vW3GwV+@xjO7adEZXQqN zo3OY+|NWW@I;Q_#3|ahtUwG}`ar^fs|9%|wu|ZnZzvJ@PS^EDQn);ay!pRC!M)u}s z+3Poh2tTayV!!cKhH6v9ZNm`y?7Q(r4OE)lZFK#Gy|OC^X?0)4Sx<{UiVrS$UXgb20U9_OycSos5!8?}3y!34K*juSn?~lS2MWU;lIPLuiX406^m#DlJ z56jM9P8Z4Oo^k&t`ecQMRaf_#nn#t2#g-t#1j1o9N&r_iM^>AdL;pobr3wyy3@ohw z5~;c6{eACLEX0r}z_O1gA3(h*ck~7E;0W>i zuXEG|Y})@s8-mJ33k+^GN)wWHvy%i<)oyK1x+X5zj36@&23xN$K^Qc{e5o)7kyCR_ z;FL*4Y)`vwYF`i$zZ@)eS^c#5-H2SQ+AkHY)GJzH`(SUQy1NNg(v)*^Zze`D4!w$C z!2Rcmom>UX4jTFlF!vzHiAww`$f?pE3*RcvT4Z6>lh485*#sG53#`G3XPQcN8TM1j z0N4s!30>mq9NSUNktMY|@*bCI-kat`o;;D)Wv8E_ zpNFgxjr`-b81u1Y?AtykJP!Mr!S@R23kYj}YSL!ZhAe*31-|#2eZ)miSRTY46gTS2^@~2)g4Td z%col}C>UzhpashW7L+t6rT)Vm`V;n>craNq#JOloG9$>n3SjhI19i+;6O9q8Nz|1^ zZyB?Pe;7(2uOb#dBbZ1_`e3vlMPr3-RWwEg{qLluD( zMneDZhOfH=lyRboZCFaMZ6au)W{Xo5o<8XqL23C+fZRpvhGSS&=U`A95X4W`z+{+H zZLoJ4=yw|UBf@^8x-iX2vFmk{sVb8lU$o77F}5+}cu41R-Js@sMlgIhtpPN!j~wh< zTLk?Dun#KlTI-;6@DzmGJ)B_o3422uE}E^CX&P;A(7g&aWOMwY(}h-};h^9;_e+V; zhv52pyrvewRAGIM-%E?r`YN0BH5gqy_4rY#?f6>=xw0#cVzzO1WCPmIFwqry6;|iE zUWEVAwah5s+d+xzgaq#)<#_induyAsi_4-;`$Aj<;q{c2>{lm_D5^v3tV zJKk9YNDY%)Lg75o8|aq#9`H>?XYZK|pCzgb)wpYso=9aRfAcc&Wdy!t4*WQnQ>$Zq z-64fPgIUL!gQPNfL+Ul4WC0WH`rUElrTH|XrXH=l$2;0 z-3lt_g3(ax<5U1x{h(3i_@rS!M}pifHPm#%5kCMJ?8kd-NTTh zNRML&+@+pAmIa;coGQ4G!Z6-Jc~3gcvUbAF+Sqv+Vj|wR(|t0x!a&J4aMFoE)61QN z@&Mc$Np?IS3__68`CMYuG|nfdLk-xTsz@YJAMV}S@i9xD5k4Vp+dzv`% zuRvlSh?bT(?Mn&6&utKvqp2$rbJ0>)P9 zu=B^sE#<`9*+E8K1|a0f!A%iVZla!`G>~1=RdiVXH1}WuEuMA8l9+gcSczxPbq6mYstw>p-)_AQYW`#ZO@K1c_p0ukYqvKRgi>y==CWw^*9p}|nhr6pHe zTj0Zm%Fci+Qxtch1>@(n+Rr6I%QGba&!Mc8CeLerNy+2hN>ievoGNdTyV!eXqkKO- zIX7`pl(!ckzC8wg#?{z4i1~V^y6#z303LjprZ!#zl(Gvjnn4m?vhf@4fQLSNcuRQq zwc%AIhADe87>;+~xfarJ^In3yjBBk!6!ovx!}ha{3qB5ZQoY}6p~#Xd-wvBGJ5I-O zes)9Eu_^}4f~)&Yd~lP~TR5Hu-u*cx=6l;WkdJ`<#gtEu5(i<8o|pMb_w%+NL+3cI zqDaVEu+rnKO+u-tx}kfdw9Dmum0 zy;6rPoFQ3EtYjfWZqWl|%V!1u@F?ax+kq2v@lXF0t=QP;9EOYh0zTJqg>i(DgZ~qj zl1h$yuR~ix5my76S(JIkW(1P!)Nmy4A$*!~65I>R%*$4SnUk(jWR(pj_xFcV9JwT`VY%+H{z3(kNdfvnw%DBnUuE_VMNl3S_nj5- zi7h?`OKed~c*Hv7s$wwP*AsA!dP~tcG9=Zkr7MNdyI64%D7EAypwE}M6nV&~9^|=% z>KJ(&EtX+ku_f%#^0e-uQd4X0Pn%mZ(~}lH6b3fK=Gb{P{jXxQI*FQAoFB z6X+GjPOsG4SGvlP>ZxDpSm(Dr87)~WzllyalKLiS3AbO_``Jb zozxfr5e!1Z%TD zS%km+8_wGmr8Tmk&$QH{bJb_=#YN(wk}X!xU;zaZs{N<-jMEd}GKH|;=Q2ONTf5!=v;ll=>F^c6ebNM?L_%$+SAALvo*M zF$D*k*jzSdsJ(x2LcR7vU9G*x`VPQs4yatIW=&}uI;dMZprjiNDN(&f8}>LO5HjKY%6CTx9;77zTVPVEu&4WkcktZO`g z$@fP;ljMpN%N0!rXq6kUI7J*h2jnB^;OG!G5e=QPD4hQE+gG z_IS})uZy5KZy*hplpsZM=^1s3r(*w2{ zzxh+g%)?3i9-9^)Gmnm8DkA~{9k~b4feMaa3jV@*LgvmrrFDv)e?oGxc6teS6_VKq zu%kdD+>;(|_jN`rd4!!)zG&g?boH?PUBS}QL5>EDWb}z@SDg)sJ|7xCpnwGXq{P(l z|8UimC%=P2^JR+&H2cf9>|&>2Ji3R$YJ5cOHK+@wJZACVUCQiZ_*=$ms`1PGmBmyV z|Kn+GxRX?>+kP6J>6Kmh%I))ECL>cS!>cfvdC-TTseHN)v@g74zX(bL2jct(+4{ap zcHDFYHx@3QSFJm0k&neHgnzS|5pQ2m?__ktct7I&=JfJx3o1~Qt2|z--OmT2%_>#n zH=d>BRF;V5B8HW6o(X#VFs1hMXe@K8OK4UCa@{$w84LFNRoRM#p+p-c(q=xXGc{#Z`1W$m3Hx@-~^+gZCmpc@fG~ZP6jAix_uW&sn@6MU8HUI0G z`8TJx>4;_2@tv}K9=R@GQgkUac5go^kzFFYFpil)!sF(+aT)6Gq`t~c$$1*##Z(D_ z(gc4rFT)7#gV3?8fY4cmdfyGD4wmU6=myJ#dym_^5|k%pMPw5YQpzrdNzxOnQI!p( z5G^i-3EAUUbSeU{hE3wwb#K7E>fuvjsIxeJN2N4KrLMDY9trf}lu&@*>hhoHmPj2>}>#I5~S)>uxce02q)jMFa%G>By zw-^Y_gZ8g>6Yu^k0BuZ;QfQiGu@3zAEHYh6v#EpgR2a^CH zQ-cGVW<~@pX_X#aOa3jJet1b&!3<#Rv+KkcQ#InCEs;=hjX2my@-0(9T1==v~O-! z>H9Sz>~259!>=`2T>tXg#pk*}!bin?iBi;ba_BR7%P?pqBbqR~Iy(}D2BS$ZmKKjHInu%3F|PHvf#Iu zLEMf%gQ?szROJLT4wjdW=@|z>d23==dOUv9#y=pf?fTKA+sJPr137BTbM!e0{MqBN zSzU?JaO2ds{Z8sxRl&Gy6%!kG_uzg=tNXv@(*h`P4(CD-c)U9@c__~YTNK|=mvv(hvQV)H%PWaQSv zA6hBRr{bTopI0TR$%wyeiuclR4uF0xPvJa6U0LErtwJ;FQX*O)Xn1OpW@A6J1RO7W zZ`QG@mkRY~Hd(Kn^7Zx@1+ENFZqk*mk*nRGNf4hbwM;Qn0Re%yJ;)g{tcrHDAp zm&AI0LMlSK;C0$JA`n%Y9p=bt1w z!BUIDX|y|;-|P}-lyLHgMySqYwSM)vFNqdWd>5-4pnwcVa7V)9*C#``Q!4zD0BtZV z;2xE9dyQC@;~E51{t|L(URVr_kh#FMmpjw;d_i=ct@1W?qZfs#O62Y$r%&AK0(WrtVldrm z7Mt@scu`F%S3FzWSa!Mr+%_bdau~vqeHWCUWQ`G$94vh6iRwZ1|ln|I3NlsI{_dq3KkBnzRr3+(3TWVm_vI z;&1-e%!%SJzV?Tu$XT$fTv4u^U0vLR(=Xpg10OYT`pY;33Ybiqs6Wvr({8S>v)aKh zOwG9mY)0DY$NBq#g36b;e4pZ^tiqGCEFy2D{S3TEdi9`g&L31!@y@W3!KPafvCgrs zilD=BXe6zCevH4JLPv6Kb8ecLJTXSz2-N)a9tkRo$2J_CfV9+enwzk&A&9NUm)Mw; zomd?831tZ-;Z56|OD{HoL#N#eVC?3g(sq_Hw) z`&1ya&WZwR_E>b!VhDV`@a;K_kauG9qlT2ZflS8jUV*bVoCI(OPFrh>zOHubvScXF z1!9VR2IYbjnz@r){dlCmUf+_)2Gmh~n?(LV{bJQcaEjdNbhqdRzWcjN^u|;Mp{b5% z=UoEhLgD;#RYDjvZN_rLmvq}bH+qUf@#ic5prti2yz`Cpj zo_U){{Qi!1XrtVA3zmIaYB#Wpq&rBxN5-ki2+;?y7Bx;X#Nzj=JJCH)V^~ey)MCP$ z(3?oM{z!pIW07E1u1BA3Mt1qDsds)N6=V7tt$~*(3bFJ1Eq0HLe3k)V+Z~E`mTE?K zL{qMA+C&b=vP0o<<{SVIZfPVzJ&!b7Qzj}4hdxekVVjEf%yu2S&~G$4U)fy+L@-%q zM=z+W7J1u((>XPy@olWnl{#a-cWfc9uB<;SM84FhcD=RIw4)S4ju5Ohe2SYvXdaw< zPt}o%uV0u*l?(X4j4y1F2q|J+(|*K>iMv5w7%8ooUtSfz3WPTtB=Rx>-#S+Y#pz4T zkV8^L5P(Y(UN@FhEpZ=mZ=48p`OaST=WCMAyNxQ$&6d_fI;64qZ%e^Q&+wV}V-;4w z6f~3Zc09&CVcwrLeYBv>Gy>YxL80}}2K1Cel1t}C#^0xoUb07?XhD166r-h?xn`4$zvr%jwmFrPQ=(ITXaOkC?n}Jg!k6=f{h$^u^@&3NAvNH|7g7_!m0>N)cMk|xBbO=tnZj$trBfX&|PlegkMR*eRJFWmOZiU)s2`|ZcN z&9>2$J)ivaH#x`u%eVUE3COS4;+2Ay$#6dH&!yJFn}!faU0plYt(3|3Fu8Ee1xpVi zEC0U*w_vQ=gn{y5I-;+&xIchQc&5yHzusnj1~s5GtxTu*hn!UdKwNp2)}PZfEOus^ zlTVxHLg4&+Wt|aEFI>D9emfb2%&sigl+o>OO0brDGR7}jiH%I!>%-&;%+<>1=;SWa zcv+Hc88r?IfBdGG0|URwCbdwH$N#A%SH&je?{a1{i=SOxZ1gBHmEpaqR%Mqkb`$VJ|BUtWP1*_ z41)$khmT(mMc@WE)wR;AqaI%$=0e-zx}fyo9o>GsZav!PH=>Hx9aS*}Aex)h?+>nF z?`~xMY4||-_CNC9yZ(Ml>n+qaCs>)SjhsMXP{v+TUyv1=%0ehMj-Up5ZDgy*wICAS z3`htg+Q@Tk*P=^KWK+YEQ~aayln$BcWn#i+*Wc`2Vje;pRV;)SdWJUOtFZsH;S#6a zO(!AK5~HL@Ek84?UMz$ifCg&Y^-=W0fGo@=KN>vNHEI#&bME{dCS5bL7%2Xc!WLb& z+!>2Fk&>hPF@395j;Le6*)P)#4%kE7Y`Kd%aBN%bN+x82|0mvgL_}91Hl-f5^XrW# zgdebq1j-W};853xf-QezL#7V$+H%_xw8fha`Q@iKp8bRf&FlE00nbRF!%DI#OJ1oA zn;{)sO7J$ktk}4aHMiw_sV0zfOj0+&&oKYeYxpNZOtg&)`25@|KfN^7OS262-iZq7$HqbfT`6tk=dFW|VHy0Fx=$EzQ?Dy|C znC|I`a~gD3S`NcAm}=m?XF%ma@XMzQ>Hm}qp{Eoq(dsfaf(cKko}AaD(PqcETrBim zqfp-maqbFzknq%(5vBsbhzQLHNPe-_%$36eub5I}%@L|2r_9pRF~Na6ZyicP_x?gv zQhwkSpMDg=mrS(op$>A=s#UYKvd7Qiq30Gb)NGqAwU34R%G2W~C$AIE8n%^}Y1BXW z!9TfX<>ZBF4T7~I)X7=IoINN>t8qf6E!5(2Cf{Af@6 z^@|e>)J@9N4$z$}6Tu?Z7Txywh!jOFgQO}1W_^qmfl8I<7OY|lu;jzS3*WT26mA~C zwC`FreAb~dSH@jese-8ogA|Z@gq7;**s|j#7LkKr_Un-%WcWX00{&8!O&yO(V`Axg? zMJl_w_1F4YH~fr<7h5x%A;p`?jucY`Ey^k%tlHq{KW1bXZ$R}T&3aGub64y6`Fim; zZjQ`}t5r=w5DRcT<5H1o+KVI~Ok~VaN+UwEnQf+DW5H0HT(}2DMMUpb9<}fyXtHa{ zJ;y=kVW6GV9@RR{2HeT!^lE_hmyKh(c2T7y0M}jtD6I-`eVH+y5@DsH8RdSy*D2OUZ7&L$ zD|Fao3=`oPnJ?V<^$oMTYid^3(u+T`ipa`HBK;%oo;`6rIAQEHr4XRH%(80`ZBG)J z@MufRN&xjv#I17!q46gqUz7)+e?X4sf|e=J3f~{&U6DLb2*&NINbE@SPZhM2e}|VJ zY$)D@i7arRj#RQqF})7cx0K0M`~6?!n`^S0BW8!&k}HD`B=WIs61B+m5#y{au=HoR z!hhehK(-;7dWs}LnmxXuH2yZG1Hwm}qCQTC$H#OJ601Gf7pHi^Oj`;Lz?)JM>f_kQ zIx{|i*Z{IRd$!NDoW!RgMymdtXFSB#6JB6P-E(h%`nL>)fIy~{!FAl8J7Ch!pQ3(E zR(~c&S}tlCDCIzZJwWu$jbH-st)py)hqiGUtAZ`!x}rn~CFb->f}u-wt9Hq$qH^P+ zQPl%W>;x#${RcXnR3B6EH{@)`P5~Eut$h;99QYnL3=IDRYm5%8Tdq89Z z4X^51Hqw69ZKj%nx$=|IOG6#;A9tKqM_3pxR5;gUVUxD z1{o2YSm)deGaG*>zBWSdzUF+!NpbVHNc7^sGvK~TT)a`S&N{*Z$!V1*DoyIk6-m_) z;Tc{#!BBcYrJ^G!Ocj=0ZN&BPLs;YSe&4X_yYnQKcb&kgin9l2p8GB~;x}u*J9WY6 zo_^^h2-`ThL4Ml@qtRns@5jXe{>{MrkR7`gq9|+JjFXY;OJnqPz$UZlJ%~i= z!aT}Hq8D4FLUHfd| zoyo#+F}qf!D$mE=ySAI5Dw;mQ7S*SZSj8kx*UpuWABkl<|I*M%w}Nz{i&v-Uexx3k zA@7yDGH!D=GkG-pI;fex%e+EQQ=~ghN>b_Y@~J1ZY4-)Ao8SAM6aD2tJIfQb>NFdeo=pkRv13|>B64*v7 zrawo7s0+a^(GrjT?peU=q#ywrmlLE+%q}oQ*GJ-I9b<1OX)lIDvCZ9F4=aQDV1XGn zr45)R^3%`Pwdt+44UHFS`voBXuBzwf`bhZF^-XO4pC3h$+Bv!N#MMPYCwgVs02 z@Rvb{O^TaH$xljMdh~JHVm8$0{so=hXO~rTjHs^_`>?%Tt0>)gSp55%lz--!ezAR^ z9a?O1l6%`Zm7f%gfHki?{y)6EWmH^U*RF|6;qFdw0>LG?ySo!ygS)#!2<{GrySuvt z39iB2ovu93dC&Kr?jEE6_1_w!cI~}ut-02k^PbnOXzqWT;oUFvJl-0-o+sz8s2CFO za=Sc?Lgq8zLUB2ySIJ?*5AH)*5{z<}Um=iXNEn}WvRSP53H>i=>*GYAeb?7^8&+c0N++o5wLF_;HYpe@Cn z*=D2G!g_S^9(j^_5~nv>eCZ6!P-=ds6_(_RFGEx)g=fYjLXc0t(GUB3Re#*J=k$F* z5fcZ6RG%pIbfQ34L!R5dBT$NFepyFpg8qb)}rYC zh2r@^0u|{Ql_PM|7*sUI57hpP6sIfMzv=9Sq}_Dk+OE(ukoHBz_Srb1h}>8Aa)OwL z()uCj8l};sukIFUN@SC>CRcByKej96*7wR~ybn)I4^*nZU1cu%*Ru{V>= zKIYXCaSUFH*Wb%?6(}@T8*)Lt9+~#$0xIzQ7g8=3k-RXlFq{Mi@Ah#Eqa=tyUQMNb zXmCiCEX#=1=l37!X&75IvRwuBjY>s);%2r*eU!9yGbqsNLZMcAqdtY=P*-%Q33^o;J$M2}q?G&s)%j%yZ`Ci=_VzTv(8v#eEr znk~?hb%rN{N@apIazrf#CkzKj2vlCJB=x%Y^hJhFHuY<6d2DBw3tX zPB~LFSL{oTS0e^=4XBndf{jS4Ukj}a2KI3)B`TzvMP=lb8XkeK zB3OREFLK9L%)+y+-X=egDmd2lv3N#k7);iBm?HOSGq;SxNGz$9$a2$>*xP?M(<70h%u9C^~A2`+nC5~u#*Jw!fJB|FvE)A7`* zlql1()gHv3B(HT{2QOdxtGFtyDB8KDVOSaX2Nj&TS7A)5TpaWUUZb)BaPk^~@hSd> z98Vm@l~D|gfBlKx!xoZ{FW>N0JrKY4NwWZzn}9!n9!hhlD9*aY__6O`xDw`kog+u7 zGt70KzTM=hwaZ+HyWn>)%=uq}BPA9*9jnR@J6#?RN`~*db%RbNu|ymV4_+Wkna4&s zrz1nfl%UU9QPg(6@0SyZ*3u_o+FO$RC!AsLZEpfsZ3VCVD}Wpy6X6T}J@|7s$8gT1 z@$M#{TQCqgIM!kMlEU4iVI_@NX9}Aj+aYnC+8Zj=&xDV{_noWIAK*~s;-_QAjNoUEEhg3DvA`A7X!u`&*3HahJU*Uk35L1i8#Qzv-AEQ1PO= zGmb({Lr_O8+>qVw$*Q;ojqQ%+4j6A%Dce+oBm^UVHfwQkYG!10+tx)nXBZcRbv;up z>owlp0cyDgO7R@?&9BAV7@F{T3C*;YGsxSuPwuKVMj-Q|eb#9x6TbFLaHgedS)$KV zm^~}A-@!_X(BH_ea{CQxZx1h4+@_xiayU(#ODV%)_7O53P*n-MG(Fn;C_G3(NIBR2?@EZ9Sl0!* zz0waK8VcW2)yaP@;E1{V1TgGvfXIK)QvV0}&;Cq3E9{RtuZSAlpDdM-V5aMyRO$om zo~Z)Z!-NFhe2gQd({7eAAuh}OJk@f@c{HaE@2t)vHb0&*ejYxn&Fzz| z!3-68JG)-}UpT)c6Faak?!%ejd=+C&NYTb3b@!(SfKp&((-1#y1Kk1u@GE zKlwILKxCjFsO3^Z0%6pFgf*-^w}1(>%e`QxygxIc(Yp;pVoN-=<*svc zWFR4_KM4t~BK}G!k#_?Mw?E(%hrQ!QU##6Pv3!oO0nWg^dIPnhV)FR<2H1K!P=I|u zwGq2Z4T>a!7FG&f9L&X=hU?Hme9iM8vB%sNFu@d+Z=1Tz#MEMD1r`?9R$}m(oW^Fd z(Hf7&B|z6J(2sS6d49eh>V6~F) zQHB#(^f{P?E1$U)D@md74DnX+jNl`;qdst3-1c+40=(K| z-S{$RLDO_qu+ZeGrywFXGlFQX?yt$MV${!!1l&6Bfe5RUQL~4 zU$ow@BlC|ks$`Y3FittdH*=>WF-9sL|HXfc{K#9~$hf{^S_$g>wQJudiW=Qu0P?aL zll?+uDzGYtR4!6*qwl{F8-qRX7dVSd#$+VmvtdFYf-WT?QR4T}+aIRzWPGn129GT* z(t@o2OGz5zKAK3>vYNE?gNETR36KTvL>y$4R6QZLcG5n-F_tMyp5TSII<4LHaQi0x z$7f8n2ehAf%Y(}hoLVghGKe@LRT@ek-k`%-Gu~csU5mDc*7w*-;az3s>B2DRi+94X|vkpWp zxime7w!rBslykue%Eau~fCa|ajgcOJTH=vJA{T**BCa+g7B?IF6bIrZwBDg*|2y_o z0Jc|0@sQF`Jy4#^MLgO*80abbw*&kFIPnER7m3Vki2IuYTu@vNIQpqd#;|yF%iQcR z5L48Le!_9vDJ|AM+FNyE2Vp)X2fFZcfBL4-Ql>{vWoh3fr!{N zG!5}myadG^!7=1i{g?+Ag{83q3ok|l7~ZqR(TqR8Xayr|qSE0LF``1A77y9#197d6 z44GWzKA{`Zogzvf=%FZt7o2kBE?E=Jw%h=spPe2EvEmkznT z07Z5G5})e^Z#Pwo-;PecJ_Pg9iv)E_8>O|1u|~un>N3%Iyjkt&)dM1L}kPa_EEfK5cWlN z&+x`s{06{5xuK&t6rvPlX*tkQ_f`EhiL`rR@$KcusHaHQ5{uInv;&-KUM!E2(^bEU z0qwaEm8HA8qpbjX+4Mv%b;z_sn7sshH}(s;cnD~Nuv7^!#qO5vL@f;D-7bg4+u1JP z=5|_!qqv4U(B!!9UntiI*}rI8n5s`d&c1L>DilkXTjyog+s`n&{{T^oe_v#M!^2*m~05TY!)vWojV}F`x<31d4wD2Muve zlkRf1(+_0ZrnW(*R+?bYH~nqD9@ns;A1>`q&7B2TwFW+Ue3lT&;JnvekN|{p749n8 zGF#&X*`{5qHKx82IjPVeD?< zxY6Ti9Tl9NA%NfNfpSEt^yT4|p!GQlyV3nFqWyHw(f7G=6D4foZms!hsRf`VoF?dv zLo^K{vHkfo6j4)D;6t@A-P_Acb4@*jG*q-I`_v}v zp&I~2|Ef~~SSYsJt@rlf$j<#78w0nh(Oam;)qts0xH#vU&)0RVMlf}r>u>-?y~hzQ zq($P){Qm05Gtz53U-B3dS-}Iv5+T{5MfR=Ossf<4u?e~2=JW_|D8&deex`#VBZauE zH|88@`9VIDcSO_up?s+3AkdkO2cg!^7M?)}7;pK|W$E}U6aCQP)V2+k-B z`0-k)9>NkguG|!S9>weslP1&+`5Dp=7}S-b7Gi}EF!)=8!oSsfi2-6iJvbeKdB6X` ze=wQ&SQN|ZoW?tVQW1-M3#nB2(^3=C`3WZlvoV%gXYvwHE zbL`^|VM$(~OV8AV#m+-}_Vr5VXmjs$q(cK62(bL<>y)gAj= z;-88Gx(mG@kxm5NZ-N?mW7nQBe_?{Q{|ysNKPI+UE-M5wzig#HktjO9#J*5{*13CD zp9cyzqA18VoUdDtJcc&~@QeF^QU(&wjUT^3$Ie?3iB^&06{@BH%nqA>Y&SLrzc3&10CUkM4C_sPmf8T4R75 zz0*AGjd9>*o8}T)A#_gH>0BC3C@L#K6|^a>eh|vlNe^o4)vRqBMh4AvKi^(Wk3)LR zb29C0jYC7LI}q3qzV*|VKm576O79R>qXFR-XNZQX_(rXDR`7*J%&RkI2r{*Chbm}) zaTQt=0N8Kp`_;XROYBd#yc!DM(gpEfhQ=S5Y+n@-)Fc;wc=&b}ZF^C4BaJXrcA@VG zQxSN5IUhS{0tGxv67Y>oI?7#x)pLITe1S#24wrgGV^FKoKQlAv2ux3`KgH`iwXG`I zos5kkMi!>}nG#-!B`@3H`NHgu5E0mORV1A%_;Gd3^H2mTOyV{Mo=nk~w;FJ{6Zc|P zH5wwu*X6ft(SACy`3#MdS`6}?hQO@8WZK?`X=4DCY$dCAB2dvfH2Y;XLcaDu$dWzP zKIB*9RSDtuNcUh__hVYKjTzGTN^Iba3|0_o1x6k{R6w#i?A4CYdIiA6LIk=2j&`KC zSsSZQl<-24E@EHG#3MRIIbmhhQJfst-pJWG4=>;ZIli8o4apUqJJb zP>d;-Cqb_US18^jeZ;pnJW@XF_kE7DR@}{3N#=xu=39z5COryt?~9L|QC(bt8dGG# z>Um+4&bL2DtZNstq1WNktes$+P2&GSCjK3|e`TCNQw1N4>CKN`lsvY7D2D(bP#Ciy zuL0pqojc*evq00dLZ4D^*T|sUhLhs+e|gkU#z!*;SKNk!e}>b$o$z z(P`#Rq^KHQZC~4nr^Mmi0P$hFOyd?9{6O;0)Ij^3`Q=iq&H3mG`|G!Wm$PwrhH0K1 zuK9V**=u}!fd9e{U;n5tj;f=&FdeX!@DNIN=@~By$U(L#F#cUz(5BJ*F>1EWG&PVe zcqz)*qVawpDE6XCdWpAU2pC_cVki`&oM=e}Q0^dyLNXivKn)>pAr&HF6s&shR6%1A%LLlJK> zwkbKI1#N^a9#6;P=y|tu6BjzMwSqPmpis(b)45*;*mYiJQLoHSv?}*2W5p;ksCz#+m`Q zw^IGHi_{7vVgV4;2Njf`PJOU`kmZ~gdbWz``eowf`{{(-C_!94FB&Mio0?=Yavz~P z8GfSq4c1LC*l5f?ehB1bYSEBJE!|21rxv1mckm#Eb}AVo1!*+qT>{D_a*fZ>;TPsP!5 zymw@vvE3oz6}04SAVa=-tfwHL%XbA$FuDVAFbjjtTw9as$0IKlwAJm1UO%jn0j-M7 z`w+Pj;>#c9!lO(Eh~xt(COePxs~R3hcudTsy6-52Z0CHhDty%~Lbe>I+DiyvM<_Ot zkVhBIN%{-6bwb8+s${K5%|AMKibK|6p($)OvHz|``k;u^{w}7;gct}%Do}*TDWr~0 zR8Q-i9q@2G{a{dmrdNp;;5$>bai*5%_x>}9P@wYyx z5VdQ3JyA$FEpAu+UTDI33qKU#<}4?6?hn^;z9nG^_Rcy~Bt zUxmRK|3|hB#F2|ce~9K}t#wL!TNptjiP6C{DC`mwO0ltly7=Q81}Xrti8Xtdm9j?E2X#(-=HG z&tKyoBqLTEco>il)K#o0pX%}mD9M+n5x&O(GBUciSRY}2t8+|p068UxjMm!g=d|$4a`;ajR%nt7^ORc}{NXEXbJ1%biA+pSezV#tT6L;^cuBi7}3P-Xbc9 zY6&ub{II$OGnrW#Emfnk1$Ma_79|Oxyv0#f3wRgRMYQ=%49_S1H0m+_2@Sk7x1ONRNnvNJ>O$%k+3b z`u$H1EH2(ktM?bry)Y3_{#|op(G-NToo}eC_>a{~HjK!A&^=IORi=k&s-yMyGP0gL zAdCK1cQ-yikB&0wXZ=SiUsd(?)|XzKoLnOXcte6o+efYg0=ONS_pInhIwM` zliW(FaAVQZ{yi(X($INJrgn^IHB18{qg;|DZ|B$jc3A2?w@av}>MOfa;Uvx;!5!I& z5blPkTR1A*J!f+Gq(T4N+nfSDy@EJ{Eq^khc8^-ep8kCh5|Q=~-lt)6e&dM?k#^bZ zE*IWr{KpbZEkQQ!IJ_>YxQ5ZS=;DT|85Vpg`@5Q>e_*OV7q)hVktO}Cy(Im?*#~Bs zzLq@wW=-&>XA3b7A2XdMw^n|bZqnq^v!AN^J#mO`(yKiQ#;L3p62Ci1zES_JihFy0 zS{#L$nIpByD$K3pu?KSg5WigbX`#%pA=&o_GGO1NcJFrqz9L6H(a(hp95&N!ctxR{ zG8rMN6OK$+ZptlN_^M|DUH9lVK&r(*8FBu)B`WJa1zI%`K`sWGP->{=D)tb#e=6F>nX0)>!M=Lr8X;+{46Y$EIY@*y{Ta zq=QO01XYk64j>jKbQCQGYN)7oFeYVZF=z>ttkC-)ufTy3f{M>k7N>*Z*Gh8C#NfC& zEdDf9H7oM<8}UN8Af@u{2?*SZC$s2%!sFASpHzt=Qj!!C>l z*jKQ)3bAH?FV=n^f3FA5i(_Jw>WOQ6v@NCgHnqIA>vjQod?B(U{Ir;yPMdF ztacG^?|mH|opjt|r1#VIU6dTUu;X-kq0RK}&4QA_c>4|xXlNS*vjH-@f?9o2YoM?D z?_r}-+BDfCd+xr;NhUVurNv6?tjr;#x>L>#OCo}9(3%9t<+9W3LUBjSL#blT+bkE* ztJ7RX$ho+`8?jk=|EO#UN9`w9g7`6Zck-c?uC?0gZo7s@c*yGav$2Rj#D?ehpWj3w zbh~%|pJ>GItU&|T-S4?^N8y(8zP>{3!Xg?|sYa$1_Va!%5|6*q za1AciT$1*uWZauG6#BV^R~rTIWAF#o=hFI)7@(q)kJyB3b3iesUR}Z++yH)FUIQKo zDT(rGQR^4~LOqlfs|`N6(=kG#8+Oln{?ygW#fvi?!&{rpV(71Ru~Dp|Zqubk*Zeim zEL7NHZ(wfNM{xGYl&9DBF4;Cu2NI?5YIfG%K&4>2Uk}^;Y^{}dW_WmZWlS`V<+1*c z2Dj<&nD7R8t#2OB94KBUt5ni{?NW9DEiXt!x1;9ezV}Xt)rA0X$|v~Vszg}ahr_3? z*%H^!1hbxuI!%VBzrlSb#OmVJec-ZylZ z{*X=sCdC3$%5fmzqR$sQUAzvDk25CT{}k_NID*;|thDj+IQ-&L5{b1^pjO658JXQz z7n4|rRy3nOrlxmgz9ZN)T7r@oX2AGT%0aIoi|ZFp?E5JK5kDkrg~zN{fJ0OBqY=>lQWKIVrAZOfU|`AFw_bZd;dk2UaHTSN3Yk#*S+OOQ9{B(7z^z1A3qkR*!49c9}bZ8pQb zB_0e!Wj2zNYM?I-S!bS^mP)*QYnqK>Qx5^~{9e(5zuUL9mA2*hVIQ{xtOajw(Hd@? zyo@OmCd~nD9*0=5)M1zAL%9Za6&g8g!dB2&uF8=4p^pvCpFtT3w5)3VXj69xwv)fr z(H5lI_afURk)|9sw|jAc<6dcnLk`jPJPHEzv-4^&sssycMg zMOpKT#p9E|Qf)qyMFD|LrI%Ho_R>FuhtYyY+eR+hLLqJTALqW+UzEe~fpoe5vF$W; zw`=At!xdP8?`s%9C{JmN#XQ;R={fsdaOo_`=Bs1y74v zfAKc`7539FT`Y+If>RbeKt3skqLAF2MUvdV_wH@q%}Zkm1HS)}%pHFWuxNFr3FU~b zf1O^RXnQK3%V_Sie)d$q@27Z2kcc@9;Q$})=$>4|A~4okMv8Q?E61UrIMdz&T0+hq z>GJTjEpn)&yj+-?I;}1eCcw=ZKlmJct@ZPpkLBU{*}HgOpB$Fc-kVqoCHe`(@ijqL zdRzbXV#d9KLKPIiFvr6YdvoYVx#nm6Kq`^|M^{aBmBVT(>en#O)3(o{a_~&jnyk~K z&Uvd`^e;BCS?gZpDqHx!xrsA&!mZ+=eW=N=tx+7Fq;+XOW05`TFc^cvxbDx{5r(3_ z*q=ea38Xa{_cK+THcdmqtC9JGPQHgtYQJn5P%lK*P%Iz9tu3F*O3EU=;z!Z`L!M04 zf1H&34|-B_xgdPDxZes0*xon+kwDE3$@8Y<0yL3Kh$*fu?z&eTUM4bgBt$&J6otb!gqzOKP)ygW`A~(zJ!Q7zImkT z!0ndgidc6&?aQ$7l@_19e#)>k!h4z847#GMb|hm4Sq2Tu6%dBmsJe8 z0?5ew31uDmaA3@nKZNWA;X>Z(8LPoT87n>EDMm5M993a>KM=MI?u>Im+>%d%I?Wkr zbVPgsG`QAFbY8&3K#xvBLUQ$rcEsc9gor`lov=Oh7`P*tU#qzvcp6ldKA7Vpt^o(O zi3!5Hy3JQ4S3#xc}JE!erZ zhT2d+4?KY(mvb9nQ6&f{3oRgeRxU_AWp=S+C4-RBLc8HG2}gGB*Uo)r2s~aJqX$+HBpX?*eZk2s${}5?nn+t@GQ+ z&+(>KZ1#?e-Hyr-LjoOdAsiJZ6;Nu|aBA1tLlwG%o-BBKFhUIO_Ns9;5?P5!D!=Bm zay9M1KY+JH-Rn&g6h64!Lme%_GKyhfv>_?EDcbj657hTi%@SZkW<+O(??(#4`cS4` zfw6sy#U_KU{Jzh#yL;6>z-egWd9{a!m(|#jGNqZho%9)Qz+PM;x{UE`B~a zYK(Pk?sE>3mN$#V?9!&UW!OetQrW!y8Fm;~#hM#clwX1F08UVfjqj`r%y`O}=6y(h zUh;d(V+muqUNVeaE=w24S#HP72ok%?j2F^rvTpFl6!d=j`?6WJ{Vi%#*10T}a69qG z5z*F0%Hnj^`(#QFp}UD*9Yo6m!;1RWh5)bY5dw=Xg^onBUlgduh#J@spfe(+Agqz7 zAmyh#`zOvc89swv0cO zM_DPTg@^V@UtOo(a&@c+--B=sSL$>E!X(I7Xpk|kSDbQvwtXkZVkbBEoN4Tav`%tyi^; z-PRu`WwgIB*7_m2*wgNrZ(nbbB58D%QCUjQLmwNV8}DXY@2rc z4UKcpJpb++%dffm8pJ^t)9^H9F15R}jPffn{vSWzFxTzjcZ-e}j)$c6!-P#d);fR@ zI%F26+(>sF)MXZ4pQu0#k)&K!8T{GUz6rYin_o1AsP~v@!5I&!g9H6I?o!+P#&3c| zv`=c4FNYR3BKhwN3{@ibMX5%x&b~~HM1sVh_FOdlXB4xBJ>)3-lN03FRb36++Ugkg zps2g`Ez{h}TDHZAsUaD0E(-=E;<$>EwgPAr3OqE2;-yj3KN7%%Kx??{nm|6B({wQ-0SN#wFt`n*F>mmaxKBBEL8FmWNTx z^A8I|b2pNK>Y9aOosymo)h}>|rDFg?mD(MS+cb;_7g(EfDUCM$(t2LWi*j94(`K?$ zWGh>m9IrXMTANFS^sq%Tu}>m(;FdfbFQ?jh(H{CrSaWT>sEg&lRIGXr1ViL5L@>RD z(pKdt$eo+utEyD-V~&X$k)E&5QmSND-ATtVeqdh}tL7~U*Vix`FPF3x>W?E+)7jTR3LR|?>j?9t5zW3}c+R0%LTzbRl1H`k$ zJ)v?pF~v^C8rS-6Rw*J6iBU=3gLUI=ch<0yYbil6E6t-lt?xmFobx~BqR;1dsNeD7 zbZE?jA?%GY4(^ZFImnD&BwZ?aW4_epBk5eY-0{~u89dTfjJ3j(H484YfMgSO0lRQ9 z-tjH>S4r_(q#d$w;p}~QD1vq9X;6A(Au}D0^SnLW>cq@w{J7_@`qwVQ>=USB^r?Y|O!}k88D`+ot8GJQA;!jmLpheGm@Q`{0>y$=uDhvf{ zT|D-gj->S+&g6&EJ7EJvHzmT|%z$|ey5X0nc7amVD_Uk7m~VF#IuchM%u{+L!}SUV zEwPUa3nx9*T#eUaGX_9hC}&kuX#A&7q|3i_+NZw`w29E+ntcN*&OF-Io|dwXRpzhV z{Z!5Kp?3?qE%{kqamo?AE>wwxwopylwRfTUl_}Gy$DYZGNLiHy5m1!l4Yqcze$##adVQFrzm;Xm{dF9!q#d((6zmSTth13;C#9<^C7kp8 zu22^~DFkBWSTLti>qdf9>)}}Xr7GyZqmo5(BcUEGCEfwQ<)N#^WT5lg=bG|?o__e9 z^8Ys^NJ#?hHSv) z8}CQd6dX-wUp=`XA%Un{c~!9=Uq5EyKRif|R7N2AuXwYN`7r+yK!N{qAse9o(oX63 zL6=r5IoEF;n{>Hvsa5yfBPN;F^rhB-l2{u6f%;>5J`UW%x{5nrZqt~Jic1cPdjxX^ z5sG7pW~LS6Yz+BVC?4Y+1OLICf|#KHfI%((l0@S*Cb|`{`tJ3GTp7RQ)Ehh5Xk+;j z<^%rT?cE>CFplc%yM@%=>#QJW=jS|vx;I?B@g2*WcaFbg(G9tOyp2d#K$SAMJ*=Ax zm5`cF4NN!2fYO2>IU~3u!zD&ZiCixNEc2pqH)Ls9@5k_)3S}_!+P`nJkmCRG?Y{(4 z&~@K2{*Q-;0lk8Mv8d}1|FAtpb)Z=AKE(93h*_)S^&;)eH^7yhNxu8iwxbsM=?9*g zBUgb~sgeI)83Gc5jC>*^^zI?4@5J^OH9(FZg}f+%2HP3_wbep_xRY2yR%#=s&Z6LOiC#GsGFOp z7hcXP;bg|1=`t}zI+?gqIX<3?-;iP9&LI6eLg5Y!s1PKUxtYGZBm^-ON`jTSitZ9MthGURL#q|XgPVhfP;Zw)T2Ta!y?sBs=M%acbR``hSdeP zunRzR&Wv0OmXXZmLWPGIjFC<&#p?!B?2U!!e0;uQ&rO-NS6!sZ7D4+-zW(*D^rjY8 zcjm;vg(>Vc<-h)n%UDoyVV+!$}dvw&=`=Sz!js z<;-r~tH9VeNfIIf%Sx~bf>((oaG0~7q=AY;Ux{vaFmz4@nVe!iE2)J%dPs6g^uyrX zK5MLxlYN-}XMloOy&V)lRNQ0Cy)R5dzmBf95t&1!84{!lA6qpBKq|N%e*j_|OJac_ zJVvAmIlS*{(a{gO`A1!K)KRaA@9Dj%Y_!+X&rZzYKMkOyhf?NoDD8>-R)@!2pX`2k zoem)=^elUR1;?c)XDyNUX{MaFn(Go2Hwie6t3X$5AHL!Z+I8yT;U*c#Mhhm18iYm}ctPVzM%SI^+&@7JqAYKa z_GG19-AZn4kX4&2tF7vG43g2kAyD)6fr}!dr0)cif|6-jh9**9h3e>m@zK-CSS&1d zqz4DB;!akgxvHdu&W-?xSrESPZ{+(Mau5_jH}(3Unx~z{Al4&?NYrK*HF{hR&%GpC zM`%+Oph}8S6h&uumSc}0+?Xk;_e~0E`O!7#V?NVAHQ+OZ7~&P)L9dK*1cvX- zat?30wToW{GWC-SLstbh62c_bX#Q>dyo}NOVC{`>_;{H$gva(3*#GOplHF-UjG2Z+ z$At#{tFU4k7&#y5Kt|*Fx(Y zBvtgY;5oKV*V0I?$$YcFs5oxiy?#R$VR_PzG8VrQ86YZPdq>FI74y)a6IY;2#}N+V z2=~9<_(eFV^V!;1sZy~A3(i_>L?AxMaAuAHxE2w0OKK_00&R_O3pH$8ABKGO%5_f+G66gv(4oF6X&9`zU#hm;6C^j4F#og z>!S793U0f)s|?!Fa+6tfJBBQ7~WC%@FtCoS3rT+OMrJ}pHG6c_sG$kED+?Wa+gHu;oZ(I?V^yu(4l<7=O7B3-5D6;s#ur4>&YhEbpz>xEeu zJmW$DMfcqjoK=QLi)|4JxTjtS z>Tv_^7k6Iq?MU~zx=_4Ec^7_Faq)y2uS%Yw7Gv<-$!g(|tj_VU3A$l^Bkj!y+-8ss z0k57anIJiungEw56I@;;|4$RQLIyfmPC&P0dXspM>Dt((@G2HI1pF&H zne1TTSf^4UWO1n6AaQv3-XOm6gdC<}_%MZ20V6Sq1ZK-eE%S zAC^|q>g#4$sUt#W26&?yx<-n6YC5tj(9nQ`@)X4DTJASNyL8RT_Jg5_3lhQF;^?0MhsBwkKGVaX_4+#-fmlS>d>&L`^8kI{sIuXzK~v z0JuzyQv|Gcz1c3nLeF^r8dcV4KOfk&Ku@7?~D_5{Tb+Wd(cB~^FA`GD))N&vF zi|LkDEd9T6Vd(kw;cI-vgO(A+l6hamC z1_I;PswUn>3BF7)&>(&e&JETVJjb^d(;t}O%$GG+vB)gV1i)QC9+wN1DB^y;wl5b# zROo0kH4>)+pAc8UC8UT$T~{NMJtb}G&>NL1bdaV9U%eDLftK>U?SHy7A~!FZE7!5Q zP<~mAI4$BvfYFWakE;xOMqg-B_A2F=P5QljG~-Sv0vIGZ-TGrXy*=|aNsa8T6LDSE zA%&N;n-W}mAjW9aE%Nk^5T%9lx7t->*O>cZZ1|xje$YwGQcdM(^7VQJC^nJ8#*Qp7`v1N1L2lF&ZmJRR+&=Y4>X(Dxe?Xz`nffanW2@T1d z7Rh0il}&TFX8(DDiLu5_%6GIB%>Mh}inH?fEx0)IXSnu^RnHM_u!!{jb#`8VM=i`! z<5liA<1gG3j6IN8!zcbnrwlYa)V$a?NGLj`bC}opJl4+s`FSJwR-w3}b-#9GuvE!j zJEscpe$PZ1uo~Lo>h}YT8)p#8gf)?Nmr|#Y`VUHPij?hcWju3`uZH|p$^M=NNm0Xz zx8>AAwDAW)C&>EcDFU}>*KgHpKGF0PjJp6)qf6=?y$}l)Zuh9>qC_SiM*7Hh#`G6A zmW0UuKXoWiuwNKDAa(mlA>=C1qbPx(F6MzpbO&28WSsXZeX4W5;XmSogz#5&Zg(zM z(M*^V&Ml_L^lRuf{7-nr9WeI=46+my^#7+iP*;TYU&Uj*ZHLS+^ zDA{~Yxh*BRcvxs*r00&v4ntQM??4LY*+XeGwbw&WXMCfOq1oG! zo^1X_YlgkapgS449U6#~tA{fc!jL{voZ&&te}HfBw3IchtR(j5jCI?&UI53pV;4Uz ziIEWtJ>-wb$+Z(Qjxt-*RNqAG)ubHCtK@>Z%U-W1RJ z-E%Ty)(~7ap2nf#y03Fr9g>UGc6=ZQoufm60Oy)jBgl^Dsapv zWnO#*VFKScIcVge9SS-$={bIh*RN-O%f08`2^}5{Fq|XW9_}q{FJRh9>bG$6p9wyh znX%TGPYx-HUb!NeXEYqNDNQvuE)u*&^ltrnqKTH`V~7?cpVuyb8%&HMH4SPE7z^nB zc2mDxfMTa}G_=psoA70>MfdVO|5_W(ov&801TvleLY26&8)y601f4*7TgLh2dJ`L}O-(6O9x-absW0`}^%P{~3* zSsENY!3Zo!_=cJZ)BrLMA(S|VkMuh1b=NM3u|V42;12gVcFE3+yX^SoYpWf3Fn=m)fo{ zZRf7D*?KmThPLL?j)Lh5Tk7xlX!QEg-rHt-eLDeNy-8)lk5<@E?ABvveHj&t*T>Un zDGxNC)JFPV0aR-8F-=tQEw=7)|&X~C(%89;q% z4vdRutbx{*mPsCYzlO_K!mWB_R=|KKF0FFzw`9enhpC3qu+`F(?z^r_;i{}6GZcC0;UG5jT z;voVLages!o!jah&TjS(M=jF->^zHh)cKokBjX&sbg0X%o&}j;wvo;KDK8jDrA1aB za-jT~n#<=j89&xm=RZ!gD8t%x{}kO(6pg<;)lErO8V)e(iO%L4x=GG<*GfN&Hlvl1 zq)?%iS=~jE$X}$a#?ink!w;IGhOSGiqZ#EU_jueVyV9GBw|v?|F!@V8iCb13cSg2k z4v@cwFkPQuTFn5jU0ZJ1k3=c9l>{*x=ODwByJusRu5fy<;s(>Wdb0Tg(W|30APfWZ z^`%K$zqzE(Z8>#Py;+)NrE{QnXD#p7HV6RQel@uCAM!Uqv;8zrarn*ZrU|L^nr6wZ zD>1RX5VI80NO_X&F7{cDOnZHqrGb4a1+Bx1Ihr{z=_RDp$tyh?&C}rA#1yz4iFi9d zm}c1?)EE_|JKG|ucNF_nsokNwvZ^}^^qcY%m(AqMtE4VRdrQYDUM=a6k*gVLbI4{v z;(9Yx3Ji;y2u1@DuTtLG= zvt$7m-#{EvKRi0*>)W{Xbrh|P6=mqrf6h!GPw)?hrh;kqq{^NGEfE#JsV^)ZvE(1sRb!n3uEkVckd$duG(6ey zJvj^rbE)EB&jmaIZt7Z3n@?HfSF+E6OdwkVbHrWM_5hj-1sfgA){4#8ko*Afm>LI( zl6q!MyRWLw)Jb}dmS0lhk-f9{cb{g6Zm$zDQgb%6AZb|BzPCW%jygx@x>3+&%wXk? zJoy3c@9-n5)HpKe#BTbyC7cR0)9Xfn3Qe-`+Z~vq9SiK~8p>h?)cgCaVGoJtN5nHvE$yeYj z(pS@z2@rES`KB1n1mbpdt;mm4M~KSwUaA;&(k*apWCG;fH)u}pO22jimaLDI%xu`H#uRFoeFo10cp6NjF{)j@({$`F$Zaj2N3h6Slpk86WcA-M)cD99OqTj7? zb+NaqgvsdvmsH<;q-iuN00e36HaRt^5P*;JqFA1_po&}j%cs$9SQ2Nkl*wJHcU`|T0hn@U5|sSjQt?r4X?BHcM$`g!@L5E8cYYVDI|ZE`Yn))R z+(}Gtb~B)uHaaT@zhAqel#^Dbw-wg5=&n#g<)eW#EWRf~>Yzxw9;|}=3bRcW!eS~0&VHx#r!TwdOV<1^q4hkp;K{Hgr?pN8T4w_H(IMGzC}yXdbYE_t1$SpM@< zmmiH|@^L@uIYEjSYEAF?cyG)MJ38kiag#~Z$T3i=ffKmZq<9L>*_1*87fC3FV_UXs zYHF!SS2K6EwH$DW)VisUiAg8nN#Ne>CYqXYD#i328_ zHCRm{Ver@=lIIDY4E!mI{g*24(LZ*%3$)(}U7C8L|IA*))gqMV{5CES=_9FbXlK!H zR{gt&6yyU}xFA+DsK~n^s3&y0Kzuc8Bnm{RZvqzo6=*;!lgIj~q)z-!cd%GU z8q^nrsA;=X5U>jpM{_90RhzTaCytPcD7NS zR7m{cLJD|7=^XL|qGzVTS_eS^uHPW4Fso_BeWW!&S`!5`v$aIta~RGq7ufGpWFZA? zA^S8KYAy*vZhLh_mmByIWde@{v&;l^6uQGFEH4+LAG9Ip;$epA0(xRXJAQI@ysN9H z-|LMwYb;I0Fs=LAL=U(Ew2K1w@$V4Db)U2(#K3IC=|0HThe%m;H$G0u1nqad+H-k8 zLJ|F!rGyR%J(59k&-3o0ttBIi2GsEDs6lQ;+-PC@8ildJ;$L<5;?ui8w|Z`5VdevB zI8~6D$~hXQzA?!t%=(epu|qWuLnr~z1nCHF7|&LPxPE`NhiF1_@+cE9>Az8)x$M~# z+j_=+GpEu-C5a7#?LN(I?^t4P^M8%PrHCh8yZj2;e+KY?V{hf}mO3g@iih$;rE$1h{9I8XC)=OS5GMS&PWGbcHZ<2&4d!gUd&9*(3 zSsflL9wMpZ2e~iQ0Pb)N5*zG9vpwXd{_&!o?L$chcs~ZQKt-Ys`2Tk+?Y0QPeNEaE zN28nMx$HmD8~-7geODhLcI;nGROXXz&7RDg87it}^;Lm(FSb5(-$ck@;tGKx2FLxU z0*^m+9bwT~^@P=A`_~AjAJO>;ygGD0uy)Ff%WxlqG0g&{Otwmq`il^S{IItjf`X*kw3=z0tqs*3 ztzX@i^$9NBr$Ze1@{HPKerXa`^7sddeaAldHkT^3g4G4kA@jn37KaX$`<((Lmbuy* zsIYa;GC8Dw^iau_7VDAUp=FfBtk9RTH*Y7}8ZZ)eScCUcL0rw~MHO&ybk}10JV2(u znUQwvYl#&^?_V1fW@CX$JuQd%y0zWzCpYBTI8g~t<(0x4-k4dhcle2??AH(_m6uNW zO|X#J6G6#!rPoSsn`Nd&P7}`#{-PD{n~tbv<5&nZ2XIGHk?vO~S7OB~Yz35W~c^2#A=g2}GW!XHaE&B4`guo+UaT7;G< z_#%&*f(G$HhZwaI287)jlm|b+mpbVke6c;~yLD?l^ z6J!4O#UEG;L}4em*$FO)_7rkJ_=xPqi=ZXmGZ>ZCLX*G|Z&=ihGhAaI3;u#Q=<`E) z^&ViwX6N|mqy>!C)H7&#CIVw~E&pa`S=WEm;}az)NPyp}0LcO^j;G~f)cuQ&B5v!VUSbv%Oi{I&MC8{l65B!cmS}M)A zL(i2Uk@!4kvPIzRNCw$9{Q1i)6(c@iWz%);m!wr-F<}uqQ`|YL`)aLSeX5dVF=guZ zlu~Ka?G1g%73x@EE;A^qAJW|C`YcU{dVgx`+8B3bAVW)sP+OAHp&sSJ@Fa)iG+v=M z>_Zh-uSUn`G^z+06-gIqH20Zmc${Hz6%p>5@i^+-QmF>gO7=UYnTNDQLZvtY6$n!9 zyelh9ksLYsE`{Xa)-BW5#V{-sO7RD$)NdOM;WBA^yJN;oRFN-wQYAPId#O-LMa<@z=R4@t; zWVNPT$xDw#^g-#2yC6L(e1wXw&$}Eflk~EutXVODfFl*?=YL+TkB~Q%l)rNw;Y2$D zCd-39C+N)(V{AiGVk!>mZK=>3s8sfx(+6+1VBGAa6j33wxa{x~^o>PKesSW1gotve zy@*B~SqrS9%_kP&xM>qT&jvj4(-?G?FvzfjO-Rk(B6&&@;{{)Xo&Zpq$Lq2cxkVYJbna zh0+F9Q3kG(WJf}>4TmBBTq^LN30>rx0&^9AJg9o_m&&ca;5xC)7s(Yi(PfVPRZ}Ti zh>2YMI=8I8<+1&dG-_1h!fHj3bnLd|2Tm@CS5`%z(jXUTYp8j)N+shSQ_oD*3;u?` z=?TPqUWP0Y2)TeL5%?cW6B17^b}kHmv4TQ>M{2i}*shj8Mnk#q{0lv1Zfgj5Tgthm z2_tIbg%pjcxi9lx6gyH?5^;idG)eq$Pw1{dglC1H*dpNoD;(uWm{_oawSD-{U>Hl; z6cqXMOhXl2uy_ipQ1AlFO}z9k#|qA*+@^j~S;&DS$pEB&Zu>~gSf{pJG=1LK1M@T9 z2eyDf^a}$j2#o=Fzg4oI8(cWGf$eaXn-fyQFfXqw4S7SggoL#)lt04~7A@*?JCSyV zGrH)6=!x_nfxmI=EedW{*~TdGrwm2DS@AhlNWhty?ly zm)-3qD=|`d244e7&X?Iy`;BmmvDz@jyWvT>Zwol8sPqSxTUh;#IZXi9^{MvYN^fGE zLZ?TS2osw_{UtPk&X%ywTf;%+H!?x%muuw9J(Kttr#^(5f~;yYwkl^uXJCmaKUXP3 z0Oxc_%|!ou9Lj_Z!#%?*2HJbd(U8VZ!*%hci0o-a3zQJZGjKf`#SVF5cI8ou92Yp@X%Y6+xEm)_nFAFrIYj9%?Pr z_mhP*_kknyxu3j{2!F2?)XCff-CIAW~46%uyxRS_Rm z_TJz>vWc;EK@z2`=XkCJrEl70zUR zhR?^upL{dE$;POlk$yWVdgG+&Xu>wLs@&zPs5CQw-gIfj`=y`?udTkm6nZ^vE9Wn? zrsglZJW;iF%vIC?(dksv8Thg=60IbJ_XStkX#_o_MxyWr*GrBGf)2`ylDI%f1NZ6LeGjo4vH*@iv*6b&rN2FvRN|J~J>-JxrI zpVn4B$9L2^zb6e zrF;Z8XNNSP3+ANw^?5`xuO_0-&v>ov(xlSIdCjdoK)Uc9j{L`{tmVb0Glqg!_Axs& z7NaTH{kUXP)nvj)hhD_>>W{GN_VdsN=_(EHvR#rl!|@d8fp zc1M^=IWjoETrv*E%g3wvn|6LVdj`UB3tyfE{TPOE_iuxP{(R5<&OLtJ)l0c)$z8Rw z=vdF6uIi6Pa^vk$ntDGfHdagRh6xu=|zFi8gL_v^%Dwu?c%Dcvob{zEHq;J#lz_ND9eME0S(eX=@qqA~l`I-^>e_?SAY z>##a$^KJ^}@=E2#NFJj7;qQVp-fiD{D~4pL!be9>(}B_WcR)5BL}jtrweJXX^SKzU z<`pmt$ps!@J#XnU=vg zJ=)4`CVm>UgGm391|&o8s9s?oCa|pe>*U4mH^qN;7GN5_12&M9zk`*|mVZY?h}>Zb zjOiCIbQPXqFF;n;#wN2>H4~QkVK|m0!!S#BYuPvMH@YQ}dQ3;>?AQD|y&KLz4ujg9 zT$NJ#Qq1T#m2D=rgc1J>y)oE-_EAd8SU1@9Mw0GVO%rq&f5|}I8o_=69nQIgu|H}{ z9`dF*(IMpu1)?O1KuhX3{_U=E=QOloI5QSIhrA>%d5O;N1J>7f%qp6MV&4yqqdP$Y^Zbzmuf z$0L*w_A3{A`BGhndMZpBjP8qp04=46k5S67Mp*3w{g(aX105UtCuv~>J6=R=uBrx$ zexqFv<<+bS>p7D0?>3m)e{c|6HCNr_P;cS?sZCLSe=4=>^q@FmN9+rYci}rVI09{b{&t;sea~;eWF$QQ_d5%-yNbQ3x_-FD0#|FYXExpd>3uw z(WTG9n1LrPk@lSYj)(oKyPMd$<`0+Gc`pyxH?OJsH@#&7AXe$MeN#f*d}7vG?MWGl zw`u~A-wVF6-3&Rg;Oy0I=gK=MsBh?Vk&OE~J8ZN_mSCr}Y}a4j^>eKiqu=%;rS<27 z^YSS(JxFw<)rsBoV)TUG&~O7q}hcXPLf zhVD)o(&{s6qj6a}Hm&r>K%!$lAy)ZiMF?>RK2320$#0g@G zWBDiE_s3}e1hTT@A7#Hotz&gZR>4Zt8b)Xu6ueao+!$Ba3A>j)(<-t#BI{z60@Hq; z0TwpIjUhVNuRDddmg~;SCB^H{DVqSyn$ZK2f`38@GAynPAFB(F^-d<^ zz8PzHtD8t)^e_K)`#8`$9eX;(0cV#N}qPDA?G=nrg*lw^~3S|C?66gN$tl$yk#`U{RI&{!C(g*PJf%NzJ`S}53 ziN^5)V(CIVqkpFTxCysfxOEPPWt)Oulef9|B~VhfAQ{RR4fta;BvA6{ z^@jr$PtYc>!hib4j2YSoR(Z-R7dbK}CAwOP>`NArDH9OxiIm2${!~8Nzy1^hn0vtKt(-YUaMj!5GsphCB48*o|JfzyW@LyJ_${JE~!E*1nT@= zR00rAgoEg8p=_oVa>Bw!&W-gkYmbm%nOaX*N8F-G%L$pCP=1%<2KXq+^`ie-9E)5S zud$qam$yAWW8?agPowHu;WLmWJG(ly%44Xj?2iW zp7AC7!3lO9s7@=H9uqzJr*$u&57KXtm9t5)%*)cq%4Lyjq3SvpF-HEd6u>*q8a4< z@E*(T`@N7ckQOD$pAEJy`Yo2meIJ|NDa;y(Q#DcSd3+Z^DU=a=x43aRgt&0ZG_PlM z1aU^66~QIU{anGfB11by=`G?-99>L$ssYKitAQ-*d?qa^c^)69sm@k2-n>>{fA*Fe zW}G&Dwlb!}6*T@z|5AW(5nHLk#_clo5bj|Qosf>&AVfZB_Z)`>+rfA%A zQ?QOeUf<<6qw~D&V9o?D7F(j>eo;GYg+`lHLs2M-pm39Berdefi)zbce@ltAht9Bg z02B{K8B3TNvni>FJ8eG8$c6Dm3ny%7D=T@JS=a0jl^vy>;ct7wWmR8MP;{pAAL~d` zUfW2f>3wBmRGeeHOoaU@ZY51(H?5?h5v0Kfy1>Ve4VEt`SRbZCVQykx;2Y5X7~E~8 z^@I`&WBT}m@b{F>8TnDX&%yhz&75e574taFUYuO#)!&2Coi%21qE7}D5k%;Bgn> zS!&X15AmEZLVa;o$M}5L^NE{w+`|(HKALjr9P}AjV8Q1jeMf()kv6&}0A}T*79*Yo zmE^oHVQm-qD|a3bcc>O65tASrkum=c6Wf+i@^!JyF*7fqT@=EFaqdc|#eN^MK3Bd4 zAU)93qj#ON2wD|yI&hS+mxM28o{wl7lJxct_Eg{C?^j9%PJ+N?Bps~8dot@A)7EJ! zt*2AuhqRXo%Ufeplk8~9tU7H3l@x<~05QpFBm4nen&C%!A1s!oZE+K2HfSd+i5jwr zlm;!wv6ZDU&YQq3oTVnR4IFU`No6;2NNb(kP34Xz_})nI+fJKfbhONfL?Sk93pN~1 z`l{NgZELtmjj{{a#3O5KYxUJiD;fa~n{AyIyWPsPONoiY)W#6=%k2-Uw)vK+F4BJ> zry?Ox7uEEn{d}2Lp?NS0f!~!)Nz{H0rw-~)uf3_xvKQP9Gx|y($x<7S94N309&?1UH8gMvxqgQ^TK}YYK`;N9^)I;JYUM zf@&|dXc`<28`BP}mgh!y8-5$r^zuVlk3Vm>!`$2=KJSb>tHEN;8D(JB$D!=vhnGhg zPdvFEYC|@E(GURH=y^pJn@_9?T_tYgm1xMjW$Cedol^adhHOWx1BlTw=8`tx+M%Pi z(<3-Er9Hyw)75&;pstnSZrcX}7E0r=tbLL7E2zNY4%0}0k@ykWPeQE$ zj~BOqd$niW`qRJ12q4&1yS>GxeM?OjZH6Qcb3xT66czKEeW0i5yxIg$jl=O;)o@?& z-940ay-xdkbi!D0TYKkLi<+xlGLfOlzL#G#gnJ}9xJfz&mW(4Db#W|RYe(1U7)XHb zK8?%!yID3bQH2TJhS!;Sho|!Xin4b&_DN%QwrnEBqm5??a+vZ^{ znLPQsl#j#~ML)unrsjo7#&@mlr-dhZ{H+aHcH-SFw{kLU*Cu@c0_bSAcs@Q4xgs`Z zS{DkW$H-TQa`yZ(vL^5}NRBSTy+<{;;imU8*kzbIN4wxm40EZ0(;lpaiS)5~+ITwG z@$b~M+l}R%;Roj&mtT0?b%tntzgp;L7=(1K!oWt%U7=ZVdr0ymGA#2Zt%<)4Q;eof zXZU*B+vt?G6ZDE%W0ABJjUSP@7!48okW%NzG!E^*BJ+y~{aANWccOhR3}iU~;_&?11al zw75g^vxwnZ@~81!wJ3qey;tRK{)0aP*Yz_fJ*xx!)I>e4hQ`0S2u}Kb$#y*M(Yo>b zYx-#$ok+3=yvU{kKNuDyO#K9HbW8OL%+cJMdkNx4PxAgTE?*TApY5?G@SFannL4_uJ>FuDTlbq2<* z(RyM>?vLNDE3xf?5EyD^xho>$`%mUrW$brfsCnc`8koKi2k|XW{g_?^;r4Ugu5rXQ z26R#Fh>q_V>C@-g8h+KHRTTZ`g}2}R>xcbTV@=uY`^cfgAR7=(Y%6I;G_&`R6P$Pc z3E#WRld(_duT}N%RV1?RDe+Hq+YPlDiPfd9~ZAY=WLMc)a->aF0iZhK#PT0Z4?5ju$ySwo(;6jiai*mm~ORS8D+Z zGnF`%kHB+SUeBQ`rb8Y8O~t~#_-T?SLp5;oqfoGL!uDaUd*h_;@8n=@cFu<;sbC=& z#D?bzZ)*D=N@7oY5LVy>>ax><)9?n)WDwH1dqtS3$n)w#GYFgpmuI`)n1Q%?zUtFWzEWOb;SUDhj?4FK z`crsnt1p#mF3cj7`8?-1AEIYfHTu)`Xnv#)BjV5RFPEuIL!B1+CiGW=L(&Y1_f|Ru zyfSm8HL(yC-%;`j^R>97<^;9O#{H_C)3h8D1Y3o4$}iQ zMIxTCo?m5v44Ai{?kw*7l3s(^7D0$-P`GS;gKps1oRjyW=@bT?_UA|M$Q2jnUMXIq z?_=BV5t~fdECyMJLERM=>*v%H@b~vnQO?UaiZpH;{B2o#E=zkL!>YXP+oVtH&k4g@ zXeMqp%kLU(N4FICM_mi2ncJvr{U3ttHTj)qRaO_f8%*yu|(L z9HR1Lg!o`bd4RdQ`>IPJrmzq7sU@x62AS%kEbF-iz4_nkblH_dY;_+mMvn<&x?l$5 zK9h0VjcVTx=W{~I_EPX**)<%8Hm^??^)@uux(rJ`d?Qx#4eqJ#?uv^GXM=HgkK_A~ z;gg~GrWGzp59Q*97T)7uTj-y7Ym3va!!aY1lW?pTG1>5#ru((X?zIp6gEw@W=ZjO0 z^Tn8zu81Eu?|V%ir^j7v&c{8HYVewA_$E5Pqo8lzFo9ngj9S=uldA<4@s+luRmxyk z*4x~k4(Woiu^w>sS z^}UR0uu=@HKbD{=k_b&1TJJKBJ5j@9?R9TVGEi^2q*DN3N!@F-jlXQ}l6kS%coi1XoQtUb?7Yj}cB4v*j9ek|JK8w)M&{q=3p(EpL(hju>?h=YZ!dtk?E zEG;mb7ApC0G{+97005ILgmt4>9khZ(&1_SEAsLO3{|Z1|LvX@n0y`mP3WA@v3hF}^ zbJnIr8%t$dGIBE{UY|moofVC+gYTgE-CR>jjm*e#-A3fe=|Ao(BsnIVvHfMFQ9C)X zTv@|tn9h%vf#=YQ)AP$ff6VOS($aMQd`OVfD4cOfnq+os$}CYAqEt{D{_aDfAeTve z2r(jpIE;Ww)s9pXNBgT9tKq=uc#!VPoz?Ci-oJU9L8BOtUf7fd?EEv!^URps6WEL# zzaG$+$EIP^MHv+*^}J;Yyrl}28wh&(49z&>%h++GvK=iB3b4nYv_F%u%Pe{rN1 zIY}xYs$~tXyx@=%(>-(i%NARVH`#H>f3jMJ+mMxHEPkTjs&0Hne9GJuh>1x!hHP1D zZbC`imUo{J_Zm#o+*6A=xCMC?+|uJgBy||zr}^Q8zQ*{@JY#5oqzB(OZOy)Q9*2DZ zMbFjTHbopSAR2{p=oJNZEV&@fM%)5baLoG^3IU^aXlgAsry`es{z{iP6Ysc)xpQ7C zPOSRWD0KX?TPvy-8rfh;O!3k|w}#3Pz~#{BM`&xa!EtE^)42_IVRhb+w_8Jvc2ntM zq!j0<`|OX6{)-2 zS(#M08sB?fr_DW<5YQ(V#pf2vl>lTf=J5Oa-h(tKd#OUa{k^)iQht7o*u1#K=ec-y zk3Z-gl8(z2a2wZ%Z+s6YqPb#Ed!W1ko#PuR;BB06`NV&D=WgMt`=+hG?cIAZF!|A= z>LB^-sb|1sNYKKk#0T@5nDaB^(^zW5W@oKCMfU&>O8 zD{IO1-`9L06TAhDGbw_$|A^3;mXBXOc_In>EGU?x2@H~2d{t^JemU<#V9 zx3U-QYw>xlkV60HCqB-#AF5*D zwZC82J(>RQ)B%Ana}_uGUQQoVTYonEZf~mLwDFJRC|J~F^}T*NA=pt=_qo5|dvk!& zAJ%0VD0O%12zLU4`}?T3ktPlQZ5&=Hu({fphu}rG;VZAOGBr21wk)Tb2(eB3i2cwM znOhSGvl#hWT0uF#qUGrQIv)!T|Kh#3h3(z;B(9Bn@d3|L;1VaBDP2~csDf_%ad6Qc zB|}qHjE2IamQ}ZWZz1@;(Z>sn3+nm;1;o|uC{2f|k#pObLU*9Ljxx74BUvc}aZISC zo!?Icy*hZ~52}0*zS|!Dez0r^c!ej0qvHDN>RNhQ~m!_lp~jf%Pt9&`m6 zkyrg7+!*WIa4{omDo=Wn=YQoW-MZ8c?`SumeOJ_$X3e9$eDgf1-f;Kod||nZwUiI1 z7QkbAuFLt%nS||1(VX;9a3mu-&GzKggZGN3L$hvESI}9V{(X4E%x3j@MmHW&?S$Q0 zCQ#v2;*lJAWI}J;D(Y_5fMkqi8Sz);HVZ9@Vif$waVfF2Q~(kZ4LJUE1q-#=zdDfE zUVAo%4m&1kW4@fYB9pkJ_MzXLlXarTdtkz#&{k8v`-olwbMIc3y)1O;6&h`BF1%zK z(Bryv5&yVx!V=T@k>A=x@|EK@%?sVG17i?d%FJm%oD&YzRK4bhmFr_q_~mO)(l5ZJ z0_4V%eKyQn9OfOwHeEzkDo4Dj`z@d71bNbxEg6IB*rply(o07lmK^*E-}r|&+? z!iTEJE+>^RCD(57gx1m5q-6p~i|t#dO7yMuN`ZT$_IkE0aIEPFb^O?lfptp+;Sakt zqW(k;ddB>Ewgi-NRWNp#c6Jw}NWbd!NPINf4@e~wqGZT^KbP(j#pvk=rT8lavU`BD z7p!gd-@;)HMdPK?Atmn6^!NtxgPi2|UsC8%cB)G?njy(t`{E6LY-ICRf{S2(z+yx?94+CEwnR(@a1vGr2G6z#Ra0_8OFW9m zE?nj*(g@7OI^&Aj{}c0vQzMr|v&-> z(@u6ZTjVknWEW_zLXRWT^v%01BQ~ z(s(n8)c~Rw%nuLepN)P%H1W>+sOQ>u%$o{}Qkr#Mn;))Yx9(H4NI-jy=BfIgAOaID(KuU=5to*V;0-J z2yjdzdmu{%3q)uXYUCy>-jNp!HlWmHd^bNGsZ()2xP4JM$I>Em%FWbIj+_SyapsX3km4C zrM8QLtkGmKXNH#Em}HFGu;XcSjKlSnm5Ujy+6?%>c^W3n(2{U<_#t*9(waKz(Gc;R zFvmuJWaP+T1sOgjxo+&@J#+f8^V|&%TsKP;=wQE6#ur8P<$&Lo<`i(B9=Z6Fi-7aO zPbJnF8uSERe%>~YTn)6*sw~E_W(aI1s#YnTtLQxgrZ5kJf=KJY=}<_HLDA;r&0;7$ zA4b`jUnmwZk+1J5SnwiWLd{AB?pLX4aUWUrg$j+wuUbYrEuPyDD+7c_MdZdpr;)Pq5>k zaqUjCgioKHnm%yskv0b_%hUv*#k?N$ft-eoU;+nq|JK4C`%D5C#*|vVD`P5A4j++wQPAg{VGU z2#(HQK1-wGDp$3_JRjUZcS;h2(Q3(p(9@*=Qty-a5A-IPChEBh({z33ysnB7F0|wv zaO#u!zR;LK_dDjsUA`qvvgo#%1HcBG-2)yI<}JmZ9#uO1aWp&nbXR6~HMPluIFR*$ z{er$Z58r-_ba(0fpmMZk24#b`M=anKRgw8UQO|WUc+?fI1>wG3;Vr@PCdzi$aO%Qz z_-k5NtYa*8Z-CTM4s?w8a0AsetnixGG%TLikktL|Z^4V`J}zo=DE8-#-+-+>RBqJU zZ-hrH2We$7RyUJhY+zp-9Jt$an|Wu}x3th9RkivS_XnG|TyvIX-BCJOY zq`3Tm)U-}V5GWOBMc_%q{B^*ZRj(eiF+}xkHk(3;3kM_)y2SgU9{i|h5YUO%Zl{?J z-{PVd@gs&Qy-`s@+zzdoA0#}m1&OUi=7-%Jke}VA{?+=qe!Ep{lm}!7-Vip>3Kv|) zBGfiXFHQCvx3I0Y8=(wwH}A}n*mbxivrFpk2{vPItpfyVHYeLlBmNxCd*DJi%S7?C zN!|JSl|{9Wa<@a!>kw6u{tA9#kce`MtF!h>CWE$g+5x&SFEk6V@y%f$X%*MLCq54Z zHNMw8f=1)Yaz@l}1d2I^ahi-x1f(9GEDLUJba_48j>gPwZ8P-WIT3)Zc>uS}ZEeD% z4M!VB)vQ5a>3kT_W?PW1lx=_ zd~aDH%~Eq}a-w*5u4ZzYW3CPNp@d^5pfeeL6Wr!5)T`i3TVk+Ljj4ifjCFB7-9r`;pIX0G!l zZJIb13HeXfc7FC!G$8v#GkZf@^i!5jF#glJ>)WT&0_?CV9314NP8VBQsfOFGKD?v1 z>S-RX11S~;LXJ&{o1A!KO=JKr-@~N^{eT-P>nV8J3WRBUzB=H9$#Ul6#~V$ZbH5wI z++bG~+r0kmCQ0uoaq{*%`K2thG(`g9F@08e_*`FM$0o>*u;8vYBNYFngU$Oql*>MI zdUTBIv5&oj_cCh5t|WsQwFKrk`gN8`bs}cl&O3Fj$))Sl{p~p=B`?I;%oV;ghtmTP zK{tBUFw+!zU64sR|H97o*E!#N^YIhg?vUa`T$J0!3fVxiBffnN z?bJLE2HD2xp2cC=j{gr97aw}EG0xi!cv#JHM2crSY%61uky0TCD9f)N zz52XVI=?{s%Y5p+ky}d3peqqzHV3AGFgE79d=ue1CM#3jx+ipI`Qc5%!|tE=;a-%$ zIfM!V&$yZ=)aEi+i@>X7pU4gO%lK3eCi`qw$%MTigdxm8AG)1G< z7-LgTAD}E`VD3c^zFHxWbyL?V@m?8LOPPOad(_>2V!FMqEsKwcI=z;eY{YxjPD*9} zlJfO3^7Eu0S6-C$n?@johgL9V2hWRz2zU|!hUUrmFPiM!bmxCrE);@LH<9>( zzx?@oY~o%g@S8j*-B=ru@3%eqVTCo3YvZ5I5y#fQMxU{AVE0E z4XgPxi!$eHWbcA?4|RqZ=nJ`N;F8()MG$GwjU;7AZSQ-|5Y#kLU5I(i7!G$&oQwo4 zTFCuR+R1bOVkKhAg%&J45pc^T^({n>lQ)sCPJd(I37yIe_6Cz_1!avOeSI3si+@-keMg*;`qC01P9|wRN4(U%8R)B6z^1q}MDiIGyCQKww=Th^|P@H5$ zYIP5QjV;0d2_BXO?y<#UH@m#Li%j6H%oLx+?Voq#{>egCH-}$~Z~rKj+nw`iH%XDd z8-&OhBl3>6DIZtUGb^>ZfjG36mwfM&d$f7Mx=SCCP{4L&UQ~wUg3pt4pV-V?SqPDY zlt*)QyX;&-g9w8=v&sEbp)*0;>fH>pDzm(Y(u5PIQ-)s}+fNDM!)?@h zC!UU{&hcVD@cU3pSjx^NZO?DkE@VmpJ-z3K1n(fFQ;^_SlSX@J&bAWB;zcgVHW%HFhD$a-m;0R|@A_1b zz1ba%SZm&-^6ut(NG3{SG<-<^Mr=J_)gef^HAR2?IFy7aUG<4UPM!q$C^|Ur*%)lj zVL#3ENBYF^F~+?CK6cUj{>*epgK(5(5%QGDNRJVreib4Wdm%)^}{pq;TQ7u$SR5#ESJW(bW{dMXs}D=ott zs6SrP8L5jR*uQ$R)Mrw&9C z#MX7>S91yyWZD$O=2~1I`|A%Xh3iZ%j2VfXFT1`VZnQM$k2vfwtcUW~*t@J;#L1z! zR)CHDDUg4m*U~`wf5g3GcwSxCu-i6v(%4NJqp{UEO&jNmZQE>Y+qN3pwr$(?UcK+< z`HuJf_K*E@{|}C9UTcjp=Nx04XPwR%EA@3|$7;f6Qakjx%F+@s?N2{gTY~eiZ z9;{(?v(eH0U#Tq&x60CWH!?gZ1&;!CCA1j)btSUHM}tL(IC3`o3;sr`*O9`AW0fzv z`{{G6>U||d1+XxL;?+JTQ=j-!ZhRUW%W_Hzpfo;fWI|2%n$%9;)bEQ*r|ORH@%hbB zd1!Z0C@A8^4#s-e z2Obi1n=j?R4=;K6#bw^tj95 z<>a8O)6Tp_{(`Ub0{d^ze0S|n5B%@tU!NS~P;bt&A@~IL5!F1(3+rHD8;Z!@Vp$gF zP#BX~94U7$aHD+ARrb7%BL_v>!3D`orPB6)Hgc?V1N%!6=7d7e4x;Py&2B>eDV8*1Nx04Z*9_H3*->5K}x3ED9$UZ6vo zcCrV8gHqF1f)ixX1AhsrOrlv1Cl4Jbe-h1ozpm49p@gCo^iDpaBdA@g|DQY6) z9m4ynGn1Y?=qzjCes|&lI~+%8W78AGv-bP4SXCt_N8;hdqmz+Vg+?nR5&^Hl2;b=DRMyFNar3@pK|8|oL|EL}$)OAC!v>xVGasJgEDxMY z^xK{pIXUNHa$=gH(fhPEz>hifmgTMBf@waze`FTt!&f_Mq7o9axU#$-m=p#DI^n`i zqp)P(ceWd55OLP~ymkFp=b7*Mqxej5V3k_OEN>eh=JRQ(FQKj&`D`5L7Hz|snvOiK z*6HrStFIL(Jn3#D@x3?&-+JzkR1z3vuiJy5&*AbgCw64gOErYhqvOx56Bk6K2+64Z zbT`n9%eN~%|MFNZ8a#QYRxOq`>Tfpg?$_Tpaw78GE>}|<0VxWk%hg<@@BpkJQjVZ$ z3jjWqN6$aIQZX{;h4wG>AVfW03~|J7R>?byv~h0wi7va)6a0O+oMv>^ruf9avh?|0 zk*x$c#Qg2Z@apqss(ydvZ%2{qD%TQ5jsfv)GvL1Yi}F>C;g|(x&71?*om9N|~SxU40lxqwXD10?^f~GxY$v`X3;QFNLwgfjZO{+FzyKC$Ekj8A01p zqaF)mXml;qy1+ded@b&JA&8lC=?mmZey6!cAr8*r291L`>1TR$YlwpDEKxEN89Q7o z761UkXV?^D>Sj zhSv2Cl;OL4o%6#PH1Lu4nuM&u(lSbuTII?=HWkCbq@{xB+Luqb#9L20{!Pyq7c*QX@gAyUAm|p<^+OJ4q#SV9FxNo*wqeW1B!c z9eQDt-MpN7{mG~3j+bdv=N7^#%kjB2c%)jpKffAoVQ?p6WUf*A(gbIY3!~`7Aib&rcGc7HB zWU7hF<6_pWsf=X(I8$;|2=`O1ljtw-x9`m{o(XumTdlYEPM7^icR`QVrV{A0AHz^= z0_Kc%4BuI6kBgB>lH@?!%dSE2@ ztG!1@?+Y1gCdIo|#8eo}S!`+QleBi+SodzB$VV7W5x<3oRvrAY^Agt;cSYklh|!$*pqNbJd8v?=H;^x%_#y96sAI(j@?5inF6Do}wT zpvfDEACXkK{_h__(1q?DDq6-XmILR8!Kzf>I6UtvJS9@E9j%$}uvTwKY(`JsAl+&A zEKRwXf28*f!QT&(p}kVN(xD?GTE9OOe-wElbldi*c30H+wDxhI()~}y0t;YhetVP{ z6NG<~v_T}&?3?s;*c8>jH23WPVTpa0(s*g7p0jetK57rcZwvTVGib(~vae=lWSw3f4mIjl*lo%1(qllA)0()be(>E)?8%@{mK>hm4=z%%+boC@HUBgwwazmQ4yKTrQ=e@{%)<>3D*i};YwVQU87q*>J9+8b1Y4WSc)9jl-W|2sv>aZQ zn+6i%XFaAi0zgVQ0daDDgu(n1Xs1rRZ!1}d6zm?tA; z9YP!+c@R7|cb#>gdt?iDFE%)#@YwtJD56}1#-;_IA$ajW$4_U~^;1|YHd%?V)sovN&%1+~dy1WJ}8i9xAiJllPRvxVKm zV+5W_cL++(M=n^ezjSa?r5{0qvBmOPQFVHIIep!8rrGjclU+PwJvxAmxZRnsNMLnv zSiw*4;6}HZQH6J<`(jcUoj4Z9Ue)a4lBsOR;Z!DQ+73Y?sETumyAVtZtppJEPIxq~ zvUMrred}kUiSOHRLESSCG31o42?PD-oN&Z$P((Z0ogOqdZJFri!hI)aP#Veu#vwpE&CMgX4JE#S+6 zu|(lIcVPhNzi-yvrfC^03URn7a#)uY$k5sQZy**3O6GtS)bB8{W9|CL{7W+uyhy<0 zcf}R(4h6D5?y3W`ECMlK-TGVkI;Q--x}K0CIUO<0=*;&r#`Q1tg}x4ttULdF^Gz#I zybJZHM-o1pA@T033JH(#Kkk&v6#)fO3{U8>J1oQ}iypAn!0{36X+l&Nw((A=CE(Jd zav_U?&>0WdqOGZrq-OhU`6u&w=X`G9pExX}V$kz(3XIjAC6HfPv_kJM@%)yXrO-dA z2zxW(8VD>ek84hUifazsc7h)@bkd+a|Ajd<^X>a~9*}(yW*gHp5HqDi+pj{(qJZQ- z;gB08SsWRdacX}1P4A%LI9r;Om6W0ti+!jk^2Ry4ox+7I=e@+HCpwWE#rS~)OJWCH zye1^ul6RS{Ufg&}-qt(Lp;)@)54f$0d$*(Knw89{(bu`*!WNY&D_n!$UXXxKiotel zMTV0=RTw=Qf7W-lQD~8kL?YsAYdcdsALyu8K5NckGp?I@B#iRO|Gi2T)xBM1k>vvj zB$mQ)WWn)h5j7-M6#isyuwL&1ynayu+zvC1bmg!p%zJq6ZX>@DH57;^7UFgX5mEVO zV)*cpL}@6NY8P;tN}uJkAc4GghBeIj-@JAJ-1Xp?OgIM6sVgCAn)|eIS#P7rC@ddZ z#$fpK0#v7Qh`hserjh3X&)V6z6SWt=wl1#}tZ~w?1jI&!t~TN*su^>;5-JjmZq1*j z)NU069Gp&ZLa~*CXy*i08^5!pp6a1&^%aFK$dR=?C3H>_6-duxvv#|A&`S90q#X|x zB(g{bw+FHP54jP0_bvtj*0UD4Qg82nAyw2x0yfy^Pb>N6`pDgB zwKd8>S*fXoRbL$#T;m0L{hi2pi_uLNL=>x?vr0!k7;V&hh<-s`e;^*<2L?wHgT%92 zI)$DQ&%jV0N#vsxt(*qE^rLQW!wFN8vBE1~`gr(H(xkusn&#+M1V%*bnE5Sk1 zM0=dEoC(+uk(Dv*$uLY(Tx^(T>I8A43nKu(bQU+xSH0Q<*w3$-o~@r)kDAGUt=ofD z<0oOgDF(@>W?c4L+}SM=I3`iWzHQA)2RtOpr&>8oGdc>!5QaU)q&!f5AWUxI+G7&D zf6zW?QJtxGf%Ca?gV*&C^A!P}x2A60^Ng$_pMPd%Wo2bxpKq|W!G5m&`Hq0y=JKqk z4oqPHwUnX{b=6VR{Xu>P_$ejD+lxDe3J$_Vtz}yy1;5Nvn)W2Z`&pkVwY!Yw>ze$J zXZ}?trjJrTe=>IEOc8EHh%EUL#^t@6Jq%{gtGd&kE;L5?Mn;K|lzPP0ug`bl@ret9 z(6h0yk|dH^-_0!a)pMY^s!HoxcJ}K0G!qYwJs;vsZH!fwO}3c-mb!Iw^`jkf(qYI*aF?@%W7)M%TY`{1O<0}N|)boESEPvR~*xB}6HFo8fkZa~_0unyZrTWc&-J8hrmhokx zi*BdutA}g5==12a(;p(=>#Ha|>UMUw>1gcgldlz&v{7H2yH*)7bnZK6_~ge(Ou*dM z%&RCLTCO!L(tb<(QMmY%#aAn)H7f^4V9DsJ+rQPyg%o&bWm;Z6c9ory6Qi6Sx;BO+}^Z_ZUE2_s=(oF}Gz9#wN!)s5$%8CYT;;ydm2yb$*el5A} ziG)Gh!XyP}6~q3>Kqve5;#NqohntRR5kD8*MpRnnaM^IyG9$9xlKPdZF{sL??>)n;AG#P6ZS-7a*RAG7x~LrGTE~Nrv}L8qOUFkvfI4 zfU>&;2s1puKlSIglJZU_GmNW}a^Z(irdh(5!Ftctn8#pFW{13o%TCga`_nSM1Jn5& zwx7oxs#@%P?oPqg4iC=@4tT2tuq>t=pd-%s+3e$cMaL2WPQ-w3MFLtBXBq|kt)Zv! zZ&yW^TEh@raQdgt-;9T(^gLN=>fbt|?Ajw&WO;du*jSin6u4WQCywDz1$!%4x15@J zUHrQXkH_|S&3pEC{g;kXf}Y!+^bS;A#L$leW=IgBzHS`G4?mu+OlxIsh0+L@EPUx$eteP+djP2h=ndk`xmwfT8m_D)Ukj9)RQ}ZyO%O@X~yV za}3Ba^{)^?-@>#eDzR<*>c4ExT&YbsN;Qi9BVB&=_tGBT>P!;CkC~nf{6%S)FqEpL zpR>CKS)T7|=oX6okcWl$l&oiQ-7qwJfeC>aUab9CLr+&@#z`yrmXVxcu*N+;I$X%3nsg2sY(vnlg>!|lomz!ryc^v1xs{u$uaNLb9JVqa6y{W*pq36~z()H# zJZUib;)RzlwvCV0X19ULQ8qlD{^3D2k=5%{UWO#j`*{&xbEDfbMz)sYAR{x@HU4Y+ zI|CEGzVUvWgXsq3xHGCq(k;sbA^XbNM4qdSh|KeGt3%v;;D%WTlFyoR$^8V%dh;{* zgE{<8kFL)Fggg|thuwOU{WGN0ICjp+GcFGNyUk_eO8=3k&%{;vUUJGa zPtjMXqhnlnR@~!*1AMd^^VcU3lc5La$cfJ&lcHhmJV@~0cn|$HD<9Q5+1pg%rD5sQ z8LtqIJK#acaS}t9@OmbJUyA&Lw>9PBn*7Oq)F8c~kcF8DGos%=ednPoA81@Y?- zUHh9RY)G`BNM+u~JP0RGZ20$;F^eTp!4ck+MkDhNu08?R@YO{5kpAvu?yY+|#`evZ zgANF5FT5H(_BVtE^U~)v=2x6<|#=sz1oP@+V~-GFeHHnn?>Lep-RMq z*YwOuj9V*vH@lV}mwTQ-jJ9VMoCR>FooZZpJV%J)v|J-T_=n}(LyoY;dpsQ$I)>e> zSxm&FAnfXH&oa>nNNU}cJ%(s;c$n#5{+bKpfUfqig@ zgwN~J9fZ5nr=c<`Gm6B-&cugTD9V7xZIYkj_<{FO0-tls^nCaFX)~xs#*gGSjv)n) z4-Xo2z-Dst%aSo;(1-VBV34ij5j6&2?9r2#KApRQL59D=4qK^8PfRISk4OMW2<|>o z`X^)2Y-uR<$Cj6=PASnA(aB?Tle9Z&HT_QM(kX+*kRcX{EW} z7VDa;<*Nq2btv;I@VnoH|Vn8@PWRvXL2xb0fO-uC-zSoLx! z%zv}NSiDUmDJkg%#jhiX(_nwn01+5iX}66zJG6R6`X-HFD)7r+3JWVAO}8jR>*|{V zFTl7yC242p!fMmCH-y#sZUhi0lfg*@{k#%YsK<}2D1_C1rVf~ZT9~9@RzR~}VNB=W zuUVA-f&K{@TR08;2{JVh%M6agGjN@MVd+tq$f` zzz(!?5rD3V)-(4$UJX6CifZAOwV)6`t97azFxN@df z^9Qpq;m>&HW3lNxi~1$=MT?O|*nlgb!<-UVvd(Q9{mA94pJ7A8rmB7{!cY#6OCB5! z7tae7%dr}*p`u|=W7gIKL7^sbs}jO2pr~fI_Eh>icOII`wam_G51WV zsIE1``xauaQ8iEZI^&rk!9^O6wi#iI)lg>V_Gv1KQ}>H z8)x5W9&vb?=yc*NtnN%?K=o9*Ixde25aQVJk(W^+qHtqi(@bvCm!O8AI{AYqKol7=cw)%5Pk-Qf=-@ zmpaYBs%4`J*pH*x#XY*s7~^#W9H|$gLr^}Dp8Cfv)X~GJtct5V=g-rjl{=){MBDo= z47%ri_oOup_9<3~M*Bju-u`r$ZpVjU*W>QQ*PF12)Vx6AiPFV}PzJ2C4bfd76{oC*J6}mpeIr1xPW{>37bFXVZQsoDA zpn4-+xvfqw__A?;+I^LWR20?RY>&@#N^P;tG#^BKvb6AvKDjZSP z`#GTYW7UryZ5L|N-YzCtx2xFeP>b<2JGHH1>FUzZDu9kP@9|pW;bMqn{hDGdKz;;d zKhE)a>W7Ep#O+D$;a{W0Ykk}QU+bNo z{ugc)*+!nFh?2S)1b-RRkWWG0LmhB>*Num3)TP%*ThN}h=p?kuPYs(<Pd{psxU6D?e#x%Cgu|sp2cmlUU62Q=M0fW+q5W#=k$? zR^Eewmi#awZhzx#RM4Bi=~Z=}iVke9@6=UBMnSyLD!an}LW{XX`*l;=gh%{m=|&x~ z+VFD_JufgN!M$pX)EwxUnJZE%=ie~O8R?;t0{+4j^1xvC%)!hASM2wyQtbG0^`}Iu zmujWW#%{}O&cO~2(zRI1=q4^;B{jGJK?jnx}J_Of@<{^vU-a8yYH(zuhjz$ZP2?aMN zU5b7kmtD->>)s}p&-=~UI>XIdzdEl9PTD@2s&j%Pg7~ESf%A74O;ts)chwF7?n;$< z88$rT3RVh)3uEj)QuRJ<&zHbcNRa9+rX~- z6sh7^8{J(1%K8~U;BSe}&gusOZ7q6saB6@3m{4VEI8anOzhCb%`?fznV_ZW>lcqG2 z*Br5bjY=)#W=)HBdGU$7JETwfCafh3qufg6@Z6xDUJEwt8V+bTjAmvZf>0znhHytpQGw7x%$dOY2)dvgpV*>`@nI$sRE1sWyC52kSS zn#RoVmETylfKjuu(cAl~irhR+XNvX}ewu;ys6mNgn(`wzQLW6UjBd@_^Af(hfa=Dh z48$Hl1k~HeX0f3&x|$D_k3j|KhJOze|_o(-V~kf*t)D#c3d^( znCkl4GB-~fvmq&|9+sfUIP5d$3aLe*2hBB1q3u!{7etFn936h`DY3NYk2Ghli+xCq zxmtLOzS^qfyPar%lM98vq2Bgqaff0rM8ciqWC0eE4ZEU0pKd*~8t=i9sO3d4ALESw zt`7fW*a$N%@LgLeANOwCHm=d9x6;UaZ}GTK@6#s&s@ zQ?yulmJ)b+mR1^b^x1fRqC>^2*-}Rna};^BT|HFy!B!Zb%OB=&${}-*8phw8DVd%v z^iglBICXVu>Mq1X7_Bk}Mn;NBDp=7B)qSjOD}Id*UW83R>`Zho#ek$cP>Z?kj~U~+ zgjc>esl|T179An7Ty4CLELd}{P08t*&2!d6%3mF#>-;r;Q;PNMIM-Uo1VOshBtR49 zRzN{);Up^*AD0{-r|6ybg|3;p`k`p6l5MCE9}z){0JCPa&$u22i5vj3J(c$unVT0; z&<>G_co^)hiY_4HAhZy#e670h%`GXhW(7t$my2XqmB>o0Ikp|3&S3{~cJC7!&KTCn z8>Nop+(EVLpu-J^GJip+z0=73Fn!O`p4z-VUM%8I%S^otiJP4 zVl*9w#6awxjb7RVFg>(y=7PKic4yZW2$ud-LT}j?KXat>H@Y-&<>aLZ=atcew45{yGKIDI<}F3ED|#PBHC=t&dloC6s5+4 zhH+R(7t%m1XCfb7I>&}XpO)tLzEFNNgagXDt7?g0G)gsc#x<#cMLArS{2|BAMOf_* z(byqWO*JF3PyTCrkdqG16w5yzd&{ooi`d}RUY$7{Mn@IUni)2hUxijW8+^k3c+v3tUKC!0lus(e+yYxX-3%uNzBG)I@2PsHgRE&N3;?${`!(r|Av; zM`y=?7g$TKj_txQxF} zi&*~tXJ=>riM<1rrHyh{GxHNe|IG5h*`9}EBt_eq%bS=#&IbZF#`aLzJDHDQ2y01A zTCN{8hZjD1J!A+>C0+(RKhs~1u2^A41dxQi49v>ih%WURn7U<18geQv=V9Q_-vA6( z-_PD%u@Lb-2+v`wUG4%NzLA#(g#x#J$jCb{?thuR1M(Xke#uv=SLDmzd%OG&}ItHzOHwbRTw^X;_o0fKp2Q2Im;;^h^JPkpRl`SZ)+|_vUu#$?=+CCCYz_`v)t1P0aDp1GnHhHalATJM#4ai`DQlI>d&EY5aHIo}Ik8MZ{Egl&DB#>m$Z9)1C=aXGuv)s1CI%1#>7{ z^EJ1-m&XqyIy*}KJNO(aPdGN=UasfiQvEAjd-8K~3{DMAwn{&mSgC63UQB!5gQz}`+DFq!j2(y&pUN8fuWP9p=1=71U#Rn*@RGk$4j^d(lp9nf^eXs*z!m190SN5 zhr9A!+<}y=zbs-QNAEH**#*4<^UY8k0CIjiyoemgmOih7?(z)<&@u>mfHs3}`PwWm z#ys0D$1qGVu8{-hGv@ZDs3$#7BB-dSQK5Z_W#n|fI$(f|&xG5Z706oGj-D@97HDLH zG0^%(pL?F>-HYs3>tvz-B8|7=z8IIHc3?JSKDf+8ygO^ITYX|;g)mElkxGeiZe~`H&{OXsxCyghPfWB-;XxlA& zlS*MW>1aN`nRB&V87V8MK3Y;BtY^J;=JtAlaiK%}OJVLAE;xImlyXhT@JQwua*Ooh zUr$Phf=$n&vts$*|30}yKjo`ht=qHw$xuB&dYt$f6&F3S487nInt0wkN2Mm?`T;>BZ%n##XUFu#rI~XIG2Hl zwyda6LQ#5kvycPd&Hq$~1uu_hi%a}$b}z_mse6ojiCpVUvNoB#Ed36MK0gdxk2S2Q zEjNSksA7QJ+kQm{)q_b|9@WfRMgxa=iBsAay|ykV`oWrZC;S( zYpmw{g1E=;e;h_zp1A-0bbnFWxwzQ@P*{B7?+?=mqNt{-1LGPn(N!Z~*F8Ctk2aDu z{L|b1S)zyc5C8pee+k}GVctwL0QV7Xh(vVn)#R#Lk>3_S;T1L3bYk32?o-4I@;}C; zo_9vTE-n8xP62}~pwCtA{*f-r-(dMIY8W+mFa(E!yPA_LwkfVQ{s_OF`@|$qUWL>= zO6*)LZ_!YJ4kk}l5R4;haf-=L@97OT)#pjjIleUHo0Kn|aO4wY5vvt}W`kAdu{2iN@D;5gz$HW$n+* z`!x|^>qXpvrK-zt;uon(o~#pZc?(V*p6rtaA~>6B*&0VjT-9*(H$PcHq@_3OFy@NX zkZ)hj^8&f-`lDwJzgU;c7cV-h=2mnGXI)nb*RqAP<9REn4N(QCfFcuI@Uq*>b;q{H z0R!ys_d*B7e=x^TSR0~r`d&fhlrtJx)DeCq)kGY!;m&e`j-|ZGw4-e@DINpbtOnOc zv+$ac^Cs+Hkm=xZVGl+AC$o2Bw-nGJ8e5cZ&j+K~TAF*f(Ry33j4iFPl(j_tuf+$q zb~0A*g$fY4tg6qXZvaHxk|3f$tVa0YkZM}LzRH_$x;XLST%90hb*f!|Sz0V$tK>Jh zAx`w^u&v;eS^Ae^7F7wXom;I?+Io_nz+p!XLQ7Y-@2_s>~$u@2^8&^jqplb8GA!KCH!^gjEO=`WyT#Xs5xr>Nl-;w{l2pz!*45 ztgKV@*5&(+BJmzKqMc;=6@i-XprpG{%~aC(uJ)8ijWY6f0x+X2+f~5t~bsG z)ybMSpDb~7u^7AUOU10!_b(b4z#|>CPfJV`(T^IOoDq{@M_o25oFMhqHq&XWiSzh_ zE84}wo~0deRPa9mV`Eg#uMKD`g*}j3PM0Mf+4^}5A~Z?=nOoZkfM_53I6jW;@h!aT zNN$gig0e7zZisr?l~JHRCyw~Cf9vsBZKB8wC=ydv{cPUcKksL7d^!DsFws-SB?p(R z@}m%GN>mj~5+MPb8P@>jmpN@NIhMSgpk7kx#Xi6ytQ>UpcU8+V#vj$5m;XwgjQ?}=&!ZPL^fo3zIkVU-lbv^K|dzXA^Zq-B+TC0^>X^cHbx zC;4Rj8ZN8)Mo^;9^WbOWAKIsBBnn>)u0x59WCF4a%3CD6KYBSC0|eFE?0<;rW)l%j zlwL33{|O>;Yuq3sanJv_J7fvJiIWl=E9ch4ZnsVa`ELgG>-bXn`n|nJ5XFl^fICmH z=dE4BMsZqG(v(iuk^_r}`@^xrd!Yx9-X?ww^18YM+lJBG7~VgOtGhcgiyulx z-fyIGm&X7@o*t7)y}03985l@RH|9|pB@a&}7PAcX++7%Gam%e0Jq%VTj+Cc~&1cF} zgN#EL)V4~3v6;0@`A8$GyH^Kd!ppp~q5}r=uY>hzi8TfJn3RSF~hUhb_}mT4Q2Pk=~qW?f{Jf|FUN_ zpUPo|yr4($bziYS^pKsEzv>Uw6Xh(s_KC2sY03sSUtt_|AEvndb|uY=C+as0zR3lI z)?x9?-jUZ|z*cOdOW~4gVJ4N>18kzTc4_SMw1#Izfcc88aI^lI&{_W?MDw(h$>yb9 z+Rp;=2h*#0lFaMsm?f|3haUs00eVayw%g^5>6O__^D3*bqx>R2yalqc_$DO2U_Iqe ztQwS_IE!lD&FKK2vIV6@2k018QkAtLr=<-GvEJ5yepG9WR#lt)VoY>4)DlG}?Y4^f`5z*yc*(& zh9>^Qu#KmJ-lQsG6%`@UM`s}uu~H?$$?j599 zH+jIYwjaP2@ghi~M)rCiP%EP@M)oQshN6l=XLamIc7pX8KApRdwcGRr^iZ0g14&nK zqag6X-G6Hm8UBuYvslpE#Phum>Vm(RqN>0EGW;5}MixMn8{ui(oF|p0PWm!KIzvCgGep!^!Vk~M0v|wVg?2>mOp%iNr-4RDRq1#tkP{( zo4fDwT=pb3V623QYxP%D-5&G*Bwup7*Vf4c;7ip_cGs7}&DM+3+nY5)j=SOBw&u?v zCds>b=|{ij$46XoQz|y}_H1-L)!7{*85C^YUwKi>3|#{>%cYmLaQ+P{!#iPees?3! z=Q!<+@cGs17qlsn-Y2j$Ezzel(Bm{ZL4k_MM~UNgFdQv|`&J7t>xhyC)+@`p0t|H{ zzsY^u^Ybwt0#>?Hq2VZ;xgT8nz83CX`d$RA`s8)IQ5T#0y5gD~2@!vM*&KwBhIxn) z>xuMfs0@FQC*XHS-66hD1h4Ib^=ZdZ)&`F(eRa=MFlX{5>m+o9Vi`-TvVAtWXJ3n# z=iPzuH2G$2nmOcD2GVE52l5C??5cc)64&O}^gkOz8J#9wT9wFeCXZT59KOU4s4(CQ znlV_i!OQ8qT<5Wf9ZUBoOOxKnDZ`?3Pq{ynC|l6>{@4);w(AC+!E9Y4?GV}!Ri;v* zHTcJ1G_qVxsNvRC>lzv8yO%?&e)F9Mx^;@KBmuzVvgZqPptZ>QSIWjfq#yEk*u5(G z2icL}rf{3|SMt}U=y;H9iawc;va^vt!~*rIG_7Wf1*{O%8f0qGE?67dPrsy$@rb*# zEV+i23Io4{v}6CNQ`aipb$(no{sd42;?dG_ZPhdOgkx0g4}^URs=*t_9FfP7^h6f9 z)^T2Xd|aemfQM0VP4fpw(u&-QZ)x0LCP8}jfnqKF5#ztxVSdV*FpG>sZDDLe%!jrO z_5)FW81;Y?ujaU7E}pDw50*4KMlc8X+W4}Uz{|EE=>=@%d}!R8ukDzZf$dcvfSx4L zAz&Lz;5=(xJI4ycyDjRTy5;xcUmM2j4`*STm?vb9ZaRFBXjG5=0Wx|)yHBG@U;z6C zmG}wl?Y4HF@5O(wSk>zr6BKsq?0oL~j&d~?KmW(IHKzUueCE69^S9?-X><_9{}(QC zP>2yUu!FiEcAP2-kIy%3Z7iMHo{|%{_}mI~Sz?5bq!yEL7gbS_c%<5IMQGI#<0dSI zpP6P_vUeUw$ZyFMU7K8pOTIZrj$S#|;Vg@eYwgUpZ*iP*+P$bju!fX?{LC|!L9@4V~U=J_0Bt>9rOHtk?FP zBCBGJqQ95G6REYdnX7S5&$!$yllh}gZj6yd}h2Z%Lq=#`VlcKm6GON2LIF*q65XH_MzQlFu64I9TvLW;N=R}u0V!>JH`Sb_!Pq`z%Tgo*6|7Ka&gY%SYDd{y= z|M4~kh)=$@1cBlCulVQMcF_zg94~c(dddWk6u>B#7*%m3ny>siY|{1i<{@hU>bo=X zek(X~PDvAmo%p}VKX~@gU9lrU4R?a;Wm}L-JL< zKw0%;tZbC+=V0hGT~2|?<&FeAD@(a^GjW2ve4OrI60KR=h-#F67=tD<;A0(J`#csT zYH`}z@MF5CwP4kHP{qh(=iHIvu#&E2h*^t%enNkZqFWYUF<=?N4vbBWHWSADcJ>2K zRv=&m6rT9K5Bfhxf#bS(R;YU{7(8XUd;0T40_6Bqwz{xocve2qxeFpUr5+xz3^Rhk zUmX3vqzq+?2xH>pYq`D3yZM{nfHtSj4a$^$b4i&rJj4l!B)C5FpRu@zfLsiy*DLCR zUE+xQ>YN(jf^YRYkrqeh(v#kVcw!$NBBh-+^HtO|DNvYLSYWU~4+k@{ai}0NAKbpR zpJZQaUy*+SWqE;-yI(zCK(rIKz5em;ceRR3k)4%}YcQRJj;Vk0V0J$)Dv^44>D${Q zi#jkip5u*h7KA!DzLiz*`|LpHaEH{EtU9z0ciGeR4D-y3uPro*+wuY&phBr%7(s#A zhV)BQ@wN;V#gfo0W@uMTId1((E(Psr7p=aZ@YZ~|) z_&34pQILBE(tmQ~rUZb`%3JxflFNb^fXyr^A}LHsu)Rgm*JK8nFl+?_E$hh01NYgN z0rd+OnI>Tr#ffytISV`m{u!ciBg_bW!@Oq=Zh)X}wXulEf`6TcOoNMTu%%h3B_(&7 zz$7_S=O0;iofe7TM(YcS-yc^TbqaRI7=6E|vF9y+az%^N_Q&6}>7x)me%Np3LFVzLHq(lfMX>BWvz`m1Eb` zdD!opow*JbdvPda3)ImphH#f{(XJ3b9SK!5pljQSCEVaQl+4yVd?GHHXZkB#k-!8V z|2I(sb?0-^--Z?-Oj1r#>S*2%cm{T!Q^>!sJQjAmj_b6(h4|0Xm# z50t$C7~XtdnBo{g`mnA<)1lA=T*NC&3C3ws0fxz)v40Ly0dt!nk~+XsTIoiA?9`>pwLXCpQT$ zwsAL1Ij(QF5x)A1&l1vBu{8dNo;B0Ibj;q4(oQ1hx8~CCw)h7Bn3`hpvwj>GBFNB! z{cDFF5jsc=rgB3ecfEn=l`r=juV*_?kizT-<}+5neKJ@&xg6NGS1PWrGQ@~Df@Pue z(Af?)jut5b=rq8tvC|LpJ~g6O&_Wn~dVlqL`^}I+I4)B~{ZFb1Oz6cegmtzNe+)Q_ zPrs-Mx5jOKe*pndBUo#@`aghTytuW>d~=D!wIXyxPW3^pZ)prfMD)TJwJ{WRp5U*- zX}LGn{y9nC-?5td1x~T*|a-ji_ucx_ds}V#LmRicp|HQ4XJ$<3wnRN_-+0oea;oQ^g*?Fi$51w z3+>7L*yTm=)>F;w#mF~{(D!pVjPNt5luKFyNItX>su&{o#9t`-HrhwD5P+Q5bG6Z7?(eFwLgaVzV7zZpE^#DDiJMDXNu~pB6P>pRB2o&8gsM< zs;7_MRcRcvy6E?;Lrh#ecPW+wEC7B%lk$^48nqC32AXJxX&rIL${VzKZk4eCDUO4d z8}!F3_1@hlrc88f;CKdb?mX-xZDp95Fp8#`zd-ol>370g{srh9E20}SB#}R7I`NlV zPSnBX&L$4bd_{NTf}94khaO(Jx;leh9Yh5y_%E@3U^Wu{I$(D(`gEfrCXO>xN56^8 z-ffxj+QPWQ{2=)2Q~H$vID2%;=9JGvF%#fdmVn8WMy2+G=X<5 zPDus0lv*#NZAhElev6ph+l_%3a&OJ;cr2v4B?fPJfbj<$Lb}z0uoCCv~Q<2xe}H2uLk_z{eQ>N(xT6Gm?aTn;v5Tco$cehNx594 zV^oL9T7`YL3sTI4g`tj7^S{q&;Ui_vleYJWtAmxhYd~ajalM%jHT!spQUse6{z$wP z|FVg;<^9vO;6M&Q=l`@R3U-=QNvJU${KGp`92u$rQzuZsPl0?+}!KZ$LE^F!!M+ zLNJy5mgRuYRbmHKXOJcf_7=O&$Wc6Pi^-Rr&S2@`{?=c`>@8*H9p#_TFkD0+5CQK+Wz6Y%mJNGsMT zZuH;r{$eP`m)syv^*QcyiAU;})&kMzAw=V4lx>W=2ZpVOJlWABn92@tP4>w_|4|c3 zLdE9K0UwIXOJN5Uq9`8w0P8NNxy^Gn75a6Z;Q_1!G%+2@sq7U0Om?NZ33qWBPA<%{ z<8O;|{jU8ST_R;kG&mDew%-KAbgz-a<|}Ba5@A$A0`gzK1hRX)rJFQs6@K@|!f2}@ zmmqP=R1vJ5`{I&>;Iq0q(KEqQzIr8u(EU0~8{x9KnOWYhQ(Y-BWXpkwn0iNh7X-l{ zM1!NnlyHVZ_Zt%967=*lWf9Wr08zt>s%M;&es`7kNiLNRodU0FQRMPbf)HsEmswln z1#AmU0R4!^qi!-g|GM zcS46i63E@?`ObIByYHRfZ;UtY9q(QK$k4slT6?WI=bCHIxn^-1Gp`q44z*FW!ClvR zP5o}Xr!rwtm>bVp(ZHAmSgPVX10@7`pBy_bfz8zWX zKRS~-vjE^C^2?{1JfI|1;=|h#&wtxjfKqiJ_?B-hzA)rLZ>bL{kC1;veC5#}Otefu4+(YO3_0o6)PVX+oLrZ#oA{4(Tr4Oe`}CTtb=E3C^3DO2u0QH| zAKRQ^g3dTwZIl8nQ-m2QhH}E%mYNqxu;JK}8*xozt1W8cX({ViBu%L^zgh=R zS~9m4ZEDiykAaCc)9v)Rt6GHlI?ucOpB3oSFRgB2&Q>Z?w}qrC&h~WBR&kZ>8*=Nl zH(YxA_?~ZRQl7;a$ED$mFi@#8*j1U6;UY02%h-SZ<=`P+4h6(AXj?;grORT779 zU{8vCxl-RBh8{+r?*rR3+?%iS4=ZQk+A4l65gj)!T+K|&Gzos$;oTF@lorqOM|(ex{^BiX&}f3CC*xjwqJ~ub2{&DlvsYAGQ}R3n5yh4 z>dLAAhh_c8R5fboqA+72Mmei{cc=NwNIAILwzp6^mQ0K!;%=k-6%f)&gxNM z0wMG2F5B#|{RyKzth&GIC;f8x3f@Ur8Oq+B`(7ViAkrhs20r;B_fVoVPY5@>NhzcQ z)vG+By9sg(KX<7M#!Vs^4Y)tygc-7DDpMA_3Uw4G&(D#Is6Z*}4Y9n*71GCZUzNUM zDX1Waf<{d(;w8gvqMrmj+?t9nSa^Gro>R{_-AV_#IRB*CBeq`iM8&(Ed=KWHKQ(CU zM%jxt_8)a@cAYuXbw($WC*Yx5$ik9Dr+;F_t*cDZyA=BqadlDY8iGFv#SCq$7NyT` zSNZ{*c>9__%mE*7N^UtQ-S#y(i@IU6`{meY5f87;BPB=ZO&Uo5c>LkzOhmRTAjSs| zw${q|cQ-SrvekI*-xPH}jDBR`#n+rDY`QF~1Vwb`!5Q{_fUD=J62~KK@sGR#AF^T!kGUZm_-rcxI_d z7GCWR7f?<+6UKf#*z0@V#j!)oMWm}G#ZEe=3zitHaxW)r+2XRx;BB0=Wdivk|7m6W zjkdS_q+wN>&oiW~713wdhLt)!!`j^K?4xVqYs!nWv{a?gDX#gX&# zB5iWpzWTctFS0K@PJXMYq@!vk?BlD>(8C>3n4?9lvL$uk(V=wYzvA;s<6vnovVO^R$ZW8rIR`t{6VqK%Iw+*aEoeyYUshdbn zUc392{t0DV^j<;2w@)swW6c@PD%RPHXea*rPZqAx*u zw}m$kmiG`JPzLWWVyLqusdx;l0yy0c(pAJX>~vdSQ-~_q{&Y+l{sVMnvgbiPPzo~h9mGeCQjmUT}9TG!@ZJhHKv=4Co#G|d~2Qu%(T0V(-H z)Tn)dRvj99sN$n+(`yPOr`fZ;;LK>&ucWeh_wwNs#jNWMqR&BSIi0L=p-z{TEy%@fWKr7q z*yWy>j`ODTe3l_ty_}UpBrd|iDXPC~?I34e$7B1hPsd72xUE9r^SJ)+hKbSx+7TnI z)+txq?q1QGr_Pil5TfbLn!Zt`U&y#|b;W@4?e(d)xs~Kxtg`j0~(T~>!o#s|5n-+&k2StA6YN*nnMs!t86B@VB zo1q5PJj#~Vt4f!jMG3Yz8XwEhzvsWD%8URrS!Iog5mlv*;axeq{L=70Z>L;lu4yo1cTJ0z!|;@nV!)W-vMHF)XdC;Lyb%K9Vp z(wL014hC+ZPoK2Ke9!&>+!_a!onP6lFy~#nV5JWIq5U)MOh{H!N~P z)ZhoQBM%jxpWzPG_u4Z{3Mo4weTV_|svrFsWy~7on#PT9KOB6t0BbI`@Ont2&hp^R?~H#$vu%i$xU4b)^`qn!zIP4+|;Zeu&^CqA?*$eqk2 z8|Rz)7e8JAqR>C*o&4|15ka+*ObB9;?;g z+&8v`PqU?m-ceWF)A2a9oOcB?Hk-XXF`5hCC_k!HK=cf@iI~c)+Y-0?zelj{PtFm! zr=@s##%pCh9~`P`QR9~0Ke3VjiLME&*I3UE^NYVr^17iq=-!d_*ijhBRi-UIg}FUj zvZNvdFseZwp#=CJ-4gH`@x2~8dA;FW;4Cd0p zbmwjCcRqz;M;tr+>NHbIfI_$kYH|wb_Fi~y1IKXsAYFO+_iANxD!IGu*h8yzrCkW$Wt+cSq>yWtW>N_7%> z-y`)SUfG(G%3jn*=k{5rPg`K}ZX9d5YI3x8reqAGT1vuLJexf%TCDviJgq`w!3VlQds4v11eO$1*()Z;T~F(p)l(P`f}6?_bGjjxB{GO=TCzNRDJH^ zv*9&B&7)L2bUt!t?PeVCck|{u4kond@;>x4{KVg&qKz>%?KO3sx-G0+el2Af@AtYG zo7CwYVES=E)knk!Z1t zbylT-Yg}U*=PbNw%1)ZGVEPcEt5nDpK2_tCi^Q8C5HvNnlYa@z$uH=cy(yDKEG1f7 zn(FyoY)9thRURHZ?2cik+k156H8bRIqgogV9J$6_qmz^a6;@OeIbR0Je;F>N%TDje zrRjJcN?<@&Bz0^An_3zyZta6Z|0uKzh}QM^p1}T%>zDo9VDhQ?vSR<`CELJGzYeEu z4Mnw{95PURgg6i@j}vV9Af9mPX@jWk_4AH*jQ%+kSX!UQo%^b+^x4*MPW^Z=`tx9Y z^h2O}izWRRy_VCxk-LylYYWLEi??0gZSRmW3|O-nY7x6Hj~)MEQusw2({Jexi3nIF zr+khZG~m5+4C{Otc0&0@lk=NCmG9ne5`J->v%a&>Imu4& z<;}|G+|bt9tUEEyfq^?aE`ssxw>z`TadOY8&+?jIkBYysP()R%G18G>CFN2C=Ut3> zJXfL$1ilpa#iZZSA7T+$zZwG1irBBX`&kKaCudP}P~N%rI=lSLt#lx^SV-z9N>a|nr#5$@t@dLr*u-Kc)XzQsnD|;kTIT{~vA6smLLFH$-QO=hV4Oe5O)>Si zQGk^zi++{!R!zESRPZY4dKXPWOLN#PUkM)&@%uFrW|av$+ihk0p3j7N^g@>*pS9Cn z#fvs9Ram2ILgxe!yHS zT&3H7Ir2gc+c_C6VVw0vU6jvCMtBnuyxMKcJ>?qCKA_^nPXOYr*t{<&zgKYhQB5H`bIn0{B!BMzCE#c4ZV$ z-LQ@)6DfZ$P`g9}x|QoCwR~>f;>OMF-SCycEJ;1#SNdntI`7uQgPyPoz(KV^ zR@1ty7qMyn@a!+r`+9dLjt&1{dxr{0kcMmB8(p1Ry-TrhTC_c3LtwJ^%u&D5M&u#ytKxyB}(6O%TAUNwfO*6dn@X8pvtB6mscu*%riGI+Sb7fxgU_nxkQ40z77Ayo9zmA#$JRw zuA*A``naTSlX=5V<=+8-yUngoyMO>dT?0ib4mG=;+p;>~DZN6h$Hz8qDG^YnmZq!w z`N8P7qEMz-jZlH#-YBzxbs}4`vzz-9dtE4I;$_n8LWR4*1q06%8lB+}@HF-T_Q(MC z2L2aM@900ZE@NIC2`WuhU~v;nlu3hi6&?GvUzgl^aQ~i(3qom^uO$@-lydx}JNL)a zptv{lBy!0rT#H6cKu3e216T!-cP>3dAuJsb?0~!HS)~U z;zE-kU#8E8FrQXAnO7(q5vCq>=bndjm_he+P4BE9X@xk2tp@8z`ngwU#bC^FJlJ9f z5y?+My9(Apa4eOcf>S`QvjqMR+IPZg&@FxLSEETS$r#Hz#7AO7w z><6?>=DReSyd!&zUw+%`4NVVKv5ufPw%bd|b&ktpzr*Lgj-E;CJm(J=!JM&ss-$v{ z#%Pf%Xzc9b*!00YwdpB!=}OCKuB|c?%p?2g=%9>g-tO4J<=fDbQQmL1NteFIX%P5%%Mb z_cl>b_OFvwhL?out(!dUVN>Q7yBFw%-e=y$bX(J4wqlv_{hGvB+IY2xZ8Wc;sor;P zTm{kIPjXv>yj=;qDj*)VxD_lD_Wf)8!%8XYyIxYwGv8exMrq=9S+vLXG^WLb6MR(- zeLX}~lEUDPbp(1$tyyBOG1MWh#9r)&?cj{Fh2EV6 z8t{jFg!mQjr0yjjGX;qR)qL}EG}yBXgNaEz=uZTmVVuW=yJBh`-pMk)vnnygUC}AI zJw!UEgmKrFUt{a@?+H=Q{gHh8TJ1-TSH2%?BqeW;Ub^)9;>WN8k5<__so?YLNaA`; z?R!z_Y)H}WvCmLO3z}FnBw=Oq?Rag>3Nuxeo8sc(;<8w`;^KnIlE*7-@!&PEwpuzG zdNoDcB|H*9y2kty?wkxG4>SHjm*9kP>@oK-UM!F$D6*AYx2()_s`H7&+wGT#qB9f2;zvo0mWE#;@b=M!Ex*l4QymiT>d&+~*MP3JFSRZl6v43-zmqE^s%td$yhER!M$`igg zbwuPU&Paon8{7h^{2l9#SjD*({)if3;`f+F3%wwX5ru!BhS_U|RC8M|)RFVVhk5k- z^WTDSqc2Se}n#X6oly4w#{W&Lt~86@HJm5#cq3 z#luJ3^u$Cb83jsXvl46ab0KPps_Vgmy3ogp@hi;!f?m~+^+l-H=2<6#k4z6&niTCQ zB=j~q@l8aVb9S8~T2Qol{>J9Xg4@Z4#7Qrt+TE)cJz-2jVxA8~A?s5l>6Vt{SjUUk zI2d^xN{?1V%n}7&) z(hpFFNP~~wJH@j@jHFcllaA{|ays$c112v^C#T+;;C^!E_-~^lByLmKVpjEyi%F|x zm^Fyrp&_&QB{wzkSg>$*W_3ZbgPFt8TIg`#TGYpFQ$ENS2KouG-AuAM8AsyL_L6PQ zre6y4@#}5AniWI`{T0?x<>QdJrf2@RgS1FF3Oqc$hGX4d)$3_`8OK#vu0GCQQ_;c7 z&dhu-&p@SD0u#YyG`3dMFEsRp*<+}%nFCM5MgEIc_)1a>lFe7QWfu19LU$|6mN{yS zSl6v|c()U)oUGPpDNP&wnro;?nHG$x2Pr2Q@;}P&VRTR?Z%s$ufQL5 zkjVx1&qwNI^l3{UyQ~fbbi|40z~4FHlw6H7++`BHZlbvDD8VA*JCvw$j`h~glKze3 zGUkOu%JeP@yF`O;Lwn57r;Wi?l(2K#m405;6VJ0e7ESEdH9Q6VjVIMzr^FQVD2!vv zFaVL6qyR(~venXu&laE{sCw*VbnS)KGl=Wc=QGJ|+9+TJxIH)@)f6PJek9_w%kL7L zO}WPF)*S87f+uzi?p8agWXC64O|kS*UR&`*`z{$DwbDn}+ay1=tUm#@-$y=og|v#D z|2fUug6QE8d6(pw=|1x{cie4b9NV|)gRP3vA1lK`^*SR$b-iauiHAh@VbXj~>v0!? z;I}g*U6P0^ev`EtuA-A=m~9c63BgsxO~O&Cw4U%}BAD!btx*^V9wkUTh=dS$mIz5i z4C*-a%e{QmZWr^EW4nepQG?lM3gX#ab#gdKv^l)on61)m@Q9RTIwzIvQ8{Bxao>3j zdC`-vY$O!d{Bp<`g?oN150`o4ixj;GD3gsP>gu(4C-I$a6l!M(oL;@5Zw72A9?+-S zy97r3^oInI`klJ2VNsN&_pa2GMZBnELvVOEBmdk%@?z)8UdV(j3Eiy=K!p^ytu%D5 zl_Pd{6*Z@>r>C=&p1@ijK@WgQj{2>VP_)8uMn6BQW<9xXw+m13I9CH10XI>CyAPAp za~_V44nUb5SpcUuj zBPDakb6tCSIo;MaRzV~k9X-NNg z#Bvs!b$$$!>%dpF%1xyW2a=u8({51q1}#KJGVdd}VV5*3=*+yt@9BOj{>J_XuXE<< zax*34)70*~hfAH#|1BE`u0fSfg=O^eAff@ZIyQVLs6K3i`>pJ~Cm;Se#VA^^`%F{c zWBX^VA8B1z>*a1C`vM7-Tb}!a&bX}^KOQV*l0I_X?;NljYU{nh^+jcy_L@c6m~pJ5 zCZ-*a!$JBbR!eMZsv!mjQ|RN0O9!ZA;tPL#-A*4`Yz8h?fmym0^U}EnI*%@Q%C|XbK<#-+U$DFwjrg$pg(`7__z8%}B$9P@BqzL|T)x5o?4^}0*q3gJL zBV_%iZpI};UX@cU)4c&%*g1Lb21Sla+;TyCL?yYQA!0mM9Ue>6Xh#T0UU)K+!HqW| zPcg&F2R!<%ZkH@$N<~vu^>Es6coAkEbhN)y7wbH@ShKRXXv0-(9wfZEZ3o%gXcVdU zW56y9UE8y<8WlAjh@~Ia6EyD3q>me3e+3)ljyZJK#PFbYq(|O*#FH32(H@(`9vM3wA$u5bh;clUpg>}!pt7_Fp{V8LP}8Om3jF-nd{OOiv~Ee+ zQPv~oOA^!PncGBnSF*bq_~*#6oR`KYJfBct+>a@yAZU*=XavFYsA%xr8hT4$;m-cY~5}iYChg+O7BXfTM`&uMckx{cRP|Y>fasuVXI)52TYnbjhU%R zBxI6-gn|VDY~veJKqX9pbU_81nEjfo=g-s9-XJ(UAIkLgy#%D8zW*2-+Q|h*C z^g{JpMba8?73jR0E3UJ@!8IpAPVkS7>$6$nA-(g`p2iF4rskKI$t9-!iBEPrNO?Hu z9_{;%zY#nrOS}iNz^|DfZut5#)V*Qx=i0MdxiP+qMH+ARqgLU8*RGRY=n%V=i@l*M z`qbJ}y&Vy}5-gh$N~MZJ7go)U)SUTgn0(5~9z8+yBvP+n(qtD!UB)|AStoY~W~J|P z%3h;aWqrV+SiTEq?Sfbgx-I5+2Z?J##YN!L-WooOvAe8Y^!q)8liG-d&!qYCa!mZQ zL(OQx^gWr~vC<5Dshu7A;4m}9a+t8tt%0OJ z#5aJv<0zlN1`|`s_U+bS?RltotFxOD`?_~~RaEz9nhXyW56$A9?g;RsjGT&-YQ$uN13!t5{0b$s@YSQ-|PY;(H{APh!^Tk?^Vw z;$4DbA!|I%-Q@lH<*wKRXWX;A0RlS(6OmbBXILWsW|M@j%2gPT*WOYw(yg&!(+fig zv_08dvP~ciOk@RKPm`@HH5U`!PTveZ1d_$SRMd~~DPNfWkSkjk;yu3<>d%PZM7ayE z5AqiKM0B$-aZ-r54oFcOHH()!9<`Q6MDOqNmXU5CAIh!s*y>Fn%Xm64P_Ez_z0VI& zNY|ZAU*_PWcIEKv8WNhtycJx%MK&7k9Y|0(KY<}w6fAe&7LS?GFB`CPRKdtHn4hFbg^jglWZfcyIji0&EdH%G%(~-Sy9)LWc9Dcvi_UR2Mq@P<>`$IjAZI3*ka*bFl<-ZP zc%;MXr;ewfa|&9k-TVv;e5@-3N4dp;#8u=uhR1x>6~qj$+f{4^24X=81itVgVbW! zoQWY+q7+YtYG?+SsbXa(N&m1Gzj4%91RTi29Nqph`WA7xBiRgn_nCX->S9yj3fKde z3~*GQVi(F~Z?bHP*JCs?iUHh@r%XsbC3#X~=IW|K?6ylxaWEw+-WG2feK3p?+xDYH zALmo4Ljj1k>aqz(C}7o&r_(cd7#xT-s&;x~_-v3)o#*2vvSTUD!I7jWm}QhnyR0jW z3w1(Z#b=0FEu`~?ZYiY?h|*jLg>-+)HqWJ;8+Sw9f?;zXZg`vR`5NdO*aMK)7d{%5 zA8kd^`Q-37PC?9^YmLiH-^dTPld7AVxsM9gh1Be|8`p;%N3H80*J8<0$8JW=Cs@1V z$Lk}Tv^=ZwtlA1ca-HoSci4co&l$bFCw>$-Hpv66fO4H@&6CvQ!&5DYT^Dzs8Kl+o z-rQ?KCok6UK<{1nX_)>u7Nm6WN4PP!np2K3ca+nXecpgc9*1*)EagICTVkryys!A@ zjtJ+XVP1r{W5dUW%(~bb83pG{_Y@uU;KrpcgcX69VxN$bn!VCsRT)v<{SO`VFRc`L zgC~Ao@8s2hJ|4zB%`bSn^kK^|{mwo%`efH_QI29KJR&kxdOuyc7= zoU0YRd7M-R`55{?k6pK2o9`ELpuTB;Ipr!d@-|^Q#mu^EV(Rky=fC8)Q~8GhrMZRN z?LO*Z<@T(xJDE-%e}lre1YlP7x`w-`J^et-&kmE$iD)PsjqqQe5?uWp!0+VQAH2o^ zwnAx?ZLw;|>AH0Cj2{3V7Hi&#>Tn>Dnd>?cPn*<*>G+UG1dS9@ae26cg?qP1vm|3= zr6Y*5_%c1`-jDg-_{FS1h>&q>v22ovryhKr{uK!Y_n!x3O>batJnwP*VwNAN>(GtF zsAwf#2L)n60h7nP^ox52**&f1?hUPFF6khP_v>8fo2&++>te@(-<+r(zps`3CEi)6 z!3R+a8dE;lb5w-w%V`h^j~7!jdk;~Ldo0;X$KK4DM>F7!#0q<_#t)=SgtCC`%^2^^ zPs~H9o7s?JQ0B%4FQ)rs>oYHg`I{^BDOI_Tg63RpqE?xU9Mg8T3}nBNRbWcFkUM87 zAy0BJBYNhUoh-GdX>)8R-%EZ8=OY=k+lB|g7s$hDrj#7)doK*rou%{oB~8O#QjeA1 zu9^A5dU9mI?SqYy(bE+&cJk~RQvC=IPft=6b1C06T#_OcVVM$Gkh! z<3|+Eo-?f6o&JJPNKmF0o`^ypxTVo=w5cUNjJmeRx|hbvNW>u{y?&5beZW=-MDMy1TO(?j`o)6tdSL5 zN<3${1&IHEba)fQ=Jt73N9IOQ`Ks@Dx~*LI2w+;4tYBzWL^?Hmyp$p{C1}(z(AqqC zo+y{y6Ia1^ETRJ~a!Z$}r3l@11;Ksnrn6m1;urp0I&N~qd8*U~RIJSs8s~rqF(apw zLr+{b-nD2M5Knk)IVMk90>ol^?GS*TsZ?p_QfW6B#C$T>z=3vacVpFkN zVbDss?8X9G#`@RC*BAK=r2?o5#%J(iBv8B}Q>d!t;n+-o<(O*;}siPIYwpswcK+W?gKGu@Dv3fonzztd_sr@JY{J!-V2t5 zL+2DQrwbksr_HsYAy4%oghby!R@$Iw;k9iMK^B%E2{WBdZnkpxcf-1QV;>We3)fF| zodCER)U&Ejj5=;D>7iGGK?i3XdPE1g@yu)j?tIFCpD5&KvE{sCsr2kyv58?-I2y=a z*+Ulu@5?e-#p`S8i`zqGY^d@vZ|>JyWoP73z=SR-8v=t^ ze(kn!w~fO{%o{(%6QfD5K8P+6$yt5n@pMLYrZo}W$vE>R4Xa_}zM$mJ>!yKS4_VFR z&RMQNz1!t53X$1!ec;JXCW6R-VE_(2wK>m6aPe>&q2d}(lvpWM5D8x2uEZnjSk-A1 z?5y=8mN8juB4#>R8X9hP&YVoKMVSkRyvl!5TrQFb0Ra}jR6CMqCcoGR@N*^Rw?_B} ziS#cX{g=WEsDb}Uvs1k|_Mi1)@tD8#VxhR~p6Gvm-2~(pA_-giMdMwI?9Q?7m%c%4G|2q*^$SOkF941A|Z(D;P} zzwczh<$L5t0I}UR_(f$DzU+IW-Fi1^fc>@;aY|&3w=*TDs^2+l{?+XicM30SFVh2q z%yazOnZ*@krcPlZ{pbE>SfTr4>UR4-Oys|AX!+k5s~4VA-=sY;pV0g#AQ|AA_yvQi z^r_Fj_e%REI9){a$cP_dHT1FpgrI+$BK`m^*FX+viHC|)>VH8U#=eKf9`C0a0D|zJ zm%d zTrLE>VMxNtfEMrBfW_eUUKo@wdY-Q4@BNdGW+j5@GyXntd%gcn5OPYx9FPB696*e1 zi{E{F|CJb(YRmq;mDN8G|KB=3`uC3Izc}A->IV#lMNc!QVgLT9>E9nM{_CSx0G>nv zAOea!Knz^}`l+zLv(Ufz-@k0xQ{Fmy3$SYbw=I_cOYs))TnQ?^h2*IFizoeGu!3K$ z_B9MH1^%5?)eWYf`7fGg|CcWG|G{khf9CezGq?WVJA_{zaju%&{#BxmD3!$tOlK&-Lr9 z1Ew+&!$h(Z_lwsWW=axyXZv`7bTofw-M;M3#)~Yc(%SFikxV1*!v9>n`9=M^p;3?p zhN*uVWWH;UBy8$WE?s%}_H^aHCBHR*r~JO*09Nsz2z>vi*>7V89pKSxaJYs#GWZKS z09gNTZhZbE!T<6OKP9s`)KTc^haUY&IZZxCn;<{{GX|bMy8#Gb-j;{NQ>=&nUH%$| z05?U?#DCkwZh@BVP7k}&>HcaTTzL>@aM}U#XNM;~gu#FKhB6cfy!o5Z4RrlauC>ta z)MG`a?UgQTfLRPWv8ia=9Ks0vRk>o?j!)zP`Oq-)m$K|W2g*!IF&-^49WS%n#9%tb zobOh-Z7QUxe3pLO9?4bVkG=sc6?O`&+W~wCN#HTiI3XdS!e1dZE9+qpFxGp)U()ET zT((kAPmg_F{#R3!P^s6^&N?s9&0Xpj#iOOE$@Gb!q7;K$BB#yKSAGpCr~&nzL%wm{ z3pADimid$6mx*<|DZ3|9Tv;hBdP4eI@&mB{rJ%oAI@Nw- zA&};XgpU39`gEz=#tMw2T$-4-ey@dB4cMe4%GD94Dd$#0JUP5My3Zj-mh>uef1Ib9Ey^;ya7O9-oFeWNfLLb3#Qa#NN@0A)jg6h z!8*u<6EQ~OItGKO7(Pd0zbIfcwuf82HoO8{_X2-Mr?*js( zv72C*M+T)`RDX^nCrY-QHU>!2&|-Ocx#h31fm@gak+O=4ieOQYfdO;Kj!urG(SwS? zFK*h}+KZiWSek4ldHK#aI~p!7B>;v=j#zY{b)4rJ~zZS&~vfgl$%qWc;ZXd^G*%s6LnU)Og$ zHY3sw{R}Hp)sRt@(ZmrS?ke5z(1YHrQvni1XsQnl=jYgEQc+2V#WV%rP9Ci1cWjc< z{#u*T2~hR3h;%hQh%nd*5n10qnHe*h3nV%?n%Y_@sIr4J4t{#8z6^Og*c&)q3jKz_-d25F37gKO9CIbWD(`xAG6>QHS1@6^}$DJXwhC zrr=={+Mo-q&bE+Ke&=apJFS(^AHlwA5i9O95^PM?B&w^XcLQxxk%6{60*I4ii8`V) zR$b*WL|qG0-NpuD`y$7!_XPaB^~cv2fsvf@EZL5Vmv8=}Mz|M3lFNyeg_!}LvN?6Q z-EN1kD~Eu;XD-(!C&#?V_n2lao8Vte5u9)yJ&*mSw^Q6GgX?;ot+WqZhgU7l5f4!L zm4s5#rehONWf!Z~or4b93o)XZl45#Rab`X|x2CdD_H*Z%Q46bu*hvGmz3hn(okyMb z_?S)_jmg=s&3r1I*LM>Dl7gJM+*;XYGC2z+U+VNoFP~otfbvCgJHKpLIdYhy!5A6cCsb~XLSHp=^mL90IS(8knQf}E|=sZo&R6B{$4rzuel zKdWZ7Qg3XB+crlMCK*mJZ4cAR#J^ljsu-^iuXui}ot>1K;M3WWWPp$1Q7k7Qn7`#{ zs*c63F8kmVeF6SlA36j*H&9}>ZI^f0 z@720~?}=Dv^9JzTqi8tj42re`{51fomKEuKG1t!R6c6|#L4dOX{PIv$># zw+R$p6J9mQmelYD_a(0at~cUae)$si;|m7mctK`V#=3c0aD@hywqF&QOa7Y@@rmsT z6y*3GQFy1OjF|53A%x5jy+4_yWgmx{ zduiEv?Z2M^wZE&IHf^sjm@a1@C}OFx>O>F3nu0Lxh{$}4Oueg%vGmb{N(KgHoScI( zTthOIQ6~<+kEJ6eXr-`95#w?E_k(P>XMO;uZp+eek4`DJCm6=iliu>tvM$X;Fya1Kq?j0Zf>|E5O%yLBo8-4Vgkp7Fw-ek# zkoyOA#|BZy1igFd1VlBQJE*(H_6oxQ$YO34VQ(KEYCue~OQa9kWXP1nWU1-ReU-@w zy5-uv1UrThJv5stjGiv_Yn-%}^q(9w?+Sxe62xS(dpeEDUQT%&jmTt79r`hQ^NVt3eFWv$V%)gxlBGrqo}>LDX1rGJ@TL)wqWMa)nc?1R6$s@40Uy;b`!{!w9CMm z)ED8XL8eYL-)K6swW`uKj-rNht-x>}+oc_IW`hZ_>>{gi7>H-@2{Mn2y4yS1-C=>y zmbRM&Y);ms_@e<;KJ!jbN3-7k{y+}%F1@0=Ipu{8iGC9>~Ro5QJsW$V_tKDf__r;3qkL$o|LWZ8Oy(Z>Q>QpY={{DEem z2=U{2Uj!=+XSSa5R5hXy5~uuI7~J_zw(ndzNW@32`nYZ{yohMUgAWsgAA$zQlojl@N4RN0XmBS#G>tyL9KuY21S4jq)qo%Z7 z=tkPN)-22%Mh-G#p?SmO(N8UAynAm%-b=K3$L_t8D6&!Q-jFaHoTL)vS&qyuX4Qdq zF{^Ink&7QGE=>p>7fZwpOOzthEywodLqm|$3=%%WpB~Qnl$3Kvyjzth$tX`*X%#ua zo6dFDq;8$eR>{VhX_ya9=HKJgi@6@=`CE?S-9GserBHcfz@#%Vpf)=2ts}&9H7{MJ zIS9X<>eNIFadjjPf#7BB0b?d_(E(}XW?i|S$>o(U?Tei}*mQxsmDk*s*$7UbyN^(r zm0-Z1mR2CA%M@-+t*!PLvpu`QXMR66G1FGQ)KmURi}}1C%IY~(Qno%8raM*oI7U~$%-YhUHz&aS4ZF4*&&CMKYCK)4O2Arw zDl*3W$!}qakSRF|j)YkC?ahS0%lMYKsQa}Gw!`bbohloeD>*E8Q=j+1_}E~_WB6(P zONp^3>1-~zVwDS@YxSWaV)_XctX&;z8&5O-sq$8Deb_1ZdL1?VH8kxVE92;Z@l1(}%=p_;F{6?>R)r4h>{ryD z47r)|++13PCg`Aw!TvYz#!79`LuKZw@8sPaS5^@Z9`v)*cF0+eAjL~Esum8}pX9pZ zf|{>qXMpl8S4Ys3HRj!kOZ_VY=p`LQhJ1G7w#ojg%b-=Ih5(m@3N*blabJ#(VA46} zqE}Uah(vN35t=~V`=OBZ`xN>^$P*WkMfVswaU+dHvSxX?)Z?qEf_siK>s6h44A zywX&*-K>*6PE}>Ju*}hWDv?pA4_sMhYth}ock{P|&!h$qUK@7qy48PlC`gwqEhfp^#UJV`OGZm6FQF>XzqcV@-jYiZ!eQld}^KZmL*_6P0MerVD$o*d^r z>q{X3LHIL27T#2 zLti){1UmFfJ=TUgQR7vXR&HP?#}`taPJ!kUpr>vMm?o|g9oN!aTb(Gm(nUm1@q_-w zuDFU!SMX*)4G(7Q*lVgwUPQnpPiMHV6p?3!&M_qqq%E=58L0$Mj^T3GA_X`flF!j{ zA1<-8*G=yXF)|E;{I_KTNY&upSsT>duH5;YF?u3k zbxf>_jgD)cPF0?`R#`bqp?g@v)U2P_v_nhO_Rb^>AawZCD9+za)q~(glSa*Zq zZC@<|7rPPG82n_cGcN6TJOqhA=B1Zf9~1?6?8dr9dmGZv||TvhC)bh>1E9qBp$l4XgNWM>lFa z_@Rc+Q9wTNG!r*!>GNuMzP&x&1YqFgzBREpDpgRLQprhA*__p;WaWZz_1vG3 zX;v)vp5VIva>{*|f3A7z+tHy%XB1EQ&h_&t$U`$kk1t48oB7Cb@SFi&QBd>*hUn?k zp!S+=!$KD0Vz`*Ix2BpEAJ$+$d*o&%Vhm$~ChUrf zNW&NH>~G$zmUUaY-zm9M0Z|3X5-VN=vbRO~*IF5PZ$pEv>JJYhPr^MPgEHBaD}*Q# zr^=nMO=G+#6&2Ly5IvC_CKy}EFG0cVCD9Swo)#< z!ANhJxv@DOwrB#L2UJzy0=t&VXW6eFbsB*2Od61c^{ccFx$4QAahQLR^adpql7N=(D9GGai z_8PNizaFrGN;5o61!Bn_+N@Fd6%XGeo6A_;_~COqYTbYBuf}Tx!M|uyj-U&#k}?>^bY6i@o(066)lLyNO^>?>xp1HKUHk zlY%%72|QiLtM%Qb`BbFk93?Cf@APn6<^D1>guO9ARp_E1*K2Vvj|D#i2r)uJ%x(TS z)GUu19Xyiqi=v5drZRw9q2GBA_8O2%g)fDrgxK855kS^# zJUkrC7Rnw+6FZH8iTVS=**|Jhy!Us-I@g8<7;Ex+2wG|TJl3+v@@yyhQnEqTa1Qk$ z@u+A)t5$;f;*gkuF0pPXF;H1jCwy5Dm({Xjp_KfGkNM z31JB&ED4#H>b_>W|ARi?&Zl$U^*s0UyPxxdT8y}*n?_AL!} zByD!bZ}{i<`wvi%w={B6W4MI?gOS}daYJ!ZSGaQn@9kXGimU7f8XBMB5$(vZQO{md zrubEJK#rj8yRY`_aS&ZFKKo2wrJvVv;MS%{ehHb+R{JVU{K_B?@jK6faL;`R9S~mC z%=`Y1lMg#Y4SUjTo0X3g6v(nC8(auXc_q9L+{7)a9?izMW z8Eh}?xSl?zlI0yW#!y{xDN?c60U$s2yqUgv_L_eNBH}0fWe<^5V906mjE_iy<#USVd z{q@N*%6V-w1WAwl&di#JzJM8yHEa*o4eH^G6p;L<{&i{*Z^-&@`~#{{B5bE z@lizc`WtGM7&g%@^yJ;nfRH}qARZ(FBgvk>+B_wBi{`RzE#2jUV4aXrD%374oeSU( z`;874#q^M3FgBHV-8wEfLD2%mr;lyS7)?0n8sM*@#GGMI#u_WMZQZ(kN%OAJsH7>m zq%k@7lL6Dd$O<00V_~J&sRk-*F+P*V#6_HL8x-%0JKZ(CaUx4DDez>b^$fG(Y^xk+ zs;shSQJ`p&_Q{J}OB{Sq_G$Q()@7Dvrlj6=kZ_1L4Q&o^ml}%PI#{Q>{NS8qW@!?p z9N-bG$&Ru(OcX}?pB|}!IwUD7!fdn4bCz4@^R(63fc3JLsOW+?1h6AeNc13|Y652e z2k-h9Ay@B=%v>rMjQ#~aNq@dnJUL~ha6R?m=X?9sTQh&eqdsz_of79$&6I2FwR(H& z?kud5=#QhkiuzJ9K|}mBG7BQB7^MV!q(4i4pVuS3nAZJ=M6p}rH?QNC5-0G3SWH%$ zj6NE!&)r}oigVxA*r67W%i1?OjPKjGCHO>{apHsi%YeFgrViViXTNh89(gArZIk=n zslHd*YkCf$?z_wE2~Qs6+|p_OVgV@+9{U>yKL3Yc<_XO%V*`7-Uk=k%zye2FNrXrc znBcOv3nlv?CMAE`@dcHLnwj-dAu3(@r{Zbl_M^iGerW(gZ$y=JqH24Hykx#(J!Q7z zK4@_UsI{H=KqML^*7x}7dl2e=V=k;ar~ZKBuCS$vRu=J@I%Qo*sR1Nq!PBV3^Cpk+ zYsgiEq@ku@%6SVV$rPa^noq(fG?22MUFK-lo_zc=G%m{*e(aoZs7!im#Ceg>bcLp^ zD9E1o8n8&Yk&0a3R)(~9=*I6Uo`8y?pwY=8rL{s-&5@CtRCQ zN4UMzV_RTKPh9K6YsTrk8Do}-vs^AWIY-?j}C`i=S_3m10bYE&h$J)V@RjC-2=5fzJ4jhHt4&tY^U^BdC zmC+^6=UAs7Kr8FN0kWZ?E^@RmMDw6; zf_ZG{RIDEXEr*4EcjgKod8D5ehkU*5nZJJS!Y^C_+2GB0)@}|FAp7K!3?ffo zlm&4{UfeZRfxN?69t<5g=)CihkZ#sgWIOjOBmU=+zJE$l?PTB-zlnlh;2UcZ6;&>wKB%GAVzLAVLtj?# zhKC6KsiYTSQEF~D1ZSQZ<;4UY>-c~cEX+o4@y^tQEUyw6L+I9&SlP>K`$ICHMR}NM zxYOD}8p@;tnkK#oKgKxM$4tob86O%l@v|*sC1@XmzvpkM!rH!7@kQk4+wF*IEIMn~ zjQh=3zLD(I)ORr2Tb`lv@!uzib?(fm#EXH78MIVD=Q>i4NbT;_+za4+M zAEZKidn6{sE(f4deL;!o@%a0;VBuPOLmX;pWNJCCwp`fe#sdPcXQR1VM z7c?`%yzQK9Y8D|ZO&9$GQ6cY2?hgsbz>g_b@>`8QNOuj!;pZ0au$x3wewj_nb_+L$6~G)T}PhM z5%a_ol@zF|AvxAyX-lE78+6xcRKP2+u3A*!iMY-!m;eAVjK7N=o?6S%D=ziVc}v+& zzv;?-+Bi(`6mT~zSgPC=R?5=vf5Ks-u-Ks2%&7Ny@A2bY0H`i3StZZe6TE5M@vo5>LbPCC-pv{EnlUz;zu!K-V*;1&DR)4O|` z$}1O2ETF2`X!p7r3S+_c&*!!O!YM&tlSm{G#{0FkIQle88KQ^D_vy@c&(OW?q1H_= z(l40>B9S9?F*~bhQ-j*`u!^Rbo27hSeVWV%>5L5+YN>{e^VXO)NvU3#cJawlt}dt)=)NTslJ18dg1PX&Rm%bkP2=5B@E z4oZmXmZNP5{iIuT%mh$o3K*-o(Ym?e$RNS@Hy*9lO zp2zXh6>Cdql`|#G$5+i$z$RRAgzYAF3(Hz5qSuSg4h8;8Ux0NEtS|Ql`t*0d%yqF7 z^n*@LiTGgK3t`+aNTD$M$bm$kmCIpcb~JY`UkD<zNSLg0j2wWOQX#pH2+uC3RlQKhoP`_r=y|0yQv?UT;>1V5 zk45T1v6vv1=*=`JBAH?{-76>S(X!mS++@ZV=)ZI4|HJx87egJ#g=1s9CaRsS9l5;x zn4mkpt%^`nL6^ylOarw7!1kmBH zT3S*aHp#WMatfll?y*qXqwZ}ZN3*`M?^ zFemI1?Qr0c@-#3cBWR$nycBOZA;1Y07Z*1`xtpohC*A#gdMgPD5 z7^U0Mj++;e&&QWA#5^@>{*izod<~d7C*DY*5b&+<3_Dmkk} z&Y|S)8pOk`(XonxR*L~Z^*P!Ra@(@ebGLN_VrTPXarS(Vmv#i9o32MZJOmT7u<8BS zeB8dY5TS8!Kl|a-R`CAI+1h!M+cG0M!RS9O6xbx0u)>8dQ0>;M*Nmx3yUFT6;&}rU zI>UHNfupu=R7?$MbDMjgK(j>ig3rG*MQJC5?JrL)U%;lM0l3p?kU8y+R}zHnByYOh`Z;di%y88vN!fzUoaNEBTwH$f>?qLbzF_L7xXVMw^uesybM?}Vi`4T!-u+)g C?S&Ko literal 149078 zcmb@t1d>p+Vu%FBPBJ1NeC2^OcqLV|KN$BVh;L)j;OiU=} zHUGcyVDam#d+btR=lKm;@;_FK>$Bzxf4kuNx(a{~h}?kdV_^Z-1o9s2=PLx(I`@ zB%AMWLF*R6=2!UyT}g*+uiMMSWX2~rO~;6zFot)30zi9ze;3R9pKL?i2VlVK?m&7f z@U>Vmw_hEpCx znZUIqEhApcY9uuYKS$ebOZ(WHKN6lJ#qEzSht8bcwL>XAf9u0&CzQCyNwmE>e#w&K z*lw{G)PqjLvx1kk5&u#U;W$6+fyh!e*^N&A60Wd$L$1Egx8!$U4!5HI-mj>@%io=3 z%v;W=LvetB(s7CY7{oR8b=f!i8;gYQ4RWy4o9er9&mFDDy?q#eV#c4t*a28eeXcQ9 z_LY5R;h2i}S59zI&h_dmzJR&GyGXxev)hkbLo}K7=4I3E>zt2R!AEqG_#X+PJ~q!E z)~4`6sy$K9=97H^-Q80#>9a4bZ;!f3p0!VB6v8N|O6IN~-KpykF>-Y6`?H7zn`loZ%1`>s|%|7=z|3lP~=5tR*gsyXLWVnzIJ}u_-*Dm3uz9pmRIC5bE zOi?XE%7y*yzEHPUj!btHt;~UhXJ1+bUd+L10_f{Iy-{{p11m0GoOJnd#-RdSj4wxu zqhpy#$*B8;N-oPjft4?DG8#3MD#?U~3L`zzRaMTi*dHwfyRizL|}^-G)LejArXay9HJ9&xVM)J#_SK;Wbf2j4EZ7)?uJPOAf9v1#g4!6C>BmuDGup5KZ0bZ|Bqi=1aB4 z-VZA_0eof4jaI0o%0EK7{Wv_^E|n)~fi=L+zetNdSmfp6p=Ovc@@mJto{Yx$j4aH9 zH}lN<`zuMAN8(Poh(1s3%VZRG4g!{E6g!+5TK!H9`NhT0UC5-Hft0bHna>mOdatiW z)ok?=mCK1kTip>?CIJKk!hm2}`96-VfH-Ybz~DDp-IGJ=bYnyCvA=^X|6_h8uLHfMY^*S=;HYQH}hM4V=fvS_D? zfpyNA7s?|#+dHiQ>4K@$II#Q8$~t&6*+`DK=i?!O^+%Vw=YeVBs4{;9}l^# z9|h!;vK=U8AcyWb_r)SFXx`GJ!f#6el9f6;EPyc0ANR0>gjQy z=Fz2${A{xW`|TM#@?8+{JUKt?VL`w7;R&r+71?|K)%&PV0dK00$ZL*#*`P0j*xPxy znMlAJ3qdUqu4=aWwj@Yo2G^O@C^nCRJl15Yrr59$5A{$i(HQ>r>kq(YJ25OG`an`( zfXh_n>5UI&OP3&OtcK#vWLoYqzb!%Fn1K7lLdFMo&pR{blyg?12`{ro88YmQ$SURV zI&ap?t3^jqSK6gX7-Va6yDIU8t5cT}jhv4t)VeE{Z0mQu*^&jT-V1Hd4^Q%8wKs}v zk(1ucHlJ5t$y&=bX;%cq8g-F%O7yml{Iw`A8^90OW1p{FE7Nv$oz zo1QvtN_Z(Znb?9XJMJIIMN9f%FVj*C0;o=kdXljkjedIASKjx(l+4Cb>MGVvH7g|c z=+nI2zUX}2dF7xlY8X4xbY$l5X5;O#OYvx1-uumzA$AN1GQ6XRulVS8{ygKSlS(yCaI zA>lG5=N~tBiNaoMHEyE6w^(8+C{+R-2_Mr`-GlGxkdZY@ z99W3Q6P48do^aGCiPHT2IxXwFKV`%OKH?~D4P2+fZ?`g4vv@AdEAFuAoYIQdf8MD@ zo_$0NN@?S1>E;qY<-4=|YU){=2JlKLw!5j&Qhi8|6iXJ$2ik`s_FYP?P;w_BO6*{KK13meKr~M z?4fRZDfIy4snqcWVqzTXc2a~`rqKFVlPv0% zb7WQVnyzLy&4UOIl>|12sEBi7T5h{cM;%jfM&8k%BMksCdvl;!^lPX0#rSOf*H)#I zPkh=6&ML?3=sgh2uP-;av!~8ZnLQf}3X=en!+HCXF}hRwY3`1-EQH z_6<>=G>?ICfV|%=)1D%RVylWBTfkLSqhaplC*Jdir2CO*OAUil=C9&ic^*q+C{OEN z1B{nDxFs@?cO`jOXH*4eQnO!Wn8|&dv*-P=W30#7R>0On*Ml2r;n@&=6}9Dg_9&B%2sL zm!);s6x~mFR|frcO4b-xO^m1O=7O0OW$6NO(7kJDM|e!-q!zc^toPRntpiw>)aMox zi!TG}GECmAYSPB^wL26#eD4=#&w|dA8XADxXYoDnItM3n}i&`!?aYP9e==9yp;K;9w=VLkut0J+NY=Wd~3dcE6Y<9 z7NiNzH`MSJk^npMob{>f@gET>=J8`$x&NIlD6H<8jLns>J{`*uH|SJ7t- zQVQx>S0TAks9b7HcmciHY}!bzjCIn19-(I|<2;zYy+LLlJ>PMjd)V?)WB3-61A8d{ z{rIP&{NdQD`|VD>^!jW0!t?9?X!5KQM>pLs!5+Vd^W-2?_G*-VFM;{%DNt3$h^^yrdMqx-wpay?O`x4)m0dZCGi*vv0g6 z#FhEHN%}I@w<8-}l-7T{NVpt7Wi9(sE@ugxBOJ!i$@xVRTttjNtHMjc3QBqv)2NJzp zfBg1(^FAZ=Qq1$1wwtAb3l3DqFpaKPacmRc>N5WtjhaY_vjA-l!L#cimP8~c`XGeu z)VfQ_vVFSwU-uYd?ZY98!k|6jkh2cwUbR^ZWrt~`c#?PN38wHl&^IMAcF!W3Jvp*9WZJc?wZ{ulS4jQTGfdUZKHH!?a@s zVK9a+AKeFSXUX>1J8qJKHwwzX*F&6{P9@lW(%@m+;$}wKNI;)Rf2eN9XRZ0w0Dw9y9JoBoV6jA)UykPLclJBB_7 z9WnXP>Fjw@?f+2mc6Afxkw1=DN_a<^x_8x+JG$pBeP`4*IQB5G^$@?AB)pyrmhJ*S zD|{?hd8-B~Q!%CDM+@^oNpl$a|=BpH^WYWXVH6wCF!%=*j& zq5Pn)F5Ub3j~VOwEe-;|T}bhMu-^SasC>|az1EC=I4aTI5N6i22ttwR3zk&NMdq2a z%DOBIS;ThgQ{!%~w9jRthLK;E0K@Yc-O+a*OB#D{3oZ0Dp zmHC>dd@e&px`@lekC-JJu#83_hA=_3%o;VvUO|;FO}jCN$isfnbjOeA^*<(yl0^)V zo?uZ3{2-+rdB|Lbr2#6umRpw;=X-jMha~(78sw!udGfK&=c0 zFyembn&1W~%{NG;sCn6uXHE}Do9WH};bmr2_r*ssoVM`tIZ5T{UJD=Bx;xAefkzVQ z?eNJ|2z^Uh6%RiwU%in6y#u4SncF(QXcwyV{+V3uZvYgsDnrHgiFfG@qIW?8(}L4) z;s&qo5JC+9xTS;O-GDa86IIvyBTz5SQywMvPy_PD@z)#Uet#(B==1e2n38Fg#RWR z3J)Kh8kh6r6IHBIWK2)ACb7@V^=B#1(%GxM(yR!vB#Cad>V_adH@VwvCSa@($*C*O>o!Cj$ zeuuz6F~auzH)Iw{#RaPZsdr&X)@-~0t?i@(ZEY`W#-CQ_g1hL;oUfJ&MW}dFpHd#* z@HjcC#jGg6(iB4}8?`Su?p2a#uYw*>9|9*XCf4&pvd(j1txV!WI)<EO5s#iOyg5K z_vDG`-&;UVnrYr(mnnVqPYAKt^P^_9n7rg$6=wYiL})WF&2Vp2ye`;fn4zdbl?{}8 z81BE3VwWLHBa}2Ryrxn>6Rz1|!SLBIp&+Fq8ns<`X*<0Fm(zTh$0+FN_p(P#-j5riSo7j zFg2&Dz}b41O*7)?1x*raiuYkfw+L7%-=dC~6j;V#7^lA{x3hYp$#oK(SY9vED5^H~ z6$^i-3MBibRJ&iFBMkks;s+;O*szq))GH%F`B5zB)feE?=7mxDI#J%6g4j8OjPvJP z`w=k~g>R2bu7(`0$5Ea@2O+@ek<7hxE9zJ6uMomOX30G#QHc#`oGiP+h;gye>>4pn zc3&eNz+0eox-!^ecy1&4_8jUy=be1U2C`F{htcYuu?3*)l98ex2DE@Zt%Fh*%_-Na20a zyyV{!gnooqj?s#q{vHjKZ4K5SM3SSt>Q(hCm*89$AeTeS8`E*FKLukUMF>(l3*vx%l7?gcQjEGSpVd0XZ(%qM=Q;{=)$3|Lon~;04Yt%M&FmjnwY`LM0NtG4wud^f&-jSByp;(x z;@*)o;s*Nj0!J!&?dv_?3|ODfRXi*mHRkHXVf)Dx+Wa=|0#PnKoC@x zLoN4sB;+qWrZ-;m;pt`NuH|iD2hcb!s9C?k7M{dZluW(lvzC@lFK7pfZm`&VkHR@~ zNcEX!>-d+Pd|M(}ub86%vM-8G!C=EKNz9*S(s3q`e&W(XtA(&sH&U1e!+BbwGJ8+< z9hnZ@W+<$^uK7tv9cQB>Cz+~gsrm{_w`r>Yd|pgqWFDI#1zU}*z79O?P+}EHuqgJ>iv^%%gw&< zfhM<<$C3+lCtcZR{`7bn&d2oPOfYh#_Zv*nv@IWG>c{b*ow_6t8dUtOr;>@Wc4Ma-c*#^*&6+#y;n5)#{PnM1Yx*?;^a zn*4k7!xahQ)xR?;r{C^u`?H?(?hn@#kEr4EOYhYL;?IA|>#Nmu_S~9Nr;5o8=qjRphlcsrFzd z#jdZ{$^MrQUHF7a5uu9ky5Qev24SPbQ)>=zj$eb*KA1=mkX(Sc7r2SPu(Lt?C66e>cr9;byG}a zcrV+V$FVa`Ps>>@nge(h%w3hQsS83Bc?CMd8OE3kU*P9S-vA%~NtQhnu7Og?z6(WJ zt5I>um}auCkwjknAPeyA0&U)lH2r~a`NU&cHb`fE$z}J?>&DZY+On<#EC^e)$X|Y1 z3m#(_F}2llpKYy+!NGnS{O<8+zcO-2cy8*bvpvr1czqv1)v~(st5E7+*$n-=5i<3V*I8 zS2>k&xP&+2qN8=#6Ez!ObEmqX#2`#)CNCtZKCnNEJOAqt0 z6GN%eE;kBdqHK34r0A`FtmCv&1uKedZ~VZdd7aevkOLwn$J}W(r!hk8H@Qt<3=@ZP zU`2^2g3wh}9HPDtn@0}qd0{f8C)1Of!2@qIuMwKuATZ!I@a-l#(RDascHw}{bRG+` zSvsPdS0f&ak#jJ2dsLv`oqO>fbSvnV9=7J>vGa$x?s@Xd-a8?PrbGq1lxH#LJ+!9_ z2MI0&L_r~7x6#2X_I9u7bDyT)_yzglYRmNK^j&Eu8|IsH2P}QK)iq|ktnE=WP=-Hb z)j*YI9!AZDmQ0nYZ^p8sy!vyIYw9AAs2xr14-Z=MCClY{?AvQUV@3}N`Kb6$H|iU1 zj9ljf;77U(E=Ih-wzEV!5g|*GLSt3$Gz96vLCLGw3dsxI@#@=HaU&xl)p$1VuR&V~ z@@IQkwbz#ni+*Q}U*3c?#ma6m<+QvxD?=fui8SsTrd=_l0;H*(p2O1;8{6HIp_2o3 zlAz*CqUHB_d$n&s*3-zR+Vb%a&Tf&@hto}CqyRpXgw)+lf#LukbPti0B%+&|F!EH> z;8nsSLlURHzOvKH`tOW4P42~2 zztmS#i}GO%T3^eTVd&$LrAV~Utt{bbe{c7c?^>BvXLbBggYn)dOh7^&YtY1hVUObk~`h{h`RDoaV~c3lS-r2S5uXU1Kh zclqLMPvX-|^#TSFeBC=HUp|`D=NR+?mMZdiq!}EaJZ4Gv6=ti?wkS=~7?S(+G6Z>rvXoM+c4^_dtcyxh+V) z?Gm+^JZ9n|rWHGW6NPZKr!aG+!{|l}k*MKPXx}zNq6Qs3eSvW&#_r2Y2ulRy6C=<& zFU+Q!yvyLcO*dXnXu07uqGMAS^_@^qH{c&x4GD_ryy`LBRMNUI=JG>$&1knAN$@_a zY4zvR#ZVIkF}O>shG=&)Tlr6CSG@frwgDG>456p z3mLKtZm%ZN=wok^j|tN$f}PUWWY#A7{DmVA* z`H;RGP*q;{VJh%{!}+K8^!dOuPsy;bR!AG@Pe-W<<0^Y%+h zQZYRaRZ8ZjnsE~OqlWxTBJVa^$|a&%T8o@pz#&`?SneD#Xx8v^{{!`?67xTxx9zh) zo%sJCVx)Hkz5JL0)&GIZ_~BUP|E0kpEGX1K`2QNZc#`=j|0S!njA8%#ypcLmF!O(~ z^nV-|V!>$tUq&4)?(&Z$CnRK`pr8QN)pvgX`>6guNAEt8l9E`sxU{nWpKAgXjS7vx zKrv<(mH?gqt_RZxP;+tNw6L@sLaO{PU)~;*MAG{IKTvA8|6L%aP&K$xgE3#7`5-jV z1j|3ipdvqX{qg*Nk#g)ooLY`zN|e5R)sU=@YxsX zBEqA){u4?P_#Tk0k3rF9jMp;d;VF=_?o;r&GyiOA$~4_cb*^OpWd#WIaVz<9g~xom zcDFP?0}{$LsT>a<)8bQdnG*$jEzq}590%5ozbGkeoq%UvL>_<91oZ*^%lH05dX7G$ zn5dF&nSOhcm_lj)nM2PpH3WF-!g}=@n1b(1mr`M)E>{7UsoEoJIgw4MGEf+`60H4p z+bKjmG|Y*h8ODO*7loTjkR)hOyE2W0`9;iuej0gsbK?Spb^qifz^2WqpR-?<(!Xz= z=3tES7!F4(E?0OJBL&@Bg2$&#_3B~p+2>2cZaHhP6d_8t0d=Af%Z|8J1?(ynx`;Kc zk%3|&z&I!vU%epBtfm^qBXHVw;qk>yGKEyRtep(s8u7e(__l6<1eUL+zOqs^Xib|PmAKi2^R9gH$DqF_RGz$AJ!SqbiejFpRqUbb7J zT>N$va4Zt!%Z|B334cD!+;*~(Uo=sE@iA0-HSx^YZafVyLp7=Q~t1j*=ZnFchaPyn*NnZI0k@pmB+Wv-FY3f zZ)*TGwi|ap?_nfuk9{APE}F@1o_GgomWf*>TX_g^`uv&VykM3NF^=79-2M3M3vd43lzhNSzQMr`T{CNbV-M0$k&48s&zy zdVxYDRQj>JqiHMFE4)^38xA(qk~jAdl#e&zpktJng6PpCJXy232|97CEp`VRj5T1E3NbXVxw__pcu%+Z@wy{f>g(^k@ixUMaU+|hQ^g6t)%$1u!`ITO3)}@-9p)9w zp+nr1eedra+wZ8glt`)bg%N?0Y8@OfHhT57wXO!`*~GdRD;=^)dU+BjGz!Yy+{W!c^zgmld}zBT0ib z`>wf$BPK8?B^k4g6tP!+gd+xjd#is8VAXjUxwLa{KIg=fQ;L1pZ>O!luVAtzLs}M; zFk&#WJ~#EJeE%(k(+YToir_^neBTOBoB#K|3c$x^|115;DwkrC-LFN{+oz+WqvGVO zpG<&_og0Y6EUKLZF4cFZ z@)Lqywq5yx2}tmrSrP5X{O`4utAs0X)-==t$!`-eD139GRQ?pjEywHkYV%t;tlid5zDsFU;hdJtZI8E6zm?cwovC|e-fsn;cmw0zjQ~E^TL5oBuH8Lqib+;f!Jc6ss2{0S zL+z&UcqUwtcPQ`OEubbhw@|A>t-G{T#7q5o!;>~4$dC6hQY_X_7A#x5i4gf$c7u~` z6g5WpXoh}K4P)FfxCvtD(R0Xo`2wa!`-&3`)d6bq+Z>LZ{Y$j|8G)@|#Kq0ms?6l0 z@`{_HTO{2R#c-0)beZ?=*KWb#vp9`b3G-0Dy-mS+%Mw?yG0mwxlSz-QYoIULdSAhP zPTf0q+0qCfSY7Snd+|-^1KH)b;J(MZA-?7GSF#8&scH@a>Nojgliio-yV%p}UqXM# zoS!I??~>=_A&8_^Z}+|iRbtlwb~%N@`fSfJVSLfOatEfjg#*7z*5!|%-~~fMq8^6q zMUQH~ckA_QRj$hyNAyxpD+#q6&U64PgV@kGW!=bd4)|uD!7JZu&V@01lb^?pgfS)a zp{rcAb7{pCJ~pSRiAR78!?xLAEDt0A)hE;U|=u3lFqV#H4PaJ~|Hd~6E` zuZ}36wgN)gk{U^*lpD`r!zLk7gg~}7YF@934Du^sU|@1PKHgsr6elrF5Umzp_v9L8 zOu`t8P+He{pk~0K*f=|pzR2cLCA92Za5W@$GmQlpDyeVN)vj2wXlGGfaVY*(EaF!! z@zZoX%DFTypYE|3c8X_+%^0^rFg4E1UCzEVMWYs`a2M2%qS!6u7i1VR{ZQ9ZF4V0F z%Yf6eY9aQtVM2+Guh*2aWNDlkSdMz_m)t)j7_IYs^RUC%!F#QL&;#aXMy_|k;ALhG zRD2e%qvcYLH}kQ^=dH$ba)owtzb&{%Es;$o2~N$u#>AZWWqDv#mWUN|#HJ{hJji%j z#>zsni2(d;ijoN!OAXyxN4Kx4I9{lxKufo7YoY^cV`QOB+ym>W>ZmZ`WlCJC?x$x4 za!5(SyUBcfo;>ghwN4}_D^-$ydP%#v!SwU)f8vFO50}9MSqL-*Bjw)<#`$mxr2*{~ zSlg?BI%Wkt75Q_THieZ~+Uz)`2IwLO`tnngQm$VGt5I;Kh1k*?_!Sh>(dB}k$!jlZ zXQ~6?`oVT^bPyS(0lwSQS_O8>&lU-b zsEA!N$*(5t2hL)OEb=e^`7UC1-5Ngq`Bw2?~BNIjErH$vjw zfg$DQ!5N}uqCPI4wpA+0LdTrvzW8zKL&tEohvMxUFA<9{6Lovkp}0F?{M)~BLz4`Q zz{pC!+;|V0ea#aYWD8><$@G`AfG+cr;nd@ZP;i@)K%8bix{{1LyY}-wfmR3u_Og=W z7gMhQP7QBWIYGDEv7Lg?ZaNx~(YMm}z=7;M*&9abKnZLI#h|B)lvztz{lCwZOB&DR zM-qQh!>h-`;^I$`R6VKHw($R+g;TL-oz|K}&&%Y|>QY9NX^MKB&5af^5=h1(8s=b$A}T$XtRmNNARvVJ7DoU*j=ld5iypd2%{&oP)9ImC(_-N< z{>j!?CwS}{DG%nkA8@nTAdhBCk@$)3dvj^L_r;s#^pJGEi31W$)!znldHM2QHGZ~! zianCodIt_>sdRzcd*A&E$adA!9p^_ZhYL?WOGm0{;6glo;-`)i^B{lP!|r#A%@1F( zj2gpe8oJbcWoiE}pANUWpct4RcGpT!Zx;Nn@)-jeNe07H&F&Ib$ACS(Qb zZYBy>2DaXH= z0%8caJ}5x7tKWC?Gi>MD#9kK`iY)1n0*w$1M>oqgMpJo3cT3|=XeI?g>T=aX~u5xa$XeN%4 zb+w%zjkD4W6tA?S>@fir`5OSA7?tbKU+^J-7lOmLCbBbBau=I@+I&mOCN<99>>hYP z*V{YsJ6m1{QD=Nr!*%N$x&1+Ddt%u!Hg{HI(*aDpK*gO zybgzWuQ$teqp27>Ick8RetM9_jVpstt79nRg=@9{r59Pr?bDZc-7G*5vd$Nl%+uc3@^95Pj5CcBhs^P%p$H}+H z<8k;bkO%x>38IzA%LNBrY5mSyqOjI|< zKu7G7sR3E$kI zu1&l_`So2aWH+^r&8duf^7nr8dAs1T!lAR59MI9_;5sc4(6nTlbDv$w!Sql!Cu7=UkE64Kb(# z=3MnicY+?gs_ zU&odrb_1L(x*J4gHwEyQJQKgaZIgO?+C%xqfl%`RJTT)yYu`f;=Ij3qgzc9oq8c9B z`QOb_GTI4HsQC*J)`l77#87j~oa9s9(ghPp$s}BkX6ov>F$rKqg@*ei3c){7nbx#X0V^Is?#;D@u_YXe- z6V5G_uJ>b5;y@ShU2g7(WGjAHhQDJ9emf6#PB}@rjQ{aId`sl2D?=a0Aa<>uKzCfw z5fQziJ&yd_7jV@Ti@6Cxe0L7|jxT&`?os8+QwF0mYi)(7L)C1-yI4YOUJ`M={nJBB z{Yp8fnFQ0utGCH!b7bVIE5Q(fPbw-x`dAPpg0Qq4y$@-BxXc1I*ZZAnb?ceV7`0MZM)wBYn%H=3$!Xs*n#|!V5UspH%c<_r90%67{GMtnF zgj0@H`eLN6ZCx-K{f>{@75GS(f~0jlPt3U&PQA5hZeMtME)JRy|wBRI~CF=(av0s$;A8{cdVN} zJJx6`N){eI%wy!*qu}(Znf|BB?VUuHKLp%QP^hev4xboQ^tCDI3we_g-@ z2JRDP32nsL0K74slYT*~3{dMY9D5F=K2B9pZto?U^v)M9EdR0zEtvCI=V>C2*tmtt zZL>lWTGT8$*P~$0Vb*J0+CEdN&RZ|oU;3jBzk*an8Tyz6b(*A~{QELsqRSe~pw%`) zxMwwf5B`90j3qqUlw8x7E)v^EkUouoFs*~ggUpLR*ZYmu|7Js&=*I`cXH9PPW4A)( zo-HA>`FQ@_XM%R`ug@?%#6Fa{zEAl6({iy}7(~hTyXw%jqGHQIiTLzK)gOrU^hHry zbuVOGD39=^I|IV9=F+W`$Ma90x;k?&S^h+2&uv`MLcaP$Q9QyqQDj6#YnJWZ2s0E! zZs~Nr$WRwXZp7#w1x5@dKJBEYN7f6oAr3b=-)uxjWCcv2#a-bc`HkteJwdT^8i@I?{@GbTx>wj-l6!wrK*pWICzX#o+PrTjJPLNE)jfL=LwHA8@7)yb_ zF>EA?%wB|_B_fX1S50#r+mnrng@~k5RKBseb_E3ueoAV)2QsLXgvMX4ai0yKRAS0) zH#+opPA%MYF_s*Ke-+O4zl0K+Z!_I8X+ix_;_34O_@|;iIv2HwryFu0L(^%zwAe;- zSt9H`2+rN~S0!5XwQlXkV)pcMw{FH%(8`(5f+6O&aW*%%kySfR-7sfvHidKFtse_D zxjn8i!|tk!%4|aWORs$zB1JM|)hqV}o!6n2b%X@igXjdNW&**xyJX+agSKs z*Voz#IgvSSW<*w^;8u=8GsGP&uApkvR|If)P%dD?uJX#RdG2u?BCuhkmuT)8gm33Z zx81F}67kl<;?(7Y+z7iBjIl%}lT2y;kV0ppFIzf3SvFC`~6>0@Y05?<$aVB-W8wiqCd=`$nNmrIgEfs2Xz>ns?&;? z!$wxrX27pt1I8?7FIsJq@3LITQL0hmOT5mO@53;7OtkXKnxV(zi@ytiU#Z$z=`3=9 zhq=91RVIC4%Sbcv4~b*ZI~lT%Z=@5!U~CfnxZ_8-CV8X~W_!%QrvocxkU8D+x3d^? zNKY&nbS3-akF2CGS#E{C*xH>rbB(xyK3~Q+@(_i+=X~8YK3i@x)=M(1M1%sx&61h4fi)Rh(-t(0CA6p~;$r`#~}x3$^!Dz0zVgjtM$ab+E! zRaAHyO6K?oAr%b0#LM0hwvNJ&w!q_sQsSR{u~J!pX#H|?!7d`mrmtuRge-A{fUWmX zi^a&70v%mkT2hLq)D3yYzTEEa)es-~R;eye1d#lOgqA4b8;pHGkkUi~i-Wio=^V5c z40~k?pEC@5c~zlMJ`TYziERC(afe6pe%3PJ;Xr(uBTAejl+Yg=3+i7jns2YKC@=a0 zS%bR2{25i=xcAtxQE&^R+h26f*J_U6t>AlZ(%9OvY|qYLqH#2FS)D5Rhh^n8s@3FfX3B{vgj8194bR0 zGHT|lDn(rRy3QV1H=i-;0OAM7!NvjjwIE*sAuq+^4qW9zM>vz}A~B-BbZKvq7U!eX z$7`Kj{b(e%{&!{@V3PckO3Vhk0WQ4CLM+@FZNit z#0f3v{WBd_?jC2W7y-UbL(}g$GaxlWkE>OJcv5L<4q;M)-}+9)>?jn6I;l|g8ljgo zN6c(yt^JB)(`@{fWE|+ctoNye=xsjG-w}lDM7-B%g?Ur#7FkjxO`z1{*NIZ|JUdA- zI)+uy8{-Sh(h0GWbyEx|PJrHBEF(`P_|CuSawvjOG*9`EXcsSKR&Uc8(H10*)Z`p! zc{tem9<-IFJGIGZU|?PBZW17MavG9qA-xx#$u9ry5_+!lWTxXwer-xw!r3P*c0y%l zqIUCDC_g*L(`7(~qG0mqweXOtD&VC3Rp@0aG^_bO*syOR@4yeY@tZsOZUA%iWEKs& zp$tpUsQt&va$-`aa085(~My28d~RH zW(3*D_tUR$IbtH?350-uFu9 z!cFLR)?w5}S4m#Kw;PXqce+8UPnG#_U)hTSeHqbL>z|MPt{FYa#v}!e3uZ~Mu*hPP zpeUeA(f0g$t&8sc;Mua%WMeSpCo&xKVn=ioi5`x11yX#8oQ-rT(FfZ71#7br@eqs+ z4NPFH@Hc+pp$5v(3$m6Minwcvba7RnIt!guelQD8?azrZieMTaQHJ$yV}(V)kFT}f z(A&6AnYf6i?a`8+BauHKZDxURgexYUw!FwX#X5*}c~Q$cMky(G8cRQC+}%2WgI`Oo zz1Ktt!;dmVKQW@E22plB?zYT9&X0Y{FP)9YfcxQ z`nw?eP26uz)xr2(um^)U+yqPuR8w-jg&)B0nmocU0TqUf0ZJM;o*9(4tz z@;@7WR{-NC5s^hNhalOB^VYW?_sL624%8_(8`yp`(033Z4VU znwE)1F;SdO``YGu!pT9%`Wn`8aHfUpEkjX}gVm9E%TLUw(8*qy{4~ZtR^?roQf4@* zNf{cIqcBjV>H!DZdbmwm)_Zyp0E;48g(ROn+B&=p;~79g+0=w<$^ezQwe13W4rZ?S zdo)irX^I zMHgzr>#K)b=vaKv#jSaIr6jQX({YA&81BiB(a|ZX$$|^LmOMfwbwWBGg1?hHrWdyb z^KIGn))f5_vPCWRwKk0%Rb1iQvhvq0clt^^Zs+hrJ; ztG`G0b7qtlO%zGyOCScJr|(gql36=%EReu#^JEm{Pe?*=o(4{+KIW-2H33ij$jjw? zZO?Xq*B*a-K5}^}Cv|8Px6jE+h2vBIE@A}l$X8Ab?+g(ClUC(c8)yYAc={!Ba4mh< z6`91K=c&%?!=5vvchKinH_J5eKNy-w=LPeF($I81C21$zQB5nDF!!;#xXZT z`_>@5LnGLFGcG}@uXhV=jEuq52+#;6tQH3z+++lif1~N>j|;E+Nx_3)DZd?C1#IOG zm!^F`$d`Z;&h{RS%|^pIN|PWxd3%o;dDREA0X2|BjN|uuGgzx;h*>U99TQ+MtV`%~o_(-k!6ElBxi8YY& z5$EpY9AA5}5}*VAO{i(;erN^BrF=&YlTM#;ddJP>;9hLv zjPK62h%j*+`lGlni;o@c*WqTclcQlFWcr65`2qzjVvC$W_GU!ipZ-Y8eS8dxjyqL8 zAOm&qX`DoC56YJpUI_XKnnmW(`{m8J;9}ay^%w$H^8JuFy@+A!1@ii$p-ebj=04 z0vG5H#?qbb$P8(8zd$fi{BG>U$cp{jsa4X83uo~+f7m#pRPwSR9D;6pycIdR*Q9?* zZNv~y*Yx7OOy7DTohOAod|=97X%HWAx1;P=(w2NKP(KlQu{-{;3-2d^Pjo@_jKCfB zCs-lSzDK`mui$fCu}suHQ!nVqWIFd=vHQ6$)Ku#}=5VbP^XWA`48P8Pa9%&X3vC+e zTwnn$M}QSYaHT=2?T*;tme4xRJ^@tlg)*}l;;P`K-O~o1%ZHsXOQ%U9^p_ypS#%MP z%5Ff!jBdFP?KpF2#M;e3{iTMF*Ey}r;S8a;&QlLNW^j#X2PI zNtYER=YA;))Kro4SC^w1eP8|W<6X8(F1xI?ay%2nQwxt2#Zl*h*@49-o+hMU4mXIp zDSfalqo8-3*7#azT2VoJV^3R~PL$~6gNETh3g0}8G{nK`RQbb|4n(heKa36AVSlSW zN~GlnE&~EV_;KBii0HRD&ue!j4o=G@lMh^-{Dc(ePk5aqj3JTi(?``}laKDaw~24` zNXnK1c3cK0@iBwH2!kfhN(K1c#Y#}2fPXk7B14#_+>;;?b8>c6x?R(+!K?qQrG*tEb>0A-RFYm8{0ARnjS@%L))dEMMzdUtKR%g?E?SyRx3@K#Qfvnl^T*~xsaEI*Woh$ zqB}evX9t98>q20T|1rnGr{IH1RPkdVsx6zP2wV`Ael%V0#3krq^636VXE&qNuY3Ao zFjs&AT}l0C;9Szql^Y)&T^cRN3MfEiV)k=ztCt<($dyx^rU~r1iN}@DL!|Q3NPKd9 zz|LTd=Z<0)6^XpCx5s+z9myD79nnE1<8IQGo4MJ+>v<>Y`rul8;JBe+$dUb+v|Nz{ zF?kA_9dIt~!Fc3gDPA4oQ|IMnYqLnRbJHBWXr`M{L3YBl0^{4$aB_v(X8+MZ6b#}tgnkWsOl#;=gTp5?c zgQVbv)2+jq8pKTSy}HR1vqPH|^-LB^K8Fo)c^RK_isNGTio|B`ss~9pi&&UhzE_af z+{69GGRkrZjqBJmo4AaFgr2%B`!je3` zSYK!KHrsJL%|Z;}0=8}3<*pWZUp}Y;fugnXth1K1;1$8Usmg)t51xfTVc;@2UE0O+ zLve~0Cwe}g!1+Z4hW6$?93?TUr5$zCB6=d|ypz=yJUC7!gKE`z^DYaB@|{!@f3Pdx zs}El86DEvVL`IXw?rOlaiz;3wKSQ&h4(t>PkY7>>yBuvU-imsy-(+qNT^3x(cU?1qtw@i}Ur1O1=Sa zeJ^GSjhGB0J)2HNyXO24xhWBRHE@frZ=OUi=T*l!9*=Q5HA2P(gPf8sJRtKb>eh9aT_aJpuefCQ@oS|%K zTS59VMXz6|E`oba!>Jqe>ywEDgiNn{HVHDjt2QVY>3k7{gQ8RiMWe?&$r~{a;G3lqvM2edv_= zuz#B-(X2mw+av|1&W=O2y1kZor#1y&?S*G@!ObggkhBPl_Q+2ndfFR2mE?P@3^Dm> zhX_`*30<^{Ml*$XB6=FAZB)7NkN$b1_pnm;@_HKnt~42>vfEg|UIqVWzkQm47h2Ag zz|DsF2lW7%aL(afGb7fBhy-;%#ZY>1ln>@_>z9;mmVm41d!~s=HqqbpOi!G#!5YdT zQH)(iETW}>*^3?DsOKF*2Q(7=Rpg1bdywXSwHVRerJuxWkNe8`hFMR;ugvVwGS;bl zf3@BobDg%RBWGi~%zV!M^ScdqZozOt2nZ-!WL{-^x$GelxPOJ<@HC=Z&ssp}CSXv1 z-0^51_NmwMp=qrT6N6vWFFRa6fE0{;kVpHi3Tn{1T}8`Y?`zqtRVTj<&8XqoMPK8p zAncjrYWc1Vysak6jzu+`5Wm?K#pBII$5IEwatvwHIb}ukGP5ZpJDz&TxJlX&LVa7| ztdSRuXR6V|)UixAFsdHY^Lo)rN)GCND@^jOFaFG~@kvxMd%z!VLWrHvY>GGg+>-&v z3QsTIT5uTaUcKqG=^e&z$D~sq=We+9L;>Cp6auc-Rze7mH9sY#B&$Nn?O~k8HU|~s z@q2yra$O1H_QzQ__IoYw9s{)j^)g3K}x=S9naL>UG-#2i;brL-flcum}mss~lFnDbIl z8;`5!C@?wH`MEqtFIC3Evv>1q*CQV7u9d>ro4pgtcWh4QY=TE&x+>jRh?}I#~v2&4|cHh zqVrpp_B)-S)h{q|P zzW;tjJndR@b8NJevf>(c`2Cd_DlQz5EjxRKD9n4p_O^%H2lz$HdoEoHVxxBV9e@MR z?yFEt+Rr?O9--*jqvNwadNFcXML8l~{>$D>Z4IktdHY%X;|hm-f0p9>-{;w9yZ0u= z`t9meH-d9KiDGa&I*D6FIAT8KeqeejO=US7AO-x<=^n$g}b@k zW#2+=tIokl3#3Dx0|n=l17K)k$l8`5Bcmsjy@)8?cu^I;gE>2$OWE7~S&ZC!>bI*Q z1j;X|n;_M0v^fY>QV=GDbkmlI8~PU)RHwnu!?$rHurIOqn9P&I5+j$GGV%-o(+V|B zDP-lD{k#oV1gKHk!N7VR<5GGt<5F}<-es9d2I=IitAulGjA#;F{29X8YfcWVc$ag@ zAa{`}JK3;^LhmoN%7QZDE8$o~{01K|!+p!y5GDJ;^OkW59XsBU5swXv9NxB|p2l92 z!UJe`b`Ax#eYGwYf2p}ZLaCI)*RQ~ z8PD{sJh$iM{JkKL+_~5LRX(74t3(79XlsU~@;-Vo!G33b(32b~Ab9ghS8w}w-Ms;o%|0?yxa zt-CiTliMBXI&Yb7XUmiG)m8W+#K!YZEbr%4g)8Uo2Uq8Fyj&hN*tz4(kd^=k@`3 zXY72Q5-jXS`XtR2Am%PyGb50ePP}MXVljcNV8Xwx3~Nu}*z)jE9ui@o3SvrHqz36O3o3P&DuU4a z8z?E(VI$n(@dtTK_ljTRB_2`#K%wgw?&WKOyjB|%@oHoNy50+nuWkz_VPmnevmF{= zqnpWwbeqy9X~3?V#S6PN!VLYrX?Fza7E*)U~fd@H_|~2 zoCz{b!?^qUWNa_>!Hs0m=)m|Ge?|YQ+}?jvPSp4H&jxhCMk_j$j+E$UWSQHYAJRe` zZ|oVLKqr92KOa>5K5V~xYN6JuMhQ7TClpuhkkEV`DO!Ld zIL#amU8WmA&w-%-geuzExOG*Jt^sGULW0pP26ckW~jxurVL%11K zwjRMpG~8d3Y6TjHGYy2Tu6BXNmv3QT?7}DX+j8~m@E(+fpgAHW!(z;;+W|1YMEa;* z#j5t%rb>}1Td}5OlZRLu#n2bvv%FCIhPbw_=1?^quzCVyEw9UeFyz&$7&IG;oUhsi zZ@d&OHSl6nCBVKce=XV#sPy3Oc%VkE!L%RzY~TK4&$IrAwD9tAOj z-H=`O^*tVMdo2ZTeFYu|u05_Bm3*pg5ILBNO?x)o@c1671-MMnVD(*bAAb{w554T# zn#K`rN_bk4yT+U<9jy%sTnGyNHkVFibKe?$e%^|mU#+GoK?BU%fjACuIY^usNW89O zK`X>RJ8ei&k}q@>e=T-^6&{syrPQ8;Dcdt9p!e=k9v>I%iekv)taPJd!p>6%0s`pd zd`TbX^g*0Fd}18uqL&fp^K2|N<;n9X=4_FRs%}(FL9ydda;5X{zr6ugV%V_I{f-pH zyl0u4eu>WWaNULhjDEeg}=FF#F#F><#Wkd3bg=7~maJc6u<+CEToZUD}ADDC& zq?^m3OQlCQ*|d!3t~6U;WR_IE21%2AugZFi4i8zoe6g);Ct7Y<=5acOjv*BcsE7PS zWY;m^4Xoeg0+I9Gp9guEW0#eEx!^gwX@Y+I_FUt6d;Z`!i=ZWE6BdTzuTdU2j|p)1 zq;_(ORMOiD&__pc*T$)>0~ptP<+5KG4ATQSjV)&yVfZ+w3;GnqDry0()ntdBRw70p zbvVLB$?imD&wy%cYfZOA|jCrBQbrPzd#I^wh0pMIpLNlctVF?xJ<&~ zMSD63y%-Q=+bTV;*&4Ek_qFHicroEsQ7|((3vqWCjmBhk8{^S)z1QWrTt)c_g^5Oh z9|UZEvP{7fHJ^=pLAgm!%-^cg7zwllRn<`PqNA~5G)0j{Z@mH&oqApITKGwi*HqN@ zNC)rrrA*f1?C_@YIMZ(kW4+<}$VNnnu`kCS27&4)p1?G3P#*c5Gcw{=#0rC3#EzFI zPM?SM$e;H^_H)lQn?+VU@!kZ7V{^j@z5=~*)H-K4zs8XoJs%vefW z8M^`nA$=3}aQ!QqR1{texp=6tOea?uN^D|D++JD|kiJQrR3<>(SS+m{B|{gb@3}Pt zp!|(3zsDvx_yF!IQ>_gW0@R+KFz!QTII$;h_rTP_jKmhbT3`!=>0cgiXiCCz2BIo;CHhL*A%^%3J};TmWzIE=*1TQM{RMh8Eyg4gU#=D-$19M`@)36M z>K_rKHvgZw2C@2nc8Qv|qu0}}Z%Xd1=v5Q1_|}WR`bUH{j8{|L^ZWuJP|VRx#Cy@o zYkKxB&Z0IQhuc=vst|aR)iB~4oz&8897>Vkk-#BmA4w#l4f2Res+n&iDi()v@Go}5 z;7aro+dFeTB9-IGg&pDmL0_-0>f7k`=o`$`tB4`(b+#_xnsIR3x0{M4#^xJjwqu4CF6VP4A6DVmfM1( z;k==O@f;c+6VIEb_X|mHAc*a{44_{BE^@{?96*+FFEKGLrJ#VK0^a39g8$J1{9sWI zK)?N%S9p?1`KBd4Bx-p(wJfKkrX9{+p2$ZGR-t(eVnA{D!XBi-F~oZyjUCkUX0!rM z1AKPPRQ2dO@Oi0N>w0dN_OfubzLX_dVWe_-HoQ^zC+>WA)Led*Q zW}-cXJG{ECY!|#B-ZX|}mdbBTepyEId;5G65nXoEy52!m2q&3f52X3cr8W)MWLPW* zg?HnzgwgDKPvUI9uo^uchHk;)v<=blkQiUd-i6zXOWepnH)0RS4#rRTD~Nj&UCm&9 zquN-Ul7^;0xj@Q=L#kjPdb(MbqHl1Jf;>+M0~7NQ7#lJydv)I2%+uE=nJ4dp6;Q8p zE-v$z7WBQ!NN@mI@UwEpGLmz$?E3cD@WElBrlHq+)m$i<0Q8VRBPoBQ-C*`_Z%0}x zO`H_gAQ98C&{?#oY6q&aD3DxEKXF^q=5z=-JJyiw=k7eHP{$h?K!xuuIxZ=6vRG&w z8p2WA-DX!_?+`7``;bEK@q$W3=8fr+J0*4+FAj#ZSD!@458?7N;+J{IeMqw+qW()v zx*Zkmj3W(M=OSg4y~xF?w)Xtj@fL&m2Y(noZS!~9mzma=A^EYI$|_xat? zP!^1AxnDySEH@lkvpe}AHUvB=LT-=3JH9`gjKC2pZ%^g=iZPs~y~F-Wf8=sYZAJT? zi+oq>xv;uqFqB0(V%y~2m!i6x!Vh3n82<9jsZCvJ;HFocJL6&^vz*QB!t&<*^h3f& z*RYGW89t=<)wvb8zlFX5b=_5;C!0{|W4%2D=q0$m!P^@1jg;9`%gSA#04hFUk9?5e z1Oz8(2AS~Dl&W7G_D&c2V!hnnWMKU$p(ibEDXMP0fsc(94;l%pSToU**`pu+UVqww z*H2A|h7}B3gAUJrQQY#Ql!Mr_Kbdt^k5z(O^fl}Q^kH(fW;z`sCg6Hh`4~lFC&;q) zpsGPVkCB1&(Is2>(|Gy3Cx1~~pIILqVOQG@eG$D`$$swKc0j(AhrrW5?WDK@Sec=w zY?(-eTsas9su0+16Q6D+Pots;x1@NXn@C9_!n4&0;zr<4_Ep~;zDY{ARSKP#7IUEu zc#*3@f6rIQ}h!AM$-p2#5qXu6x%~8s*8^uD1qQADIlNuS3*X zXO9aKI`^}wV1F*2QIZb2r_fLmRKm|yE!(wy9K*Ia&OOXkDc^&!QZJ^zO6^pUwb;ni zZDG{YSULsWbHz44cjp#d04IQ(zdyG<6%fd+mt?p*XZbHj$x+D#;NEe0Z{eSI%>70FLODxE1AniQI1y&w+em<=kI}5r%S(KiFwEc z5cNieo|D(09=DXP!>RwHu+~F6zy%si_t|eJ5pYtL+<$hu8lo#DJm)O}xtB|bb@RLR z=d08C@${TPydF3Xdxu{&$a(gFmO<=oe7l38}jGK2`l<0&x(u9Y&ndO8pKIEk9!XN0*EIngu~bT zR8p}D$T;{sQghey_^1d_!A5dQ<9AWXCN*t|Q88iPAU72}rcHnx@9&#NoE!+O) zQAHC;;QO%2*JV5+DZZFPfportnd7hhFrn=p&q^8niNy$g{D}UK5FWQb7+$To5&kM7(#k5!bZZL}G0I1w z(G(=Mjb-3x)mE~@XlHFO`hLH%7&57en5k-~*kYPGzny;hbo8pvFHrS9|Lf=MxT{L9 zc+rS|!q`VGEz9`!!F^G)Hakn4f`E1)UcVGSrM6{Oz|KW1;@rEZfErHA!%p|&#dr;o z)*N3m!_M?|o-QjG;-Q3+-KjU}j|M!D{`ZWraOss`a1lR~psq3d1yMR2A@2dcCv{<)!@n1=Xp4{l5~O-0T_| zxqs;N!UzbYvM|XjF=YXIW<`Y`Id6GlNWO^PY4??G+Dpt(R4AKrSkD8PbQ{Uo@FPED zS30I`t2sFSOA+YqjJmh>O!JvmK?2^|{j1@a$3zoAtv(Aer!^hhs*}erK#d5{~^B zQlJNM;j_ety5ZUFC#;tpfGGZ-S2ll*_gKaAmbIh8BmNMvLn{1pl&<$(F-%hBZ%_f5 zhrhIr4#5}d+2H|=i}RknxTGYP2}u<=6e1CA?KF^d>E=f0c>%M2YnY_p>LEBc$$1Ik%6$;~EtRZ86E5$NxQwH1B77JURH2X1} z$FI$JH5h?Lz!KIQ>mf(2Qac9Nj6kc=2A}%N&&@jYzljq{R_nnu3b)N%4j&eSLswBy&9Ci|;N%DGuMopbR z$~kWtrV#(K-cHZ)lgc$;zpSvem)2^>(-+(O4xTAjl2mN`&fl?$+(e?ux`^0qrDs|H zypx^qsiRb}z8dQ4`ZL{jY0mBXAR~VrCM2ybzAOc>B=vDqhTTWu!Z4yo65Ci<^v zzw7l14)($}v7jW(0!)bFWt520C6wA9=|Z_|H*6opMx>&xtY$ zOV{pOb()&J3(f@Dp3m|E_c=$F&8Em2=VL+IwfP)=pZ5Q#8gJXOY`>wKKR92WFIhJO zP&=+627rE&QgQ?UCX5Pg;qB)N9;D_c4G`Dp5Br=KG^)z4#sj@zoLal>k~;{#|48=| zynSie7BwiSC>*;g#dmp-SFn_$kK#Qsx!XYkYw!t<^yRAniv3DpJw3Nc+wY)ZsC1*D zIsVIwaj5CMY*Ib9lBR2lzd5^;T$6o))ZXvR;ccQ zaqpeY&xW$PQP~K%a+e|%nE4~z;R69BLif$yBTZ9>ray<=W_Tp;zBD65t)HrdSzgl9 zURT5K?MWhQ#0|R_t$hc3LhZUwu2J*HN`-jko|_7kx@|{$@2Z3ct8`=XRc7=aGNTZK z`+16J$S9Foq!>=k9Ie)A_n5-fzkZ|E2;!8?Q5I({G!(u$Y2J{zK}EB{V-TmFeJ~tSB_S|LMuzIS-_Uf_<<~nXoax%nVN#4gR|B3 zBvP~;uE6gzHzPB*4gT}xvwhB1+5zcc0jf|CjnE5#!FM$xlO3_bGB&&y&ZO_+?U45y z(UaYzh-5PHh!@i|BRSTsuA5lNzO0Pp9AVQ0eqanjw^H+a*0kzB0G`wd-rE?R%7J(a z>0NaV3h9_6n9`h_97etJ>62TaVW&{Bd0gb}g0`7>srq0qFl;no-aICw>$#(qY6oFH%gj=I-+)K zIEAk->>((RBr_Gh|j?hYpTukhCkOYk{tML zd9JPzmlk~agmhj$6r&KuSR1?|-RrLsljeCbUt?k{^YFP+_-g4~rFU;cQ zFE1my(vQsf&s|S{ye?XLbjKnV=R?XxV%xR8+52x7lx^T;?b~+wg8)g^98)uS(`Do> zzpso-P-JprWtPefeR7rYFmGSQ z4DXZivs5Q(rjoP&!Wh6=7$^JFiO3_H&J{Tq-;LiOs|ks4v7+aR>Dkfdt@q~=JrT3_ zlI%TK5l+0oM)LNK6aQ9WOp-uVFh~^$g@%m@@FVtoXhP!u$LxoPkkfU$$O*i5=zRG0 za;*sFgX9|bh6t^;ZVg4@e}ZjuJA<73Cde5QnW?z;fWDG;Cl)To z``(}YB}OYlD3nS0XgNticH(gP7uoP|cqRLN`$;M@zp;v(KB8`P31VF%yG`niOEnU6Gt-B>#q+M z{mK;&hmr!1;3%GL8q`-1PmgT#&AYnDmvMWAntWv^pjY-|7<8iCIgKI}E&mH#hxaAI z+NTq)G0-0Dn0|J^sT`_Ws~%(9f$mGkjjq7^m7l{Plj_Bc{h$$LURpzNkFGB?gK+T$ zj(tydRIk?S9O{xsJr;8?_MUgjb}$Vo<-1+??;Mt{1AD)a6XNo{W@ z%iK*}Z-(oIKCLkKLQh;MO@AWe+Y`5{)I!6v|&L-#@l`u-VYRDhp&l zLqp$mo-Bt;zMyyqo@E*r+&*!O{M>!~+9q-5GRlB?;;o;#zt988;zpnSk#WT2Uca=4L_eLC@ z+vwwKd=VoE?gpnw{D&S)aBFWbEmuXOZO=(1hkg`Ws<04OMf;IP#Lu#NUCBfdX9tiSOXrf9++#ohf&cYo}RL})ma?5MiiaQ32MO$M?)O=+$KJVv4vfJDDWS!#rx z@8go!$g>krhxBYnK)U+UCCCVH%hej)w!0fU&zA4;CiN2TZB;hKq_b65vGWP0X^=6di{%DZ zIGgCyTja-Neh;6-M$74*uYadL;41gUBB_a>l1}8&T~rhT?9;Y;lnXM_FPI+cR16KS z=r)RzWITsQ!@;3mWvdW0^n1N^j?HC1b=2Q(U|w>*dzd?UUGd1o38IeaFH9SLczp0B zVq_B&-xk|)6HRl5cg{c^IGlcE&Hw7|a_mCRvc}$nRA8fSExf^ z`Yl$lG$idu6i;k7HLWvFsWGgpawqd+u9pR4JiZu$p!jyaJk#g2=KTSBqN*_oi##ai zZ+Ij>*>QHHZ^Z|P7dKmNd4UzxA`x~0A&%W)wllD{7$4E{OL$ZS=BVnx86t+f1)yTTxNJ}OL5d2qb9W0J$k7zeRAj?KrrOM8c?Oql zuk{j7(1Pe!>xm?hUM+E2DO`1}>mGT2etfp7}h>g;wI$xbGz~XYmp}7$mqZc^#?U!m!EvPjC+})sQ6C0R;m+a zUhYOdSQr!_5dqQ)mn52Gpxo+p#{Eqa400F}w}?S}9==8`=Y*Toof`!2hG&I3co+gA zasyIu`Qw>u)Z?dITJrKwJV{kiS#q~7vH<5Mv{(HUkK{`^&{TTW@y#5~l(e)fc7RxJ zFZZ0x>qF$&9W8@Q)RO)IXN+BR6Cnk=x?$s08#C#}GL9d;Qg2S_Ek>ZN$8V47f^G3e z$LxsCemc>@+;)Afl>&_#PCOYY0-Zz^h#eUt2>E88G+HSX{8Y_DVX!utN8{mh6 zlP5sM!OW~+7pjdaB_%a-c30tbe zN>ZwAPl~!%-*GQGesO$1X{09a`JrF!&_^b^QCSQytY13&z2L+nUeQv8p?-u>YCW98 zEG3!zybGs-PcHyO-%491bbLT6wQz}4xQ9jlb;B-`EZ!<#%v6-oPvA#CL7F~T1QVYf z@QUqlUin;O-}2Dp=)HFMjJX7U>Tj#o+K0Fgoi}j8MZIH zr4YnyI!}CYg;<9;f})lp=v9Qh<6+VjZ>F5a%O&Rrwk?gZ)*v+HLwVd%J!#{2R=Az> zoX9=t&%5)>0>{Mw$~^ZS{pP06FzcCu7{6QZx~Jk}jU>}x%LW#A@~mB#F8bT?mI?@0 zxCq0(>kky@PI86K^2q-1-gLTveV`Q5=4l zFtNf>yD)l=kPq^c`&rbl-)*K>gnnHF+>n^wn$H^m3S5hB@o$v}(su9N@&B?(0}v(G z#S$gHan66dwV4%~9P|`+9m&4teN&ms7WCeYe)LRA61EU5@?d=Blp~}ErBYtNh`9tEO!?((@1!AIyP2r3Bh}+5cyljWdQQALhPily zemHnL0b>dK4IYWT%h21(m%M6Uvqhek_SX+p5`FbvVGb{C+kfZyL zTKE1^Q6+bjti{0PfDUC)eAB# z!wX$9L2$=IeuyI@WkwCWc}Rc)t>)b6qg_eMOx%EXl)e&$e_AC&;A_nyKH&&YGE^_y zT&1XHaNA2+SnLnmU(!%f4Hs1ST&xAAQU9lWHhH9Sp0e&Nf0EsWe1lAw5v600!mFqLUg0A-VwVcrphD`&iB4Usmr$=a4YD z63fU}oV-&AmTa)Jp?m*bxGI~9HpxHCZk^z)&0W07PH?K!RG{yZFFP( z0QL2{yIPR+zklA#4+{^Ezq-Cw*493%D$E9%%?<~r;<%zo2<2Iu+4pneTv#rIr`W#k%diyFd*5A4nGm7QQlu`KFVs` z1DzB7cX)h%<;ha``K9D2T{&n2cdAyW9I+lYyIa?-fSo6l(aKj^_Xo| z>Ji{jN&3_^^{FCfeP5sQz|iW$nIgo27~;tCsty7O2na2Z2U}TLnN_43MueTTklRE% z+@j&UrW?Q61Fb-V5$*^P!5p5NAPb-fR^ghw!ov<>!G6?Vzo3lV5qk>G!f5(z!*plD z=BITQKOz8o?M~qI;Sb_V<1J4VM*pDuKXaeI+=m?$1dBDw_qG$s!j7(i58OZJ3WNd59g{k&;Xy(6{%)y!O+Mp+Y>^ z%B!(OFLu3z*1*V?^KAVPs;OE{pF|HFQm8C;b`i@{N-(6x%Au7=n}!J1fI`kvts%Wp zgh2$L9u$CPU}HzDODO%?eJ@^?tzz5n2%>T5gE0p{dRUt2TYQ~`|3P2BjAyFmT5%9O z&ijgqL8fzBhk&^u+m8o1gAv#ayPiNsJwvY}Dxc@GrfQwatHa|MV*V~?9c_o~pyWKU z*r6xn>1tU_j&Eytw>^-#8oWmI?A>^b#-xBiIElT zpE5}zz}`e9Qpm(Mw9G@|8g9&2^o;AyH;P5d@egK>Wt7S%652vplM~dPqeiZByDX1q zwfXh5q}pltLzUINlK!R3(NiV=e)8Y>4v0nNWo1Rbe2EhH*5H**r)XvlF;aEqsX!OG zl$lB7@@H+CfjwFZ!<%zHTOxlN>a!#Qn8$rcD_S&7oseG9xae=(I+$Lc-t`{(7tB#(jBJwP@VU!AV}^2P7ZAQPAhv%3C>&R_eb zmi87#T5JJ9@zKENu}{3&{toP}_N@QnQ;$W0(TMGxy4_Dh+I5p*KOneKG5AM-bQ3Gj1!u^)ABy< z5gJFxS5WHi9Bj|?JNjO;I6>`(%zQP~!#)w6DRivMyN+)&)jXq`q794L`~v|>dbs!d zHCDEd5v)}Dow24BIb#AL%A$r(bpzo0;D-O;IbjHnH_rC`p0_fzulYH$qWMaAs)6ti zi^X++xExO`mM_R%aMmakx102gPiBaEw;|i>2ZsIn$Z`&}?MQ2wPKmwkwZ^+zh zWRue1?PPDQ%ksDCYSt(`Hb_}n@J_xn4S4Biuf4L2`?6|aXMs$hgPefVI-*#fkc_YI z1B^#GP$cN-BoD&=y3k*^R3ds7K=g(om^0dS+JtK~f1GnUoW+EWyZK{u98w!XI9g}@ z^Ze0W7ZekRnFhTU(lsma{$2gI#daN)pV8||gI0qhYRuakJV8DZN+dBLS}sO7QpLC3 zkF5>izf^f4a6I&+SU@4>8-nB%6eK=dX-Jf`DpANnLr3=quO)rS7QhE{kwXot{#u6H zlYf5HWAdlJBvRuZ!=|DgV-YbnCYOumN+|J(kjR(*7(d*b3i9l9hgvL)5GZVR35!LN zHp_)JEkjI^drMDF+-`u=y(bcp(x7{6BIIA>M?c36M-xUyFb1STmoPA*{HC3d#6d3X zatI2BCTElh9V*nY%rc02!Neb;uM&Cl2dCaZ=oV^nm4EU2zn~}h16IJpG-z1Zk?ln8 z(@ya4;^Jmjai<_wsE7X?6i8?fQYKN~3swPrC^H{Txe6#thg2t_yCv#`}Aie2#A_f>L81q>jihdzL(*L!=sZToVWB9RUF)g9c!Amj!$VB9sM z|C}no>g-@c{?1=N*i6d4rACLgbKqZoms|C3A+c$=3CiKygHZ-`(p7C9NUE3)M2SA% zo$a+NdIq_I4ee@q_L84L#(uNK@{=CzlP5()>QuD!+@l}k4l1o6DU?{`P(OEIM|=>x zdD8(Vqu^cJD#7AylIDjn@uT)@!0APNfQD_!y^EB{RS0PBfe4-nnW4wbWbP6c0Brd~ zOaUu^W2X1JhPe>F+4N?+DP0qWSqTDDK?~wGVWb=+6o3eNqeh-wq-Zf#y{V^1(W*t! ztqffTG(F~R)xV?bgW+z@!`u*SM?R zhb&7U%J?%{{yyBbsI;p`;(J>a=jWYu0sCZQAuK~Qs;lj(x#ullbDmQ2f%cH#t%P!N ziT@4lgCZu+-ul7D@T+|L`5&sL&nSs!>SmLFmK8hZC_;xj!3H$2|72a@bPk(B2|ot9 zYX9J|fT;BNtoY$p7_P^!T=N0k>Hp7zhX2a>mcHIabu#u}%X`)*;ex5rrQp10`IA)G zzY`nC?mZ{vnN%2B20e|5c{r9rzV8#I|1JGW^;VWD{`1=f_y0O?``@}l{Lc$)C%}}6 z<;9`?Cz!t5AI}7*7GSby57yCd;wm{d?=Uct>6cqfSJSl$5L`G5bVH zMMVWHD{H09^Xe`G?*nZv)tEjU7Q|jmiK7~W+0MTU}|HneX&Haj@iQ zzvnM_D?$2{;00%rLE=DcGXxUYA-Eg!JtP%E%Ccrr<3N?KHb0@c&JxWV7^ zv2qFCTP#}<``?)Z|!G#}CeNz7H zIJ+bYHYkB7)-*n>KB(ashgbiBLvn4*=zXXGYItBB$s*8O>MDVJ>Ox{{v4-F}8}pYe zD9f`IR4V&a4KC{l z3_5+=iL}6J{`W@Lf_baG__?#yrqPkK;7wVrL%J8VtU07{a1m1OmNjKP5UF*e#kgO! z5+Qgb^$p z;-25)iR|Ks5pc6qYjfwz_Bv~Ss`D8$Gf07LQ~-eJ>UcOnM8S-?D9rNzVeXwDBkP`h z;b&%II}=PYv29Om+jb^4CllMYZQJUggNbe1Nhf)Gp6@yLockBt_qW}>wbt5IwF;lA z!dB2|6N68*y18t8uKVxtI}I2m-V@40SF!6;W3&Fo#lxeC$;^%cYq$V(qbMnJJe2+G@npqoJH;lYq zjo<=-p74=_iQb9Ti{30k`k`!ZmT_fDGIS~Antp2_e;^KreoPu6$bWsAT(c<$pY(po zkY+6kQl9TOk6jz0+vM}th=;ua!JTHCSE0_ky|-46VcNC3cV?5sj^+PpO_TC##OayF z?~s?f$JWjQUE*#=dsoQTc!vAJWNyNN&@DN@6x7_drkyOI8BdOfzbP~#kOb_ z@glz!cGsm<%NzuIuFWgC_C$8G3#R#*Ao{crPqrcSJa25*+~;)NUn|-)d`e-+TenM2 z11f58!@`V1a@}fHnGO$LO5-C(D{ABX;3!A^%op@PolmN3uCJ^*Zo3#0?jTIi^_%D3 zrCt=_DuVE)LxID<)u$siD>U*Jcp;sC2AqXiN09PA3ZTF%Y_ zHLfvI`)Y;kTCE=#MrdN#`-RZ>zC7pZW!f_F`ynrh;J>IP zup1N0J^Hu^AG;r{lE-Aa9!(2km3EfQw;2ewyPj+P^#q`zqBcQN!;2R|yDF0b#%UC^ z5+i(i_yWw?IR<=#$NO4cOtA53Cr0Wfj46{B-0 z><7=0^%eZ-@4V#UbzC(;NN4fkyf}(+o*n%rM)s-tP zG_jcV8=8BR`BB0yTvu{#;e5V;>!6i_?^mJ>t80Tj(MAp@t=9qh=6T=Wn@7TUy1p5Q z&IHTxDA~tgH`yP{|2A`6ARG#-_Fd`lFA&NP7TXd1U#G>@CImyic@;K3zPBWFhv`&P zx8z?8VqI-zW#ygbeDGn=O^Zqjy>2)dN;0Y~*<`(l1O}Dez|h#yG=Y67i76?@{eiGI ziN9Ea?VsUg_aR4V*a7-6MuoXwStF1s{Evgh>jzTJgNcbT-m{tauvPMBtw`eV!uQOW zt`9zaK~f^!~fyY!g|ip|*yPf96rdMF4C z=DC=mfpgt1oLfAKFViu`pagp zk7-M)`Z1LY20-0V(h%a0E+1f1Ch|TuiW%|RwmxBY+9>>xJS0WV@DTPTOLXk#v+vO8 zz46!x%sF53dl6_m)chpHwk)}Ex*RrgPHZT>SexT4x5LPZ5)|LBKDNkM@3s8pVX=iu zAc#Spb*smvQ1E-}*Qa+%I=ZU+ZMgqPBt3W1DeSl=?2kJS-b*A6!5 zQdwCc?0GN+`jCtvc83G;KWt$&pe%+6C0uon3)VH|gg-$7>57Fb)cSWF#yfDXVnXH`C36&Mvk zM2ufj0b8KU8ILn%&TL~M!$q`)!|o6-C^BJ&Ht$vcH+Tg|wX#Nq-z|_Nc^-nOak(n0 zM)M@VKF(voI~#%si>6mX>@r#faHv&X$7zy{;?WKL@4L2oz7aULtx?(VS^-{9Z_|sx zDSufu6kt5<(-z#puV!y_0{k90$q$?u`ltZZBf#KP0U~3e+n2!L(k+MEjrxt#eQwF5 zgh{xKjAUPX(S6~K@dw(&BhocC46}O}3T3BD%^IGKS2fs}D!33opRag#=uBq4D1&&F z_8#ueiBqp26F0q*4P9~!DOf8P94xu)p!(H~-f7pc(weGgms;Els^4fsWv)wii`eEK zq|1kLa{5i%pAG!mZI+pzzhHsNbFeY~i**rNfUMH zoPO$ z86gg24+$aH`${iGm(_}|f5<;wQ$SJ|VbkY$b>m zuGd!f3%zYeF`ian9F}USfs}smrC&pV;^oxQd^P`BS+g8y-oD4govyCC&bY9;?DxK`Z2m4^@cbvFv$YkNQht7uD-hMX7T6^ z_6KO%Lk8yp>A+x2>sR8zX2kLAb!h85!->@+A&qIILV}f;$Q#Nd?oIz^yUoDj*-sN* zCw$%==O`$yBxV9`--aKgg+xw>BinBI3NbYDa9IhAA8bYX6E1VzBHVL+>?*9}d@r>Vw9*t$mVbe0S9Z#8R{AxI`U~o49^J>!5amx3lOJ9h7G>Mlr;+B^ zeu19Ww!?|wm0NG!zIp0>Fm}Hk5Fuzh{nM?V_B$YieY>hG=X=4rbLY!`iu>y` z6-??Y8&;K!Xi^8p@@r2YXh5-bf1Bs(NSI-_`Z|lz^#H%~c1eXaoqgx@(g}rc`;+(e z>81NC7Pjwt-IoqmP;d#wl<4eH$o0;uouRFrLEn_)UOEQ2CV#b1RRGx=hd1bo*o0iZ zzd_$S#!bH!DL6=Adr|)}FMRN&ZnFDM#`klN01M3KTO(2i^Uan+%GSpc4}33m#e0mO zZDmIUZks_tM~5Jph)AIfg31}xkjM`Rj5s;Woyq>A=n0(17`9hK0$Dy7saP{q zrX-x5-5Ag1G>lev@NF2lCLcdVz=KC;WolFWqi7*_-fCim+_|;&!N4Mi!1;1I^=i70 zmybG8C|Dn-#>DTZi;oddH z8K?a{^OzrIRQ#O+P<{yr#M#wL%BY zs0Zu(NeNpsa>$_kA`e2*_4UkIi=VZs!7hpY!wU<{e+I(ii`m)P59)f@n_Vrc_V;3p zi5VzfyGIUNrbC01)s&51RH&tw&d)?Ov9CKw;D|{YciL|xrJt$zpo`|V7N1{(TB0a< zigt)CB9TWz+C=+8tqY?1eV(Av`;^Wjq)zU%>5il`{2MZSs88yiT zsdj{dz7R|arBdch1q~|)@X=9VM*;;AT#Td_4I8v5H+%0YBet5pdq<38UU(V+3*lk2U-v z-&#I9{tO(Q4zI->?4rigIhQf3QzRy*OUOh(auxFSudYQ25X1?fwpH4IK$XY5cxqiX zu255>uN|S&kCCF(Nf^d*Lxz42rG4HlRmix@Txy8>Hj>W-lV>u+BDC}selowRv6l({ zY)zXsl`*Vpq&gof|DpT)PF2Uxq)$;Od^6CC4QwZ3brMZYi;f0w%+Vqv1q+l>7>I3_ z981kEEM;6cHkx&@35yLgAjLT99cyX{~04xUVmaA|#2eW)r1J<8KDuzD|)>t$cVT!fAxOoQNf7$&gp|Lg7`x zPw_vHnrsknPC?e3s!Oychsh--PtY8;re;Y6m!8cp<CM1}MzX&X;(l%x>U9iw8)q&(IS2|USm0$J zDh=%?Hl>1V7gOn#5|0Z=0aq|-bAMXQb9u}LcU6p{r?XaOqmA@jrFSH2`q4@iD6#hG zfIw(j#qT7^#-b}>b zWQ1sSIX%+x#+DCMk=}8IGAr)zR~iFzn(>9?B^j#4D)wKt_1(?abZ&m01sTlkZ~Qpqd^d@ zM!;}F_nolqiB)HegcY&D&E6^1&FlTjAW~9t=F3-LYNx`W{9Y6q{H;BlE|h?LPJhhm zqr<%vEx4;sY-*w{eNGRSYLWW$-ioD+t{aq>Hs0y-YlH=f{r)VMZSg_4{YDNm6_`OE zznJQji7_ep`S;X`#e(dY)CqASjYG}mxAX8P4V2!<5!)eJ$cjuJuv#Vob{zO% zoE^81O&2BQ7j`N`C5YB+R9qaQ(}1;ld7LW?27VcNji=M803=U@lPPyykdRJ9??3^P zG%mt+o|<7`P|Nn)A$8r=iiLu8zN5=(8s>V zKZ&x^ayysRTO*&M2!jglqLVyCcA^?eo@g~D-N&hInsdB<^1TVLQl4S?RkHDt7)_*i zFlO-(y#UI%Ye)6I^^KQSR!nBX7i^q6Cc7;QfbdcNk%xNkd>PX-tT z9LY4$(O~}UET;>^L}Vk2O6pWg7QfxSKGfg6l^58*jS(o+AAvg9MsOvzjb4!dh?d*2 z^CGJf{W3O{&GNcneg4iz&1YNLI@|dLj-n0+ zRp!mE{)DkZ4SZ2U+E5jCa6EuZ!1AC@d` zB)a1xvSJc6V=dVr3w6d=2zgd;BxFWM<~Aog&;Af@x0qj7*gLrFHI#HDXg+FMkyo0a zS80OYf2aZ9<5M=@BDEh>k7vsG7l%MxYnz;|KR`Kxetdfok)uGc&{C`H$5sxB@;h#o%T(rm}$XF<^c0;P7_obQ3kZ zGu6<}N7&!zpQa2KlLHR@9peh+mq-VviT%8VEX(I%9leWhWBqOfMuJkppP6H(pUZ$a zOYNV5%|F9|S7n_7g>XQ2pYVmbo&xzGnGK&4cpdHF1Wy}iXyZAHl|$H#ukR=q(N@*? zn`4E?n@;Q(#TMTie?4iW^Ku7Mys+)B#L0RK_@Ro+>ywboMQ@PkoBSb})a2VoM6y_A zKEMC8#@UcC!ysRL*+F=1KL7{fJ;a;(N;5mn6okW);xs;-?JwWex4WJZUT?N+rY8Bg zHi40;)1}FGE9`n0a{HWWsI$Tq6H{Cbu1sr&wo^^UvrWqo<(rc%A7yIaflJx(r~Ib+ z`XIEWjA=)cz*Z%qQ|OBvy{)^~sYla*0bE9tSb}pVpE$#;)s_Y7WB1w1vGs<}p)URE zVu@XgYv;|%DYzj3%ljKFK93Wo@P2rt@3t^EB;NDUT#dusozd-$aOAryFO$F|#byaL zRm!8&kqvJgAHl(7+(6k$a(}Hqa96*FK4ek!x*z$n-fx1lJQ8=jwi7*LPm-PlpyORLXv*q@>(O zqwUf9ju8%%I_DSoAzB3mqT!+mSzy``?FDLJ21%G+iYn~m1_p&F&y2wP31H)&V;)-# zmPW2R-xVt*rT>WrH)ZZZ$&tD&m&EuX{7Gx^J2mtoDK9UAfWu^=O%^r%$sakD3cZMF zg`plTi1yWpe#>uw+t>aRE&E>%%*pE zrPHZq$1DCzA>~F6YlbU>yuk}LAv(dC$U0KM*FPO}KVOj!6FBsH=hO-Vc9JBJvldd2 zq5?Q;KRAPblQt7b?8S+DDvXbZrP3^ZzeO8SYWfp_fPS0=j5?Cu!$~UY3{35DO*|i& znz?Md_P*26cLjb#p9|R>&s8&9_8*o8XkXp`xja%@OlT-EVzRQSo2R&XI9ilwt{G^R z@7}3E4hGj1&@lViCK3e@#NTwom?7QPx`UM?T%C%G7|R9jsHh;g9v^y~j&mX4e()s- zct*6d`2^O{q8f&8J3BvO?ia>pf`o3lhN{hqhLltH{R=EOsf@E^*|jneap4?qCiwP~ z@!0Z-5(Yb|a;|S^7;cAoa%yQ#(iyYabvo=*ch%93cr6fE_z5SQEq9;x?TM?rkW2Je z8F3$c!;$rTqN$Onyss8Aj;tPxUNX5lXV@Zv0vTdT{$Uj*$PP!2{J_q8xO>o97?(%v z+er1?aUI9g$@xs-h1PJUs+V9O-NBNt-0&Xr*}h^U!u{b&(bsxsTu1tgt)dw7>m!Qf zr$zYdk-k*##Ty5r^}wj65*@I;aRD8!FgZ514F*}|Utj#J&cMto3!V4UWl)7vkz^t# zLUG~F+AmRAShx+>m^r08yw49RI0M$GJca+jv{DYm{uab-DwHrqTR8E7ekkin@&ft{ zR|QN))f8I7YSVm3x1T@jzE==jtB{FT^3Ch-la?x|rE| zbw_T76Al3}zR^&~B)e{d!p$G54>g>rJABjnGNYiwR@;&%OYC;OX`t%cfic1~ zXgYLXdGc!Q9@VRwP+#mBPF;t0&I}BI4^=vojOhXc;<}T=;-RC$c)mv0v#NvS`V@3* zm;qJL{@rr;oUP~u7Lko`6@e9Q|Ge|}GwAyXS*xK#38o>M3+h{ZuauOoFF>}}!+}!R zlFVq&gHXNN-$}EOBjoz$V*5|UG1aUxt4!dp`maPY{c2t_9h>Nlwz!g~7jKr@>q$>{ zHfS}OB#MXQqa``{avBiGywf@C_Z4u8739w#{(Pr$#)I`4R*d(?Gp1kI&}>G)lS!4I z%ebojmQ(8zJ8SzGp7-aI^U5V{9yD=J_?S(n?BvtR<5OAMOfQggwE0+Cs>>=YREX8g zkkVgOn{Lv&oL{KHg^ukLQq~?u)!CJXtSS0^W7gQGAHQ*FN(-$mux~Tye(ST?Uq{Ah7~$ZHUjm zbza@p(?t74v>TcXopo40bE0KY0%BO-z>@bp|L&Kkr>9b$5M-lPRokNqYMB(D7lQ;1 zS(|v`KG=hHc35(>M*Y>C$Sk}lN^%*uiF}}?Qz#={uk}buHzCz)&qm^~q^P27p_o4G zP~M)MJ!4pQO%pT#7b(Pw89_xr^np2ggDs9PN06WGac<3KW)U{1tb(px8^)KMjmaeQfT+YzbB<4v_XQ#a4RXy zdxPJWSpKeG7L(rgVkzSro6+tG6)sM8{&otDPE#O|@@6bgN!eG2w}Q@5E% zdO~-WziwUFGEm>v2LVlL2PjDYG3P@ z#W(L-H)oDB%I8W-OEcL)(>Tj90eGrAp8$h&enbQVziE_OTnP1ib`kYFOfkN6G!Icx z#DRp=wK!^G3Wk5!OdvM=nvm-W>+3?hl+El9dBd%>+0cRuYE|--Wnp0+od956q?~ZD z9$i=AN(H8{G$dCO=j%!nbt6E8i04yr0@pk!JaWy^iQ1jbb_)y46SBj?bw-$1~+PRj7?6Ge6Re(|4_|(!kxOP=a)58kYo5n@&@DDgej!sv4JLM zN>$gHXnnTnmpb?df2ROg?|CZ+vQisROoZ)1$s}(=X;(u|V#V%`PfHd_UMS#v*G{Ps z*3M%`Rh0&ej57#~{G$I>inB%EugPuu*MM16Bp0E|Z*2UkI(X7Gb&&E|^#;4v`?EUr zE01C|=45b6Vy@87iT$fM%Kmh>VQm-*QG7EKlYAsAsYNLNGXc-&U|FsBMi+iUKfbI% zn*>v=7B;$X_*u285sfYp26wx<8h0BFyeubV*}lH4n;(tHJ)^}>*1+oxX$B@sfVU$n z0cRU$zBCtbl>u?T&0K$bBtYGxR-a;~RskIgOAr)o8kxbEW)q+m${isP9@|joRw5<= z3D@M?2!oif03%LuN&N@8mQ4G29^s)8sRU))(WOsp%&h=UTpd-6XnMj(7KERfIb-y_ zR*mJw&3XhRX?J~+QNwI~Zu^;9ZCJBHd|xr=QS9FQb&-(ypvldBziCn8(PkjwjVIL$ zn?(D*pX{8NKoxh3Sj6{rfk-4vrqFV{*hE)gbmX#U&9TvzII?uK#z zam=gheN)40!e?qkkt1GihI4B`_v@mRw7PfR_29_d`VN$U1IMaRSw#A3F52{WE{3j~ za1_rPCZ91V<{(CAM>q5+*dz%Whn#6|b|gUEN@ulA15#I8lPw&f{7W>#B6lR-a@-gL z^7gU0D5rSOa3YuWnEGnE`O>Ndtu-{w68DP3{vLVv%a)Ix&%JIO)TBqDx;83C*QmJq z?KETr4A$|>Y16#9k zAX(4~t#8rDjprGpCbIWg2j-?vfe@VbH=~O6KXpo#OOT=u97>a2 z6l!!@e;4?XeeTo^TAHLdn6RuSFE(y;D0c1gglJv0zjb6SVbB{8Xoa$Mg}P(UR(Ys9 zoX+bqIVin`t^8pjfk@=6dgL_Ag^ejn{lNNjO(S$7{(1yZuZ$zP*y>J_PN&yCeW-S^bN1$V6_v9>R5(M7GO7}&os$*+bDU7OAhu2c0hn~LK%E_*n4icZ&F})Xe z8^V)EG1WJqG$Jf;{%2s;1=dJ`Tzt0WAjkL6SgrY5)T-yzkxaNT86%Kty+g57ZVZ<% zwa+K)0w79Cte`;?j8Mg^(JU4E1ID0>GLbq%=Dwp)`SX$m<2EXaOxGx25T7eZIVl~& zlRI^!VK_@5c!n-j>iuFV&5^6sn($dpPbAd&+EvZz;7V{O-f^0fs$T%Z51Ry=L4Sm% z7LK2|>PCs-W(H3m?O~dcm>01Ss}v@xGNdM>YxI;iKc9X}pALgT@%taGFNerE!(^Ng z0wqFnnY?mZ$4}OYW4Rk-!f=cZ&Z!vW_8sSeWdDk7yd#705>0Z zTOp6rTu?JdH9}F7MQyDhQ1Muh0WB2pCdE;K#vb7(C0_;L)s%&etrz^Q$(puHvc?Y7 zQQE0)RmUJsl2DcgmMnj3BGZw|lytE)K;JB)~7UEPI*4*t2H~_39oq! z``av$RlS;qFq2k2@#@3{>UNOP)X{K8gokWhbg;^!fIUQgEpjSzLG&W@M|f+Rn*_Sy zAL`wvL~pcfDw&Q!Xoi@QzR?!P)(KxqzRKjn?EF?q!Z;=`BnOakAr_d)bur}|#T^uv|G#Q1^# z@3Tby#%T88{@)z?!6r$Wz9$_#>6l!960?_lD+#8C6OxVQ=n3v<=93yU1-+1QfK z&d$8h%Kx3izgNAZd3I$lEouBMzhuF>*6A_lZNrLNNPpez16Wc+~3Ekr^3y9JXt{i;F4X+?V`$tN;6P zAhJX~CDB6a{Klga?~|UC4Q0sx^$Z-*NNT=fe}DgjFvUk|In4hx42}yIBNfa4`6H3$ ze;=#7zrPoQ(V)!C%#|giXk%}^3k%6$eE3X@o&K%R5CGTV-^qX&3L@#6T3RSLI3BaH zw$v4di#^@l?YH|O8+hg`)JF^$Q){Ry{(*pi0PCA^Al*c)QUDU(e->=d@0)1i%JOnt zO3GsjM0vegIe4+hdVUcrEY|1)g^~G8_(;GD4<@Y8)YPx__4R+p_b!=;b&xL_0S56} zUPn;;dwy^hz2b};Try3(N~`JLi>UrsHF?PI^f1eT^98`)?t>U$?rUo3CoeC5+avn# zP`*$StNuNQHn!g8GpX`FYqlRw>`&d{_MeaS|BeX%FX9jHfLBSvt;%Zf7&S+f^6;o-psrJ6%g_ObOqx{H(8eSx zkG5>xw}ih_78uVm(+X9FV{WZ`M)z#2lAcU&f~iuD!IhUabJJmGPv68Y6Z7E@@(i$F zPySu`MvKE1=rHGslEWZcE<*g=!Ial5X*`!|uIYWp4a*%Np*nb+q-uAwJX@97YS~#K zp;{)}ZzjrgnI~DfI-kx^H3Y97N#+IZVF zt@;Iu@B)54;_Bd!`5|1jRJsaLM6A>lUPYytHS{1+C)(T}O(ky;c&-?cF=%RtJ;c&~ zu(Y(Kbrw^#Q*AL35n;8RZ4~mCdL8|!XcXqP;B2!EL;MiaS!-lXtFpnlXE$)NOKL~M z!m4idw|iXlBUxtqr9+vkyh+VJPn7D!NSih^hS|DE6dPWzFA@>GuR$;;ci%=Hq`jV> z=btNAJ%YT=Ic$_USgvR2|CA}9>ND64UrLcLTZD8?l3^igj9%#T7y0$5L8z8bWsEb# zl{o%0AS);16Zy~-0D}}}Fj4t!EmUA)#EyZ8nhCE9Km#naTe=41ZXF>c;&O)Sg7MyZZ>|g?2l=YCS1WvwH|%FW>OcG<2rV8|!2j1=W_(}DQ#}9shkRXTQuLuwj!l@{~gDPAP9qI|^=_a601ycZI z0&KvP$WX04oJ=zY7I}iFEtC)T!Oe*|izfT2DHMLzL?k456<#2L2sYr9(9V%e`JDXb zj_5=uj@G2~7~>194V>=ZYf$ox4$rvFml@&5a}1gdCtqQyzZ_HW??l95lZ&d!E3zT5@(;H`uDI$jn}n|(lHt^KYD<9QxcUrQ^)wp(H=fM zWPzNQH}Yx))!EmDOPt<3z2~3hqMH4Hn(CePThVUK`oJi{<(uu1Ij36VZnPmpP0bX7tvyVr;Q)_Ac(`e4kVD zKj-UF#T2%o_D7Vpis;VIjE8pR_Q;h|xg|7KEib$R#b8h({xoisP~l&70hJu?w(IC> zNxBm>_3C}K;pNTvU@XR`5CYhEIB+N{)H8c~$VuaJgHkS$F`SK|X>(^yjy(J9tTt!P zY+2`qP@sLP=4{Piqg!ynJ6%Ss`QjX}a*uQGO@XWOC}JJUE&-PQ7Zj$DS%>eWN2C9l)Xx$1`lDnI`7_hbIa(YYO$!%J)c>+xhwV2oVaw zlP}1VQLC!i=u(wy*+i{6G$Vwsx&8Bvvm8X=QtsT*C~z*~uw1Dp9eXO8`sQ4xG+mE! zO);-*I^JBIPuA^~4veBN@a_f$mf};-RBF0->)6oU;)2$5CF$ z(W8PLH%Db)NduzT5TmJStac6GPr{>-+;^Yj`#sKLf%#*HOb&jeh!rrssz36~Du24!fpozi-E@?>UJJK0z= z>p{7FZtB2!?Q?X^k&QS0tETSpJ82`A6Es=?oW4F7 z;8_K-8{ToqHCCYub^*lb^<;>}qXofwVo{x|uhrSvbUI={lbiAqX3~NhYkE>$5!78j zfzL}Oo;JCFlax-)I%emo>2=_YpGr4C5J z6^!a(vT>%rn(Pfn?#<&P2N@}8Y+Rh8GoW)Xf$9EpN3;%c$B$68D6GfwdkZZZ6uhYD zwMfbXfmYbXl#{KK%KlViV#ZD;)TFMNbmt?M9WLL4&+0Ci7OT?1ne-f94!fsyct&(KCpchI7N2eRv2p-9k9N00tErFCY!6JkesQs@TyD$|B0F}9dPKD^@&vs zj=3Q9aSMuf7`enRqeMu9R(Q#bU+)1^5-b{UQb^f;N>TQ)@IS436QG zm?{AO{DY~*gE%boMQl5VIB{~MUmo4cX2LqBTtp#IKgbh73b{fpNU&zj&Q%J`jFqJd z@H_>~N0Y+A;WB|ni>%b9U*n#rDC`=

#h1cF3p=8&t@NEau#5!M)=%gCBSD-cdQR zDR&j%gSwP$vQ}&YCTt~1{*~!L#QrZ8UrG{zZ;;Q=2X)#WJDZ;y6lmLvNf`KAp3-lW zhoiAFEDBJHAtCo*x2;fySHEYoMJV60b+wwgsDqr%9Lf!Z7%o~u=afdI_KjSDH!{B6 zE(mFoX_;h0Wg^6Fc=?J|b7|*tmgsp)Y+V+#*sD>iXK|(oo%3d}+J$%J2c}v-b@PTc zFgXU9;PR+#Vp)a$sv?`u^8|nN#hIRhOmrqi(D#BO>hqc!fnaVF2)P*|54p4UDCN_! zcWFq-x&F(eb_Z@=3Vz>AnSb$R&x7m}c2vOXkU3MH64$osJTx+u+~11`_X!}%f5R5s zP|2)VgK0Zw*y^;f4y@qD`z3n)AHxl8Z1aCvagIU%=S2MfzmEZ%o12NTu|L2CGpLgQ zo?2i^0T7ZWjJ+(b$Fa+Rf4%eh0>wU1*VfixU|=XwOD!!ezeb6jnt}r~$@ zKUBF(&rcuWuW2ChjvtP=V8Oaj;8miL8~%~Hv%9O=YEQ&rw=p<8EQae2)}X5uD&`Mr zcw+?KIWI0Q+MY2|7tvEB|Cj9$LZuS9 zZ`7*gfqe$G8|2{a<%2(bE0f=cyQcf4eA#||QjCj-=N6phISbAhwE9zO$Q}zO3gYM2 zx|SC6sZ1{3m!kr3+M$AmhWiJ^i8!IpU@VdF#OJ^E82~Sw(`P4)0tNvAr0V|yF1we3 zXkuYedSChPlwkRvw!U~iUifT6SY6Zl?mK~Vw;BlExS;}O)>w%A_RlD&ZT1@u_1`2( z_mc!}#`N06JqZ6Q$2UO7o)A^c$J}T<9gVa=BI)tNvS@FA zKOrkC0I;^#+M*_{r$;cE&N{fUG36;nOeFx$-VCP5@xI~kQrPsmUQbBP<5^DQVg!P$?Bd0=rSE4=Xt^_`4_Qb)_b;t3{ z#nbsbG$JD5K3qh}H}*f%XL!`keLoI*VY6y#^OLKX$(;x2dpuEj?3|rZ`XWI}>-wQt?FT`jCoQv~bd^Nm8M*PDX;IY=H#Pksa5caN`+=1&wmes)JJH8*3cIrdvS zvZrZi&dVIBH^Uv3d??0zx0lAF(Z(PaySnE@r6~lF9KPZCjN{~p$BDP8951&TO5Y4Q z-G=OE643fSO`01a{#diM=EAODy1>Cl)lz~^Yn&0E5~IWJjb=4Pk!DO^YL4WeHVa2Y z ~>VHu&~djR1;V$SGZ3%|*D8s}-6A9j(`b`0DixYnwaYeuqqBGVv1hFe^GgvXbj zp8kNKcohhy*PXq+z_G&i%UyA>9QalcU8-U&D@GmfESkd zS03}e!^0kxQo~J^xfHlpbbnaFAlZAH6v$3A@OUk5chEe-o4u&^W+csq@8J;gZZku` zudgfr$<$0+el4q~!#l}kv$yQrt1a%{E=qjygXqKUjo06hL7sG6>mG|#ck9?U%j319 zi5LnizjKYNR*vL2pB|;>@uzetsos!I5LTSs;{cED2#(Gc&)K8@r)Xu0C^*`urdAD; z2bm-l6%|F-?CRRT`+Id(n{HMmLQJ{ciY1<;Ke>X22FsUE0DR}|D1iQ2T`;_)Hsv5B)jBCN(YP@jCml%O18C{lHdf-tubz7erECS)FUo<% zS&VC5#U5N zS5&Euc=`h3kXX`K%D~2t%|gT^T@`!{_6#7!l*#_eec>v!VvShtvLvMPhHUqT*{ACk zqv!VyJI!_*OvM&BOAMUoDzUEz)`~J&Ph=5(dSl^)Esk?XLg%r7B^bkY#}%2+9lSET zCrJH0i_;vobf5+z4!(3vWdVbmO8up#{qL`?Rog1X6qDB4$)8w<3HO6yO6D4M#WSUT zuGMRYPQaq~7+;sG?zIIfwX`Frl^v$OA0N`{fY1fbmqYZ27}4ZxjD{=QM23o#Q_}!V zsVtzIIW##PNfPzYdaXFY3GW9V=O|Iox$^VHfE`x~+IYC;X1&3(Bfa^G0!MywXh5j` zgd+dzoiP@J{&;t3MJ8u0beA;b?=NdrdG!Xgt$?SN4a1G!rnH+4csbNAWoK39eTT|R zUMIBLY7B<&zk_rDjRn3xBUWG4{l+QgO6m?u=FfO@gjN?2YpG;R&riBI+fOu^U%iq+ zHjn}S=j)%9mui#RI!$y0hW^y>n?K|yRcd!dojzCp zK{XXsc8`EWFMhLnNsc7~Y-aRmZonrn++0InHXN0xR%&*K(X`pJRw!!@GN=yPq4()_ zD1hw*X!gndal4YYfNhRiw>PEkoQB+`x9Rqz<%e~tJJrnPc6V|o?8)6xS(0yfq6RV% zrn6`I5Ej8~h4C7j9oDUwD4{2#;Xdbo>H=7ZzR;D=B zPR>p->ceDwo1)LW{+(;Oe0?Ip!na6v~XUP(!t5*sUta_US1hIJs6+LK^WV9 z&o`!>ot>pRZS|UVlz76=Pfu%26spf?yoUXOuYUrpM#;Fi_N(b2#sp%NJg`-_+Vc0C z!8wf$?y7KuH~ZsMEA;h8{QGWp!f9mjA4G|6{WpFzxQ-1woW9(_X6po|6Qj@?_hUSu zdImwAxjL_9?rKwlaG9t-ex^vk^_%O#EPhKnGtrLoT?21};-!=+WR-qM^2zvrPY z5*Z}3=UoKC(Pq?&FRpKDLts9CFCU&S(MdaM&g{>z#DY$mLCbL>29|?1Llt;e^eP~0 z_xql)5nCVckeTKUpjV;5~yf=W)VzHY=wx3#|!V(#ExcZ6nc=>ux ztJ>r!uztdLv;8uyZX2a5xO=dd-bIt!6paT+F4QN>|GcFepH;FgUiSugLT=k+Q}P( zyBVEk>b#wzF|kA6c~VF(oj;#h=j}gXOYyKcavD13bK1rEGZbYlJFz##+sW(+;bG2EXXKUGns0at!lBi432){j z+>e?W;Cgry_wG{KYp~zmiVvFraRn2^@bxW2LuwOFf8eAT^jtrf0nn~2tBa{hY7 zD*t%d3p5rmc*EqgGLA;kNqBxwiQv7zf&XLQIdsa<1-Rz{^@J~^PUd}i4U=!UTf=qH zB>qTr$OSAZ@!9ddVT9R&=@Z1_T$4P$S7YWtrHI2^I3$MW74mUPpY+ylbg23Narahj zZM9vv_S4ehh2lPim#8Qm+6@!$fns5p1K#7Ni{cuOD z#h%RHJ~8F6#VI75OV26t@~3m8_Uw$Y13DmB*c#4x5UMg)bM!CWwGLlxXPr)=qeA$} zI*@6?16rAL4Z=hd&~dE?cy`31Ak}J``CIK9a~c9my4)WqS8+cH9rd3v-&@JHiU% zh5Bh@zPHTyDxuqsuxn{ga6#B~r9;S9)?obkc9Dw33)*7{y$Pqj*L`xTm0AtjIy~B8 z8ENBkhflEA#ILp`zKU9$x8=wYk?kQ3#S%Wq1gzey3=m&&Kl^9u7*jN`U&SOs&LGwM zBVfZVa(faLBw{OROWUW8i-+l;!ktfDWdrZRY{S|fuUBN82;Z}GT1Kds_`9%zYHvxk z^Dl3gdQZroDzR_5GrPw@j!yXV!Hf|MoA5;B_YF4GekqT_Jdd9V7f?zDb7_zCdJWY2 ztk<*jg{j~17fzV~QoT*~M958{@_z?bt{#a=_mJ#t#UYur~Ejw{7x6RF#LPQ>?* zpysrwKi>`wOf3Nuv52N)ymrk z5#PEmH(jri1cNF+rx|*&B-&P%1&yLM$J!F5Hb~x^B798+9su8Vb<|6ht0=B5A3#nk zYWGsWJs-V~_bdi#D3A`yz%#oBJ;5%ZM7z;I$E}dNB*E!MAf2g?rfGLRvjtdRxO^j_ zE7gSQSoimn=BO`-uzO9YB`)|gH}rAen9EKt9<39e{jML8#=lFs0n~8tm_Fw1pp;Cg z{&s!U?(5pJO4`y%WZdFqyt znK9DglKGB;^Db#RG_g?aH54IN7>ntkE9iTx$?Hl*8SxoV<9RJQf2PPzXnC?w{o^blac@JQ|AIRKnctLUA?QY|^2R8!mj2=wSTb$oWy3Xs}G>O0Y))`QBk6-fAijc}fjG zI2_W&Xn2r}laI|_PRyu#!kAe`CtM_%ZSA?siZoXm3-Z2xMd~wOHJ({|=N_bb_)L8h z?IW2CP6l##%N@(A2aFuPXa{H@z`6&#hhDQ{5C+~CK*Ue}GxPy>5HKse1(0}VS_9&?wBj=e& z(J~k#kRwX;W>j*bo;_2ACuSYrUMaWnsyA)p<`7ACc|WcvY{V65kgK=_8YsdKFBWKv z1PUb51oXE|9%3#R@MgD({(At%KhM7?2!Ub`fdRq6&J5%cq$ReqGH3Qoo=Yt)+xw^X zZ@S(6vqYNY_(>H~yp9Y{Z8|K7YyN)D94Ie>DrG+k*V}@k#rcAYe7aRl@2__vQu&E% zxF2HN9ZUD>sMjyY0Le~+bTd3e2)gn4aXOq1)pD1u`}{bb#Wgw+$?eX~kS@1H?-`DI zXAe|NmgKE{yoi;K*7$zr*oBl1+i)-EJuuc={Y5l~Z3Es@{ht29Qsjd?JwAr9vaQa%Uzue{o?ype77rQ~HA(e=!4xB}`zo>+oE$Vd+uapefJ*d#*~%ZG+>FHiN)60*PV6{mq23v$RH>e|1cXw(c7a|B;@vcqYHF~7Q)Atfz1hG5+ z8v#p#SLyw$_Gn#|AnzFRa8(hjL^dhS($e3~HT(oGr48(KgCu8h|Js$cGtmu*QpQz1 zSHiFU87UX0EyX5P_~l6Eojz^1YI%M=T~fFEkA3YoV>H~k{aZR4zWOKiGKrsKA3Siz z7jTlLE%G8$dN+T)g3`Dg@yPEowk@lSqUnYv3&jfJ{CFRv2O7|}+UZ4i^r$7&etjXh zpWzEgMorw^ffv4t3Oi7 z!{6fa;YZEznU3$wJ2jj2YE~nxH&HT|swoJS$NJP_5#)&*dguh9TF!`Qv>a4PKuf`l3D!hcDkJpvz0MjQC4S>2xfexPwN`F0lR`rd{^hgD1?)|Go|0 zdAEO5i>B)P-h0*`9dWeQ?>7N9a9vZgOb1&58i^J;f$g(F^%soCCS2v$_YXScZuCa2b2mPy}rG6)jy4D!TU;ypD9kEhV_rKK4jFuy+ z!^S1iUwsG&2zm^(IMHFwDES=1^fw4bgu5MpRi@b_Wf?;F+S+{3WJL1E(V&( ztIQ1~1y7A;Gg!e#Z(INQ+yT173R3^k|3>5HOaq^M ziq+x9f;2Hf7w=~~f9S&ty&$Uc5EqE29(egkbL8rpiU4N9MbH`FJojE57juV(i#62_f3`;NHkcL9d zijx@9wYUIu&%>f)`D;YPZ|VPO5QdLbc?W6{Nx9o7ULpXBO&?e~c${06xd}nK&;|9c z*v&WfppezipClT(8;!6?R&Te5^DbSvl`MyeR5tgJgPJb~>x336z%rMl2e$!=$8^Kv zl+q!Byu8va`q77^_M=N5vX5V*zq1yCZAN|+hNzbmxdI7$f zS_wP?TDJfU`zx}CdV$a6*27P8Llmb^8PsOwBxrrfY5am+`A)YO7jz??Wv+4Q$&cRIFK~`E;U~c(#Dd_$kWgFc7d;qbPgl6Q$cx#+})3Cq|U9kP&esS^c z>Myx=_VH+mAx73wxJMk0^Z+`1Bk87&O}9S^;urUg;<#5<^%0&6-8N*&)A%B~-SzXH z`SOP3Ew!GzpATL|xk^ z=NLcBnvB@#mXg&uVGF;OkM{)W(vLV0UZZ3NAL0Y^;D$t)=HW^Lr&shU>MV%I0H_CLwky^)~BGG#_o-d<*xY}=pR>qGNP znUCsjyDxcI*h{`Ch0S@t81Z)H*087y1jH5mkm0KY?=mHJ%%09))P@vdcITj@pXLw; zB@>l`Mq-h>(1hkIDaS=JzcWtS?Qq_5*-d|nX5~G`gCZ(by(BOkr^+s@VyV=iO&lQC zeJeC1Chb;tZsvBPZd3F7OrJV|MFK=Lc;iB;k@VP6-+sX9u$9`Wk%c8KSYfBG^vh1+ zz>W|=(da0BQO6_vPr(NG15AHkpS6@O>LUrL;A{K-tA-o)p<}V}CDym~+KdGkyGWp~ zQ!O1phr_{OU*T4iBmf1x|MrEvqXFl1+Y&ff#2BeosWmMG-xSgQRAV&b41J-mran~e zbP!gPZLY=e-rsc?1~0h|O2AFZ^wKoquQ$NCi|CDU>X%2}3K<;u^E?~op#>DBuGjue z{rj)XmY%CxchyGQIy#@+N(y+|!0`1#y`Kin0^Al7oIBU?-jBW4ZdIy2 z`h(9AGaG8u5E;;f+sh-KRKvTy;H#4H+@UKYJ&q^%+nGeCug&U5gO@YQjU1swG;(TF z?suZS8;L};hF6Qv@jMLe9dQ)O0OZq2SKa1mk=)X@)R$)Zy{CPNj!z69ie#F%lWBL6@)Jau5Hl zND3`DlHHT!lmxCq$Q5y7p6nLJvielT!y#)}yV&*s39kuR|ZZqwcSH+n8 z>B6NAa0M!Cv~H84L_C-nkAAppEKb1oq)Y0*kEQb}ic=DZ@bEpCkY3p%YpCn73DN`vvA&p|)|HDA6+yvQ{T z5G?$0(PgeGxACEHa4P{d(2uQ?l<;4RlE`jj0!g5G^6z)|GjIPV?6weZ?Rfd!-a!!U z?9e-yz;$?iYUaHkkKlTVQt0Z6Y`~uYjb8|Dke!*=sN5;pOHk?SCnd(Q^R&rzs4WomR09*{dViY}BE^p6$k%s$U z+dPhA;(I&&Ii8=DcMTh9ssud><(nP2sx)JNiaWlWmX^-veh4D<9JM5};dT7&S!Nzc z_3r;t5k6aNN-N-bu23;x{4;CA@}hUOu!pr2xjX2+UrFG-oz7GgJE;6@B{ybRwFz5w z;3Afof2IT1W?ESC{mt?e8^!?q4;FA8I@kz|$yd6ULob67D)RKgC9@?;mM}ZC6<3BJ z?kVrPt-rzlu7oikn^MSg@A#4*8xi*%_c;TVmA{gbl7eCTb-v4~4F}@DIpgIob(wP# z@!FdlUaadWjW-!Qlf;BFWxWxeuiRO>-nyR-`wpf7dtQ)$wQtHXcVnH2e*1jVyG$s1 z?>MN-i;rimo=Yw|%RBS`LR|+V`B@$a_GnB zqA*;a^WIUkX07IBOczm(>Rl4q;d;KJ*V}F^Qz26*J$@jj*z>R$)%OO=rK8O1i^QJBeiRAUdnc3O*D^^CvQ6Xo!JHh82*tg51^Hq7in&_jh)N4-}&xdT*S$`-N zcg4T$rZ^QwmZ}GV=;@YiqK-;Uw}@nC5Ayi%zyK*1kn0d*W3+spyEnPGF$=%9ryO=- z{j-XLh(H0Mub?iM`9|aFI;To5NUakJ^~S%b|Fl--E}EdV`+-6sT+5rQ-$#Q>S&~w% zyL6ORclo>+yX~X=WqLinr=me5m*zmOt-YOuIT>LYgQ&s#m9CVVqw>g1<`9;{{z39> z*D-SF^KxsEL}Da&baDONlKRc&Naa22f&JDsZqZ^WclvDe?SwwE&ncR^Tw3ya#6?^r z4gmbG;fBVdW_2`gTz9GSj;dYLUwSqp1&SWJ(1Mp&D0w{Z;x3o5w?|*cRD6^!mSFjm z@224~feFpqGIFGaoJ*Qt!OB1>x>4_>=6JfJ^ zD_Epg#A`oUbE(lb)!W(j|Bhx|xi19X-U7hw!{9xjw05apI^zE6>2pZ{EXd*I>+4E? zfSk;z{!dXY7gN^T6lVA5vYPtO7&L-vN-wrtXaZXSFjuWl1k;zFY6p>Lei5zt$6p^? zD)c&Daz^}eyg?S>Y)U(AafR4%hnIdod^o0eg>{Nf(p@4)#UeZC<@;h52aF@HQvOl! zbf>bfZ+1cptarMeWLoM-w`p9(Jjxj!tK;MYx`ZZ!x=goO8C$Zf#n)H3>o6=h&LPfS zk2|Uh38uk<^#nFhE-X+gt2)9XEGc|oqoH;2r*@PkX?Sn1V*%y6JdNsR zcAvYxK(wWz<#zlipNpz=c-VHSn{{OtIH7#K4TGT2V!~3j#T+2f_{|d{@o1qyFgixf z_-MVM!O(0cH8Z{M$L>$a7)ms_3yHM*+I?IlpU&Ii|)_m z{;(J#%SR6g-k5gB-!HZvP6hvxhpwWmkQ24JtOcGYvMf(CikP%oBGQsjmi`sxwehpe=Aw_p1IsIstk=FY4^r4fB49gwODeP=*()ag6q zEUte`Z6uDDrLA$Aem}Y2jAs4R14+QDuuNeoI8K zQUlG+{QS(D&T}W7fljQ@ITD4R2vzA5{R@bFPP-|{*mW;{!5-a0fGyEZd3iots_X5L z0q4^u%?Cx%n7nJBN%CjFmM;M}Wo`D$V@tUiZagxIGHm}s{uv&vX;jSVwL1rQq2Kn+ z&oBFEz&NS38^xcWkveX#*ce2w2?~6ZHa=g{WM|&(_gmlax892HkYqx}f|>d1YzY`A zOCKTYDwWw!m^WzrSI`h%D;$;NX5g7zeIOtQ^PwMLIIu_rN`GCK@0hKF!=r46?1Ly} z1lkjvRe9JQ?#0>`ek}rt6*cyGP>*L5mUf9AcM^eK9xD`59!UFDv;v8kSKsPPR#0;=%u`@Wq>EELrT4mZVVYoc8}o*LdP>_OG!bb2`f%m)R>@`!gFGon+O zNg4%Sr%(g042SEBip!acDrn3xN#8%Yd6~;c8b_gNc>4wQ4Vcl-AG|toGY%nGc={}$ zn9*0@ZjV2IL(n7bKL+wYxmvio*K>6ooeChKZ}ItD^EAFaU|oOiS4zA!G^Z)8YW`@J zV|P6GNUH-Hz5Hy^v6Ou>-+1e8t7J%i52#2RxuKNKLp$#?)z`%Yxc;swe(jkxR5Ug6 zCz5J7AL`$__q#e{gRnU4-lP+GLr1l5t@VZpP5IjWJ}LzOCUe}e#s=xd`mzK7!QB%H zgvMV=_gs?OzDRR89+Faw`!n$#pU;E^grl)h^@Ry%HmhvygoA&ufV$GZ5B=ly&bMW& zVpJPweU%{%%q3cXmVjtnUhMJW|Et|#9`5J>;z|4WkD@f)sHOh(VP}1#V~x`vx^e7O zlAz{I2mB7C7InBN*#CFUw9*tNR}Ze#a{_z*eVP?aY_gljFEEJHd||~Tz+h< zi;c||)>OJUm}*rBi*@(~OP~GGAs^GL4{7m3Ae2(GeB~y}kc>dSKB3V#YwceGtZb95 z95!Zp_OYG+Xacr`b;_%g`rq17KWR1zS*GIqhq!jUXpq%u7Mwx6r zQRP^W4;fvUz!mgGkXahZ*cAv^c_3{}8h6e>VW*OD8!=yO$|lzFjeEsY%xxu%7mr_= zE8Xf3mBW}TH_%>7rkYup=vag{Vj;*(shRA^vno$(t7*j&{%hPF(`pC}iuK*y!5HgB z|5D`7>D*=gLy<&aq$sUIS?=qxWOjiD&L#dtqv|U3{uxFtG-pueTZ1 z)Yhz*LL4@kF#=NUQO&6a678A#1~%$R%g5pa=|wwU>$oiv+)x;jpNuG=m&z}sFDe~E zLRZ(6)gf zlkg$DpyxRz-jAhLl;<}+fMJMNo z+k(Q(v z7ipEI4zSud+%j!CGlZ`h%VWqzOJY94iK7~@Q|V2YpV781U2g_u5b>%O4uv1Zmjf*p z*>EL#GnJ%N%C{5T^)a5c6&CdN#?Q1`hkUg;!2W)E7S>$rk4#U0y=2R{r9R?FlvnHU zu59&lBtiB?6GL}E0d{cH2#83Pf#IWnD|X*4p|k%7E`3{6W=t-yA2#rel;*kKlLyYe zL!BECYh;v_=_b4GkX#SPEjKz^{oV#tKdnYTEw{CWLJSYLlqtk}39eU4#3oIV` z%uzT zhF)iu5iTh*O`c4BH0=Q0p#pvk!^a9Ws^b}Q50XxkRx=sX^&nTZ$Wn5L>FD+gJ;KZT zQo(Syy@VAX1N@uMiy(Q4#qk(3RJr(!6#{f}RCK+Dv7d|mIfoKI%fE^+umD9Or;7+p zH%TO;i?<8=X;n%=k0mpu(-C1Izm-A>#ohs1MwRXm6*+98_%*sNgOJQ-)_WQvP_BG* zGW5D;U)qMEl>%^v3MCeCNovTdPwb?6e@^nh`CqLA4l8|zKz8sSMvQzO&SXIc=L7-{ zG_kieFajKVQ!IIyLoV4TM2_l%N4YyVEssrKyA%G;uad!=KMs5GCBT*+@^qw z5m@K0NcADk@1>W=85nhTs{pA40h6l>vMQPCU0tpattI1e)xE7{q~S$Y!c$9FBzBJ? zy2ywc$Ya{ZJFhvL|I+qkCZ{tqod1miM^I)4QuXK2xL366PJWApuPV!r#G=@RVbdO2 zYXadI6r}nYTofZqzYoJa@H~&F+CDp5>{5{i9$~aK*bOe6!FLE&((fJoHAe$S6sagF zTHvk`x9$8=(5`N&aj^+uPT*@ZoisPVff^ zPsm>?ZCQB0d-r5#t$kb*U%eg^A5VMPGkOvdN;6mo(CFawxW4Klf^Wv&_H{MCE6=d7 z(#p433$qNQ@CKwQ$v`ZgnyjTB&`6Hv3gP4xmu7RzAxNv4mf_92=ikS@t)`3&a=QNL z)en#Js?ay^JXK^KEf$F?p?Zgp9{V7Vo2K2FS(yEC{9*Yc^j>JA6Mpi}wmTTk2hx`s z4bw5BHH%Z?f^xU6&lysIBsvg7&-bksYDlavZ*c3AZLCTchWSUh^3 zKju$nZRyCNHJ)&bWv0ZejN^$anRh(sug&g#_2&;7Nv<$*)b+^twzIElwgRtGAhtZO zu~VbhQ~a9<&_MDnIKFtMM>zTsl_XZDsc-oO>6Ye|0^zz3BB>@9ORnvxWcCW*LSKNW z0M!$4{XBUxf8D_O)s+XgE*85tbhciRPy0GGQoxe{nBjiCSe%e| zUmOMGh?|j^yCB(Xds61D$JKlQ_LZo>3E4BPI}TI$D;X#a^z;6SxKbugy1)<@VLz-% zdbH$lV&;KQjuyr7ldI7)>Mx`{*h6wCG&5Fi|2kdDvN1tz?RG!JvV$TK5V}Zps7Krt zd$LQ;Qli~UtX#lTz2b+=?VyHfEaJ-%_3IC!P?U%#%EKg3Xe^dVm^-;63eWhuEDkKa zyp2m#+}U^5H!$X%hr|n6FC(S8*#(ZEHySd(tQoDDW;+pagyXHWyB>&roUd5qc$kud z!PpN}^#2Q%55IqUU{QVtD-U7)Sed@h#1UF4HCrnP%@o3303J3w6zG2&Rz?^W{_7h_ z9=ve?y-b-Jx?E&1P6q_y)wLf&Af9;I^;?t|96xm-tj^&7tCoN@PLNRPqMsOXdb9CE zOBa*<+LB+mi7PnoJ4@=u->aBq%mZG8@m0LTIX%|oe`dW6Cj8&GKGxFB$(*bkGGk+@ zAG=6QHh)6cTfH3EP_1k;P9Qm1=@=X~77s??Ru?0}#PDl&OMXfHzhQ(otWre#wKQbX zlso=W6Y*?~@vFL2TgZ#+(90j0H{}1PK^VdL|J!F64N=&ay|vb8b~P_AAf{O8#=Go)YV)a5eD_*JFN;nYAeo#_-bjrHy zMz!E`0HmhAKxIcNTcG@mg``;!sifFU8qJ1l=6ujY4MBxx$q{)xoNeF2-HdyUAvvtk zReJH)6ZQOU+gx8Ijmz=3+VxtlXEP-n96GEuRCGjFO>3?-DMJ+q2vo?85=-~@g71BD z&y`KIXs}vMpmAi~Q;3@I=>{fs{u_aZ*6<=6QQQdcq#w#Ko%sS^`09|X7dYRU1Os1wCpaol5Blh(5%;3R-|zGS zc(760K!Ui}Betfpi{>Ds0n3L!8=+akZfPyI3a}i?Aa4z-@xlNn>;_Q^20Z0F&@xf2 z8VTQ_=d;S}m3-c;-JX)PP45isyT}@xyDO=ZerHk9#pCpyl|4<^+uV8hT+R-Bgp>ES zwPxC2Mu7ClvqElbzuz`$5Bs`mx==nhN0-S02lttQwQh$h4miJK{l6No`^>f(ORm{f z@yf!w%bN-i^663yY2{`1IQ_wD?a3%PO~|6yQ|`}LpLgC~eq&PGDX$GN(y7)tY6)Z~`%e6E>>5wGR@J<+ z1GXL5;>PSTUSOxFQ?`jkw@c}hdVfw~+lU2-`bHx8?m%A#$FtVzV%G(gK)(H`8FN>h zhKo4ZMoc(loqRk=CmFLSL7B8YdW4yMoXR^aZx&Cprv zw&6`Flf8^gvSN|CzT80Qn0ztCjl1|oM{+{jn0>aq{6(jEnU52ls54xrowI~JGxq%U zV-jX*CwEoqSgP+G{2uRE`;V(w8{Asx_Q@U`tZg_V8WxN>%IexF*f z&EnK8<&mfl45bhXTm7g;_5yM)9m?FbV5_$jSGi|i6Mpe54i{4)Je7FbxOgk~#?lIW zjDlYNmG@+Q_cZa}th@|Wbd1zAPKVf0@bcp6AAe+-iuM~B=f*=rc~a1Lmvz5l^hzLX>Vd1J&rlXw)$mkv%)u-nDqEz^)au55H zxhm=16GD&4jbE^L-6yDkk!9yQ8fvKCIuz#_S*#3TfMr?5X`o(?ada5fR2l;FNDN=r zTF=rDa#{VV)fS^#)6QI7S*ibD#sP(B|IiY{s0ixZDgPu1!)VV6%~Ikaobc{0vhvO*mrd1hCkC$Q7%`USngbLANfqeU0w~%x|JUTLissUD~(1o3R*O(#Gat`e*C6{L>iT}3_Q^h@ECgQ z%`r;g^zr`FhW5u=eqA-cAby#Pj0~xKGAgg}DoqGF7)T+3qhLmC9UX+?2yXUa~Du$(gAIvl2GbfK)j6icX>$5|? z5FW~Zl8kY8V}3XOGcPuoucFPq1OSEfzLa@gJ~wLJrPr0EeOflpjgJ%AB4dZ9C8}lO zon=RBqHpqCS74sED$3=Y6zUlV;L-L8*8E{A-q@!s*Q7s}I1~jPS*KZ%F#M zDJ7xi!s(m0WmRHvSWQAPPK2ehoLFEBrWDvjZ~RIgtJ6R^RrSm8fO(+VSxI04#p1x$ zG2x7ee5b->AZ;>op{UMy8-48EnIM(3kqgVa>W@EnR1J;aNRK)ZpZhiDG_48JkXqGJKF7}(R@d+mUsVgzp`fslfGH`VL$bA|CEXWWZwXCNc zhR;MYi9f3S zoZ$|i6a`9poOsg&Lg9QL91nkX(Z-5Pcw^yXDP29Kg31+#3e zfZw_l9xoNpd3$U$zTWxc8V26dPhV?3-rp?qNiUR?dl`nvZ2c<+LX9szDjJR!vayES zY`Z&;M4R@M>|QdxH>*7PueRNPy3c8{TWiaVS%UL>9A*--;m*r{W)65X`3S;gG2NXm z@X|oUa`relI%rjRd=p$?)*b8`O>eNq9UiU{W%s`~nK0~>bg&?tKjrG_Vhc;h>N4@T zzR5c{ly|*vdZ4D@_#{o;{SK%z9Yhlo6T7;;v$)(hmyPFaZTfELGGB>p*iq>6^)++UfhjIf)|3>V-rdCzxDZ{H5_lIeX)S514KHKxe) zwA?G`T;|?~E3Oh|t)}lRkyA=}bTk%d*KnkuQ72$b>*w7SHJdd5(n;zSQcZI5EdV|p z%Hwv#@y9s+j{JIvA;nQtwrFU93k5x2?tH+_aTQg1dneAEkq@uNFIVwkep|f7LN_!B zT~zJ?tr7axtEuh${kVVJa*$OOYO&9vbL$f`@r9B7p#tfQ&sSWJk(~YHKmI0nYlGRJ z2?uLYrlZBr~NY@FOAS<87}e%$p3k%FR>r9Nj;fw%YzXuw#bt#HGPxC@tqK ztf2kP(=VMmi9q~Zd3wA0uHvx|e6$zYs$HTE_pP_L7 zE&mOo!+d5!@bmV*K~tW|p?c8Ohy$@`!5+rhip$^oV5zUie`UA6x2b!E{AvU=&VmC}+#H0bLHrnD*imVk?nb!M|Qx6Ft? z=OHGsxpVWdi5*L5NlMHXp~xHz^*+F35_QAzRV5Vt@hpo3uZeDFHsEPkcQ5msZ^U@? zsdJBtcz1mgOw;iEH4ODAGJY}}h>ddN$bQ|4;dZ_e%aYwb)u~Hsfcud{JSll(1C1$7 zq+f56L2s??SC!@6V>?WOZ3z0{wPW6pPx;5PR9vA0j-WdEQkbmdQs zE^^IaYIrW2-3W}p9hb}^6de@LruZKTyy4e|o}69Z(!`q4Ld3s>*`G>@=iJ*&sRZjU zt6B(&?;v1lgWrUfd%O%bA9+|Sxs}^TooIwrfS*O}_a#hlwddN*L(DmF?C zXBoVlgW;Z8{${Dt!HkO(^u2kpL^2pSG33HIZo$mnv`Q{)PZ?9`I(kAMkM3mxecY|S zFMgmTSgZQb-h7U$MBwC(o?lYB*XC&@d86p>ZES_Y^WGq*$C-SKRywz|vTAH;DLs<@ zO3Viwajl6fvV3m3C7ept_;P}&L;KNGj)^GnDZR4<&554p1A->tWUf*s^kkc>rsQ_c zx~>j1s0b4VnqUd4!aW{UsWezG{@s9+X4{Um@w?l{tZnR`$omKfFCu@M^5aO<1)JnI zcUH9OoEj3mf6mvWrXF>aNK4+E;r7d`JxaK=Iu|gXX?$le3E>YF?p&USY8!634lXXc z#i*ASI-VMx{sdKDek_W5qP^O5r77=9*dp2a5n;;N==OGi{uTOFiS;Vl z+FD~!aH_-K^aO@a8DH)Mgk=s_lB+JXr(3=f;L4p%(@i_@O4S@3TO&wN&$W$C(;A7KHpnSw8=WicePq6{c3p z4b<^y1aj?9>eEp#VD~q^L&+Clz@7U_lbs?MW0IrN)qR0!^P9|Jw-*j61p|M)eYhj! zDSXn!WSyZNixneS(7yL~YqC$YT5!q%$HWG4ABDy06Br%;S51& zqlCMO!oRnzQ%3)lKE=L^;bQLke6BGD+xWJYH@EIf;c3L+@lrm$Fnr8by2Ey*Ry*)^ zY4=RTEmVU<@GJI~d?I`-olHyLG-y#$+u8hI8t?ID0rRUgSgb#K6}n$(rGk&C-ANf{ zJc&A}SRii8IHPb}&RZrkDMODI7+#Cqmo4J5c)Qf%Q-D~2fyW#8gzBF$2soED_behe z>E_HuCQtT5EY}7`Oxc)atqjCrzYC7M_p##X0&8KB(T6Ha@CH|WWmN1)qQPXR)O*f( zt!$*p`>>mjn?r03SoFuqA}#cmeZrtia(985ZB1zMDS4F7`-1JTrg(P?AXioXT@9^F z+RKXh=j6G?`|())Bv4=g$|z@AfEeBmX8jB9yF^wKq~)y-IT~f5Ti2=0ZM-Ya2cpNJ zDW*xtH)}^%3(d3(3Ihnc8PPTO_I?`hoFt-z4+<$uhb2{KVJzWh;zqh?<9)xdBDnW2owYE1@Hnt4(9VobGT-i$=j-uaFvQ^>2FJvfCs} z{cAVS{ZB$}KE73yb{l>sidre*7^pO#ag}sM6G8VvFoO4Us{zGr6p$uH47)sfm!dEK ztG*7A?(Ow+h_ZK*|DwJ1N)@d=(OjQ~Ep`AwXw_Zs~Lm|p=XLE;8n))^tF|_Mzvrcx}&AwLL+ar$tljuMcT&k?R63$1?FnVCe=xGgj zglPBh>qZm*ovzzXMf@NQwFd2f|GnSJN_2M#1DxlC)_5v=@I)oIt_2y~3kz9rWZo7p$a7}4JA{Wa<7 zhB|D0mhh7fW0qRHwhT}78DqQ2HW&-`^<`w+LT~g(!0htc+yx=+osJCG0XynJgkmUk zg+=Q-8f!>h*|$hFao)+!s)5BndublaSs~vRgDOQeWfCu5k7rsieNLCu_ix;$ebdtu z{047uPUdOZhSvS`$!RSRUN7#uWZp2rjLO-sZMh62eW{PqidvR(ut0m)J6W|lLlhj5 z%dDfzP79=UvuDImW0w@y0@uA+md$nlWEUXeV8JDbo}$nr&=H6(wfI$p-~rQKXP#15 ztt+&Mp-1R6B!$A&jx7xl8HtwDLvXbQTYX3XhDAmH(YOmeRx9qNOZHYlRPZE8j5b7R zTWmZ`tOL4Kd5w5}uwJ&d$YjFCMtkC7F{qE~xV4I-Ei|z$IhaX!rCMD)7}X4)u2zSG z%z&oo6MfWZ)O3mxyD>F9l~`T+TuWHBL^_KN1O~grr}5RA-LaMgc5|>MxA8|Y4WBBe zCD!G7rK<2fg>gVD^6)a<4b zpz@m6vNdD_UBcphrA%G(C(7b|#uI-fLp(2RMDUbrTE7ayQV&MF|0ngp$f%5iouK0~ zK{qpJrnb9(`dw@cX<|@2rChGvD~^)3Mw#qyFYmWKPbseUD9Gxc?u%YprwS7S#^nxa zQy!MI$l(pF_$YTP&GEi`An&fGu-;llfy=A|)1&tnQ=KO^cgW8hPV=wEQ^#^jOB|8) zrWlbU%kbx<1IJGeBH1lbxc-1{mDXM=2+a+lAUZwp_Va+-!iBJG=+uZ9pGK}nu!Ye3 z22~2vYXTrpZzN<9NKyH_WQcRxfN?sxfkYte_qpn$-L}RFm!0G<&`%!beGRCW5w>}~ z&CNysHju*^$)S6G2(0U)rm;cGO_Q*h!2wq!&ldSWJ1CG)ZDQ58J{oAN@+R-x{J^Zv zwG+dWpJyg~kAzw*=R{&a%Bzx81d!C$>6vpbr~^A^QHiBLzHv6#8pQ8q(wC0yt0ci) z8yslST0r5|J9nWqn}I|#;Y+zRU=1x}0#4W0aiAx*)X9jz#%gzMr&B;R}=UwXX zqt;2bBMC_gM(?kCe`s|!PPICQIZnUaG2f5L<^L@}h*Q*=W|+=%cj^=8Qk);*CGAgR z2+I}w%)n}>WT!9<^Aw)FvA}tDGH!@H6853!k)f7RXT~0dI&(#lt*(4hZhsEG4TOA# z=Vhyf93d&@Y>e{)YxcyV{*Q()imlf1P-AXmzEr)t*9Yx)#$9pH2`Y#;yMJ0`v@Vv@ zYkOGb)@nZ3lmLg|)=1hpRThyQXRvwfAU%)rc(w^g`i6-8|Bm2ql z#1I87FW%w_GyYly`)m&3*uOz(j;lIae#fgmFMr1PdxEi2j7w+s)>^N7xA}|&3IBJN z$qqs7mNeM_4I2Js?wEvuaXEO#V@3Uu5N;VoP+6Fz}qUD%Lb% zq_|caH{7<2tZ>3-a97&%)7m8dZ;Cs{Ir?SC(KbM5czlG6vH8DEc#@;}rBuA|XudeV znC6lR8r?bhrye~$x%~&q-khDF4LJT}EHh?NOq>PN(PM#{GQ-g%o!?V==L=vdn26C{BF={0w0mW zNX(VbjQ+(+~dg72|Bae(F&FGK=RHAYhzM0aK8PW=P_ zqgGa4>Xbm@kJ7UCM3kFAn=d6&Xj6z}$RGcwC>ij97vU_Q#|s^A;te7!1k{$m9gRSu z$5)>@%FC%D=&f23;Q#*ts6bc0d>!*SBEowsO^=sf6`C{%v));jtoT?CUP`2W>!!uM zFzInoMBUKRqFI=A3YUp9dk^9sT8|)4waCwd1c>nX+FG8td}0^c;O10v6JNabFeW`A%IDWi(pmrow$d|WDa zZa$*?)h58hfuz`z92J7LQdk7;h6M6F>QdcT#616TwY7(X_gk(y5Or zEtZ`JPjW$5jo$72$cf6pHaLI^0WPT0&$HveIpUJCG3W}ZBU&?|es(yh(mA{03LYK8 z@D?wY4VGh1(Gqgk$FcXoDXt}DVCPtm#_eiS%{xcDVCmFoP!$jPnO`FL&v9=8^>@g* z%9y9$rSUUk8PNRpNh@}9hThh55=r?X>*iVBeEv1+kNBA3UF(?788f08 z@%YCK96O#ak#{c3B$51G+;4&UhjpCFJDlGAA7#jpAq;+GAYIMkvQ4y!gW%m&CwIM?uW7voh)c04!srdq7 z57Z^VEKW;~{ax*`_pC{W?tK|LbU2R;s7Ey)C*h4RO&%A;@q!T?_mo&)CBb4>};)VAmlK)ligO*bU6zj>)$Tjcy zQEER1i9{kP*VwoO^2C@|XjNMolX*M#jGp*8?L*3LULui{2fQoQ?Um%kPh&v30jFiR6Ek`yfzN*tv!>VD8iOXc#0+xWBA1|q( zBC=&mDwkSiL?S6KcvP*&!+m>G$?LXSSM5lhM)mP^Ejvb1BKcqAz6ey6%9RQYtK#QW zG$2_bkw_#Gi9{l~H{@_li9{liNF)+Txk3t5iA3`M6cZPeZ7h?D)?vQi6fk+z%WSZ2 z<#h4XVXl|izx&T)EJ$U^H(#;k=oRakzX4ML=TDy`?$+OxF8?sb9G3p@AsyQf;6OsQ z_2mB=seC&0C3eUEKiEFgnqQqdJj}rxsa(5!mK(Rq?!o_0F@N0atUDHOJ(B#>{2_s= zzqyy0&pk@VhV|$?W+_`QXIQWN9tkWM(vSWvThg+1Yg#pHNS9Z|^Rd>#R(OCfhm2+Z z`e;(`vJuMNF;I|rh;Jva;^1Avk$+iPL>J(-B5`Y=H5 z5hf0p%I>Qf6z^qma1tYCZ(-~D#k?|XG7C>6VqGfxkCD5V$rIOeP=xL7OBLUL@=q?{ zwI}=2yhTe|w`xV3j$L?h##XNUfx74Bx@YLur#;V3+e}Q_AI_j(Cw3`MEjYlz`?N=~ z{_rG*ee?^PF5bS&*}W0FbTA7KUgb(!0oT?%PtVU65}W>~a`+BRx*SfedXvW{&f!Gj z{htkPDu`mmt549kX>*#lYDxQ!UHRyzBP9GyvlUM-eTtuV9pu`7qMp<-d+JB5*%xCy zF3Z*33;A}Fb%&{Y!o<-{o4Ig9Nvw3HfAR*KPTjOzx<^!|Le3sN%H{Y}>zVtHp&)^U zGrnNU>Fd@r<)70#eq`R3Q`V!hoZG&PrE4$q?z32Ck&vZMBJC z=iL&snnnckB)kpQ7^tu{mfa+`QU4Q6ygrs z%Cvl_9d&DZ^T($l7%}DD;V560XZoI7)so2hx0WvqS|HEOjp&bB|Y_sTWQ z^{z=z?&)pJ`e_M=Z{%Cf3F7w8L~nAyv0^>?3}|8A5a71$uYVhTJjah-BPl)4dgAX# zmm0${RVC_of0R+rj$+ur`lz?gVe}_I5}o>M#?B~|?Fr_7a-HC|{prv`S-#79>93Fx z&6emyZspvMKKuac9C>@@>!mJdK80u)lTtm>kc%l=6=DN z1F`1674)|)+oK$pc2(IuDNotYxfo?%dmHoK`pPnSUoG0o@Rk*Y2L|(sCwck#3iF?;xH@eai@{e=jVxM3e1};-p9uF$K6oMb%A)dN>I`{|Bl_G^wxWfdhrgJck(Kt zB)>YgZ;Y2qW!@O~Jx}y%RH{BVke4UYO!?EOH*ZR*aQm`arNghYZY`{Axn4R7c_O@b z#>ptoTk=YI*EHtsPfPI|^f?TTZLe%`~IG4xygYa zGHLkoUQ_*ad~ywkb%E5c(~!{c%J_LYa<>g4ehq!*Wp?b#qE?G~RP|DJ zQYk^7c9wl73fgUH{y(_ekOO1FY6Hs?wY;zbY*lW*tSG5pgP=~UGn`_h{<-z%vHm>KOymx#*L z@ct|7JqVMKdy;7zo#+`J%buL7R1Bz2u-l&$ledwycOn=3hl@1vCLo|1bt-!Q`FN`g z6kgfEhx_trUoV^r&NeuC1yeJ~4~P4ahQ;J_cIH!T$ZAjPA%hvvxdD-p5!7p}%t-gg z*WDibKl4)kL2e$J$qmmg)T&-Xyc5=w{}7utZK6Sg1_+xa4EUYKTB*FZZ{JSs+O_fX zvo5h?(y?>pTy|c_AtI!TxvXbjJIUnvE2ves7C*oLG0DEQsp^-*7hlXFC+z}LCd}ga zg>&rOx|UN{GcbrsqZ8*+40a=`VeZv3_$ZI>U(_%a}B41{+sy5YJ>& zDW)jf(VH($PV%iHIVrtwR)z!mH`D!Zbw(Vf&whjEeYCTSsYE#XpfUiIP zh=q%nv-aR2d@G6a^0XDpL0p0CG`FMi&y zN+dxZI)0imgTv7=>{$OZiXc%u&Ah=vyka>xyS?EI)kvHA{b4&D!O=NKv^FQX>eh%E;WeKj6rX z6!vcTkva3`6R&rtURbb5_e^Gtn@WNqhaYE7XVI$t_*AUSwLQ!D^1GRAIv7pW@H%)q z*^-?R!`!dGX7P{9SaI+$K9wS<;HhHf>tAp|pTVYuKd|8EUx>}NrAb6}j&J>$Z|5u~ zIxd;K>~yMxHNe%*QuY&0Y~b^+e&EEp7;dCw(V=Zq@)D!@;kzki!(USge>UHY|ALDN zSNZOXxj04CBUq$=5$E?VXYAC;Y+1dPBXQZ{eG9|En8va>3psuHGHX^YX6cVBIiF#m zUT7_BG)CrsG@jFGS!`UfkcA7Da6Z?Th7mQ;3LATF+cL&~KAm;jcaiTHNN5#5Yn@=^ z;Fe|lFn2zuuVrBnVzfp?1-5>>9Ce5<`{W)2r`q?oQB`e8D$!ma}Vn6rR;W2(V3O@)w`5WZ4=vtldF;fjbStL|H3LVvb1POBvT$JAWoi zR<7k*jxF`Vt8pu8BcDx}Y0j_sv>aMA3T64!@3>_bKyZK?S#hVBG~siWtlG@s%V}KN zwTevFaDx4^89#0sH5#`p^M0BdwxohFp6Lr$i)Rlr_S4yT)NDjWw`692HHle^ma+NR zaXf=U%yG)PrnvuwaDO!?Ze(&(q=SExJ~XQ7Wsaw^Yt_+hzwlkD@>V^vA)53H%=&gR z^Ome;^M*Yn>D>r5mnq9*7Bczzqc5?q)sz4iB_H(6diz7te8Z{c?<~s0&t=L(m?#hV znK2^mCyDoV8B4bBplVnP{O@;1$9-hSjveMj`n|oq%?+Jj%APi;uWaG&~VY_Xu2C`Y2C6*n|d+nla(07;=qvXw_;dt`swG;BuOPUBc~Bwn;V z?~X|)TK0LxIY4O7!93OeBGET*ntO+1SHH}N2O3c~B9gb)Tq5TG*gFfrDvq`N|KjfM zE+io#gy8P(?rsHI>RwvvKue(%3PnmO?(Xi85G*((#NGYKfA-`Ak`So>@4fx?MrSFV$Kk)OB z18kWyiT*7D>G0k@&L&jU1!un=$nZ{032Qi!9j8($){>qml^ZGhKn>-c|DKimf8qP# z!)WowdJ^($$VP?Zm)$-{jvyGp?MLH%B8AikNvcd%SyssX!?W2QwUgB&M+$#xMu#5r z*?U_UOW^kQX>32Wp5>D#)4hHW?Yb}L;GOcRB9g~wXlM#TA|rACo2)!>i+q*4WOH-X zbo#cbPm`AIn7t{IB%y3&n4Qoj7mj}qI(Wt_^ zimvhV9$Pw$>q?V=N{OPTJswULm>I;eW%NoeC+4a9UX1EEA~~NtMIn!NPG?}3Fv6R) zrSt1+IUO%O)i2}h_Y2tn%Up&J>&2U!V=2nI#LAb4(J+Bz0AijSt?ED9y zA^fc{onO{%B{8qO?_W5&lk?Z&G1t@K=*F!o5+G zqkW4;m}}**Y12;9pS=7i;K0g_+{+X{D2vG{(4cwiJ`5e$m4x%#*?B^G{ipN9r=;um zuiU_$v_h-}@oU?q3;hQV!6N4tSEKXscGBa^Hzsjg?#@t=1UI)X;QcRtq_`}HZ$A5g zdqu|d?mq-KqZ}?@z9V8o^<*rM&t9L*ol5t=_xTUv{xXhiS;ne^XYgy(i8l3IS-)rw zhp%VgXraYQVeeFR2{-mEW6!k`Y>bOJwrwx>(}iA2^VswAB7WT;P3x{*v6d(C)rW6$ zHC2~xz50vzdJyBmj-3>eU-J0&;w^5u#H;<_Rh&;5)mnTGToGKzYZGJcr*4Jl>0oLu`Y zi}#%;pjB^rGmSrpv+I< z>kr@I+B5B!o>a=&ymSF;_go{qLt8v-Ov(#Up-7Aad35YPl3@coaqr-2_Fj4@j9V=F z%Mw;^x`cmtXS%lx;nbQRSbgBCxJQ#cqP&&s&rzpAdq(u{#L)#Gvh3gk$`VfU>gP*n z+jk2!MqDgiBe2>I)<{N49B6e|Uy zXZ>&6@oP8-Hlu;R1FrsIbZFiH6aA;;^m+1VDhevuy9;(2*?j+XReLO&JCB&$N^!Y3 zm9IaU#o^nU3>Y|omQ8}uEqci7V@B}^NBZ>cFY5PU$wzOn^Pco%vWTOb7qW2MQ5tp{ zNULCbR?M5rv0G^(sS0>vuMTaRp)Jeg^xgy9dMw3n1s~3s%&ihj`u6WlJ+lP9{A>}o z5+wi1Vaw)S&-PC#fR<*nZ}mJDuf0r{etmG&&*iJxpKvM1jM1Y<5NuM&{DsTOk>&Hr zD^u0w4e3@XlYmKYZ_X(dIvr6x6bWaqn97Uhi|^kwQM5>3Hh6aIkD>7PuX!< z_(v5KvTw(3VzVor^vXCU;?J$5A{5EOA3m$(59$XvU%mS>7qiUhJ9Ic*JvDjf&5s57 zRh{}jf!`#kC4yXFcm??8M{ z9OJs^BuRH~vdz>An+_eQbNV6KG3lgVJwtj&9~{k%G01$#(HpVl`CrRedgLSX6`Y@y4_?x_~au3)3+0qmqdoVjQs1X81&_JLI+Lb?e}If zYmki3zT3uy_ z>SaXY-Z%I;u?{0>*` zdH10sf&HiR>BoJM-8xKBMz)GXrXG5e)isrO=Q3NqJICX?U3qDEb8Pgh55!8!N@CbO zr-Wb^Yi#_R&?Z1!pK_lxQKyE6g4CPGnKyAYk3zdK?Sq$T?{t7Ke%;7jq0scGJuLlr z4-b9YF=g%oTAM9p@phqikt69!um7ZsPh`nC507y*E}Oz)1^4%T#?OyUX*c!*K6v{z zx`nwSZO^UY-iGNj-{Zq~US?Xm$Ab7?A=f;d{@q*QDh7*@Ge^_R#gNk2Q(TXY7kx)$ znBPudORPC9N4+buZ@xqqqg|Ydh!i1RoBJ1*@!h!$>UN#Lgsw_9zw{P2WP$X5?NjCqmJxNR zkc2o5)H%lg1R8hfhD}m57or~v+h%j({B1!Hd!vg1+Pb>vs9yVOqETu{znSkaVn7!f zHKsoO9d-TXw3?byNDo9B5DTYavn zhU$7LHPtnDpn1FYGk7l=G}Pnai*tJ#qJNr*+3pq?|d#mi`o2=qm=kuI*YfVB*Vk3^3zn z^gUcUy-r9;6kCr1HgNI<^cMF@rAc zTF_&}`}B3m<5YACrY?1<C(16{RZ{Ix#%9pQ!SbO{tVi6XicBtllXe98{f=ZF9NNO=nGEt8#t9Vt(q}p;&j@$ zX>#*XBAB{Au~+-%^^rKWj_^f2eSMUPM>&;X!Uwb87l}w~`i^*=&LZI|Pe(LWPu;5b zPaWy?yol+#n$~ok`ld*VI-s9*oikBc^z7CiS9f<>G;T;nwD@iJubfLZ7v;Yv%5SSG zzik~`WKX8wl*7g&h&rC-{uUhQPv-3lJSes1HPLrk37;A~ZW_}%IBZ!WkzQ#XOg)iF59{5Nexs){vhf`rq$N{WCdj5}n}$TF zAD(3InxEOWZXKI8Y-G>2O{_crfaIL&&weE}1k$GQW$veC5`XIfZoc+dS+*xUaj zkBB^d5j$TyOr=3al&>S4Oy&DpdKh>$qIuf^^cR`WxPieu&Jlxnrjo=n3$SQ3f}@&AFTh+kyav24i7ujj2M9E0HM}iVVAD=TN+D4AmX=x1k{dr>s;9UHt-X9@@jk zpSSVr+D&ZUw1++WHgG`@5ZCYqxVSbH8Fo_wToj~SJkFZc2iPq1xOwYt_Uzxt!CP6# zH4SjA+kjSG`q88PAci$FCOapawERM@@4QDnksJ&dF@!Ec{%*~Jg+2Ae*qTA?#S{Gc zOHJh&;uu_?mVNs%IK)|yMs=f~Kt^d?B7w2V6uZY$$wDQ22i1G?j5_>l9N!36glz{tT} z=+L?wjRFlZH&UW_`nc!69(s1c4DRm6wu6_+xP6(MncB2#9WKsD^H3`wM`mhYWm=F- z3>pfBdT>%oe~W*gL`)5o!VX&6+7vuG%eWDf*?uvFM%{YTE$WTqTIB#r7b#)9@mUB2X+y2W;4f?{)}y5FSu%@xqL!y zZ3{abY^_y?S(#}%HnwQ1=Km=~;$ncY;nOFN7B+${s>Tilatmu*MM5P( z6*tXHFji;P7Iu~x8S9dlo5thlORQKho0q3gQ5tQW{5gR(j3tSIvWzqhn%;gJadH6A}s^o}ix~n8zPNSclHE ztnVvglW+*}|GF0TI6FMuwaLcD24mHnXSqm5tZ;ODx=Wd@iz`MYg_wA@;l$b>*!JZV z+V>yMw$stoEGq7}NU<1K z)h4O1mt>KOnLN@Q%Q-5 zVByyvGh_M;KKOPmjv*m}#O8{==JA~JD??Vr-?B5aFgCKs%TuxF5w&bKmC`(WfWA{1x79M518(|9NiJ ze-KZ5>2qLWZbOn#bgp`@YDHc)*^VaYi6Hl<)FjBs{c92U80%qfVkr89LO7o;I=-pqZ7R46+s;s+3Jsoj$)^f)vIq(hgttjE!W%ZA*@)S^(zbZ5>eGHmD97(z=hW#$>R6f} zg>=tG8YJZ0=J+;CLLBWdFc3PB3YUCL{HxT|M#D24f7kLU5Jnc>6ex8mE=%LlojAN) zZJ&N%8UFED)c7Ml@*_ zPH0FohQ9eWJsNpou9PNwm!kTBLta9Do(FY8!f4vG5e*x+W#H@YGPt2DhT0m~)D6JP zt~_9w+B->OAaYqe_b%8IEIO)*+EMiDhGJl-ud-pmbIVg;9pr+&@Q)fHFC+fSK5pM$ z#+R>7VAzlm%=qdshnAh^PKF46nj+!R)xxKF9o$rbMvk#<0IphMfRiGg20wf^^K{y554;IV@kiKc-ot(gQ_S;DH1m6PtnyS za;l}Fpe*+~n?Ksk9Zd&9n>C?HXnpkbb;N*Bg0`k3K`wR(t^hH&xMm-WzOZe%HT3Zf z(8tVN3Fty#+tBW$RY9Y~IX|U%o{>cSmwEZgKNo`LY{X4{mYp;$7jZRT;3o zPaQ$Js@}is%eV0~*DWV0s?l45G)O9+JYT5aY9QJV_A%?b9dzkCOy!s5q^|m`oW6V&Q#TiJpe1xBmH$-s@SC~s83x%aGj(}3lHqUFnySn`% zq0@TuA=OjdyL6Ux{knYn_ITR2Zb)g4NNA-Gti<(2SqVg3y;XjpB8L;_E@Gn6hYm&A zDO`)XR(?)kr%1-l1N?-*a;$>eu;buyrZsltmlc~xFR9w8s`#HuQi-HKy+-PTT3SjT zTz$U(Nkpo++7mztHOW&Z$)i!#-WIm*&)Va?m#FLf^jj4NS7(wRT;yET)2FINuAXGY zoZ!Ucig)fZHt#qohQRugV3H(HWs!X0Hv)>}A6AZDlw_XgQk;}(2;|)4;N?VNFG)8> zm_5@!v&!EBh@zFcn&_yjuy%0A!>c}TezB0vLY~c{uYCXU44MXq3f-N3wtNv6szXW~ z3e_J&Il4KM^57C@ud3x&=5XNRZQO#&`}R{9VIa%q{sZ-OId_Rl&J?$|=@cRKjd)4bxy2%i^rBN89HMISv%4))mFo%= z<3r)01)LWFD@RL5WSbsr-Wkc07lHX_n49K`g^d|bz6}V?&f>_<2Lv^-!KY&gMC@b1 zIxXtCnB!Qp9-8AU5WoOQIN!9bEzdID#RrBy1C){S^+@&u+#nZo3W6KUn9 zfxd=F7zFc^20;lb`IRCwR661r6hTBn2Bqpzy)KW6c$}qLGKu5?>Vb}5jRDqVEEjG@lIeqUQPrtzx0u|n1_2)78 zO?icvUzx_p<~kUQ3|!KeQj}AwZGf?b@K-@{g*L?hiGYlgAf!7u|L9>ksT4>!y_76- z8D>`H^_P`MvX`He%S1hr{?+<>3Mr!1<<*xA`R<*K9K8LsWtuv2)l=1yG7IeM?BY?y zYD6L_*8>Nvs$o zAFyXzF7fdiPo8%CufWv5J*`Zx^69F}bnV|=9r)xFJWt1QW z*5ZQvCttza`H1*#n8wD7iS+8yNcEdUjHI>}i+(75C0&r8r%IkAI0QCjX!me_m^_jZ z6JDZU?_pfavu8-}_TsFJyqp|Swz@8X;(}ZXRbPn<`Ex}%YT~4jm5`I0`^48}rA1_C z=U{77kKS#AnLBO}BPYH@{{j8@Y}sD&#r=gsmzBQ;FU%KZtK`rmEGU5UKYYl$v%es| z$_f@rN{b4~FDO#k);8dI?QbWpEfYRawT=q7)@_7Q)**WLpU7*|W^p|(i&9lJ8qynU zBKH5t%qcVI)utzxvmF_#(ue3#qN_$6T*0()lj+yK4VMZ-nKrg3nbG?gJ**ECCrx7A ziR(0K6pE>C)sFtu{}z!d^jMUaUse9R914m=RPlSh|9Se><=XODOrP}~DLGGH#ndEE ziFAvI-<9oc>(k&_d;GMAyt1clb*kTnab4^2?UXSL8#9sNqo;8Ve`bwt$veF}GkoMk z1`im(;cOq?8{JGayy&TaNs!2%@X_*q!V`N*!?;rTU!jn@P#j|;xIhOtULM?z5n~54 zW8QjPq;F$XW3B@ehc~U(Kh^#wO{o)Ql&XokLvS;OwDRGL3B!dCOlHvFfqeSIR&?Ck zGpu8!^5?F_!c2?e;_3sdUb(+5`jGcN`x*_;)=caks*-=Wu=Ak4Be_xL$&`LV)+#We zcena1e0vbX$ByIWZ&#qqmr*9(L!9kgrn8@tevl%*cC|+J(>QidSQ@OkPN8VU_oTU6Bl=WIMZR9uxHS$J3 zeuYc`V3f>iWt?1_2tX2wp>ruW3Q zv@kxwo1d*CIt2_}>d|BTBqrExVZ!)5JeG?=Il)fwMf2kahtY8sSyFV4 z2z-tNv>nYW?{&sGew}c(0>TD%qfbL!*1Yv9Yp=(WkuQQpK{kWF+|7VyE;v_T4o?a; z8u82<)`iQqQ<(P3IGVZXQJT4j`D5m=$Dl6@7SABWqLjQ#D`~gWkOk95Q2+iH^g8Xy zr6<|j0iO(2x-kZt2y3xz)F7Hfwov4QeWh(X727 zf=-DMn%PcxzdD_HW5ThJ=MlT^GddqNWzD?T2{p^+?7V?|_+T(U&6$jcQ4z8G-sQuk z7kH3wijIE>Q^rnZP?%e}ER~Rd>?68;dX)Hdnd$>C%Ipa4(3!r&`_a$Cq4UsHq7}LZ}ldm;Larf)~_{dN2;ka)(eAkMp zt3So&@^sFcPGHiIUJ&^W%RW2I$;Ua!43!krZN>D;_18Tuf@c8!B1w+=)RJw%ry1Nb zfI5{#eF9|?d*&@**_o>(X5?e2DMzcY9u3|Y&rAL4;e2o!jXu4JOpKD|P2DK?T9Xg& zd`V-w7&dRXod1N& zNkp7BZCVDaW0jI?C(d9I6po9PoYNZQT_f`5L!AACG1DnVrfZFli!Ikqp2i}e0WQ{BL>@ScbL*xQ zKDfg52PtT4Yn8t$)X*j%v=QEpmfSjjj0efNXc}1)Twf%RRw5-X&gDwPMdC6G@o&%= z-K=zUtXyzWzqNP@CDG@P^H6<%NLUz7V*HN2d`WfWbA$U9J5pnbaUM-qouA_lGKb7NG?$fe)Q`HJC`6-XM7AvQz zG{06+%sr79-APJEOV5_z2K8{V)E4?XgH!94qD|!nx*u^AZLb!%n~QdpOmyU^(EA{Jz3OkFG_WTK= zle5vcb)bRpM+-fnXSILX1O{MlEKONZaQFH(44nONu`sA=FOfLkjJ$(sh5w2KFY^3p z62y4kuw6Z7x9m=x4}RgLF2151x#*w!s`k&eEwCkzE4Low>+6S+zFH<_DR(0;a{F;6 zdS=!H1_$G8Z7hB+AmYLq67ppDH*AJ({2jENf^ez6er_dyYtf=P`W5oWXJ8^^4XsxX z3xj7Zswgew%Ei;f=gFzlup#o>_b{mwinDPMXGFcv_=7^UQ}q3NNtwvB%xEOylYNC< z{tNNZM<3CvS1;9<{L+$jfA%YWGcz*;H~k$1RYJ~vj-I{BBjJ2TVLfRdV2`zdsJJYS z%U8;9^mf4B(x8UNvH9HGb5Ql_HCGToMQI7{tq0M_(@X?=aatzbFT>Hx7K@U5>^**! zoDwbc9fE1mBmfuFJT7iK$iv)HN~}GoV<^K`1acdlJRUs|1E%647orP9ChI_u2>hW= zCMfbB6a7Gjg|h=rBDj|(T;N2+L*g?^L?Ts8-HyWu5Z68DAu4f~c9UXS7cX}=(V0Y> zWobMT1R%-8o3K!K3^WwTvtl@zq)mMvS4?tmb0*CQFGqVEh2xZ^-{O3_G2Tx0IEYFT zE^H;@VJ;aZ8U!?Hf-*-R4nO>KIZmXk4vjtS(Gx@@>)sI#U5cYXu7{piV>;CL!bY-5HONwLaysG;u_@9s zI|W+0?gY1LM4*$AdXO$5SHp&8jh(os z5P{0Y3Oi%1-&J09lnHsxWSik9^zC3=@tRXOS6(bzB1&l*YD41YQS8_3fxnI|B}yT; zXA?Sxd10-u!RfC==4(F_7Xvrsxew6@?L`N*KWE+CLXu@CK?;n-sC}IKI-vx)n4?QB zF~`nu_E8ct9X;H`+EL%%9^JUz>^zf3kz5CN4^I*dJn0^6E9{j+?9p=^zf($B@Ag<0 z3cuFz#M8wAJ&kN096L)?ObWRovo{Fs@uWXV^(R_%z}3c7<)2TEt;KPrc~Mo69WDB1 zw6Jf!2nI5=^+Rdgt`1((oaEvdcJ4k)rm(A~yXZd&hPd^pi-nPboExV&dL>p^-x)Vg zV|47j2=lTcH6n^qM=u=gErqX3<=;}5pNrhS8O@#Vft4UWHulf$L;n>1DnYG9E>l z|Gzk)K-60@;#v{7-5{Cfvz-2YSN zZ{1IOugV{^)#5*e{|rH`MJ@hUP?k^Rsv+z&p30QL(lROP-_=e zkm+Eqr6ls^9U2UHn@=XSsq}q7E&h}Ey9w&E4?Sy9i~nIrA4`;#_EoxDVTGZmd4z&ce7PY8FEoxDVTGXNz z|5d0ZsI{m?E&h)}$-U^yJWiGNCH^N+!uK=Y;NaEr)sFAqh*0hD^;e)&mh$NSO%l>7 zR?_{ukil24e#DK;zt+Crk7Aa-^$w?0`>6k?@K^2sSMJYb&bZe(lT^b*`RC%F@K*(? z2@i!oNqgN_KuP?Ao5V{SpHx7W$BjF8Daub{<>y~>Br;ZgqB6?c7nde2&Y%4U<&*!3 z{_$_ne=S~wKR{3u*fD+p%MUyzzG8ET=Rj7P#Fdq=Fsy3}TC{9MhtA#jaD61{)p!2- z9Vjcj$${BhIeIakXRD22^GoYEbuo_L^UcenjU!oqF_!oz7t1;M{UkOVx<$ivTW}o;{Lz~HS*#_F0EO`?(=u4vR?E*0y#(L4rffyRb_6Z_J=<2*K9PN=j9{hvi1=jMOGfmz4?|I!z=dDl z<+EQ7^7xO$j_07`%gA2*_y_&tx1dNq%1f@@2JG+6O z4o9nx{tT2{+_#_G@zQ{n&7#lVV85EI{t?{1aDeS6qf}leFG*qT%5T_n{*Ea9??ee_ zb{{0E;Kh;S?}L)a!+UvnBe-MZ{{wqVrzCn&clWV6>b1%Mp zlboth>*K7XPX%YU{BCcZh)>F^As}aSYkxEeBBS{|d6%<( zF+ZJt!2Q&U;r1HaS8W%;{~qaTGE@?Gi9H4RhOCHebj{Nq0dxvUInd(X;{c9l`0%a==bF|ALi>NlCJJhQ6U zV|)9GFW7$Wk?L;=a`pKNNXM1^Qz0*-xTJD$)IeKD2Te`sDs#SFca(80T%-#rDJ~Y* zmQW(DmzHCZcGQy~7rHO0ycd3HHhVU&V(-aF3dPUb`Yycp*>WcK2p6S4MQLgAlihzR z@T9#`yDE0=c`h_nZPk&sMG~Z?{I`sf|61ppRCf>oGK_q z*{YqUw9wPjLrb&fASvxnF6pN_iiO^uDN~?KwZ(9`{Ho0lDqW(ole%#gI+2&jD%roD z>bGsnKYwEHGEskZpD8P=KFa7-@gE8Dl46zas@+H9m4AelX2$~ap~pb;^R9vNJvZJ*uf*JW6?5B zpN+uAuRZpr(pIQC=m}quP@>-bsT}3{c&V4P#G6dzPnG49@I3p0E%Ph-hrsV^|Gz>1 zwRjPz4qE`oIH6_wRWJT<3K!SZNt1;?S&Mm!*Rp+{R`&bKi zeKEAmirKI|pWr|j{OpY&as|t;l#x~9O?a3W?$-L;KlnNKoZHZJ19= z`0=$bQG_XC%5z6s%0G5ae$j~1^5L8VyLZT#}7Z@&~XqAeT-N#^HY@JjnRm` z%%b@}u=nV3P8~bImR$!hcJVLpHj}jSINN9rq?j2suH_NwhKQ2{}h8!B# z_hZN6pGeoU$KBqH{G>aqSh|Rf+jp~b^I>xJ9SQKZ6LRLW;+=1~FVE%Rx)uDoWjnF? zIy8J{fA9+Av-PK)nETmrbo~m}ZrQ>0Oa(23j-*89+Q}W&IxPNjF87lkvrO39rg0D_=6*+pl@D2W zkMh%spSclVfM#hfcO#B*DN&m+f9LXMrC#TqZ&pyhX-f>BbOsqK-}{(M+dw?+jJR`R zD__i6!oK6DC^i&!aI>W#S=i^tn(R}^ra7yrGj=R>t#yTd0Ixt$zqeJ=Zy|x90mPl( z&R0LI;$A`yImJpEHu7TK2VanGT}RYsj4b;x-+wzt=xH|x_MRlU%$!hvN5RHYS^do~ zJj_WD1ZxEwcJ3viP@h0Q545Wepeh&}DcQC2ARb|@@O3of)c#Er7}^ti=Mmk;497w< zi(eP7!KdeNS_K$!Xu}@zw6%!1xQ9*a*K;Rdn-D)AbhPAZeFTg4X$tv%#(&Hhg2lKh z*{LS`Jw+aiXMT<%Oxmm_ht+d`{vGZAcj*7$gyYALtJXlZwzgI!ihp(;RDFGY5s&9p z<9jtgLrWKjkRA*g*@ni}hG@y8eZ_wdq>NmzS_O~U`SKRdY+AxgFAbz#y)af@$|g&d zVB`?7Xf)m1Hlca@uC)4Mx9ZiYp6Cc#qC(@iy^NpGmnN+`(`SJQaH=UY6~b5i8_idP zdeF65Tbi}}jH7YY=8D)irc?fP3bL|9ZK5@oZxK3j7>x{5iF=%&dMzG%RgS-f3HDa0 z?3%cmD=ES`OCE9Xy`4Nf`zr$mbfsV6tVkwXX*f&h{3bNyu(~eEy6%Y zvt0Jv)2w)96y2IMB`h?QrB@2cD3Oz}{|$aQeTM>(c*)bESUqzcC+}wo-O9+L76VJe{7JH4ccLiO)D9_<)3ye+P&X{6=|z2u(ar|Bc; z+O!FwVP6oDk;B#f@AK)ZOKf>(B;CF{&Gpn0QP2&38b5%xOE=6W3E)1V|pKW4|&okSj9!qh1PXxg|r;d73WCnc^W581D_&p=_HW^KFB=Ii}P zTgdCFvZC_;^hsp<%Nsd=HCg?{@Gf(P2!CnXnkG%&XY1V@%9IJ5STvboU7FIQK?8a% zkKjgfHpvIy;@!1bEP8Dequ*M_@wlsOpZp7v$@%Kn-?vyfX%KB2H=$kUo_xCZPI(>0 zw>a|oPOk1=#h5X@Xw|VN3-;e4vvN|c6b(&0#cOFkjG54i<_?t}$(q)|+tw7bvPc%p z+0FgT65%1j*m>p0(krTxvIH(IokIT(jcF=m@BQt5qBA7L#IwDUz89U(r}W`Am9I7x z?QArE3+aUlwT{Xmy)n75{cS#}>>p{8m2N*rzS|t0y^Vt_X49+tWY$GxkX_A3|D(_l zY%(u})oZtqsB#uKe`E(|uEb&{GK<4&H>pUdG(hfH{xv^szDh`|HneEk41X6(9Q_;8 zs%ZnvHM3d2emkn^bt)9FciB4bW{4k@MP%m62yfbz{=M4~b9yT~PhJ<-=#+b&hSVXX z>(_EStq>~*cUrV-Pp`iHFwVF^#MKOJ?afJu%b;b4LG3a0!O7iwxfv@3Kn1g=PvlaHHXS> zY2KUOom*mNp(~n{%aVDYb5XRZTfadB7#9k{zksCdL_U}@j>kH#^zPXWM`aq9@1~-y zRds|&e-Od!U3GFh7 zPHmcEWiF-FrF=B)dG@K)$CZWE^t*)}$FHl}66$S>vrjOs8-=PKb{tx}k?V0%P|W0= z38T4NYE9QJJ!#p{l|>)C&hGnCG%Dioh6Q}L#>rq%k8SEDcHOslewQ)v)_WH#EbFbDJuGth&A&3-`W0uhyH8vd{m7N zzkyP@;`fnL4LMr6w*=|xN%NNN>D28NemEpKa48WxzF^kQ1l(JV5ahs(r5lfM;=UAY zO>k>Il$Tz6n^y$^Y4PYNXQPwJQz|GbJINPEQweH4lGi3S!g}9g)^55e!i_Fkf}v|D zWoXLETO?*C zQ(P3uxq`NW{kveNkbKu z$%)>_`5UX)a4nbY!VIDhU*chWItH;j_&mWE-|ka*|Lr&F73T6go}$UnGP1;8p@m-d zAr>urh<^RvO#9$N<_yl`b3v@*j9bv7i3^Q-4q{9TAFPY6@XPmC&~7r2*WaDVxVEJ% zK6rr`Qib8#QOz}04qJ?FP+vw)n#h|z*=&!@CP^^vvb3wLSrk=cdC`04 zu~UrQjk@=tL!eF7{il;R@{KGQ16ya@TlXe(<8>aVW{crb8s>9(xZ_=B?93N_GLU!Q z?St#eH(7HyhSRa;a^rZicmwElQZiG1*qpe|yf1BZqpYawSe)b9hm$z~AP7?Bfp>zv3r$z6f z4C&UCI`*a95dM*nRX}dWC00*dLX_}X5o+I?FA#B}`-k!oA zU)xTuX){K>_70!;q_80>mpd66PcnNAEj=9Sb`ylgN$nrL*yLX3m&uEtBVQ_aPW;4* z(+XM-8b~8I6Ab=PRQc!8xIoou39pGpi9Wqw zeuvQ_X=&CtoFF$FTml*qR@V<*V?FgNX;qN|n&=zqmlG@vW9o?n(4;hjGyC>&A^HOM zW2(=k(?CyLFQu(|7LLNMooL}_!0A{Svw!%Gx^^}+?ASr{*%;0qIYQLU(?mVU#K<*_ z-~dlN0_xGRc_{i~T-6cn(9_pPnRtxjF?ziH$$NC})Q%p*CNi_X7n@dXRMn@UX~n?d z)9Bu@4SmLZL~rLjPOAn# zZxv^Z32oZ6ntY<1QY9%FDU_O6(@pqFr(jnSZk*%z`54;w>_uRJKOI`NLYDH7t*cgW zB*TU;KYpDq?K&`Y!Zcd=JFBKzREE5`fTYwE*#?9-T-TO1!&u8-HCtuRHOBV)D97_{lTQs$Fo)BLtIndSDLtE|OMkY3N8!?HA z<9cHuBDALTnpa!IYAaXjdf4F_(2x+(?pC8GViSFoU3aDAEQ75FZZk{}lB%33JGQ?1-iM1dI zr;Z(F#}45n$2W55Ru;uFk=cu^JG^llCJpON|6$XZ(#cX}Zh#*L;PU;O- z{JKhzl5K3+xq~go_i%L61yYO3s*q~`#`SrSSwza+2rjzRqmH!=p~1dfjL#-5;wb0r z{V*^yQxPW(9chnz5$H8U+N|wGXrnHS88V2WlZMjjemYqhd1NPEW1p@UE&B{(Y`^Xd z?$VOx-sYUm^i>TSwzVcX zuaLZg$HeA%;cX?zn{hFU8+XXl^`K#=K7_j&RSS?cK?9|{47tc$jnbo7zV>I9ZQ97@ z?OWM)d^0BwMN?$fknnoW)NMO}exY`PfZSl?)}Q%#&vv%$+|I5O`#5>NrMTG%_cWCRd}x&qJc&x zrsN5-Su73M8X^$dhtj3rSUS21`LnV}FOptiOHZdOf~uw%bj7iTmXJpWOH;Uf;W%5j z@8i<3ZJfK6Ora`(OZx7_!2Zo~D!IsJlW&e;>?TKTl5 zX|NMPl7G~*#j5x|zm~j6J}>Gv?kI?BTRbgv(R-rr{|@Ne*JDU`7q%XZAoKPmZlr6{ zzI7vUMw*9M0bxfo2LfEAI8_drOo2k7CQwSDBZW#mYKVR&>?RGsg)!$CGjswQPsb6~ zsXJ}L1JKicaVoDYe!!HzQ)vC_k8};TrX=Phy*u{fz^zh3+H{~rs4u$Gt0U1u)tpN8 zyx5AF4N^O@(jKF)>x(eq6F7Q$qE}cTk{GGIMp#-reT`~kuPuHRH|9QM$^2PNn?9Y_ z-}r>15fX71@(SWy$J0jjw**&jPYmTsvXdehTTMP)5wS6=!^WkHIJNk7n)DdRj*AJ% zO0tN(ae*J_e!!#&<9X}TA2IZ)ixK&lnELWmyLy<5Os4u&4ZFa$eE0choL%`LO}g~q z@Qn-#@-slp1>_37%5iz8vC!(+SJo}X6xBN#|$@UeH<}_!dq+n|1S4p4X?dL;Tru1%5y4MU_ ztBS|HIvAUZcvU&rRztJ)Ey;OwjNOM$BiC}p-&v2=y@!*xZz-EEMB`Sc0n)5ExzLZM zh7l&l>YYwxN|AW!R*JEeAxNO6@Sm&{lB?OzCLj=d2NAStgyg-yzy1FP{nw&q{4*+3 zir}rVr9tnpOc^tR5hJ?MNRSul396QsKMnm{MD{Ad7N2Yxdc`8xWuN8a?@yxP=tJH5 zjc61qoQE>uAlm3?`OqTJT?9n|xtR!Ju4o!-h_g=z4`pFK2|jfQYY;}mkop9-AH#Pq zb-=|$3d&DmSHBD1(b+sabcn}I-NnFeg1vJv2FXR7Klm%I!OqxNNo_56VX5CKl|oHQ zFS>=hstBS?*A$Ne(TNlq!ciZS?r4Lhje+WVxs@k%U4(NQidu8B$qw+v!n*vN1h)qI z6zj<-vu!}5^h<)Q-shUK4)t4g!u{SOGNL1R?COoRy%;F0+VIxM4*2IE=Hr(~@!i3P z(y;JiC}bqvK23p@CYB8z$-s3BkAHROSq8L_G%`ii!o1EGec~uq2uIJI%$H zppZ}+)T>W}4nz5JY)AZ!bcBQWRkN4KpoP8C1j&vI@WEEtK?QABT6*eZsx5+iX&LFR z&z4t5l!wv}4@V20ox+^T>1}tozjPKK<<_;geW!2FbrC`^7JFS*W{{sNW^j zkaXdbl56W~dDEhfn=0v%8Cl{gd`C~{=*hEviETJ}V7l)Hu~|jJs|D$E4x{gYL5%4Z zf}6FWY7AA1>y#qOscI2*OUaq0D5WIsBwwvMO`4$#^&2#yUXTVlqRlc>(bj_?Z+gN1wwiB+p1 zaWBpZpcCcf|b{2l{GVPm%kb3VVx78~b z$>XkY^lFOm)2jVXrYOOuNmn-RIKUU(?0NU~CFpzj;^otT_vS2NyC`$}_H8WrbS5nu zH>W7`OeOi1NULON7i1D6l4uF}k7KzNlZa9fRS6neqR%{MB48DJ3$z{o4)Rk!v2fi< zd_x*zZ(cz-DnojJA=yTTZD>1oA34qRM)s`yaXnfN0Vs0Mzra3{JrytXAC>JTo2gLV zZiUdjqi+D&F~>O-SMkBGoGrUVJ6ni>Q>jW%gzeRxT8dHPKh;zdWf9k}N0D7v`OTtm zZ_g$)G1Fqj`gK?bg(Fc%y*e$h(u!vN_6WS{_^QS}DGrJM74hP!U#XIe8auy8uEZE= z{o)OLt<2Qd)r4o;Uo-y4^e;G2^v&yJ6;%J=t`;?+=AQZ-2sKOp^Attr z`C-vft~|;X=BN(o36JhG6)2U0P?S}C{VEqELPIz~DVaBR^T{I{UV3!~ufH;y)&_QH zj?o$1r2GGkyP z91JCr^%Pn*-UKTjarwYy?A>k9H`7DY+J{cEd+a}wM3B2JcIK+CSngOVfh7kML_pnc zrEoyWWfe*}hF12to{J|(Juy@3{&BWmOyW+K=&{aDxb8ea%%h6AuqB*bo`YGLIcARj zbZ?eM?1j_BI{0B!ryt!p$(FSTC~*`7*GbAyZD~Gi9HU+u$%IDm)d4}As!j0I(9pra z*bGZ`oPW4w5}$02$Ei^`E+Ni%#T(GP>trTPoyN;AzrvU>)=Gt&Re7@)D>r)W6_B;QcASY zmdZ=4xjgAhNxA6!mEB1CkcE^p%+(vqfIPco6I>lqp&avA~QRg(Us0Z-o$_roW+ z@=)cW>iRQq6J%7XU#<|zfFOKQP0}DJSx}45pQ_9r`)tI+pxa^#o2T z%+nLk{ddT(@S&n3{B$9QyV*})@jr#QTar)wu4V9I`4l24dd8;zWiYGLo|eW}nZ4=~ zUHW%d#{`kU<>U&IE&8s|Q*LgaAYQ5yDugy{#rZi?`Ebq;q!w5)d3aOaAJc(xqA$I@ zWGz_=aj)PrPTqc$K0eHtf#Z2);w)~b6p3=mdyJ}l)fe;%@pqm`xJ!uG_6;9@wT8^t zDBgT+CNtmpkShfy7~~vhz>ulDIsIdvtQ(4r{r9E19{XUa>{Sby#w&6B{7(Q(3Y%ie9~& z-R=3Fm#cSQ(RkNYl(R0=Tjy+bLx$wOq=o&=N@F1 zpL+sxy0x%i@1{%CZxXKl&4z|9Wkfv4rH&w|5)>j973N8a>C>`{MWR}yT6scQ#ozO@ zb4621F!OK5pq5qb_rc6B84eJ$p7ohYrQd%S(OgSwzh?XG`!|hPDczj`WZ*dp*OaWHI37 z?sRMH^5pfitoQ+k-W$iP(*@}0i@kAz<`AEBDPs4a72I<#<6%)2nTZMbguKM4$wO)8cZbh> zHskf}5W01DA!Es>4Bs3FQ~OK4LI4UrD_S@6gaafz8dfVlsasLz=rn?j@GA-GTYSml)VU z#<_X(nRnzenI%dL!kb`sE19}u1Th;>m+N!ih|epo!AAOg4-)k`bwegH^=7E0FUPiwB1F@-P=;gWK^wta(3=GCZEs8W5 zd)1Ko{QO9l0(~1yl_g~RHfC`5L5yf0hMiFX=jOb}SI4FLOE4(SqsgnQ7}wGn`IZj+ zXfmJo2RFk;9>>FtD}+wYi;h%?k&*EW?6no2Z-=V%ee2`5c>7#5MG8S4L+WF)>pWe5 z{*~@^G?DH2k#TE(tGse3O7n@^IFxBw(^xUJBQ}*Ds%)FkfHNVlF>YKv4hMZo>;MyD z5)w#{jm6sIWj^_CEFQX%tnR#w*e2TCd~lC^K?I!q#xwoBv4ohMWM%)e7)~ve<8p(DzWazVq4h=5&6#5leD`0{x~lFRj_ZCPRVT@C*6eEFV{=WoXAufNX3i4$>jbX1Y<>M%Ao=EDy^ z6r^adYDJRj$hd!rOOLf^-?qLwRw=o1<9;@Z9q_Iet`-;U(+jfXh@>Rz&H?ws^mS*fW_-3CoCDT?J(WDH()gdQ~u(6IE!$KD8K zVFs7ao+D9VNcZ+FxOMR=Choqt*_(=Sy_9w=ZAfR#H0JdbWgwhvI4@5^hB)rw;ESxlEU!dLhU} zU$qWzg+rxD%cX^xT)c3Klq@;cc5bw47FK>jQ7q&>Pjp-+`li+dg@)p0D>^a}0`exODLxahXNr=LD*zhTq&v1(J`>jHn;A&dHi8H52&s5^%=0RxvVDzNvIKO3|4()KL z(SK}&|Jb7_%;w_B6J!|**;jJOD{$xZ5u%f`(YJ9RykR)j2BOi50;0}G zV_P=}M-yrAlXLrO6ozhrIBMr{@!EZSLmFXi^i=N>O49FhBqEL$?b=|X9?X;PUgBn& zu1G#YRBvIFvI1^gj>gp8uiXDcjJkL88XD&AcspBG@%M|nPd@d(=h^QGipBM(g+9df zdc{PYz4=W04V?XPv#K0n{PV2NQHvAFU)}Qr{IvdoAL3?%`Bg0Wxh@yu9-<^lD3> zWf@85Qji&^5^?__MMXMzH|sl&4erknP*gk|D^Lq!^2Oo#_(n zsQR$r36u&7lW%f5Mw8%rb+DI$qe4M$%rSO9u%ScCAZ+v`NwT@I=>e9V1F;Sm>jaXY%kw61w%haWU7UH2Dh0g+o40&OyXs@UKkR*`{J2SCu=!T2E3EG07?1>hGpRXhCq8@T@v1!jGas-*s)b^so zz^1r7UE@SRNzD0eTz!~BMzIttiZQ6)n@)8du&P*_DNEFUro4WotOVEQ{b}G~flkUP z?rDb-Ppbj_wQWRY~6&m)U&a204P@X?oTb6fYP3U_sD@PV|dK zc_QG{T%L<4&$Rq?yns?<5H#VF+VzQ!ev=~k&qTq zoLr1gry;a((MMJg$+C`nF?-!loGU?=uf(%y7h3pQqajPi=znWWobM*SAOg)jw@SJLP^|Nj$M98d`2mn z%2ISZ+R`fA16OG=-i!z~AG|@XNQ7)Wy)l&86V}{a^hH7NkDTSyqc~(bL3sLRW9Ak{ zT}MOi?t84ZU%9@E;?Hs7@&i$R3G#quv>^w54wRSma zX6;z?^()l)(76`1_=8YLn}%rW{A<@k{ksY3zf?`N_;*1fBV`n47gAhQNYx!sl_(W5 zigU})RZLm0MJ;Mki$4cxMHy!rwj07%v!>OO(^~v((A56-lGA?zwW_Mc{{W;H$KDLt zGKFS7mZ%pvQ9}b=V?X--IF8Qs9skmLh@>s0%iRs#)9bKINx;b@{Oj%rbhTGXNzwW!7aI%)}OEoxDVTGXNz zwWvic{;N<+P-{_(TKv1AEal#<8^mW+tVdjn7vjHIUrN!om&WE92(Isk}XR z8HXN90V9d^6GrpXh6}|1hrU*krJQ8tt5fLK^aD0WXYgB#hnFTEW94h(>D{^wZQ3-W zOZV^Cayg;e$2LOlya*P4y_4Ii1=7*q24&g_(cZE2Y}K09ZJW`x*CKXaOI3XqBq8DG zLOytP8Jn-AJ^4*hR!HpLH(7b&2029vG9uUU!`=(TsJ3^PQE+D;ug%-aiO1@WtrRVe z+sByY$9R0C?Pk;AOTQUs{|fG2KFqGu zR|O>jc}WUuewxFsv$y`yI{!M9Tt2Xid(wjc|HV+q3Wzv1Y(ITZ^>@OB&8$3nOZ7Kou;AmF?7dofKmY#}3i);6 zJhonrRUO??`|Gok*5Z%iHwmgjnNR%XgY2KXh`p7FlM0I4tUGX(Ge=^`$}AK=m{6y4 zH-i10F!?7JM0^2mADqYKGCjh3wW6V~6}NZ2!JZ3ONi0%dPz~~eIBq2y;M%YYLq?5e z(7PX;rEzri?*@pT6xDS ze0Y+*yBG25(!D&$eY!J6_WdJVd7P)(ouVl58WDFBC{!hrnrIoDV0-Tb(XlD0=%_56 zD_f3GEYm_?zozZ_YEg@SFSPYN`272IjBi`MmwLtapVE>q(#ACvC@U?g65pOIWu=f& zT2}Q*jabXsUX?mM*>1Fkaw&1$|2Iug3m%hX{l6~7J7PmXi1C3*8piprjnAX4+~!C zZxuF>OWP3FRIfNCD}9C(m8s>E?yu|*a<$`2+a+u3XsiB}@Z0h|>qiy-Emz+w;aT~l zdUVjymA)VlI;tdJg};q$<%3Mvsk}Yq=f3)J57YaEs{Y=(bT(VgJW~BF?Q-?qhU1KH z;i5h+M@fn3!_^G>y#7!blD}2np13CaJkOts(_@J*F{5*sw@_R@yDR*)X4kI8AApvL ziOHlX^k>9g3(GgjZJ58JV z;_YaKeLx^i_NM6nhY0H31D}!=GKCT2JK?4+ji5- zL7kdWFT@2~6A@U{=gT2_i!6p+yE16pH4F#S>gWFqO1QmZGJEpc(SG!3hII)iG^8Hk z^~}k?eTEA~<}|41f%4uyqO|PLjmyHlUMO|!P0&!3kruU%>xNxuQO6niQ zKQ@LMXc?LlAiu$WOLo4Sv~>K(n6h33E01?X090wfHZ@!Gi}03kyTUEHT(T zJKE^#>T>MZF@l1Eu(PvM|0-fwX)3F}UPZB^2QH>Ewyj>rt=Jg$ZT*$?yUt@~YfsF@ zef+dyIr}f&$19)#mWIWw{OU(il?815WjPzR?c!z@G^^`_A~%j@>-SNR5Xl#FS7YuS zhP`eYYnCk%{cIOU51uDoVMc(D0~#fnZ2xrw(J`^?+qIren|E_JUqL-TAJuX*#d$IO z^27J6-?)vR7w@2R3Zl%I?dN*t*um(V~F)^Vd+AbB~4d ze?{N54jy*pd%IQ9mzj*MOI8wj{}Cq-Y+?PTEhH2h5mLvU2j_M$=Z96?OUO}e9uXW= z7wxjgtp5J_@_ae>7ff9PDSCX01uK?vaOXjy;|uW#@WoIlq$EFv^{c*R^`>3y*?yVK z%xJc3-NW6-sU)T6(kRrAT}xMxu4gagHKQQ;Ezy3;!!h&EwH&slPXT~t+^Vw|JcbL10iQG7PnxMhssB0tb z!K8*L``Wo(EMB#O-CK4Noh+kHh(G$8qP<@&tbd*tvSJecMhf96YcTW1D2(pXdHeiIW$u!oCMK z?Z>7;Tf%(p_;uE&L_SA8WXUX<^EGQX>|lRH1orNAaWKedt?=)Ax1*T<)p8t~wjek9 z0EnG8MI*uIQxRP~ScRrP`ERB`I-%6aHZO`ftXOnH?OZMGk{Iqg4Hxmj( zJ4*2s<*a{y9%Uhoa5mDWq(J!i4?pnpx@{c2dKF72f1E4~i4y%`@ss}GtLhJxQQ6;i zY&eB$lW?+b9AweTXWPH>{rNTele|=hg_DQq6K>o-^fTYC*uwqzG!oOYXx20wo&Q5$ z?jApWT(t(OwY9Y>;rg@dpz7=EGjHC!-{vaPIG|(TOtbM_F^WheC#NDUNM_qR>C|!5 zCdWpLOjYucz>ZfpbK!aliPudba97%N8H87qmB zk&_+8`q#(OwRsCVbnCUM> zvukJ@W7(|<7Au4;t|oH*!dkNYeDQN}e6k&FEo$+91&ZP<4sG1Qom3Gel= zvK)4;{8|v0(==`09&2SXAHV$;7ZQ|o?b4ZGUsIONna!>%2_m)>v3KS7tXz8dD@fz; z!2>)>D~~nu(rixb+{4YsB4U=^<-Je8#xA@IUD`CpNLnIEk;{+sKI3e>lJ?#E;HjI# z_utGXEiH|m%fDvn#w!FgY9i`*x`kvFeJKjqyY2^;?LLOHAe-S{7Oej6D-K5`;piJm zkcTx6UV$_VtBZx9k~#1HhCFRsV{IfSCB2Z4uy*w9(wzIpH?r$=w5sm8?@ed#)k2!K zYERP;2aK&f1>tnU%_o2sjl$3@%i#Eq-Q0+gUI8olc*Z2o#VKgnrX%f}d9viwH`shZ z3Y=ve_~|Pa?mCHE{kF6YvE-|_-XlVgqMQfkn73*pwso7+zExvP1^2I7YCXeHR(v~irg-?_wa`|qm7%!?0 zvGTGaGBb(@3Tw;YkpsBD>wDH7y)VuPVz%Vds{Z!5|FFUzZ{j?^c0r5MJ)Yp0cq;v=zTx2?NT-tI>KM~9wb%umb1dXJGq@Al%ZAesHJ>F z*;#{p2X9GJ#ftdq?WsiOTG72%PlEMQdGCuKDJUvr=gI}F+7(Gi|_}Ni&&bv?jt$BSH@-j2Y$SSU( z{Wbg3#T3vpcc4jlh-!5iYu5n$EBv)#Xtfn*YVk+$n*>#2s7m21dd}VGX0(tK_v1;B z{5L)4>S@_ zvUb)cu2#POXX*OKP-hSw!tH6+t{sD$2NT$65N*QjXx^bCL%KJ`_sRaBPa$n5SrD<3 z_Xf44ZJTCve|r;0?xs+9b1fqm#pBau3?oMl!Y%y(k=c(Z6xSz3uH&^|lQC{OoC#xx zV4Jj&6}z@`w?vP$OUu~uP?zAY6M0W$e~lBq;B@3=lB-N=6@;}ghMRV+@U%93vL}5x z6lhz!;*?j0vRIBx=wG2Q#JbZ&M(8XQoh6F98A^1uUPMuaEp(glUbifc-#*UfBX%?n z4Z_z(eYzI4_&)>_O>O8hWE|6`kHpKyntDx})*zo2rTMya8a<*0`Sj7Ru|0x!h~Kq@Z=2hA5aMNz zTTl}k)ejW?Pfy$??i0F6zjlVx*K!yzpf~mE*QZ;%R-|6LMD*QQk~31D^oMTstL~Di zj6cSvQ&0VErc@M<%OwX=iiX}L0&3JtQ2sX|GE{^7KnGJP%4`uw2z6>2TO*m3E5%;6X&M!n6 zeUAb|Uz+zENFx^=6!8)4Dzzh^^7WxvT)r1gu~TC@gj&(4O$YilcgMn`C9Q(RaoY~` z?-GQS?z7Jil^R;;+6B<0a~}o`AIX3=LMBr!5-zVH&vy_LCyrtGkdgEggNvuRIT|HJ zq(<)n&z4M_I*CC8N6@E3O9HLUF&5=NIlr2BYt?LQoXlwF9jw&+N z;133)vtb1firjJb^r~INz81Am2!dl_g{`fH>QJenjfJ%hCWhs`!$=HfwpOCgiT{&Z zI1%XcbgF=dpAWi4MWP4=Sh*4CQcfJxQ_?UsamLd0>HKatCwtZIW)k$Q9C34XRQ)Z% z(ZL=QQASpJ5;3OFc8&is$ZRHYH6un zqbcR3f?d>Q)6(xbJbxMuyANd7(30CiVnX zd*%5IM17hX#+VwLs*klXGcy!FSIj$__ z#@g!XwjOp4+LV@*U>4AsHS<1V|H3zE-hUK3&fZmDQ4XnnqpGz}PY`1XT3SY!89z-J zY#sDP#4aN(DG77S0G?`7A4@|m(ca3>W+5x)65|F8XWhwId|LFTLw!#nlq8#w^Ev(| zozt{-rLNc0(w!Xa(5Xg#!CVl?CY;!}lelx6I8f>>5+x_(#ign$G}QB9HO0Trd-eLP zd{V!V3tcBskammNuTN(5sF93)?OQyXgkxbK^(P0MMSCQu-@`GRVcPckm;@G$+8az4`}p#6+AlpQde)yR=2ky}xVFMypU!Bl#h=CRl#s{RZLL{l$Oa=6QxC;RN=|- zb3Ue23OcRr7)GaI6PYw_5~Df=;A1Hx`B5T4zOI<4dX55Z_fS0b&C!x)h+veCtGyK> z?h42;a|y=H)D{tAMH{kl^YS7jq&|M$?zA8M6$4s@;bd6Zkwu{z&IFnqAUZaOoXUMp z1pa&xcuOq}FcKnaN}W^ur<5ki+rLUXkK63K63O+X;uJNBK-Tep+34eh+s>`?+6@i9%AoJ(GONS0kD9OsAxLA(8cU{V|&vEEh`4`+$ zY%LUlT(VDz`l}o*byhAB04tB6YS+V|eaA7a<1efyNW0K|g`Fix+(tt~I#%Ky-kGfj zPVh<-OBT=hiS(zJ)!4p@4`?J}{zMl7axwTRe(U`RORMARFCgD#-&-$BB^H9l!gxkb(HnM_9=d%C&HJk$kd8&r` ztp=iXe-E=3?4V2E;Yg#TQb!Nn%y@1kWvQ;oiI3w!QX29a$B*jrNqW-|w(-Z_&X3Q2 z+Q4pM+ugf%vF5v3_?YP-6NIFkT;OXBp!>#FOj$S3MkyT%J4@ruGHA6H3b3htrM zz{bHHPv1s-^zBc=zxS|9v~A_wcW~4!#-mx!C;j1@d27pWRm0A+y1zk0QH*kFMJb0j9*G?;e>pQctRGOi0 z?MRbh6BsjfIHN*K`FvjlNu@eCoxSwz^$Jr&Ur`0m%8<*;(A77Su`MpU1Js%waY zlQ%nWr=U>97frIy{mQBISW2~xF|~H)cuWojD(z{J5V?c%$#+HA05c08@~vCbefm^p z%zTZPr%s@66K^aHDm$`tqXPqGdh+w9OW1b4V#ci)aL)X|XJ1}J$Hoy`(Po7hFeQn~ zrP8Fy%k6QDImhYq_e4;Y$i5VGHPF^K78$(iqDs)i)Xf8TH%km^Ki;p!|4~Q-TS0C< z#nM;F(jZrm|KuxN>C5N*{5;CkPord|#T4Whh^QtAm9Y(%c74k$6Q(h&cTaXDdh_1s z=Ey}-otIbedOorHJG_84pAsNdqJi0D?`u1m6qWiEc|#PQ>M@0 z-S2-PJ+nkLP!}bgXXt>=On>MTldHstegmL>IYcV=cR$+%pE<5@e`*ppx-FYNFS-VyK?d8xlDflYqE;9 zC@v_VsIW*d;_yn>&tT-x0bI`aV&aG{qLxzfvU96^ZCz9#>?{VIl-q}SY2095d36Sx z&fKR}+r}7I8VPG^UzwVO7v$zqT%ikr;=)|vKZTeFc4u^3J4Wl@AuIB0ed%{7e2S_Ek`j z^Q?RYLf^VhEt%P?E;D*}Vd9jR88K!AA1&OjBB#>*(t{ug&zDb5nMk;ftofXo6Q&6H zdOek|sEGU;{jF+yWW8f_BwyIKJ4!O~#I`lDHDSlL&57-q*tTtV%!zH==-B9_lQ;k8 zdCxj)o%6BxhwiRgRl92M`?{~6aG$pQPKKrT%>>IV{J>?eAAE!qQ_WoB=ZW=aqZf1r9K)yFpYmXl2+W;wN7`J=rONPbL>#_onDpplOuh0t$n(^bvMq*g zS#DlTa|J6_V7Hw25i4AIdN-!u4_qW9q|yFzi^O`GU%;pD$*NhlT-v zBTtsToww6Hz0PHDJra!VZ~jFmfCLKQMS@t(zANLE+?FkgcN`%Xc_Cvdb-f2F^5(}T zSsF>86~8~>66n@kN!QF_%bXAV+5C)s$iF|Ep5)zd{)LA763h z2-IKf3=~Y!^3ufbw2%P=5aX=wDcn_Iyf8336dp2y}OJy0B0;$oYKn`@;Eu z)mmyjKZpyZTxMuNLBR=)meC{yS?w!k-h=>D=k|X;rB_^SZ zeIrLcIb+mt#^W`jZDdj&bgN}dD^`ZQ##d|TU{^_Tn0tTm90!AlvkNHum<4>6P#PGf#@BD5tI1 z3`UHtj6FS?wC7~bU|~>BZ?uVukYvWH79b|hReDY$ru%WP&n4n*hT^*uH7zC6GY>?v zbxp@#1_o5}+2C({)fEa69@$&B3QBWof4#221c!UN&XhF{70Ur~2HJ`RNS;kd z>$JW7zNXTxMg$N7x^DIqdA;D4Cwf8X`J@CU>X>2N!SojTy4M{L&|EkrlTexOaXcIJBHVi#js z_9%n(94aNx1F$;0IFeleX!<1Xr4qp1u7xH9Z+J$HG zM&jM$hzLCUNB78`=>Nye2)z1Hl{P*xpgTOKETuYdM%EO^kcgVt{11ZS`}$5%8g_Sc zI+hp!0O>r_WeSGQp22k7&xQobzlP>jc`tN-AUX@z-hK%O>t^draogUnI2(O@^ZyOM z`+Ue1tr#-E1q!3X-K|lal*sw2r%es#(_wipY{#1&BySvzCzT%uK~TFJ)e0=NhAb_1 zO*1!{@85yguA9~0l|C$nfk!VHO?9k{o$OiQ>?97f|8$ASxygzULkj}~B8e2e031$R zguOwzy>oRvQ~NREyEmPBh5ywbda_;4;85MGWC+3|+K>t3aSrxfi0NB?{5QrcP6lJ# zrqZ@F;s2^CpBum3#|VqSGtlX;x`O(KQOK}4Oo$%%ceHD>5QPRA$Qi?TTVHxTB2 z!Pd8C5=Kc<$G)1gZs(l!axduDudz->J?@l<$G={X2td_ecC3>rK8#)1;aOmh^6&z54msSh z@F*UsT%oQ`HZFp>#g*Q&MotWYe2ay@tZHY!{N{X zengAB*)z|+)hpVYVnlbe66TawN)^>YyAnilJ%Vp=6Sy>H9LSd=4TyGlaR@$HCko21 z{4-V}e@#pSfQ-GvgmUC;xTU^W%5!o(>x=FdomUF@YWt}4UN>sDraV(YkG!)!dA+`0 z{@b{1Uv|Gq2A5J6vc4DKoVAih@h&LJ^w*)S%QJ4RoYw4ag0f!Q?rAqd5PSMMPNL)L zP+pcD*>+)xxPZn~oP_UwXBB=Z-I59iHvn=B&mXI`jATQygQqimu33C?XYeK}wBe!c z?ir*<;&<3=fp48&v-4A!#sv3JexDpQS=^AfwiR`v!!cFFpqH9;DL9x@!V#zSzEM@l z_;NYqc+p_=owGN+wnWPUY?b5O(FMEyHAT|TMofIS+6ZgYJ4}83dr6)c?!8;^GvZH< zI7m={p)qwi;&H|mu1I%_1c87#S-iMJllO=>In%RpwWo-Z+LVHvFnwr|O+?EXc4%v6 z-%dlOB{9|5XnL5w_=@qz{A{E|^k($VP0CB_EfWwrNA0kD5-3FDaV3Jjg`7+azQlJ*temjt;7~=g0g=fccdD z2euMk^UC^mz4f<#R%s!7Gl?W2DQv6UH94HW31e5MXaiC8QN63(D8}6q`J$d`jVZan zNLv(?K8m*vc?RF50)G>+f)~|^B2LGoXcG8e{{5m{RjLYiOgyNyhA1@=wae6T)zDOB zR2BqOKgqka1#eW4^VRTulo}cu8dYD~Q$&QyTAFT(%Doo+q)V62FGt?M7%yqkJg)@z z6|R$L=L_@RZ&wrvu$?N_SGQ-1pDkgklq@+5q)LBpg>S@@4^!}}(uu4FKs-vz_&)%R z(5MokvKY3RnFTTRSE?Nk&)DRPG95dymqNdaW`Mu29_4GjmFDb4AZ_U##M`6d1sHhr zoDnz*R)x^rY2wUYV#unf+zAC)%H~oRJWO55P zZ<2E&y~1B6A9vHgS@hzA^{XPX%Tmflfa(r`Zd4q-@rM6|38B0 z1N|%x#@DTYX0uz%gf=8;;ny1&(ecyaKiM|YV*RQ-eB`k*&kv_ZGq(<$o? zRJzB#;R%1r|pzgIR)4-iP zW~zq=LkfGJgCw_5xLay%E5vT~UQFS6Dq8do7rb+N8Y*q@WAeewZ@3u4y~Bf=DpLIa z$`Kz(47uKg{<9-;-=1)00xbZSWdWcq+DxVyJKVr_Lz~m^#yWu$M42~n>K3Ycv=Th-bSv zFoP@ZEw9Har-tjx0@|xk9;eQXE;yxE+;-V0f{~uuR~6!k##SjJR%$JIwdHbpD&&lR z%VZ1Sv^cmUZdI+0LRy@aSm0oh@At-|efA?h-)i;ya@eg8Lxc%V!0vfuuX#_Lqsob9 zPR^IGnZ0W$`&N@+s2oQDwUFtyYKu{2&4+WoMVsZ3zrzw|>;Cpk)CQ2YD83f2C@3d& zLuJO)(h0oK7NR~-fcA2&2VNM3IBA%(vdx}Or*BR!=JI#`3ynsiDLDdIhdQ<9LVT#Q zM@`@jfWu~MEZYV^!{ppQ)hFH{w!HTO=T#}TH9+)8MMszDaC@eQ38~KvXh(A3&HJA7 zNf4pI@cfLiB|UzkRYY48=$eJ?Kwoxr+6$@@bUgkW&m?%?`wZfIw(psmw_dN567(tN z7nl1M`k=#I7jPi>-a8Q}%-lbEjpV$2wOe%z-TtHXNPW>}W&9l9CjFa7#V8Gf_c)kB z`pE;r5v|)DUF1Z7Kf$i?FyT#DOj+yrR)Y;aKQM6vx=?y#Jm0G*iU{KZqcaqO`X@5$|W8rl|{%I{?Modkzd&{n0 zrGGiyY8A?+=9+m897&6=2Z9-(1=6>2!@<<;KqbLE;(=2{GD zi}MruYPGGfxvJZiXI%Gq77)Ltc2Iup{emyC$It|DVLVdqvK}=hs;BeEI;)L5bE5}Y z+ShO@k8B^03vJu1_olg97<2sx6`75TSC=v5A|Riic|E*C{?}0SH*PIOYHx2yj9|Uu za2pjV9GiM{k%Vuzx%bFmq(30jz&(BKUU9Ki0ZM@8STnH>wDD&GeH1unj zWZM5pDMl{RJ=#Rjbd2;Wr)v36>FAYVCytbB_hQ>{`NU4O`%%Mlw2&!z#X~nSE7MCG z)NPX-9yScbE4+Sk@Tav7jiSwqF8WY9g3dC!k}E7*_mc_B+qafS2k^>H)E6Jq1U>)M z%3`fHK?1WLooJLP9X&x~ zRAP5xdtW+E!SP}-!v+{(|1{un^pv`*@0#1IwayPw`D0DxH1(HWz&WIH)Kw*%UhtW% zX265VRSHjwM}Xo}D%38We`nAuZN$;#o}pS;Zc?x1O@Yc#Oue+IT9)X3xH|S`0pfYv zgW=VqQLJhwP~Kn(&8K@}HsV=WwOyraRjvUzfy_HhtprDqq)s73Lr3cQ7~-utAV^NP zQKi`x-;V!cg#}Ra8_5042n2azuDmmV+@PdppC4{D&sq{?Pn&GMqka=fd;H@@6^#NB zib-Zz{c&P9(tO!9*%cCB33aAh7yE$;z}n5h1*}sKA`@O{WjOhcjr)68xc*K!gRM+g^x`ntET?wx@E z1=GYr!b#}+0*7Zo6&fCaic=ejja%L$U1QAUr`?dK8=3T|wXqE2YDYA#+qlQ?b}rDomdnXl=%l@Qa)&%0_-Z zvCbwlc^Ewp$pb<@x+VGlp=I>X=|rxC{i{@wNQh^tkB4~pJ{o_x z)95vt)K0=^b+~HNAXvMl{TonLwo``@ur1HuK7j4$MhP9_!xq%e=!LqBt2 zWnXPHo(41UrDLH(Wx61a979G2&ZmnwFq))W^co~!AEZ;P3DbpSrG8D$J!y+!t+}~P-a&O3Ax_CO_wN;NH|~8 z*9zYQtw^@y#M+Ph_{nUDxl**f@oN5HkK4{(Q>#oV@n6Vg*FcgAMVs^QAi28QTlnrh zGsnK6uI@ZWmL1WW6`k(at*YH7Y`Us*-8vxK;Ot67?X&?LVb0F2DIU|6h45)Dv9mMz z#yG}O4Z5qw-DQ0L$<41LB%5g(`6Ewf1dP$y-yWZ(yI)h4nJI*aybMIzzOQ$Y3UsTr zVR$%rKOLTCdMF7GArV~LPn(RC5Y>K!`%W_%|I; z>`R#MvOqoRHyQ+=!sLihXdL=gu$x)>3D1XaMV!q?B|wt(nu%3R5BNvH}iNOGu; z)cmz+AYHS7M_aE>{T zIG(OJK-Hd$F(zYt8D#_3+ddKAO({@IMM=jsd@7o6K!7Pz9ojv&YtIYCP!F|N8KCKY zELHEQV%n^EtBQ_E0CO|CuQ-0JG~C;X6*^WyXXM7m5aY=E04*stlBs9&r``CwtdDI% zW}1w{2iSkJYG`E?5adX!z9^28qDc?Ei%xj)lK5HL7G<`J6Y`}|jNCaAUNUJ|Nxlwr z%irsBQ?T`9c{k_T58?%_k12`dz|d#4rF*d;^K`QX)3EZ|+r7nz5~3hUiQ{|OQpVBo z&9Aq=aAP!P%5pl5(2Vb1!~xeMq(xY58FTtq4K~caCk#gA1=L_5nqA@L;bZ73SJJ6Y z4|7k}Coz|LxEbz8s(Z8pFySA!NaV;uAO2!KHD5~Q7{DOF+tq?fPJc`Xz|IY_lvU2Cy=%|c0+T_4_VC^havu2%N-p;Kv zkkh@)o+e$(G)EinHR4~G(?)#Omr}{ik51Fp)&i%ggF={$f?HEoxFAD=r|NOz=Y4{8 zXBq;3v)WM%iY6`xtKUs`YjU>dJHMDsy!`pw`EoT|O2U;WVB#0a122#XxD?>WVct;{ z!2Ug$U&9erDo%iiVXWnRD%)J$nR?@>-w+uYhRu?CLHZASwTK-y#V$NsExNi3D(fZ8 zHR_lK++#tBh+uFzm}PW_`PU^3x3jpTr!dZkX|!WB8*t+NWOtzcH#wT)#Hw5c9mA3A zkQsWi3jv?)LmsIY>+a70K*Qm4t^7`zaXWilhpr>oA9o5`i2o$L^BM?l-#Oe0yh54~ z)rR%TGnHw66A}9}_fawLlwy{(N-X?T}iqgsPzWp^ixYhz!2^n)=xDatGQ7_-kCu%+Q-0MaLN-KsQD7DVV&e~zAyQ6D`NL;ue>pUCwMUs(9!!zv1zkllWM&v7KlZ( zEoeYbIRg;;Ln3yn`CIT~=iFEv4l6fVd~9wl_@1uW;P<&yZ9BW%TW_n?ZcK1(U{KJ> z9U*^MPiGtJ?_C|nj38OpTgNv9J}4v}Ca)MyoWu*<3FNhAEaZ+v7|7xzYRl<{if zPD{p#>JfdO*jlJS>PUTy!y8}oMfT1h8uMg$bajEbuvZ>XgscsIWzs|gK*UU$h5o3L zUt#{%Az-&E=IZ--#^s)2x&2KU!_+iUdcNYG{|ms}iEUxN%qP4mviQnsp%6{je7ZS>6udAK}5-gLKGrdNF zCP=!@lEKNU9bL6Bx$=j-wWwna3RWh<5+Hs6aSiU2Bvp4kr)Y=fhP zzPa=4U@pfOlYBl-KC-9cz~r|EfDy2Tn+@cj32^hf(od|&w|>~%SMu>=3wlP@);#3X zB#w0Xh3y^XOdC%#X*GT?=>GmoYS#|M1^7@jpyBYIrK78t@yNp;WE+{r5#n$jsnL2t zjNLk;^9=#X_H&?{^~>)EmEPsSC^O$luIIqnBGp{30{{3nk`3sNekKy2K*1sFG}c8w zxw8A^ck3AT;~K!@ccP;h`s~-K>yThnP0i2pWP%2R_3#ZiObMGk)g9X)U-nUzM7(YE z_2} z;WzCx^rSEg&57hc#RRDWX4H%^Srd`f(ETM;a99O0)Ul=hm8gyTc&{zq+}4lh##4C# zXZ-CkUr#4vRW!8Z89IBvxW_6=+yq2qHY4D62KSV>QsM4{nigbLve5hRfSlFpf0dPfH=R+%@2V=Ob?VCywSU zhQNrc>H7Xi2hWWuG$LF{Si)zmQPV`e&VI0LH(PpkeG{+1ME@sTF{>xE70RLy(^t=LMg=7Jl7=#>>nMf{o2pnhyr#z#6tRfQjjmL=`ua&Uoao`@8jb&HqE2DzaJY0%=Liu~* zec3R;iq1Jn+)+!6+KJN2+QR~sysU$6SOJC5QI)jMf)o@a7|O=-zk_adM8uU?pa%u! zeSV#tAIUmc71vS;=Zsg`*H!xBQ)jxO(Mcl&y;2}dj5DD^E2NJsGO_f{G`hz4@VdF( zNlBH)sw&tTM0G2xlINhmtLz`W*d3~ieZ#T|~J0LV$JE2pDVFf#ldn(5BU zzWZLo#+zny+O)e;CHS`BtFJYye4}J{dvT|TK*$%mqbxWez=r)5F)g&DvJP0bswqty z5uVts=kms)s)$K2qiVWeOu-TF$NM{K0k^WRf|Tr;IX!)oYsn-0bbBXE%eLD7obI#{ zpvyv(xl{C)vCimS*L&5qST>Xsw_FueQF?4(VL<+_-P@}rGOT~nn%u!ZBN@rvE{VYs zquy+4p8;Mw?P}puy;PQn`DMLi31?G2J&xY!al3`~1D-iZRLSNi6;R~-c{S`22DCCMNcJ4Rf^Q%-OgqFi*N7kF)1 zqd@s5Hz|e%wqVT^4;1%t#P!K~u$Ir7myo-w3yP^JkvO((| zO+!5!w8I~6#BA2%!&Nhw8*>BGRx@pbJ04`2Nbj7o*k7E2t#Iw%x!9nSdH(48^dW4gSHnH24=K*Ie1b4AvaZhkA?Iqsm zXi~4dg$ALlhesj%yvIryUx#OS&8A;cPXIKF$0ljw@6Niq%0|_+UEi+`-DN`OMx0dI zc;WT82Yx9L^(qpl`qnCCNR9**KTF72O(k=J{FDQ_^3thGs0-%x2e{O_yP*vWZ$otY z-?6(h+AH%DpPZz*Uu%EpUcN0Vh>sj}m% zO}0nJT&XCAt6^FZpoTkfE7sHgi*X|M%I+=*@W-yTR&jRhn^kE=%bcF*mz%>frhl_b zpE39;cCyt3tudv@=*G!r1~7>17`@l|>@ArC<%it<$*DJHYiR}E^*_t~WCle4SX-6k zBJTPtTG~u7Mfs^(gHrOQRgX6;2x$v5a?(ee`3}@@50Lk4I-r9x3|a4n)$^ zdxBljXvUoY1PH^{DioBKCdS7bg^T$g?7q+b&a`)M8XB8GyG({W8HmF0IR}aq?#o8B zohRuA2V2zK?Yr;3el(w+69X3F9)4xiej?15-@q9Us5?7!m04}u8X-0N@1 z1hV=6G8-2IMX}!&N-h(~okf)v>TiDWK&={)PAS1QKM<;vCM&8b(M0os=GG+%H5AH1 zWMj!pM~iN-zKK>cWF?V77`U&vV=n9$h6tnsz^u%skH|NB4`Y1vto<7mP=vM~rRC`G zny>}>dYTlh&p?|IPf6gT@MHg+R09!ZvQ>CmEtnSf}|O;fh6} zq*8juyh4>ix&_t5?#jZ%ajf~87Ewtq?CO@ajK#Q{EqHidx_Cle(i5|Dyv8k#IB3bS>1up#r#MU5@#p6d7lR8K347K}&5mdY z43eY7w-dpRcU+-|c>W3@N}>j-(TZ6$#kgP_nws*CqAd#Z+`pwPzp{R;{Gb6+ z7goTgZd>SXf%Hdo(8$!9r@Nu)!GL*1lf(A55DM41c^@*-u5GDM>-YMTE@ILt{fh<( znE0P+2Q^z7ZgZ7%uV(VtL zM00aREy!-Pj8%$xeH^qm=)J;Z$#Oj-G3Pbyk|Vo!qZ=m~ad2RZHb%v(3`uNCPc$Bm zvQgGXZ+6T$$%vl4(HY&?2phgjn_}Po*RUf|MYlJeHrdyi7t{QjrP2D}_9OYYYJzcj zBAEifW0R3LeYq!&NMP1##NErD&KUj zU|}SMLnSCy;_A`lbi01wS2pVq$Y?&4&CiHqw}R@uRzM9fU4cc)^b73}EG2hvlE)Os z@H~z{qTt+B!WAD}=2t8^ZSm;fvF30x>mFQ3VW?Xy(}z}d;`}m71*y0N7SMyu5Kq#AGywOg3IYoVuFHv^0=PQF4_SVaF5JnN0evJMgOzusHFb{2f5MHVf?4*^iH--p> z|3+YHop{~oC2No0Sq|BciCVbV2OM# zd+;$jEEx^zPewW+5p67#x$l9>G$Zl|-lOTOT=={bQB(_)A$;#LXD*TZ&+6YpG(34V zs(E`!zk3mnDh}DGsiDbkB*$cI?E*1|S{05?xvfaac6E5g`$dSR2T!>6@9&>0}-+kfVEUeNbdkS_*?G(4D7 zLRR7vG+oLuCC&1EcRRw17wr~nl;&%65Pa`f@9Y9~C1Avzul6g-_R^SaDEFwQc9O%f zYLH<~H~)O6l=F?MBhxpst7ow5m=!NoLxJ*u%AY9TC-1DwO39JeY|LY1WXSuaLqI4MQvU`(+!R)8`aMwixrZK? zUuD>x(pZmhGzcFs*f|ereJG7+1maQD#mTr^(mIuR|EucvH?L?0SZiU2F2b04>@j1Gb4~!{PO(whQdkVoB~zC6Qb<#TjXb(a!ZEyS^vB zgscGVXDuivG8wjvUVs?w6a%@x+DhW2Ry;#;(_8{k3iS4>)UoW(C80^9v8Z9GDl(m3 zl5Y;rII$P4e;g^xVx!L}zEX1gA54L6`xSRgHn}zAw}b<{XR1zP;PGOqR`)d(RnBnu znNr;b?+iw*f$m--HH9fhY9p!*4ni9bXhUL3wRD{h?_YeVlgD(l7LE{XKp^X|hS%1b%F)%ik@D$G_I(o0ytXNXy8W^!P&| z;Bg>erO?)N1a|=8ac#lg{b`o;1%GBChS1iXZvf9id(cD9ed`3*I% z$&k94(~*BB<`-4PG$q^Hdrj;ozG3o3do*I%~9H+-^O(TIFd=vCKLmE#{$Va3BhxVFC_4p96N39T%El(60hK| zgBRTtU@54!QH*6o_ZWG7%P7eWP+Pss&-eO2*Ld~Vkbxr^SPl`j^qzwnm>H)kq%E8G zB)y+)77kgDE-5JPAckIiw3T^pR?i43=E}y-?|<{3>dsvwyK)9|r%~nn+EVT0wut53 z3AO$T9dAkW+KnUV;hps*#T;HeuTT}DrxcXjeKX&R!4}Blo#=E{h|nB=%9FRx;8eu^ z>Nbuv)%VVeV|*xM;!S7X5Rc4cwkY5Kf#_#j|J{i!du3w#9$@}e6r~#h&SXNFAl!vM zh)z|iEdbf44RI%_dZKn_Y_C7W?&hGi{MALu$@1aEQM{?4__vc+^0D7oyNI@-+FM}z zX)?3R5c{Yo%+kWlbJW8s?W#4`&Q6n#pA+G2jUak!dBOQ<$n4?VonG@_d&aycZC{h! z2dpAanZhH6*^2ynww#iT5M}`vmWmRWzK#c2Qf+Z)r=RXWjfbG@`ycrUk(o%C+0!bY zu}NVg(`^NBsAVDm4$Qrw2L`r+{*rd`#LHLT=)l=R){goldvF5ItAC_j zp3%B}bC_QWf<$utqv<0prH`gF8@+E{IJupgPkLu^?LpO~FucQD}s9OYMEy|Lm<<{GKWqsMVpMP%(AU4nT zd9zs3G~Y-m%p&%7I1;5px{P*2u}Ci2xqSKkv-1@Zh7E@*<}~k_;_i$n8Zw}au{~nU zjB;_;YiKwYPC{KYSvP89jo>%D{g zKk!5lQ8Esl4$fQ#_BF!g59lmj^o`Cy~B$;;kYOZcv#q z$wPT-pz-nh`uwdV%8d9NM^^b-L*VrUFWS{&@6lar2XWAF!cfjqGw!GpmpyfPmv_)t zSCcK*_|b+y)(h!s``=k!E`8#_(9#0+I?qL4jP(xp&jcl(GNY1Oyicsiz}vL%o}*AR zgvC8JqF$wro?|5VUe0zZdP!m{nF1bxfut@S>ru~!V9o}JLS(1m#f^2&wf6a(#5OFahnB`NlAS1U%IY`PHxLl8>; zR(H=FAA5SRJM3kdz<~!SQ@}CsH$Pr4FZ)qAHPAs}4C~kl@`gK4kKmS(t_Y4{_IvXt zB_-XryOGWjeF55C<6&bHd(UmTDU2o5pwUE{%Q#kh4+1DfbIo=D8H=A=aEct?ylI*) z7Bw=g1T)GKyP(pYA?QQZ{qau5!Zso35Cy>R zN|n&HrieY7=fn!`-IMH)Xl?UX*-;6uESXkY7R5)RuwgC4M-G0=L)+kFr3Hv5iJZ~& ztVq=zi8e+>1=s1OtbUC;jQHg$=|KXP)m7pBN#o!0VqF z&gAOYGr9ULsnP-|yQRnYI-|k0O!EEuNz*c)0ZZ-6QB#pI%3)w3qbgR8jpsG$78 zZ+htJOzp}okL*f+DHRo6kU%Bk!+m81Q>8hF)4d{xr5H<|K7|E4NWSJ5o{Uv;#r%jq zxT{EHt%uEtL+C@@@i;Gh-OMVix6wQFd&9whKGP_1VcrkenLWb0_XY1^ow!{TmSXAC zYAhZ8U9tvTngu2#?yfwxizwxJo2iax;<}Mtv@=?+WMf4#vL1_&kb=H(!+%5mEioBG zAyFj|Fr{u`ULz^igOTjI64OJkE+q{|GnTTm%9H7uZAP6`aQ4AKLUaa?kVL^t8ttnny# zbD-1+`(aC`d48(SUcu&JC;2BH z(%znvi>5?(ng28=n(Zgy-4?nHS)ES%&8Ex8)XY@2C|MSv5(_z|Mqa>Miosf_sRO?z zy=o(!_ywX4vY%4F=;`xo2$98((mT)u?oI3M6si0Rlpk{b z^YSa!$CD92rQT^iS+!r7a;R^pnX-ZH%bI2=J6fIR>$6&3` zqj=RV2elMKU@$Rg+F#bV9U|rwOUeBXn`kCzw3+B;$>J-}x5|+!`${x(bdztQ<^v() zoC{~3sn{PK7;16B9fheudRp@_-1m#>UKLVhOY!&n^r0*fcaTFF7zmnwZ>wrx>dK7Q zxz<)RTxjOTpnj^!?RkQ_wLDnecF6R9cSxM!WFG`ta={C_-xKX+N|k~%Sd4Dad-+c6 zOcV#+g9R$A(q^i?+_b)V8lG-X41;dnz3O|pAyoMmEKnapT9~0p1RdUBCi4R5Q~V@_ zITxzejFe-11J(N?7$~?mI%>4VD!gjUdv>LscOEIOXLj?m;~6gL)2MeL>N3!e*?OqS zKSVF;}Q!C{D>Jh{X3Ml{e_sjo&-nI+s6;k~eelHmgZS~6vj09JtfBgRQ z^Zhe^yXt-22Gyf&Y^M4PVy|F8C3yq^U9$a+__gBaM zfR;{{)M_t825gCiY%Or58{);QXZ+So#|;);b)`#_O&GixJB%QICF-nFiu28GteMKS zYkypJr78fQ*^zlU#y+#^6)TraI-jHT{NY@56liVwf>9L1#qI|UNsltSt&(90&#^z` zcUbqv@78OZd`r63Y&j&JRU7hyT~XI~{~#4zPefCyckT%8FuX3*{W^6K2x%1YJe+1x zk@(7U4A-kIf4AQx26jk=SJ&)h_^2Ofn~VwuzMBZ532u!{L>e*Et0y#sq~%xr9HfIL zg?blM8hy-}Fdn=1S{S;Q?5fXjp~8DVk5L>ct6FQN;Y3)W_q2vyDurF-x)1S zSdWse5V&4a){Fl)r9WXlrD{1g=m(8l@KASuw{b%Dao%4UuiBBUis(a@f$ht0J46A=-0-ZINe{&1;v%D7=AL1E1X}k{keA{Rn0d+_0g^_-}0~L7(KiY7LQ^Ed(f;jYh|Lbgxh3< ze_lA>Z$&sw2GOO;Z`!)_s!e0uGL>n)NEdQ;S4fhJ7PL zsxba-+TWyxo5`!*w4*EI>v?$BBu)!d7gP>j90EwTY`F(oI38|JN5@9@c~4Z&3mD$2 z5~xD-T;e`J~%-SLEa!X>V5=jF{Kt zwvvfBl9NAfnm3QqV-Tp5(|VC!E}M_$-8Hwa&f#8Ob(q%C-TQ`?8>f!1;quqgr&DvH zyTgw}(#Yn*{N=P{hINNVj-JsaWL~ck-b7^GpCjv#xeGQK$oGB)rOOR!*@zWx+8m*i7d5(VrG^O9Fly#3I7QiOu1|3z_}Ac zA+a->pR{-iC|Q5pPLnkewNv2l5v@%B^nAKzvgg;E#T1n%&H-^i81K>J?cS)7Tg1+N9hQr`Y0Z?w0*Q3pK@F)u@ZKSHw3m|lgtC4)7+MBEWt63LxEgpjc z)!|~<43F1s$}I-1Fx4@n)I`36rG>HOdMCyY{F6$4;s+-cyhgYhM8 zLff@ge!g#g5{6Dhoq^g3T%Kv4zf)wU%^62Dc3V5mkD4&uigJ*gX*=l+*7Dsy0De+-QQ#s!rZKF*XsHn$`@VG;Y8@L z8{UDZ{q&cc9yuy~q?tX74Ur0SD&o zh!-!c#X&9=;uRK4{>f?Pbq8-G^q0>WqGOFtA46b-td`W_i|p%}T71CIp>IW%hjK5< zmFLUjGgk5?QhdR}R~>^Aiks{e6g7Ktau1s~rFiKqv0pO1rtPl17e&cNp6;sTX)%|| zc4r$A4L)2t!wq&P#)R=Wf!D-Ovv4IUOTA?)Ka&E-o^9VfCiyBhN!~dW2hCO7RManb zUQ%EC310mYV%VFtQgYONg1-LvbfPR(jQa>Y0I|oXs2|LWiC+GDdyc=;Us7#1U|BgR zu}B_*DBwMgd^Tx#a1c_}g#38uiM8T|w!IftNgI$z!x3{k9=Kogo{qkrv^YKdS3+X6 zcO)P7Li>mP-88rBnAzR@zFwk2T$X<5S(8sk#&N<|1R1&;c%&kew#Q+^DW^9XS~b%$ zTA&%68S1<_-6T&E-(f|NfU;WbP*ZmMSWxrVv{AG?`u(X%Am*pc$Rvy61!CIn8pq4nAFR+tfwU7$$e8=Xcl))0`OOV=YZut~XA{gmy)4>Fc+fIZ)<4z+?AKX;n6o6G0{#9`cia zXSI=P`d1zB-imr^BBY?<)Y=5wJyRm6@xINTEYv=Oy5sSV-7jTu?(Y#38}c`mL-s4L zJ*=hZQ4)W1D_d@9HtytZvvm4znR$50W@o?SlwaVzl5l|uva;XMpILoaOyx9}hd7j& zLyq1(Ur=e&nT&5KpA)E|!a_b%<0P&N^uU50da8S$hP5S4Vt#l)J|^5uFGU-gS==Jf z>?r&mg|#+KmK)shz}n=w3WJIPgS^3DdchI9p-8!q^TI0sHr65BY$YN z_)|Ip*={7$NL^C4b@IkZ9)^%TPA+qmrQFW$uTg%BJq>}XixDxDys7?{ZbV9J41sAX zURR=jsTG=kd*%&{h3pxI0Ty+qM=9j2|9xuwA{+&&OeU;W2{NdCI9fg6MBUwOro&U* z+x*~6In5)gh>Xh*{M%Z_xRF?5lDVHb1a+UnoQRF4YjB?u)qMI_nz|5M6S_U^!T2$d z-aTo3Uq2UC_nSDA%{a`UOor&y9|ZdKNOB&EkT@Qu1RUrYn`entP74KW%z;K;<@Ph( ztL(|3H4Z8VbNMP$jQUG*1PyTx6brXpt5EC;ulwCXpkRs>D@=upGb1&n-z=0<>TG>| z5e5)LOyl)0tJVwJat+7ctNY&eTIwZTSri50^$;NNY;=^G5>%3>=@FS}Mq6`rgBoAl z)%z^zbIm^Uo9~XD!nM+1VWbZ)B4YnItnXaMBk;_^<6-HZ`Xnb){kN!tX24xuDr-ZH zYxSUz4x$T{c}aOecX!rJpLRZ`M>dUmEtP_5?9_5QmTH=edC12=0D$hgd#g{Zll8Zs z|EEd4jWG7+T-pRQL%h=`v3eZM$!bgDv#8dqhEW?eB}X;U^g#KG#+#NRm0lOM_&t}! zM!`Hf=qI1-GOR_Ug~QvA9SOv}p-hfz^98@fo-Fec{;u!21P3=VS0AXdMRbMoF(~pz z1hMhX@kdZL3gx<0wFTlo>wZ8xIqz(Nt zBA`%NP#zL%Fmd_Y5)1o8Ns)+7cgf_f*;M3mMbdDd+!d3PsSrf+D|xYq{yZWr3=zq7 z@wTr%fs~c)+`hgN_9W4vzD~GBA&sm;L{t^isBiUsvcj6JG^R?lqF}url|!2Z?4jy{ z?<^acU9rZ|#3Zh+9a%muLIB{NG_#W@&THCN@RbQ_fL1frN=P^}G|^Q?CM&m5p{kP8 z_RP>&8GdYn+#sKiZlUp1U=1pb4^o0<`#yFY3~e(FjcV~Tb?6usl5fTZ&?zO0>S{CA zL)=<+Ay#R@cUog+bd?0ajXh($4DY~?AmcV}16wtlQfh>nhovHkmKcP-#&O(b)Z*~~ zT6Y`Nu}M<}6(zw=?SQjy&Xh`Yc?!$xs5{n42??QRWk7l=P)>mc-co0RUO1ySaH%R5 zBU$wws}qL_t8fU=KO}_7rub%Pu~=J>B1DC#88)0>{@Co<(4}Ix&^(r*h$J>P9JBhb zE|#2wPh|j|oE&{KH|Os8mS2ss7pk$@zsZ7hwwxAt2c=lw%XE#)1hJl)UlW$G!+NB? z|Fdv*RiLSo|3|Uje%w%ep3IPW4CscTx>kfe$&ASBKfyHrDWFAJ{=3IFRj%U|#mO6Y zY{_nrDhHb1R7oJVO4>76#@Tg&dqbQ&V=k}uluY(?_4uIJo}}}|3P&=!B{MZ3IQ05b zuO+ayMnHf*Oa3X#rgV4$g~{%{-bx`(Ag#*y;YjZq!hm1>%~9_i+>qu3bb2?~VunPE zI6hAkv47sf=0+tMo2>8H$}FtBJ)4!kVVsTW3RQjm znzC;`w$IcoBGJ}EDX`q<749}$aRmdWw@Gx_(noF7llpiL05th|a!Kn}nJvo)(>9^0quN^|(fv2j2WPw;Cv#)$t8SmUFq!yN2%I8PNbNk`e z<#>FJf<(waK02jKF+3VLdVA~15HGnh&ziiSfuTCqo<|vS%=0u%qsCbdxq!xl1CYv$ zi>Rr3vXY>Zm+RkXyjX&n;)~W5ssrlg0YpV ziwgt05%!gaxBFfBaU%Dfco8Nq<|(VQp7Xy3WpVodX_CP>?~pM}#aTRJ5b*UWiGSbdfbvJlcm&!ts@sILJtey_7#e#Y|NqS=~ z*t%j2;Ov9zwACD#Sj-0{c6$3oWK>TV%0${<7q0JehY3kXjza$XKeO)tzJtmN!wmvF z$NGO3*d2v}>QcS!RdcpKp(DK8rlnqSt{8a4o4$1Hrys#J1^2G={ymUa7#$fKD=uIB z>=7vWp%`vfbKQn+{40&gR)Ntj8s2Ph-J|_=uBssMDD)q!@(dlSsBq)k66|&+n=do4 z9#fml4C5flt~md7Z}9lR17EnuXWhduGycN>x2?kmFd?d{`NV!!=Q!4M`U%SsTslV* zSkDfl$J1*STJ!d0zh^v+C-Dgg5El&EUtaJ%%|Ba=D&62a+xYBpFyjQ3f$bSK3K0b2N!#09$osLUiv{z3xkIp7a z;{di037rrLM1g~7eUA^Zwk+}JcbkOBNT)s4Lye$?_vZ=u1Pm@HQ3=mJ#sXVDClf>-c_U6GRQqSZU zMPLB<;&uTNS&iCZT2WoYKD2gBwbuCoam7~{Z!A`ndlpEc5n_(xlpk}{JPCC%`?1h; zV!8kZP7%*EeFd>D)!tLN>wlilH^0 zAEX*9w)&Ikv^6})k(2+`vvzT8_Bv)Q#n8Qde1q?dD1^L0g9IKhK3P<5ZXSqpL>XEe zoI$P%s@1M8M4a=4XnZ<&7Xw?s$`W<)NOmCIb)0U3qvPPhLS~Gsjswe#$kMEz>xLI9 z!D4VXd8fuo^R&u6ovbXP5RWTGo}1fSV4tx;d30nryrArx$V=LCYb(n7JZ|AEGr&I` z<@_Kpw+7a<$dt3~Wwyrc`z5jY!Yo_w3}0v#ACHkmfxN<8(rw3F!~Mj`vK!@2=Gykj zrGHJQnyTPI$?j5Re6wELoZ_b$85c}BbW zMk&vQKOmN%n-XNHe|9OTAAzIQrTOi1TJ1Zhc3x3Mn7D@3U?f3U zbYv%GKy`5(Z~FJp7qt~lG%E`4um07H^F50_Vcq)j&MJutv(tS8eaZTE>frJQh{#x} z%TH|I*v&zTAn)Zg@8WFlU?+7{X;ZU^S?laVMmkRT?W88DdwueYKx|`b6g9o>e`37z z%}f|Z@&EOW=Nulwmt`AJCWZ{uwBHu&ZfG<$HAhg<&@`*{zw`wo_K9N6x2mY^$GYzk z1d$_guBF4WqzuF#6FXN#GO;Zd(1M{Tj25ch9Qr5fQ;stoj)S-j=n#^$PQJ0*@Cs_l zrBar#;EOqTt1_gg7*UmYE*sccDX=L(cAM^+aNf`;{C8JDUT zR#wKtr)x`-=i@LGUWqALxVbJ_2BdUVW558Ss@VMnt&b?feN zVsfR}7a?NX28Cfsw261PPY!&1*^a7g_Lig7u3xa&9&O5MzgH6Q4g{q*Q>%!2SPLD` zGQoJ^JJ@X8a<1fp)GGc#AIaFPCX77%c3nLu%yI$86Ad7y>q0nL3rl&KZ8LKMn;D^2 zZX_lzjZ8+QtwBaSZ7g1o)`QW6(U5AG^=CE_b@gPoEuUl};o#u_oBxpluD6Un-oPRv zBEy;Uv$L}T7dbfpCvKucgoEv?KmQ{X`1yA+_%;Nr4&P_~uY~X)E#cFR5>Ms7io$|0xc?d$!>I{|dyw6?aKu;Rry3E%_#(bvjqa3j@zvL};Oi zoS`6(Ht|^YirK*)xz+7TPNd7vyZ(V2yFst&vo8U27iI64m>F=G#B3$0l ztyPh-6R-Iudebw!Mxi0kj=XTN+sDFgv@{+Vb*^}%_4^85GUTcG7G&BfEi;?&(lh}` zcecu^?_F*a8UZ^s?;Haz`Ymk0QTQ%irw*Z>LaYT zxx!O0p3WyCp><5HzJ^D6e``f9&pSr@C^Q|La`;aGoAzNtH(Uv7*m%FPTO=N0er>c;t# z)>T)YyhY-ay>*!ly!5cgA;~woz7o5x=2j@XwRwNJ5&eiHNosPyJ2%ypq(nf#Gn(1V z3U_)u>MJJjKf;%vzrZA9p^Z{6KD+t^!B)u{>@G8$761UO`pWwz}A7&ph}+6l_4;va)ce z$nl6~hAklm;9tR3rGJ`hqhPW#3;~5R_>quLulK?99kBq3%5ZSZ%`J0^%5FnO@2?d7 zilQhgUZM8vQq;v3rkm@E_4$f84`XRA zWwZEO{gdS-_rFTvn*(r5P_?mpIOpXL>h0VGW~%skQzl?EtmQv2(R4#0Xx z8pkGBjxC>uhYB>U zQk=vnM%Yod*+sfC)*^@kpNHYlRE?l1ihdsyxy03M&)w(SIh=`L@d2i{(!-VRBJjb! zy+tJ^G!A#7!t*rng8e(mWOL5wiHs$ZZP$dBtWLiwt$7^rTyZOxe}eDsMDeN)9I3as zs(rKGbz<2F*BPK^0Iq>HUa}ESr8FO<()H3GS}x5rx6&TM zXT2X9TZP#hO{aa`VU(|x4$6X)o#-MGh?<}(tfx)2vN~ik)kpSxARHYo6mMbhHO(IW z;J(%MX!%pS?BmUAhqsfL!IyMF2GR%?%REuk6lHRI@*Pf|IvMK2T)f&>f90zApn;5Q zlJT2rN5CAW)BoAoAS*m0*9Z5#eKUcLzH|SlkVH>d;Pq*@0t&`07Dxc~P~jIuxTNqkQb|_OS7Xe8(K# z|Kz8c-L3RU_a80c)A8M~M(@j=%f?C1ayE$}yB#T{d2Erh(P-{Fg^#sdFtRoF$Z!Rf z9GH2;DUxOklU`mt2MP)RddN!HF7QS*JI=5aM|ydr1cn|NTxrlWW=nlmQ@ z@YwD{4GuswEwN^j64Cq!1Upj?Pr$?FnOEbYb(5h95yzmAL|G@8!@C7(Uo-` z$GGDZg!mPU_Tw~^(tgpz=Xo*hFOIWhNtPWYDr#}SK7jvp@OTeMC{O z6!OMFSS_yXx~x5-g&2=Kyfb{>%FP%e_4+FF`GMg5^@zdA3=JEv_2x9mw4ZoJcwZ1%Uc0@8a7!o{ow%W$)Q$ig@?mVX{|Ix%eh zdd{)2jMNU<Pmv==rxj=D4{tPLgZw zYVlcr!^yZelTfBS6y;SwoJ@y!nE()!&UgJ z#bj#8lTK9JVgQxl!UsZl4>NrubEoxj*6a(Ds{h>wG=aX9ib`S|!+u2- zJacZpVNBfA96ow|X3L6lbpJ4;AG9uea^yQr5jbDWe@C{`ap**4lcn$$YGd>~A4B+j zLu`){i$_nFg0V5X4II(WQ!IPXZ6Gf0Iivs7~ray6bzfY?bNF`QaYZ%L_i zn|Vx1C~5LZ(N4&94$=veZqH&Rh~=}lmk-|0bv@$x{a>7%`6ql@lC#8T-{CXZ5C_-B z*Z7^`GYevecQ;qmWgxghHHd0aV~TwiMR@RhvX{~B z{O7%G@~1k42XAEQbXhyoU|o?%CAuNLqTpe&IHcW7;q{B{BZjHLd{Cp#C%tU9k4WZ# z0O1l-Eae1wX54HUDSq?NTIm-`ajn*zGU8M6 z51RUg*~L&u`!*gAFio4H(f;;Oc_)iHKbLHO12F6*gUoAuq*3@wq&T_gdU1ay0&70? zUm8T`c@v?=g%P-pn(H&!B}R%g$(NZ~B+xF;TY}}h`Fm|(c15mDh*_Qe;ly!xbW72+ zUs?VC9W%!WQ_d8`7G|?U1*;g1Mj5}(XIG!i>Rc8q@gCWHPsPfmt}tgZwp_rOhkduW zFrWoe3W^RyFK$Mqj55^svVagKc2S4h`jZ6+$i(Nc;I%Q=HwL&gu@BH8jIH}DRre3X zlO#Cd@~;^RGs%m;)RG0sh1F8T{o}vUM?G?Ctr%i2haihJ_K2ygdj9)@5FVq;xjAtp zxvyxr#%WMg71E%SV{aecjMef*S^!r@24Nsk)lJfuGL`3DE7W_yp{4bUt;eq0 zjf9$1xP^rg4S_qsnhd&-d%{&STPz^)#LpLRDp)$nYHdnN!$lh{X7*@7pcw;|g zo$`sazy|Z2U?9%p3g^bvHbpZnK$FMx$>y)mpdfz=Ut+d=|HsFeel48RWoCZ21T4wU z`9626KGFWJu|<&JG~?zOW@uFlT##ttZQ&PDp>YUft3+p0Q`0aoxr!9BP0-F)f@sSf zC%i8Wg1RVF1W0+_DjNo|SQJuxewoiW-Y*LBOS6v}xMGl!ht*p@mvILMNkA35ZSJ0| z%7fn~EM&5H)6t)%YA(lxclxC-%4IY?7&ihg7!!GZOS!w=7YG$b)W%6U><@ISO{$(H z&^%Nlx)jM2Ce+r#-Dp<~k-pP`Xepj{@abQ}ZgJ9`)6p%Nd? zNkJtlj;ocDB266$V43;otx<_{t}0KEk>>zJfac2P2NXH$N`HWFt=Lp}kB`+=8y)e{ zGHz*RXi*L-TeV0@{Asn#Sdll0*^4y_$|I75vHJ9|ClWqn?HlJ~860E6&WwAhl8%UP z)i8!e^NTZ;f?^J!)uLNn{IaT)T0*0S|mPtTAU~P zrK)E+QYuNw3QAfH&LXqX%rjXGWqJ-_sAZ# zvmA8Y-M?`XR0hnw5)->J$hrBOvd}bwuzqK22T*f)nIt47tMe5l1S_DEQPW6`bhgB| z%#e?JKG9)}`$l%Extjli8xoe}R5~c;^1g9c&=N>Aw!N4dtQNvNSwKv+|5-rAoSKW$ z81{0X%Af6F*D*3tWBqKw&^z;F7wgXNz= zSIr!ENCgtJ-T|t7HUT&((QiFRjS~~XMGCiA5oBtjr2cL4+{u(0*L>8GJy48l?jD6p z|27mF4)Vy*mYZMYy&rp+X?i4Tw_s*Uo^g-X; z+B$8pYK3JNy}udB8C!>gbLz!uPgM94FD;7qNrk8_EZoB1%jB97TIv{=z|zvp^i7-Y zTYbH1nR5Y>R9w87t>4oJ$+|4)N{tM#IT*~!^3wi7Z#U(WD2Fq6oCpIg2T-HOQ$)1M zb#p8Rq_tq)#vA9BMsAF-tVe)cxemZ)2E{g%Q(a1&{c#8ft;(8I$+@gnFSKSB!JD;+ zgiu??GiC9B^1CnuRg}1dFt4$D1ja6x_<3HJ*t+S8{#O74DpFpI+31C^H>S~W;M3Ml z2Ut0*x<*+39=|2Rxd3rX9-mdV8Mm&$|PVD)lj z#MN{-Kgw10?INEe+kiejUg<3WQRS-2sCU`m{**0HHptf5cJBK(2VX%sltPoygf!>< zA-~aaLUg$`+m7Rfd|b5TOrp9TrSItI(iv&VPG!TedOS1{WS>%VIE3Lw=TgW$gY!S* z%SyGR9K!>h{)O@!=^3WM0IMMO&i(-qM}@<|Ga;T&>0h}ocCh`PZ-DMd)+J`=LAKe^ zz|<7E_FS`e^<|1$g!Bupki_(1>_Ea){R6HgGrTx^n4}DKnm87JfzSm~PbZyK#6D=~? zOz}&)=_3U-;qC)20!y~y4qYX9Y=~~7mGq{E8btAzHqVlU@F)`-4zud$X(j=Zy`I7C zq@$=zDSD&ASkqiTSsIk!?nKwZc+ZmbCUOM?y2_`_<~-qjPK2Xv3G0p&VIf%DcipYw z;++fFtJg1Hv)OT_)EUw{>0mZkvonf#?2lEr$-*LK0Oct$F}iHX;W+Y=;f8?~zI!M`b zRo`4bNr6Bh z7Or&ku9f2K%>O`pShL|4~@gEO85p}(qPn~jKsCq)3^-`c4cBJaZVeNI6YW%-*as1 ztyd8!NQ}nuzQWj?1O_M3N68V@iR~m>l+~F*wcuXn**-mt zQdeMkvqt>+vBi>*z{XVH*w0kLhW`z322+5V$|A?g#Lvb4yUy1OrnoL}MO176K0UDw znvIU4Ei}OYf@wxcSW^@p4buV7Jft*>>+zBt3oFgg(lk>2wG+XXQ0VSoOhs}Mz*js* zM#jO>SttrG0Z&=aAO%c()v1@`sG1o!6+D=QF$_D%d6bGyO)o+7pf$7-vB}~fh_sa0Rc3&x%er+X7KC; z7{()Is$Yap7II`#TffMD)!sHQ2pX*`6=i&49U5IgrT{tS@yic+Iij75V&lkU4H)Dc)kx26Y&D<>UX_zuk1ex8>{S5{J)szo((^K5U~GIpf38B`R8 zndH#nSO#-)wQbL}LkFy~Q~bUcHDdANjg(d7;OH9x(cweY=c?Y3a~|Uwof<2PZwe8< zMa;1LWNvWn?-c!x)(VC8b3dxIlHHQcQC&%}um8uI*!`Z{nR;fwumAt+F`kl8?LP7`CYv3cC=juCZvs5xga1s)2TQdI$Hh zl)~r5zBd#-w7RNg`-YSE|A8WV8vp00^nCSyT$r4tg~ds>s{$ed!q3hVU*}$7i1-0> z^2MdadqmVh(I6oDX{;<6@Jo>x7+NWp+nrjk*JO+_*d~r3g9iFmdQq|ulxHM6`IDE&X`-&atI;v0C1w#M&lLEm8 zWHUFZ3ucy73{ob0O#+VO+_^8~U4vH}gs+Tg1>>K!<07wo9`4cm<)45~3)tvT$&pI_ zm%I5<21Ov=llt(PfW~Ls`maj8w!y+Pj!?;oQvTQMoIn>shJ8b+cW#O74KJLhnECRz zQx;#lM&G6wv?e7`^oM6-1vn;bZtL)TgZdr(nYrbnU;%lj8NcOdLH=N88@Den<`+#Sb=d)%GH&zuARO=WW&$Z-B*{c@%)Ix z4v>3$*J=CpMp8lt8%=Wy)W{>FLu#;^9_nHGa|Q8W7vU8zMswsYJm++Vb?GLxG& zTFWbUwJ|jz?(6;22Ni;uNV}C;>v}xAM_VKwn1`K(bG zrp^^p5E$zQ@9BIc*Y=oW6WdkZHG=$*1A-MD9P{#H0o8(YS8P`8Fn+ z>eSj@nZ(y;9uMA0Y@JmJF(ZodYPAIzg}9++riuA+7Mh?*q=e&}a({|PrZz-JNAJhl zVgJr)`#~-#?r!#kXiMH@PM#Y#Cop9)_P|T~l_%`+Tri!{2zAkW;IxAHpP#Z6G@WCq zCKRCzu6eR(zO2-j4y`ZEs?|JVhf&Wzxc02`A}w9Y;67F;N2o`}Msw>u1(s+q8S*c& z1_PPitEbCtOf(PfP!vo|OgjAPgaFD<8oMoawd}W%i>(qC>~imPW>&Ey9JHl^tFW@F zsS3eYV9B+^vNB2SUrQVph-WtlJ296UcXa7Uq9YeUwY7hn^$O@d5=-<55HTt^ z`$6A?%A$V=5hMzAGVK58TB30bZniKJS^xVn@}_w7+?_QZe+@ns{j-D+(S|PFO35?Cho-ZVm zZ7*l6s5|+CN2ZusZbjQ!Ia0#TpYjp3>2}`p!0Uh@bl^a|s+;A$jFU&K9>_}n_A?~d z48;ur|Hjq6TT49kwtOw4P1mm?8aInQ2%w=TamO*p?D?A_jUAS3o;H2?4!WhxSR75D zsSFYQG{(scQ{6G#BhFBGXz@eiOdWZetm)ani}&y#m9xnrJftorzy-$du?Xu!kL_@; zqMdLlsuWFpZcYbzcZubs1c{Cp&z{BB`0#9o`_NXpyR;9>G~!ZvtVkBd3MIng#RUmK zJ5VV3Z_+9<=esiZWSuv=v|9%x zy&oS?t>3ltv~LqC&eU(u4m&bE`f=!LrQQQMmLtE$`MMWS6~Wh4exzpo^(gvMe=KUFAn9c1#E@pIde?TI z0I1uP7T`r3hVjKZ{vS6LDVCMCSA@gI;EeS;zl&GmFdCJfr45wCTRbEiu24;L9-(zQ zDjFI6wKBcsS`*B+Jo??;neS+sTE%aZH4olxmORmD%#u@7MEzTlb39MV<)E>S^jPby z#>{0@#P&>lMb%2;k4(<3;6_EM)Q*EAzVix+s zK}%qp8H@!7(%oFy1Fy`ua06}hcmXH7-DdxLAYQ^~c#T8tPWKcpRc$rqW7#gpfojT2 zsOlKdcr43kU5c8N|MVX&t;yxoh0jNEIMQ9Ji=%# zSk-#1BfAfpUMa^mFuVhMR4UOLd`@F)vhQ%SjI?OCDwR|lX3lfw*+_f0gU$bL!BFLU zLsF56ST^O~=*JJGRi?5J>2taJ5xG{5lkogx!)%cfwtS8cy)Vq+`>e6ZATzSa^g zt|`_0+8jDf7D?6{Mo$-dbVSIJdvF|3;YuI?eCJAkA|zqwOT-O{-eYq|0Gg&PaKXif ze$<*RhVNKZ^>F(QPRj6 z7avnV%2oE~FWOR;n+*(dL}LNjNuiHhLjmWgsFfK#^%mb{H_pyH9b9?WMAKR8k)=#l z&e0#YMPIap-x`!@HEX0IE^5rNt@gHegKR~)LCK%PYD7o*v5Ll{1&yrv%nW{PJW)z< zp5axU@96kEdgl|M``6v9?9g^~xj!M9Z_SJ(No=_62HRMFYLuWrqFe6t9hmiQVVsSN zw1#Jk`2GBy6LD4QMvL`qYA)yE!XKx|51$_-z*JPrG>8vl3H`we*7#_imtW54>W#D= zk9CAaokaSwnZil`gP?LM*f0;AHN|38{ZyS&N|WWB{70!Gg(1ykle& z`p5o(SlwPgYD8$L{&ncgoA)gf8_0nElQnTk?2#l-o{)d*vzdD14cFSMYx1Gka6j6< zPQGgh6PK{&Bb@>3>A-;g0`dhL2WsE$f@IvS@ROBs)5TO#KZ;qcuG=Yh8{0=xa=&4- zzu7cqN)|{+ipbx}j=_hnbpD|t@nmvd4k=%$Pi=bAB_VIKoV*>`iB93*_s`mBy#vp< zE9pK5@`ke{S6n-o_l{lMa=8e^w$i}-g%7~GwzLDxu{*sP*1yHpSq2!68W-MP`7V}k zGud%P-jE1;q$KXy&Jy|4AeD&Q%|Q zKB_%3#j#i*#Pn%DK@>wqVJ3WJ&c6DabcF46jE_VB=-W+Y@o-u&fun{G-F)L`5q~7g zGjkLB^b8+jlP5OfU~(D%`GQCwmObTmqp>**USEFJ%{;S%=lYvgl(F3rwB}y#gQ6$% z8P^xWezTaz*I%jI-K$Ahb7{?sIDq4}ZA2|BK36IEPXn?9?F}wo)O$zzy1RE+Lltmf z(CG~P(&ymqb%IJ$44g0p-(c|zWQiPhki6MH|HYy$W97WsMcqsX!}$=uOoQ*<3)IcD z9Nbu($dO14x9!Ck_(p^+Jk@%(a4cL!m6yKbTCpI=(%CyT3b#aMgS2A@o5C@a@BU$U z+^@3c#0e;}rxoydg={X;#M1)*uxt=_0MuQxf*Xfw5~d` z13Z*4YqR3xUS}+|rzK@srF4s?P$?RJyT?~_5z?69?smCcUU;RTqL$&HJy$5;IU!{j z1VlzlaR-1X6c-4w{>Y=JzrFe0O&pgxQR%(ouEPiRa zi@zPI_K3cj_5_#)W|41kiJ60TX5x!|KGb`a-u@M-_ zZnD5r2YyIn)T-rmr3a@lbghNg#BbRR>ycM#PY#IBt}Z%abO~hI94SGl-N8kPNdGuu zf{n_#P66NH#dNL|Z7ri!^LJ71#1-$?9c{e!w_h9#zO+H~AI-;Tk7AM+`Qt@ZnAeH+ zwJL>~*!U{X#|=xIo?TKLR-tWPm~2iQX&x)X(RVEIEv{fx%pg7)w8si&fmm5>x40DD zhxN)@O5x*@VFAT7U3&5l$*+Tpm-Qz<2ZLO)>u!w8ODyR@U7FoZG$b=kF1-?v=)$7t zBY+{-$H!&@#pYpe$FKSQJu^BbU#@B(nmR#PV}dVS_+trK@2(sB2hC@3`!j z`EmLRTxPAPa{iwOnk9RN{KHme*N^%P>D$N2O1kLCZ^5f3)~~mG{9DzSvNZDRvf&<2 z3oU?n`ikL0o*7_UW#LS{1^uAO&BK_|A;(0i`+kL15LBkbPtYVA?m;bGBc(V$?kUQYckvuAQoW(S8`_l)H|Hm z8+1zeRGXI@qfS)8;KVw3PZ#nSsoPnN*D>ndGQyTkzNSQ**Q(sojDaBrsVdHvn@2f} zUaAq}zUb_`y%!@aEsb2|CC~@MboYkEcMDGq_nx$U`O$d*ZbX^VE=E!=3Q2oqY3N}=+1+Mo{f{Wd=_CK z_rSulb?s!w*z(0wHLR_0IwP)96+Q_AoldDN?FQ|`EmtY}<jDPnI-szJTL8atl1prPi`S}ZswaL523JB66rei9yy5e z_X=->!Nj@y?H-XFUs;Zf&OwveV_;vI&AE(iVG;~fmYYK1A7RO*B;5*DO~*_Aupq-g zHOZrSSY>V~tsFp(NbIz-hn4PIYDtRBY!F2n`U815gYh=TYS^QV_Kua+A9LBP486W5 zT=_W4yv4&@48WTSIc}A);qF{kR>y0uuL-|)v}l}C((nh@(TodXzU&f`^GzM3S6ytr zY-!oO;_~6D_TbqfZp<3?&ZWP51^P08H?nR6$YQl?!GLNM)6_?ZVgnHp7%)g5&5&eKN-D9p& z6o#H(7HeMp`-Tf`j@f4_rx`&13S9P(3`({(yT11*8O+)u*@;w~QDHLxYY^U~2 z$C7<8^68Xutg9D=i|wWlX;;kCrVT(P@uh#D~#498Jup_#9(~^EzmLSsu8xS)9-5!|$)nyBjiiO>li8 z+URUVMv&z507l>{6vouZ*`n}HPGOeG)`j8bn=uLlB2NEvX`RK1t>$}kheOsTw=kfb zxp6S9q>W>U5=;<_S@=^FKhaTk6%oH@Oc?5BG*GjhtvmH9P)_2De{d~<>?@K-?i=Xm zUQtYP(R4_yIJ8FVC+wB)BbkwSgz@P*Hmg&0fpB(@%j#1Gj5RZ(3p~lZd_+3pX%*G& zM5}KkJhCH}z?DxhB2IUG)0U~d6PoK4Kjm$Fu9dlD(=`gjei3aj$6uUoLx04u1)`Q? z6a7I}GF-2i#E}xgQ|xwq2x2*2;*LP4$o|{TdU{s>Ge-qkwdLOi^EnbcJ9vE5OED*b zN9w1`0hl0Van=6&%)ze7a|@E{(XO7uV`hGx`&jdEA{kE??p(Q~1UC0T-8sGag&;PD z;lsyxjdFi27Rzztmyi~9J=LHV7^v0nZF?y5e?y~WMYHnoMKnR9WQt^0Wu3)4EE=aP$Waq#qwRi2>kVs`mQA@3uj)$KO~@e9*PP1D|EImTii)F);(SR6BtU@R2^t`{yF-Em zcWIz;f@^@rB?L+E;NG~?c;k}buHCo0Xs8Uj|`Eo(ih1%t)XS{)G3G^Ku$qw9_2+l?B;f zK2K5C!YHe~GN(7I@qg3H=`{r{t)p{szmqJ;r)qQTAt&ZahJ}0T7QA6u}o3Pl=loNN3 zIZI~DwcASOYjv@&ckv?w!Tg&&OrqjsK{+cZTVX%F7h!l84kX_~Dmb&#xGU_9|D?fx z%m!>cS0{0L)8vOCTPZ=^W-D2N(<2QL4U#G5DdZ3RI~#3TV%3<(KHblxtFR#`RZ!1V< zCmqz@>Kq~_juRa{y|mPjtm^|!+U0tuJXR{1bbANyDyZg%MtQFLeOHy5zIVLTPBSzz`XuAk^p(4679T9yBlp5@x{&YuOujlf4__2Q3+lT+LhW}Y@&s< zsQ%{Ue69E(Y-y~c(&S9a9DL4B4Z+sd#@pnAyt~kv;29^jnbt*9FR#Iek+cf77E&hO-+msF@3=mLFaND~;|zuw*TD6x)AMu? zAw%jOGGE-vEFaauk@4rFC|HbWx_e$%5mqw#fIZvt6@!7wc(uSW#}n;hQ~fKekNa`l zlaA>cBY6+A2*WBF`8S2ai`k+xk4@uz&5iwH4-c z9||u2q}s?^+X(+PE25KNh%#o6j%M7HAFE{!UYhKJHM)C6K-vn&FA?F67FM5Z5q{u8 zIUY*|-d(X+zoOBTiEhge@~DydLo|v7d(fmwZ%g?iZ5XUXuBC^?%=f|4mGHB;gEhep zV+GM}M0M%#@1!@lcpF%2=3tXA#F20wZJytQYKu?b>yi9^A_aos`mA=dk=FL$U|fr* zg2p{#yVwnlGKR@C6*~2H(lA9F?WlVhuM4{&+JVB{P88riX`9ZUQI!N)!Sr_}r`^lK zqx+ghg;IAoufYf|1)cf?LORTsf`2_OnZ)SO)=B1GelkbsGYynKb7|2sZ0Md9e7!%Q zDww5=+8>ZcV@rP~;7UE)R-b7%UVoDB>H`?fjK~!{eSK#Z>FFiS$Rzpn+US>2h_j?j z?ijRz+|&-H?C_Ns@euGSbM28>@_piF3N$0|Flb%0$uB$#gWt^sDs61|dFgT~&RY(s zx+UH^A`{?Lj=gV19Uu0`cz}X~!PRSv?iTG!Q;Ug>Ufbv5&R2IP6qt!v{han)89(3H zPvTU4l+HlXY8jc?8OHKr_q8#ZSn+lflQcCnB-Jm?ckw4y6~lW@U2)8a5_6}@Zrv?! z613V>HwMb+?k}pGnoa*U8QF-r85%h3 z?9+X^-yj5fk49#!$eJjPqGnXYwF%MtPm4mL zd2ZDr_O7X3vPdrTJ2{?Lhs5_cBMam=YhsqHA_~Md305!p8{7GWdzcB4X$QRoL00nB zoP>N)dI}-;ji%-bH5#2GfFN^^b@|bf{hV+Fap752_X`4Qf`S^F90EGRmL^$#r^5EuPNQ7sTzGhpiZ1lx3U{nj!{nAyBAJG!SaWb%xD4T zd$yiZX>R1v?gw1rhOI$`exU=&;cxZQ;%{!40Y@;=B$kaEsE@9XP*_I@*Vq^hbpdlZ ztCGrE4kx0I1`17qsUOH^vKh$K+2c=E)42-6n5~XitB+A4q zKp#u3%YC_5dEe>@s%3xz_xY$e8U3X<62EA{=~#?mcJ~}X~wuJ0+2Udd{ev1Ufh*jZ6E91BO9N1zPIy&qEitKl}nI(vRr8F8^3o)|%v zT3ytXp#%KpQ*`~SWWG-2ZcBSe4^|S3Q2Y~Aoho!Igxly@TNsCy8#%EvFCVk7y>TV) z?Ny3CQ3sl@!0h{-^ulht=A=j)u6SD7&w_ue7(x%|ft4ApJo0A!mvBtp zn0oO>FRr3^u5t1e;m>m-4fL}+tr9&ZD>Dlj{R1z`nJ>Rwg5m`<)SVhXL(-T7it$$} zx&&R$p4Uo3Z*StY&sO$m+Jd$8r>=56N|QJ7sQ^nHie^ojU|Nr={O1EOyCKbx@pR$Z zEDfqy`W2;a&%>>mBo2T*vA37x#fW*Q`s1(qXOA0&S$;-YTKm{rDSCRmwp8}5nLR6U z;-Zz6e2*&;Rc`)9##fZ05t^<6co7&R+J^5|z4^XlLi9aojvuw#pEiK4w7u&e&bZy3 z{Y<@?C#AJ$4-NI$Wa-pbN(-W%{2q~CE6h+l@)P|D(*eFC^4K1}q&O)#SIX0u3U+AUa(eiXMVfmC|N^Q0klx zuXu&!bA!rrkwoZ!FoRC>1bZ7pX68Y)8Cd7XN<_Eot00!w{!4ttgSO}?`petlZ>>uy zX-Not5U+%6cFq2Be(KxEDF)PhDSCmn7$q$KStG80@rB_O%@^f6&h>|e)ThV0Rz4@3 zHYp0OVi7NvK`nQNxFN?(YrKsgm3eIZ^6Vp7|TcF6|P1oBE1ExdC`;+3Qb|71><{-1ySMmb|Sgz^~qLuWB zojtb&%cCv_B_y1&ER5epSow>afp#kC`sgR6<@OtvCIrzA*}VCR zFDp+`Orff))LMtcaDgWgj3U|@TD>3D{a#=5nlxXJ13SkRF}e1AyLwLq70Q=Y?RQ)- zPe+7CGIzTPFwo-ZnTEZBTJ;__yg7?yGPgVKi6yu$zS|_CBcgM|CTFbL>$y=~-dMU` z-p&-T>FY7{7{o5)D;NA8np^;^b`AD2~EuX^Pr;z6;hKX>K~ z{71#}#ZZBQC!3Ka!(MjcntjTvzJ)^Oh~U6bv=LPMo7Huj*2mEn-}mIu?u6$}eq|A0 zSrK|S=PfujYRX-2i;@orlj@-=p4-$X97}pm+JsGZr>L&5Rqllfam6QVVsi8Qe1V&j zk(kD$6ivP^`aMkpjo-^~s`KRxk5oZl)*{W3cMA=4YoEiVy?bb|>w?}+%theJ;#x%a zyADQT_?{0@ubOCC(8t|q#pq^dP!EOq*)NyXjmpk_vXgl}>x{geo;$xid&RQ9f7IEd9dTnjpi!d$ z!#HtEqzb5YL&KQcOd$NptvyDmc9)<{X0{qzY#xMIl@n*7og9rw$0MnlTu{K8^s zolM7tbmr9vk-XwHlUTg$5`rY$o7Ag5UsVK`ST()>pkc*oGG!n`b-KW~kumvg1eWw& z0!*6hJN~L0am2?C%K2%f04E&M1`nRbl~;wTDg7`mf;rD7!T?37aZt7*kD_>{M2JVQ z-`&X_yjyexzZno(0wqXnQg7w=r#~Kf`1Z1iTR~A#Mtf*rY%BmN{m5O%5R|^hr9XMy zuw7-cOMj+-#Rw62M#HP10|#3WDbO^w{0^>`3K?zfn`jx}B{J8QvZoOHY4k*N%wfd# z*+Q&S#Ow6ozIxbuoo)Ha7R@VF=4{SWp7@p~yNoHufWK){gcDlB#5~Mke8D4iOdR|& z?R+jWY}jvG%u*?_TKG}z2jm@p`KR^~maY6^ zlP+X~NJ}h~=d28#JmhytH3PjVUa{#!2!Xn^sCnE_AW!@uvI{ zxs_=XWIa8lLM zp4$)3G6<#s~Fc!gGH}L%e8aB&c!%2I*oNb^Q)lqFJaYOhJ*< z)RfD?P@A4SF{fJdE`9$85X%sFXOeD~fQ3M_hU2k+k_u3*0t59`kZq(kt!-J)nvm(B z1<(atvH9DG6@~;6JfjwWYf}<|()UKyNj`uzD`s4~PA#x7bg#+_*??U!t(?~b_5 zvTl8&*+*I(_$usR!8EdLn=cA-Chsk$>(?F;o2Mryot?TQJV3JVY3LCqs#&=jtAwRw zljVj0^sD1=qf8J|g-O3tow4-XhlE#KMl4N$RaKx|#>+tTzKZBdst=W8Y~GxT zi(N=iWR;2)nnmBMgEKZTw6vsY)NU!+JB^?@fj8t1jXUFe9R6wbqtY_R`6@UO7rP`? zrueF-r-1ix8W-0z-A-+KylZ(G4@gEqBamg`&L(P}o?)#DLgwAB|F#Ime`h({#Ud0l zu($0@QNLb!9}u}gqLuUEtaJjvqUgFhy!mR0i>A(y<1_aDJ+f}2&F(#W5@JVpZf$c- zqhQ5yKDSNTdRgrI$@EC~?Bb{rjI&>-!6&*C)rFY%|h+8m++{0*JJ{$5Eyf1RG| zfwCJT3Gw1+PqO==zNtgGYP`;2b=-ygSjLtZVyeiGK-ABVlc%_r_#Ex(&scAEv^ei_ z)?TiKN%#*Z6!7RIKw2wnSFvE6#HZs8y=r=7QAs~wmdDP=bgb22e6skIc`rLx>S}4- zfEo91*QquV-W5QqIHve0g9iP)Ai_C|B}GAjmmv6eb2T)_oz{!*Z>4{P@xb7qLQ+af z|93R3xBT{R*>flMHT1wkQ+6JVoFIJEs-`zU`j`rmY$x;Z)DmI~WI`ZmUT9uA59L;m z!OH!MHck@z!{Bo@ml&vB%&#;}cFaA6nOH;TnX$Er*biE*1r`q!Am>XqK?xb9S2{Xv4vF#9U_n@v{h-o8$ZGcLBx-4H+W4pJ!v(-1~u zMz*e?69Nz<&EywGD)F0uQ{mguXObnLETIbg7}ZLKp>m;$iqGBUO(E)8Cal#m-86jZ41(L-}8t$b=incd&{TmeJL zgMsGu)DLa?UJ>{%J{}*osXqMDRu5M>H@zU@t{orULJUGO2K$N5V7;}5RKf`Tu&aPa zg!rd=-SC=N|B#Wd^ua3pt-qxK=&SOG&3eAR_C>Zwpu*Cv2U6wZ&2EnPSKYQnX;-`j@-6yem_*NI|2GFy&;M{Z8ntLy8N$T~uI_V&(>T8_ED z^uO_{daz;~^6K0tC|nc15TloY3G-k+V#x9Q>6}{~VuT3%^RD^`;iFvxXV_^l%$yDbEV6CJ_Z94hZ zUP$~gKFprZk^r3CX(h$E`SUrAy_N5H40j^cLekJ!ZAteU5e-(O zc07cmyAt@y^Ow8PWleab!k;g^EO3yePt0OIw=)@<7*d5lpDmZgVt>*CmA?}Mz4pf` zgj*p~_EU6i#2}Kz>WD@P; zBD?dY`Q}RC+!Vu_Ik1IZ{f`7z*0kX}5esHbp z#=i=*|0%f8@&B8Mk0g=3N-d8JZj{Zpgx{tdW#z`*{P2)t^L)Gu`%g}xAGux1%>Q>Ue~*7>Ey*k7e%NMe;jc7(*z(H|_KFgng(kBLxUxoZ#%4*NVAIzN+mX+ z!2p^#Ws$4gL&Dec+j^(_`d7#Es!H|TU?Y`9k%lZ|9mtxy3saf`H~A7|_Tg4zuobm> zQpeBK@6GL@aZ8xUX;_9teFQ}0I?gC3rll79sj^MvSxl+ug~X#strd0PuNU~QM1rdr zX<9J#q55S2zs1HqxZT43lPv`P1c6NF66XIDk=Zx;YO_=fUnp(NQL{+&Gp6zB#Fvw- zpWAM?iet3?NQL3~a|L%yG}U#KGyXh|!FPLDZ*k=)AsFQ(iuXD(fA%|OwoJr~{fwBo zSvlBAgyw)XoG1lebGFIMuBjh?^o?iASO+!rd6sN7hx6C`GZ`%G& znxI!{@;f%NyaDPsXKPWnU+@RjXE&&?clS~ox`lSNd#tJi>n`D766~uqE}28yTjVlkTJ}Ti2Q%rni+rJRvx?v6@#|613$tyz+VE?B;;0-LWL1l{ z$|_VMFVY+GpzjDk5!888jG|x1HnhDvrLnuUvRpD$`4*Dy)FB1H#@?9&Sf(`W`4=Gc zck3c5CT711lsWY1`?b~^2;95pR*?FoK5moD?A1Lpl;{XPoFg&L3C!e%y6#)e>xjxm z%pApuQr>FL?_9Y0mrgwSmw07z2{SR|7m$rac(+>WeRMoepH80slx*w@9i^B6wxAwf z{O;1!n&sE*8WRWfk<_Wr^#tl8<#1?WgUc;-k%Fg2WM;^ zwoF`_Z5OQctBPmaaZ26UJQYPixkkQj?b9Q~)H(rZK*)-@(W=tyQq{UypwOg_OKpFxy!`Sp9XXLZ(w=$VBPp&%G)N2_|nl8}*r zp-0|Ug2lcSNwivPg$fkPhbgIhi=zB!AXcJ_4s#7Pcva=K}I-+h= zKFG~HnMKk^r)JA6FcXEPbXd_e)Hi>o_OUA+3AV`e8daNBVi24jUeRdmRBEV(C7>vR)F2gj>UT{lwepUfVnooy#;<8hAx zG$HdQ(oGEHzJ6b(iz*6Np$_y~QXpte$4LM5T=T}{L|RLMc>A;81A^gHzqwX{R6WNE z6TeN1ie-V7w)l>qLyuhlv)VF{Z{Kt{&Y-i@QKcJUNE$~`wdrY1NA(&X;PDW#8({mKC zq5z4_ItA_h#ppdBUn;s%#RMR)0Ry4C+WTL*-&TqOB^u=<$d_fSS>Xj0r^Ykzv51H(bvgV(B249`5HMQ0rHIJuPXhwvYYq&6PrWlWcB`Fv%9D2rUO zvTFF>)hjqx~F)}jB&Ci!c7T3*eCL32AEwu=UzCg)X2Xr73 zE84E~H@CML0&e~EyuF)`8rN~6D8+L@CTFFey@x#WCILgHP?s`Cx-rLCo9p;G!8o&*YSc<|uGw zqg@;`#gE-gDCEj7m{E97&}(>iHZ-+ znwz1|ItS>Stz%l7Br{hjpo<&jx4KmJa}?wT=?zd&1Th0KksDcRwPz?Oe;JVtQBcT3 zKBA$Ze9J@nL=+Tf!skTDO|<0yZS;RT;{OPXaE9q7!JUu){%8N>cpwlc{BvHGY{}53 z!f1pv&A@KZe=o!M!NFTdNy$VrXg}_gtttQju)ExYzm&Gq{I4Nzi!=?Axls2dl9+^~ zthLpEOu#XrZ#{NwTajJj?SG~+GKw<}gK1qJ%xV5H;e1z8k8~Uiw3llC>%>t&^%l^6 z;l+g;Xm^tC_EHU~>hRzD7oFmXOxl9zmsC}8zAL)AnECH|oV(|M${mhFHnjiK4qZNG z`^OU$Azx(_*~#rd+rE;8L&ucoC|0-hPT99&=qM}LcjQGQ1A{|DiU|n`)(5lI%#4g` zE$)Zy6QgA)&ULdBw`W5fcEc%L+#R)q5j~_yzJHcaACrKN>M@jJuqM}SdMZ>DYyT@D zBf4;ZuAYxw=R-bFL;rmD6*)JPT&nMF#Bksq0$r& zMQ|pk^L*h^@&yWc`_?SyN#aLHdAYsri+@hZFDh`*rV#n-e}|WHX7fk+7-5>4-bdFo zOfdxh4fues@qxW(WG1M3`0tzmxq+x7`stguU6nJixBNyCSxApq_sShJ*c_v+O}v=x z&Wv6wET~XgIW_tyxzyc;J#`gct2&sJ08mq9ms-m{@ave zp1UYjJ-t-K^>JlJMh0qqK7KLEH{u=~*q*awvNFp|IULmd*Rzt_S0^5MGN%LVoU5d% zcj@NyP=N})nQdEV@O5^euM58P{i`=O}N?W)2AS(M2DqgB5 z!JyW`_Wbf>F0lE_0RH9C(p`4op!z-X8cPPdZDrI-Uwy50x|76^+5JFH`~MlHtm%`6 z*eb^uI#!$<#cxHAHXgGs%Qsw-Q`IGg;)V`mXWE|3^*M*=8fI9GyJkHXD?+~tP7Vt$ zJmIj}|6)6@HP0F?^_m`h)N>QEjr@1?w7{WmN#`jBZ_r*>^ETMW?Kmg^mbGl0w?wVz zPat<{UBJ(gQkIzR&SLGgS#JydI=b(TSn^_qL_>GvK(~_{SdQZi9IEgH`Rg5AkEj`0 zGCOS|zSY^26k1x-HMh#7R!&*qbqJv&bV;|*I|TKYwAdgU(s$MQ_+*dWm*<*2^iSwW)h*2X*i zdfVjhNU5m8)%1VPNRXBN)*N`b3QL{;C8(18xYm#+xXK>Ya_;_sIEXFmV7wtR3B8muA4oFdi(l7@52P@e2rzXTei@b9)Dn@xgGln zmsyo^w{iKnW>9cw2y?Om|kAt-8iTzm;(1=IEWUDCuM!dr| zB{9PZJT{E`0x5S*1zcz$_H8HY!HZnY>)F&E(8Pu<&p!;4W-EVYmIKD|5TE_0mB5&x8tr;GJJRoI^mT#1h(;sKS z;efqBisPN0H6!8M1U%sqJ3G2uF1=-5(7P+DW^SumONee|c-2sFf|vcRt(e56p2O~= zW~Pu?N;C8;ooepN*{lpfe9M8Ra;kQ=og+dZ^Q(c#EiISK$c-DNbE^x`tIqXk<#Lfg z^Wr2=b#E6p$qopTWU@)r=Xb~nCmESoF%I~ID|V7?=~Su%8eUF@K?rAX{BAmV5a(S1 zlN$q0w!0OidX&ldP~gQb8OLszgm^v!7$MD~P)c-}cA~&PtIl3d+sS?U4p!O#D0|9| zCH1oTh~?ohRdH6VB$bxcBBp=7#eKMVQUVTmWD+y$y;$`~wsYza_O?%+Zfj9m01VI6 z*^KS2N{CeyNf_iD@>L_=^L54l1lTNObl4mz9151`r^+Oy3RZL&&;1M|-5yuTj%L@+?uzRfgadC5`dHFQ9S1H~^ z376478IaFYhnE|buDN=bDF0^35<|DNKZsxG8?Mn6Ee@yX(eH4K(y27a_Att-P!%|c zgWEPNKR$d=1|wA4T1>)pR05O;l&UINu?7idi=bnz#k*9)aE5adyMZ-j`roV}W#Uu0 zbBa*UQ)Y*oa$Oe7_5u>i%Bdt~0w-CY^A$X^fpW!L7cppi17f3~bPS`2xz40gVTd{5 zByAPPzc5C5I3^2GxWxu6y>)%e**@}-J7%BDGpW+$Q67IVy+$^|up&)dA~Sq+u~3`T)B+QKT~aYYcR-EoyKlh%A0xQmp>$~P#-8f3{T*g>=t0Y2m&7Q zKfB9+yuSbmxA{cpl3DJBkQCV+EeE@_T&TJC+WK+2f|DFewalKDP@}aiUlY*p4G|;h zH0$B8YCo$@5NY$tn^c+j*q-}u4r?6*^5 zm{7991qP*QSRd7R$|rS*Vaq2v?XTyq)&qw_I!_VofWba8sNJyk1eJjj*?CR&4e$mkW*L0Mf@|rlou(2hyVEP?ff<7$Oc%<#I{lK{OhRynjE|&xk7!hm^%~59sop2b=%G)kt>a6S zg2y!D4!bs}@$-b7lK=6?%=yand8DP3X;SjWWP7Ry$)* zR7Fcu+crpDZg^VYd1D0BRx=etEe1KXk&(=lL`f(cIW6AbJ4}W;v=Bvlj?`c#mSZq4 z)!_2Frhlz}>KX0;ln0HrF-fuL1QgO8JLqf&F2U#ol&96j!())syuX|w_Y6CWS=R|g z8-`++e;=B!AMY-Iqh9Z)K4lh#`_qCn#@sP=)nz29L%KlBL!yce52bSYkKvTQYiy9R z*8{fHck-0|kVcHNpR3tOs~KV#8_LRC7^eG%=fGNaI9fk*3CeA%@B`Bv#FP)Ps3*^6df zg=D7ea;dSw*JwmNW~ti({~>#Wmh=1=?^X>DY~sbo;lvzAT9t`!M~9oZi7ah9k`EiL zIeYQcA;5z`4Gg+mY6~2Syp@MO#!DNb$%?~*`DUSfqdfH8;3*FHrIhy|pjJv`$Q8c5 zHgwUYZkUMgm`6}aTG;8RcP5)huTsl5t8~4W#MaPK#!h;dMf!_O)7c|T!9%B*oivHT z>f7i|B^F5Im{ef+*C+Y#L-CyPH-NuSt1x4L(I&>SYr+Rw9YimH0@q@p2;AhG#wt&TDh}kz4R{Kh4 zhmyfT9@zE@k|EzEJg7M(xa<&TrT41gD5o6+gxP+yf{r*a1RPjzm)M+L9WF2+GoiHg z^yWCRP`;VR_&p9IC+m4diFR8x!hXJfrOiHWh^D$DG}aXZm|Yx~sVcls;z6QpB7(8$=AZ>)XAm7dDB@X$*6h|J`e_9QW{ zuARcimzdq4_)pMF7BMlg+h*gf^V>M{l&q}E^78VHcNA%|E+czL@(nn8p(s?l(L2Pb zb#`RRL5Sox*E! z&)vGBD$BNIl6U%O?@E+AMWGjDoeZ>^DS8flrGZMyK zQe?dnx1A$|MJsI^X@2r9Xe0POh6LfVW(eOPE0@;?b61VsM5^HVA)MP#3+(mj6G8>) zvO2%zGVildEA7c+UeMv3y2Ik--3zM!BKHxdcc_;Fz5}0n3;m7Gj9d`u*1lj4vBZgP zJKysnvCnhcOVEuo%d(vn^irT>X?ZcmWGGkF^)Bf49Cla!xVOwD<><4rT#1u`f0{km z0GXCuzyfvkNb%OWhK5Za)2Lz~V}ozz#+`9}GwQSzBAN_t4zy#B3~YRXd#4@~<7Kio zCMyPB%5MA>>)$iGYX7=Go0GgJruIG5(4f0k$MwqSFb&%oh;cMb?NpZyZQ2>Odv>_gu2t{hZ8T3Xt7_=3MEO49iqCi`P)ao-j5SPrYb zf1{?auOAiX}XLlzAH#-#D}tZD0>il3ss;H4LLH91MW;CY2x z$l`$AtUy6yqwXJ*DpSn6T2wy#u;SukIscB1fg87$CH-2*xk8dsKZ{R@zhs}~0H|5jY1 z|Ml$udlj}?*!>`7wi#sC^#Qrd$r2MIqZ~Mv)|7_NONHa#(npJ#F}c}7y#qp`Su?2% UUQObO{1-)DMn$?p(&YR90PBD@(*OVf From d5362ff3df37e3db1efc7f0468081500b71e3e29 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Thu, 10 Sep 2020 13:20:44 -0700 Subject: [PATCH 21/34] Update test-scenarios-md-app-guard.md Enterprise mode is now renamed to managed mode --- .../test-scenarios-md-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 9fb1380e27..62a64b4adb 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -48,7 +48,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise- ### Install, set up, and turn on Application Guard -Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. +Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. 1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard#install-application-guard). @@ -70,7 +70,7 @@ Before you can use Application Guard in enterprise mode, you must install Window ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) -4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Enterprise Mode** setting. +4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Managed Mode** setting. 5. Click **Enabled**, choose Option **1**, and click **OK**. From 3f8d9f84af9500016e7546658e31b76a79ee35e7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 10 Sep 2020 16:49:45 -0700 Subject: [PATCH 22/34] Adding settings --- .../mdm/policy-csp-admx-mmcsnapins.md | 3732 ++++++++++++++++- 1 file changed, 3720 insertions(+), 12 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index f10ab007ff..f216f3b7f3 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -340,7 +340,7 @@ manager: dansimp

-**ADMX_AuditSettings/IncludeCmdLine** +**ADMX_MMCSnapins/MMC_ADMComputers_1** @@ -377,22 +377,25 @@ manager: dansimp [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] -> * Device +> * User
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -Default is Not configured. +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -> [!NOTE] -> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] @@ -404,15 +407,3720 @@ Default is Not configured. ADMX Info: -- GP English name: *Include command line in process creation events* -- GP name: *IncludeCmdLine* -- GP path: *System/Audit Process Creation* -- GP ADMX file name: *AuditSettings.admx* +- GP English name: *Administrative Templates (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx*
+ +**ADMX_MMCSnapins/MMC_ADMComputers_2** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Administrative Templates (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ADMUsers_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Administrative Templates (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ADMUsers_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Administrative Templates (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ADSI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *ADSI Edit* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Active Directory Domains and Trusts* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ActiveDirUsersComp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Active Directory Users and Computers* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_AppleTalkRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *AppleTalk Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_AuthMan** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Authorization Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_CertAuth** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certification Authority* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_CertAuthPolSet** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certification Authority Policy Settings* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Certs** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certificates* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_CertsTemplate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certificate Templates* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ComponentServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Component Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ComputerManagement** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Computer Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ConnectionSharingNAT** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Connection Sharing (NAT)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DCOMCFG** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *DCOM Configuration Extension* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DFS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Distributed File System* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DHCPRelayMgmt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *DHCP Relay Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DeviceManager_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Device Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DeviceManager_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Device Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DiskDefrag** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disk Defragmenter* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DiskMgmt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disk Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EnterprisePKI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enterprise PKI* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer (Windows Vista)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer (Windows Vista)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FAXService** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *FAX Service* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FailoverClusters** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Failover Clusters Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FolderRedirection_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Folder Redirection* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FolderRedirection_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Folder Redirection* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FrontPageExt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *FrontPage Server Extensions* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Group Policy Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_GroupPolicySnapIn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Group Policy Object Editor* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_GroupPolicyTab** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. + +If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. + +To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab. + +To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible. + +When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Group Policy tab for Active Directory Tools* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_HRA** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Health Registration Authority (HRA)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IAS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Authentication Service (IAS)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IASLogging** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IAS Logging* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IEMaintenance_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer Maintenance* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IEMaintenance_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer Maintenance* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IGMPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IGMP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IIS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Information Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPSecManage_GP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Security Policy Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPXRIPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IPX RIP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPXRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IPX Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPXSAPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IPX SAP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IndexingService** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Indexing Service* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + Footnotes: - 1 - Available in Windows 10, version 1607. From 4900abe797d55d1a8745766280e65d317f2bb37d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 11 Sep 2020 14:52:39 -0700 Subject: [PATCH 23/34] Added policies --- .../mdm/policy-csp-admx-mmcsnapins.md | 4256 ++++++++++++++++- 1 file changed, 4207 insertions(+), 49 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index f216f3b7f3..fa89632886 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -399,7 +399,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -476,7 +476,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -554,7 +554,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -632,7 +632,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -710,7 +710,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -788,7 +788,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -866,7 +866,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -944,7 +944,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1022,7 +1022,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1100,7 +1100,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1177,7 +1177,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1254,7 +1254,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1331,7 +1331,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1408,7 +1408,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1485,7 +1485,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1562,7 +1562,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1639,7 +1639,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1716,7 +1716,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1793,7 +1793,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1870,7 +1870,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1947,7 +1947,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2024,7 +2024,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2101,7 +2101,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2178,7 +2178,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2255,7 +2255,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2332,7 +2332,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2409,7 +2409,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2486,7 +2486,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2563,7 +2563,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2640,7 +2640,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2717,7 +2717,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2794,7 +2794,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2871,7 +2871,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2948,7 +2948,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3025,7 +3025,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3104,7 +3104,7 @@ To explicitly prohibit use of the Group Policy tab, disable this setting. If thi When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3181,7 +3181,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3258,7 +3258,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3335,7 +3335,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3412,7 +3412,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3489,7 +3489,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3566,7 +3566,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3643,7 +3643,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3720,7 +3720,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3797,7 +3797,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3874,7 +3874,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3951,7 +3951,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -4028,7 +4028,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -4105,7 +4105,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -4121,6 +4121,4164 @@ ADMX Info: +
+ + +**ADMX_MMCSnapins/MMC_IpSecManage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Security Policy Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IpSecMonitor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Security Monitor* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_LocalUsersGroups** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Local Users and Groups* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_LogicalMappedDrives** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Logical and Mapped Drives* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_NPSUI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Network Policy Server (NPS)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_NapSnap** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *NAP Client Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_NapSnap_GP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *NAP Client Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Net_Framework** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *.Net Framework Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_OCSP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Online Responder* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_OSPFRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *OSPF Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_PerfLogsAlerts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Performance Logs and Alerts* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_PublicKey** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Public Key Policies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_QoSAdmission** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *QoS Admission Control* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RAS_DialinUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *RAS Dialin - User Node* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RIPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *RIP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RIS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Installation Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RRA** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Routing and Remote Access* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RSM** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Storage Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RemStore** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Storage* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RemoteAccess** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Access* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RemoteDesktop** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Desktops* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Resultant Set of Policy snap-in* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Routing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SCA** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Configuration and Analysis* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SMTPProtocol** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SMTP Protocol* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SNMP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SNMP* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsMachine_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Startup/Shutdown)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsMachine_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Startup/Shutdown)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsUser_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Logon/Logoff)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsUser_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Logon/Logoff)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SecuritySettings_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Settings* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SecuritySettings_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Settings* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SecurityTemplates** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Templates* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SendConsoleMessage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send Console Message* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ServerManager** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Server Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ServiceDependencies** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Service Dependencies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Services** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SharedFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Shared Folders* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SharedFolders_Ext** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Shared Folders Ext* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SysInfo** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *System Information* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SysProp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *System Properties* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_TPMManagement** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *TPM Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Telephony** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Telephony* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_TerminalServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Desktop Services Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WMI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WMI Control* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WindowsFirewall** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Windows Firewall with Advanced Security* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WindowsFirewall_GP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Windows Firewall with Advanced Security* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WiredNetworkPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Wired Network (IEEE 802.3) Policies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WirelessMon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Wireless Monitor* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Wireless Network (IEEE 802.11) Policies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + Footnotes: - 1 - Available in Windows 10, version 1607. From adc32fef84077aedcef5b7179889fe0d51142a7c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 11 Sep 2020 15:08:33 -0700 Subject: [PATCH 24/34] Fixed warnings --- .../mdm/policy-csp-admx-mmcsnapins.md | 158 +++++++++++++++++- 1 file changed, 157 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index fa89632886..6b0df4c223 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -806,6 +806,84 @@ ADMX Info:
+ +**ADMX_MMCSnapins/MMC_ActiveDirSitesServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Active Directory Sites and Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ **ADMX_MMCSnapins/MMC_ActiveDirUsersComp** @@ -2425,6 +2503,84 @@ ADMX Info: +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_4** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer (Windows Vista)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
@@ -5356,7 +5512,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RRA** +**ADMX_MMCSnapins/MMC_RRA** From 87a5dcd2b30f1ef6a73ccf6f5149b867961d0b42 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 11 Sep 2020 15:09:50 -0700 Subject: [PATCH 25/34] Updated TOC --- windows/client-management/mdm/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 4fda5ba460..83d6bf4268 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -192,6 +192,7 @@ #### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) #### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) #### [ADMX_MMC](policy-csp-admx-mmc.md) +#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) From af868bbcb9e19c5579a0547a1f05d8c28b332dee Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 14 Sep 2020 08:28:09 -0700 Subject: [PATCH 26/34] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index b787eae223..95c1997b9c 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -173,7 +173,7 @@ For CSP (Intune) you can query the status node by using **Get**. This is describ For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP** Status. The meaning of each bit is the same as the CSP. -### I'm encountering TCP fragmentation issue, and cannot enable my VPN connection. How do I fix this? +### I'm encountering TCP fragmentation issues, and cannot enable my VPN connection. How do I fix this? WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: From 2b99c17befd0b4efe24dd213baa2e83755237d05 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 14 Sep 2020 08:28:20 -0700 Subject: [PATCH 27/34] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 95c1997b9c..cc0acd5f91 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -177,6 +177,6 @@ For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MAC WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: -a. Ensure that the FragmentAware DWORD is set to 1 in this registry settings: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat" +1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat". b. Reboot. From 200423ad1c46fb62b08283398f64a367ccfa0786 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 14 Sep 2020 08:28:35 -0700 Subject: [PATCH 28/34] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index cc0acd5f91..fb7538967c 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -179,4 +179,4 @@ WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default 1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat". -b. Reboot. +2. Reboot. From c0c5225f7d50fd00004e88a62c119b40cc594cc3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 14 Sep 2020 10:34:32 -0700 Subject: [PATCH 29/34] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index fb7538967c..372d0b750f 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 08/17/2020 +ms.date: 09/14/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -175,8 +175,8 @@ For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MAC ### I'm encountering TCP fragmentation issues, and cannot enable my VPN connection. How do I fix this? -WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: +WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix by following these steps: -1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat". +1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: `\Registry\Machine\SYSTEM\CurrentControlSet\Services\Winnat`. -2. Reboot. +2. Reboot the device. From 27e36e089fd224349a9e7d8105948536a58e8c65 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 14 Sep 2020 10:41:29 -0700 Subject: [PATCH 30/34] Update test-scenarios-md-app-guard.md --- .../test-scenarios-md-app-guard.md | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 62a64b4adb..1b3e19b06b 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -10,6 +10,7 @@ author: denisebmsft ms.author: deniseb ms.reviewer: manager: dansimp +ms.date: 09/14/2020 ms.custom: asr --- @@ -29,7 +30,7 @@ You can see how an employee would use standalone mode with Application Guard. 1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). -2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu. +2. Restart the device, start Microsoft Edge, and then select **New Application Guard window** from the menu. ![New Application Guard window setting option](images/appguard-new-window.png) @@ -52,21 +53,21 @@ Before you can use Application Guard in managed mode, you must install Windows 1 1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard#install-application-guard). -2. Restart the device and then start Microsoft Edge. +2. Restart the device, and then start Microsoft Edge. 3. Set up the Network Isolation settings in Group Policy: - a. Click on the **Windows** icon, type _Group Policy_, and then click **Edit Group Policy**. + a. Click on the **Windows** icon, type `Group Policy`, and then click **Edit Group Policy**. b. Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting. - c. For the purposes of this scenario, type _.microsoft.com_ into the **Enterprise cloud resources** box. + c. For the purposes of this scenario, type `.microsoft.com` into the **Enterprise cloud resources** box. ![Group Policy editor with Enterprise cloud resources setting](images/appguard-gp-network-isolation.png) d. Go to the **Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal** setting. - e. For the purposes of this scenario, type _bing.com_ into the **Neutral resources** box. + e. For the purposes of this scenario, type `bing.com` into the **Neutral resources** box. ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) @@ -79,7 +80,7 @@ Before you can use Application Guard in managed mode, you must install Windows 1 >[!NOTE] >Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario. -6. Start Microsoft Edge and type *https://www.microsoft.com*. +6. Start Microsoft Edge and type `https://www.microsoft.com`. After you submit the URL, Application Guard determines the URL is trusted because it uses the domain you've marked as trusted and shows the site directly on the host PC instead of in Application Guard. @@ -254,9 +255,12 @@ The [Application Guard Extension](md-app-guard-browser-extension.md) available f Once a user has the extension and its companion app installed on their enterprise device, you can run through the following scenarios. 1. Open either Firefox or Chrome — whichever browser you have the extension installed on. -1. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded. + +2. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded. ![The evaluation page displayed while the page is being loaded, explaining that the user must wait](images/app-guard-chrome-extension-evaluation-page.png) -1. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge. + +3. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge. ![A non-enterprise website being redirected to an Application Guard container -- the text displayed explains that the page is being opened in Application Guard for Microsoft Edge](images/app-guard-chrome-extension-launchIng-edge.png) -1. Open a new Application Guard window, by select the Microsoft Defender Application Guard icon, then **New Application Guard Window** + +4. Open a new Application Guard window, by select the Microsoft Defender Application Guard icon, then **New Application Guard Window** ![The "New Application Guard Window" option is highlighted in red](images/app-guard-chrome-extension-new-app-guard-page.png) From 84501ad7938ec07add0d9947ba39520c2322a1f7 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 14 Sep 2020 14:18:43 -0700 Subject: [PATCH 31/34] added language tag to make links work --- .../threat-protection/intelligence/macro-malware.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index f73ad0c4ca..8c150f381f 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -27,12 +27,12 @@ Macro malware was fairly common several years ago because macros ran automatical We've seen macro malware download threats from the following families: -* [Ransom:MSIL/Swappa](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) +* [Ransom:MSIL/Swappa](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) * [Ransom:Win32/Teerac](Ransom:Win32/Teerac) -* [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) -* [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) -* [Win32/Fynloski](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) -* [Worm:Win32/Gamarue](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue) +* [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) +* [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) +* [Win32/Fynloski](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) +* [Worm:Win32/Gamarue](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue) ## How to protect against macro malware From 9de6d1f7874b5f36b6fa2ed009ed502855f93aa3 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 14 Sep 2020 14:39:06 -0700 Subject: [PATCH 32/34] updated link --- .../security/threat-protection/intelligence/macro-malware.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index 8c150f381f..b6f4a2b873 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -28,7 +28,7 @@ Macro malware was fairly common several years ago because macros ran automatical We've seen macro malware download threats from the following families: * [Ransom:MSIL/Swappa](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) -* [Ransom:Win32/Teerac](Ransom:Win32/Teerac) +* [Ransom:Win32/Teerac](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Teerac&threatId=-2147277789) * [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) * [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) * [Win32/Fynloski](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) From 399328ff49c31236a3deb0603209040dddf7eda2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 14 Sep 2020 14:42:03 -0700 Subject: [PATCH 33/34] Combined paragraphs in notes by adding angle brackets --- .../mdm/policy-csp-admx-folderredirection.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 36a90041bd..268a4738fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -99,10 +99,11 @@ If you disable or do not configure this policy setting, redirected shell folders > [!NOTE] > This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. - +> > Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. - +> > If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline". + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -173,7 +174,7 @@ If you disable or do not configure this policy setting, all redirected shell fol > [!NOTE] > This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. - +> > The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline". From 8a97875c82e4afb4d0baeed198949d75c9fbd426 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 14 Sep 2020 14:44:28 -0700 Subject: [PATCH 34/34] Combined paragraphs within notes by adding angle brackets --- windows/client-management/mdm/policy-csp-admx-help.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 6a2eab55fc..6e38d6f3fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -245,7 +245,7 @@ If you disable or do not configure this policy setting, users can run all applic > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. - +> > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. @@ -319,7 +319,7 @@ If you disable or do not configure this policy setting, users can run all applic > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. - +> > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. > [!TIP]